Not so simple: self-regulation as a cybersecurity solution
Co-hosted with the Maurer School
This talk considered the viability of self-regulation as a solution to cybersecurity concerns. The basic concept of self-regulation is straightforward: rather than rely on external institutions such as Congress, the courts, or agencies to regulate the conduct of an industry, allow the industry itself to establish rules to regulate the conduct of firms within it. Self-regulation is often advocated as a solution to address challenges in high-tech industries -- including cybersecurity challenges. This is unsurprising, given the pace, opacity, and complexity of these technologies. Yet the contours of self-regulation are not well developed, most notably including the problems to which is well suited as a solution. Drawing on ongoing research on the jurisprudence of self-regulation -- the internal considerations needed to give self-regulatory efforts external validity -- this talk considered whether, and under what circumstances, self-regulation presents a viable approach to various aspects of the cybersecurity challenge.