Panorama institucional de la gobernanza de la ciberseguridad en España
Abstract
Mantener seguro el ciberespacio es una tarea compleja que supone un reto constante para las instituciones públicas. A la primera oleada de desinterés político por la ciberseguridad le ha seguido una renovada preocupación por la soberanía digital, la defensa de la ciberseguridad nacional y, más recientemente, la protección de la ciudadanía en el ciberespacio. Para cumplir estos objetivos, los Estados han desarrollado normativas, instituciones y prácticas basadas en diferentes narrativas. Este estudio analiza las instituciones involucradas en la gobernanza de la ciberseguridad en España a través de cuatro prácticas: cultura de ciberseguridad, respuesta a ciber incidentes y ciber crisis, protección de infrastructuras críticas e investigación criminal. El artículo aporta evidencias coincidentes con la conclusión de que España ha adoptado la narrativa de la gobernanza multi-stakeholder a través de competencias distribuidas entre diferentes actores. Este enfoque se ha materializado en fragmentación institucional y a la falta de claridad sobre el sistema de ciberseguridad en España. El artículo finaliza con propuestas de políticas públicas que podrían contribuir a una mayor unidad, coordinación y claridad del sistema de gobernanza de la ciberseguridad.
Parole chiave
Downloads
Come citare
Licenza
Copyright (c) 2022 Cristina Del-Real
Questo lavoro è fornito con la licenza Creative Commons Attribuzione - Non commerciale - Non opere derivate 4.0 Internazionale.
Riferimenti bibliografici
ADAMS, S. A.; BROKX, M.; GALIČ, M.; KALA, K.; KOOPS, B.-J.; LEENES, R.; SCHELLEKENS, M.; E SILVA, K.; ŠKORVÁNEK, I., The governance of cybersecurity. A comparative quick scan of approaches in Canada, Estonia, Germany, the Netherlands and the UK, Tilburg Institute for Law, Technology, and Society, Tilburg, 2015.
ALONSO LECUIT, J., “Directiva NIS2: valoraciones y posiciones desde el sector privado”, Real Instituto Elcano, 2021.
APLIN, T. F.; y ARNOLD, R., “UK implementation of the Trade Secrets Directive”, SSRN Electronic Journal, 2019.
ARCOS, R., “Securing the Kingdom’s cyberspace: cybersecurity and cyber intelligence in Spain”, en Scott N. Romaniuk, Mary Manjikian (eds.) Routledge Companion to Global Cyber-Security Strategy, 2021.
BACKMAN, S., “Risk vs. threat-based cybersecurity: the case of the EU”, European Security, 2022, pp. 1-19.
BAYLEY, D. H., Police for the future, First, Oxford University Press, New York, 1994.
BAYLEY, D. H.; y SHEARING, C., “The Future of Policing”, Law & Society Review, vol. 30, n.o 3, 1996.
BENGTSSON, L.; BORG, S.; y RHINARD, M., “European security and early warning systems: from risks to threats in the European Union’s health security sector”, European Security, vol. 27, n.o 1, 2018, pp. 20-40.
BIDGOLI, M., A mixed methods approach to understanding undergraduate students’ victimization, perceptions, and reporting of cybercrimes, Universidad de California, Irvine, 2015.
BLUMSTEIN, A.; y WALLMAN, J. (eds.), The Crime Drop in America, 2, Cambridge University Press, 2005.
BOAS, T. C.; y GANS-MORSE, J., “Neoliberalism: From New Liberal Philosophy to Anti-Liberal Slogan”, Studies in Comparative International Development, vol. 44, n.o 2, 2009, pp. 137-161.
BRAITHWAITE, J. B., “Neoliberalism or Regulatory Capitalism”, SSRN Electronic Journal, 2006.
– Regulatory capitalism: how it works, ideas for making it work better, Edward Elgar, Cheltenham, UK; Northampton, MA, 2008.
– “The New Regulatory State and the Transformation of Criminology”, British Journal of Criminology, vol. 40, n.o 2, 2000, pp. 222-238.
BUIL-GIL, D.; LORD, N.; y BARRETT, E., “The Dynamics of Business, Cybersecurity and Cyber-Victimization: Foregrounding the Internal Guardian in Prevention”, Victims & Offenders, vol. 16, n.o 2, 2021, pp. 286-315.
BUIL-GIL, D.; MIRÓ-LLINARES, F.; MONEVA, A.; KEMP, S.; y DÍAZ-CASTAÑO, N., “Cybercrime and shifts in opportunities during COVID-19: a preliminary analysis in the UK”, European Societies, 2020.
BURNS, R. G.; WHITWORTH, K. H.; y THOMPSON, C. Y., “Assessing law enforcement preparedness to address Internet fraud”, Journal of Criminal Justice, vol. 32, n.o 5, 2004, pp. 477-493.
BURRIS, S.; DRAHOS, P.; y SHEARING, C., “Nodal governance”, Australian Journal of Legal Philosophy, n.o 30, 2005.
BUZAN, B.; WÆVER, O.; y DE WILDE, J., Security: a new framework for analysis, Lynne Rienner Pub, Boulder, Colo, 1998.
CALCARA, A.; y MARCHETTI, R., “State-industry relations and cybersecurity governance in Europe”, Review of International Political Economy, 2021, pp. 1-26.
CASTELLS, M., La sociedad red, 3. ed, Alianza Ed, Madrid, 2005.
DUNN CAVELTY, M.; y WENGER, A., Cyber Security Politics: Socio-Technological Transformations and Political Fragmentation, 1, Routledge, Londres, 2022.
CHRISTOU, G., Cybersecurity in the European Union, Palgrave Macmillan UK, London, 2016, DOI: 10.1057/9781137400529.
COLEMAN, C.; y MOYNIHAN, J., Understanding crime data: haunted by the dark figure, Open University Press, Buckingham; Philadelphia, 1996.
CORRY, O., “Securitisation and ‘Riskification’: Second-order Security and the Politics of Climate Change”, Millennium: Journal of International Studies, vol. 40, n.o 2, 2012, pp. 235-258.
CRAWFORD, A., “Networked governance and the post-regulatory state?: Steering, rowing and anchoring the provision of policing and security”, Theoretical Criminology, vol. 10, n.o 4, 2006, pp. 449-479.
DEL-REAL, C.; y DÍAZ-FERNÁNDEZ, A. M., “Understanding the plural landscape of cybersecurity governance in Spain: a matter of capital exchange”, International Cybersecurity Law Review, vol. 3, n.o 2, 2022, pp. 313-343.
DOMENIE, M. M. L.; LEUKFELDT, R.; VAN WILSEM, J.; JANSEN, J.; y STOL, W., Victimisation in a digitised society: a survey among members of the public concerning e-fraud, hacking and other high volume crimes, Eleven International Publishing, The Hague, 2013.
DUNN CAVELTY, M.; y WENGER, A., Cyber Security Politics: Socio-Technological Transformations and Political Fragmentation, 1, Routledge, Londres, 2022.
– “Cyber security meets security politics: Complex technology, fragmented politics, and networked science”, Contemporary Security Policy, vol. 41, n.o 1, 2020, pp. 5-32.
DUPONT, B., “Bots, cops, and corporations: on the limits of enforcement and the promise of polycentric regulation as a way to control large-scale cybercrime”, Crime, Law and Social Change, vol. 67, n.o 1, 2017, pp. 97-116.
DUPONT, B., “Security in the Age of Networks”, Policing and Society, vol. 14, n.o 1, 2004, pp. 76-91.
VAN EETEN, M., “Patching security governance: an empirical view of emergent governance mechanisms for cybersecurity”, Digital Policy, Regulation and Governance, vol. 19, n.o 6, 2017, pp. 429-448.
ELDEM, T., “The Governance of Turkey’s Cyberspace: Between Cyber Security and Information Security”, International Journal of Public Administration, vol. 43, n.o 5, 2020, pp. 452-465.
FARRAND, B.; y CARRAPICO, H., “Digital sovereignty and taking back control: from regulatory capitalism to regulatory mercantilism in EU cybersecurity”, European Security, vol. 31, n.o 3, 2022, pp. 435-453.
FARRELL, G.; TSELONI, A.; MAILLEY, J.; y TILLEY, N., “The Crime Drop and the Security Hypothesis”, Journal of Research in Crime and Delinquency, vol. 48, n.o 2, 2011, pp. 147-175.
FERNÁNDEZ, R., Porcentaje de hogares con acceso a Internet España 2005-2021, Statista, 2022.
FOJÓN CHAMORRO, E.; y SANZ VILLALBA, Á. F., “Ciberseguridad en España: una propuesta para su gestión”, Análisis del Real Instituto Elcano, vol. 101, 2010, pp. 1-8.
FORO NACIONAL DE CIBERSEGURIDAD, Informe sobre la cultura de ciberseguridad en España, Foro Nacional de Ciberseguridad, 2021, pp. 1-52.
FRIEDMAN, M., Capitalism and freedom, 40th anniversary ed., University of Chicago Press, Chicago, 2002.
HAAS, E. B., Uniting Of Europe: Political, Social, and Economic Forces, 1950-1957, University of Notre Dame Press, 2004.
HAYEK, F. A. VON, The road to serfdom, 50th anniversary ed. / with a new introd. by Milton Friedman, University of Chicago Press, Chicago, 1994.
HINDUJA, S., “Perceptions of local and state law enforcement concerning the role of computer crime investigative teams”, Policing: An International Journal of Police Strategies & Management, vol. 27, n.o 3, 2004, pp. 341-357.
JIMÉNEZ, M., “El Ministerio de Trabajo sufre un ciberataque, tres meses después de ser “hackeado” el SEPE”, Cinco Días, Madrid, El País, 2021.
JOHNSTON, L.; y SHEARING, C., Governing security: explorations in policing and justice, Routledge, London; New York, 2003.
JONES, D. S., Masters of the universe: Hayek, Friedman, and the birth of neoliberal politics, Fith printing, and first paperback printing, Princeton University Press, Princeton Oxford, 2014.
KEMP, S., “Fraud reporting in Catalonia in the Internet era: Determinants and motives”, European Journal of Criminology, 2020, p. 147737082094140.
KEMP, S.; MIRÓ-LLINARES, F.; MONEVA, A., “The Dark Figure and the Cyber Fraud Rise in Europe: Evidence from Spain”, European Journal on Criminal Policy and Research, 2020, DOI: 10.1007/s10610-020-09439-2.
KEMPA, M.; y SINGH, A.-M., “Private security, political economy and the policing of race: Probing global hypotheses through the case of South Africa”, Theoretical Criminology, vol. 12, n.o 3, 2008, pp. 333-354.
KUERBIS, B.; BADIEI, F., “Mapping the cybersecurity institutional landscape”, Digital Policy, Regulation and Governance, vol. 19, n.o 6, 2017, pp. 466-492.
LEUKFELDT, E. R.; y HOLT, T. J. (eds.), The human factor of cybercrime, Routledge, Abingdon, Oxon; New York, NY, 2020.
LEVI-FAUR, D., “The Rise of Regulatory Capitalism: The Global Diffusion of a New Order”, The ANNALS of the American Academy of Political and Social Science, vol. 598, n.o 1, 2005, pp. 200-217.
LEVI-FAUR, D.; y JORDANA, J., “Globalizing Regulatory Capitalism”, The ANNALS of the American Academy of Political and Social Science, vol. 598, n.o 1, 2005, pp. 6-9.
LOADER, I., “Consumer Culture and the Commodification of Policing and Security”, Sociology, vol. 33, n.o 2, 1999, pp. 373-392.
– “Plural Policing and Democratic Governance”, Social & Legal Studies, vol. 9, n.o 3, 2000, pp. 323-345.
LOADER, I.; y WALKER, N., Civilizing security, Cambridge University Press, Cambridge; New York, 2007.
– “Necessary Virtues: The Legitimate Place of the State in the Production of Security”, en Wood, J., y Dupont, B., (eds.) Democracy, Society and the Governance of Security, Cambridge University Press, 2006, pp. 165-195.
– “Policing as a Public Good: Reconstituting the Connections between Policing and the State”, Theoretical Criminology, vol. 5, n.o 1, 2001, pp. 9-35.
LÓPEZ GUTIÉRREZ, J.; SÁNCHEZ JIMÉNEZ, F.; HERRERA SÁNCHEZ, D.; MARTÍNEZ MORENO, F.; RUBIO GARCÍA, M.; GIL PÉREZ, V.; SANTIAGO OROZCO, A. M.; y GÓMEZ MARTÍN, M. A.; Informe sobre la Cibercriminalidad en España, Dirección General de Coordinación y Estudios y Secretaría de Estado de Seguridad. Ministerio del Interior. Gobierno de España, Madrid, España, 2022, pp. 1-65.
MAIMON, D.; y LOUDERBACK, E. R., “Cyber-Dependent Crimes: An Interdisciplinary Review”, Annual Review of Criminology, vol. 2, n.o 1, 2019, pp. 191-216.
MALINA, L.; SRIVASTAVA, G.; DZURENDA, P.; HAJNY, J.; RICCI, S., “A Privacy-Enhancing Framework for Internet of Things Services”, en Joseph K. Liu, Xinyi Huang (eds.) Network and System Security. 13th International Conference, NSS 2019, Sapporo, Japan, December 15–18, 2019, Proceedings, vol. 11928, Springer Cham, 2019 (Lecture Notes in Computer Science), pp. 77-97.
MARKS, M.; y WOOD, J., “South African policing at a crossroads: The case for a ‘minimal’ and ‘minimalist’ public police”, Theoretical Criminology, vol. 14, n.o 3, 2010, pp. 311-329.
MAVROEIDIS, V.; HOHIMER, R.; CASEY, T.; JESANG, A., “Threat Actor Type Inference and Characterization within Cyber Threat Intelligence”, en 2021 13th International Conference on Cyber Conflict (CyCon), IEEE, Tallinn, Estonia, 2021, pp. 327-352.
MCGUIRE, M.; y DOWLING, S., Chapter 2: Cyber-enabled crimes -fraud and theft, Home Office, 2013.
MIRÓ-LLINARES, F.; y MONEVA, A., “What about cyberspace (and cybercrime alongside it)? A reply to Farrell and Birks “Did cybercrime cause the crime drop?”, Crime Science, vol. 8, n.o 1, 2019.
MULVENON, J. C.; RATTRAY, G. J. (eds.), Addressing cyber instability, Cyber Conflict Studies Association, Vienna, VA, 2012.
NØKLEBERG, M., “Examining the how of Plural Policing: Moving from Normative Debate to Empirical Enquiry”, The British Journal of Criminology, vol. 60, n.o 3, 2020, pp. 681-702.
OFICINA DE CIENCIA Y TECNOLOGÍA DEL CONGRESO DE LOS DIPUTADOS (OFICINA C), Ciberseguridad: España en un ecosistema tecnológico y social en constante evolución, Oficina C, 2022.
OSTROM, E., “Beyond Markets and States: Polycentric Governance of Complex Economic Systems”, American Economic Review, vol. 100, n.o 3, 2010, pp. 641-672.
PAYNE, B. K., “Defining Cybercrime”, en The Palgrave Handbook of International Cybercrime and Cyberdeviance, Springer International Publishing, Cham, 2019, pp. 1-24, DOI: 10.1007/978-3-319-90307-1_1-1.
PONTE, S.; GIBBON, P.; y VESTERGAARD, J. (eds.), Governing through standards: origins, drivers and limitations, Palgrave Macmillan, Houndmills, Basingstoke, Hampshire; New York, 2011.
PREVEZIANOU, M. F., “Beyond Ones and Zeros: Conceptualizing Cyber Crises”, Risk, Hazards & Crisis in Public Policy, vol. 12, n.o 1, 2021, pp. 51-72.
QUÉRO, Y.-C.; y DUPONT, B., “Nodal governance: toward a better understanding of node relationships in local security governance”, Policing and Society, vol. 29, n.o 3, 2019, pp. 283-301.
RHODES, R. A. W., “The New Governance: Governing without Government”, Political Studies, vol. 44, n.o 4, 1996, pp. 652-667.
ROCHÉ, S., “Vers la démonopolisation des fonctions régaliennes: contractualisation, territorialisation et européanisation de la sécurité intérieure”, Revue française de science politique, vol. 54, n.o 1, 2004, p. 43.
RONDELEZ, R., “Governing Cyber Security Through Networks: An Analysis Of Cyber Security Coordination In Belgium”, 2018.
SAATSCOURANT, “Convenant tussen AIVD, MIVD, Politie, NCSC, OM en NCTV inzake de samenwerking in de Cyber Intel/Info Cel (Convenant samenwerking CIIC)”.
SHEARING, C., “Reflections on the Refusal to Acknowledge Private Governments”, en Wood, J., y Dupont, B., (eds.) Democracy, Society and the Governance of Security, Cambridge University Press, 2006, pp. 11-32.
– “Reinventing Policing: Policing as Governance”, en Otwin Marenin (ed.) Policing Change, Changing Policing, Routledge, New York, 1996, pp. 285-307.
SHEARING, C.; y WOOD, J., “Nodal Governance, Democracy, and the New “Denizens”“, Journal of Law and Society, vol. 30, n.o 3, 2003, pp. 400-419.
STERLINI, P.; MASSACCI, F.; KADENKO, N.; FIEBIG, T.; VAN EETEN, M., “Governance Challenges for European Cybersecurity Policies: Stakeholder Views”, IEEE Security & Privacy, vol. 18, n.o 1, 2020, pp. 46-54.
VAN STOKKOM, B.; y TERPSTRA, J., “Plural policing, the public good, and the constitutional state: an international comparison of Austria and Canada – Ontario”, Policing and Society, vol. 28, n.o 4, 2018, pp. 415-430.
SUTHERLAND, E., “Governance of Cybersecurity – The Case of South Africa”, The African Journal of Information and Communication, n.o 20, 2017, pp. 83-112.
US CENSUS BUREAU FOREIGN TRADE DIVISION, “Foreign Trade: Data”, 2020.
VAN PUYVELDE, D.; BRANTLY, A. F., Cybersecurity: politics, governance and conflict in cyberspace, Polity Press, Cambridge, UK ; Medford, MA, USA, 2019.
VAN DE WEIJER, S. G. A.; LEUKFELDT, R.; y BERNASCO, W., “Determinants of reporting cybercrime: A comparison between identity theft, consumer fraud, and hacking”, European Journal of Criminology, vol. 16, n.o 4, 2019, pp. 486-508.
WEST-BROWN, M. J.; STIKVOORT, D.; KOSSAKOWSKI, K.-P.; KILCRECE, G.; RUEFLE, R.; ZAJICEK, M., Handbook for Computer Security Incident Response Teams (CSIRTs), Carnegie Mellon University, Pittsburgh, 2003.
WOOD, J.; y SHEARING, C., Imagining security, Willan, Cullompton, 2007.
ZAUBERMAN, R., “Les Attitudes des Victimes individuelles”, en Robert, P., y Muccheilli, L. (eds.) Crime et Sécurité. L’État des Savoirs, La Découverte, Paris, 2002, pp. 309-319.