Vinod K. Aggarwal and Andrew Reddie
Journal of Cyber Policy, 2018
This paper investigates the relationship between the US government and its domestic cybersecurity sector drawing on the special issue framework. We show how there has been, and argue that we will likely continue to see, substantial public investment in the sector by the US government via industrial policy to address cybersecurity market failures. This analysis is particularly important given that both the market failures associated with the provision of cybersecurity and the government role in addressing this challenge remain under-explored in the existing academic and policy literature. The paper proceeds in three parts. First, it outlines the unique categories of three types of firms –those in the cybersecurity sector, large technology companies and internet-adjacent firms –involved in the under-provision of cybersecurity and examines possible market failures. Second, we inventory existing measures employed by the US government to engage with each type of firm to address real and perceived market failures in these different sectors. Finally, we examine how state-society relations have conditioned US government intervention approaches in this sector and argue that well-established IT firms now have a privileged lobbying role related to state-society relations in the United States.