Regulating digital security by design? Implications of the perspectives from DSbD programme stakeholders
Information and Computer Security
ISSN: 2056-4961
Article publication date: 18 June 2024
Issue publication date: 20 November 2024
Abstract
Purpose
As part of the growing necessity for inter-organisational and multi-disciplinary interaction to facilitate complex innovation in digital security, there needs to be greater engagement with regulation in the innovation process. This is particularly true in the case of security technologies that are embedded within wider systems and that are largely invisible to most of the users of that system. This paper aims to describe stakeholders’ perspectives on regulation in the digital security innovation process and evaluates the implications of these perspectives on anticipatory regulation in digital security.
Design/methodology/approach
Using a qualitative methodology based on semi-structured expert interviews and ethnographic participant observation, the study draws on the authors’ involvement in a formally organised programme of academia–industry–government collaboration called Digital Security by Design (DSbD).
Findings
The study highlights a relational dimension to establishing regulatory responsibilities that is enabled through interdisciplinary dialogue. The study contributes to understanding the multifaceted roles of regulation in digital security innovation across organisations and areas of expertise. It does so by identifying four themes in how regulation is perceived in the DSbD programme: ethical imperative, adding value, adoption lever and passive compliance.
Practical implications
Incorporating regulatory responsibilities through dialogue early in the innovation process, rather than only once a security technology’s deleterious effects are noticeable, which could make digital innovation and transformation safer and better regulated. It can also make regulation successfully adopted, rather than an exercise in damage control or an adversarial process between regulators and organisations.
Originality/value
This paper presents original empirical research on how regulation is considered by stakeholders in a novel multi-disciplinary digital security innovation process. It then uses these findings as a basis to evaluate the implications for establishing regulatory responsibilities for a class of security technologies that are embedded within wider systems and that are largely invisible to most of the users of those wider systems.
Keywords
Acknowledgements
The authors would like to thank their participants for the time and effort they spent engaging with them. Contributions from Slesinger, Coles-Kemp, and Panteli were funded by ESRC, grant number: ES/V003666/1. For the purpose of open access, the author has applied a Creative Commons Attribution (CC BY) licence to any Author Accepted Manuscript version arising.
Citation
Slesinger, I., Panteli, N. and Coles-Kemp, L. (2024), "Regulating digital security by design? Implications of the perspectives from DSbD programme stakeholders", Information and Computer Security, Vol. 32 No. 5, pp. 676-690. https://doi.org/10.1108/ICS-01-2023-0010
Publisher
:Emerald Publishing Limited
Copyright © 2024, Emerald Publishing Limited