By Scott J. Shackelford | 62 Am. U. L. Rev. 1273 (2013)
Views range widely about the seriousness of cyberattacks and the likelihood of cyberwar. But even framing cyberattacks within the context of a loaded category like war can be an oversimplification that shifts focus away from enhancing cybersecurity against the full range of threats now facing companies, countries, and the international community. Current methods are proving ineffective at managing cyberattacks, and, as cybersecurity legislation is being debated in the U.S. Congress and around the world, the time is ripe for a fresh look at this critical topic. This Article searches for alternative avenues to foster cyberpeace by applying a novel conceptual framework termed polycentric governance.
Proponents such as Nobel Laureate Elinor Ostrom have championed the theory, which promotes self-organization and networking regulations at multiple levels to address global collective action problems. Such a framework contrasts with the increasingly state-centric approach to both
Internet governance and cybersecurity preferred by a growing list of nations. This Article will use the Internet Corporation for Assigned Names and Numbers (ICANN) and the Internet Engineering Task Force (IETF) as case studies, as well as the International Telecommunication Union (ITU) as an illustrative example to explore different governance models and some of their security implications. Ultimately, the case is made that polycentric analysis may provide new insights about how to reconceptualize both cybersecurity and the future of Internet governance.