Center for Applied Cybersecurity Research

Not so simple: self-regulation as a cybersecurity solution

Co-hosted with the Maurer School

This talk considers the viability of self-regulation as a solution to cybersecurity concerns. The basic concept of self-regulation is straightforward: rather than rely on external institutions such as Congress, the courts, or agencies to regulate the conduct of an industry, allow the industry itself to establish rules to regulate the conduct of firms within it. Self-regulation is often advocated as a solution to address challenges in high-tech industries -- including cybersecurity challenges. This is unsurprising, given the pace, opacity, and complexity of these technologies. Yet the contours of self-regulation are not well developed, most notably including the problems to which is well suited as a solution. Drawing on ongoing research on the jurisprudence of self-regulation -- the internal considerations needed to give self-regulatory efforts external validity -- this talk will consider whether, and under what circumstances, self-regulation presents a viable approach to various aspects of the cybersecurity challenge.

Bio

Gus Hurwitz is a senior fellow and academic director at the University of Pennsylvania Carly Law School Center for Technology, Innovation, and Competition (CTIC). His work builds on his background in law, economics, and computer science to study how technology orders social and economic institutions. He has written extensively on technology regulation, including cybersecurity and privacy issues, and is the author of the book, Cybersecurity: An Interdisciplinary Problem (with Derek Bambauer, David Thaw, and Charlotte Tschider). He has previously taught at the University of Nebraska and George Mason University, prior to which he was a trial attorney with the Department of Justice Antitrust Division. Prior to law school he was a computer scientist at Los Alamos National Lab.