ABSTRACT
This paper provides a systematic literature review of cybersecurity concerns in public administration scholarship. The main intent is to outline the major shifts in the cybersecurity issues faced by public and nonprofit sectors. We undertake this exercise also to identify the future research agenda of emerging cybersecurity research gaps. Our principal finding from the literature is that public administration scholars and practitioners have not given attention to cyber-security until recently. Cyber-security did not emerge as a significant theme until the mid-2000s. There is a dichotomy in treating cyber-security as a technical problem or a management problem. Public administration scholars deemed cyber-security presumably as a technical problem, even though security policies have been in effect since the mid-1980s. The technical concerns have evolved from that of individual computer problems (e.g., viruses) to that of systemic network problems (e.g., ransomware attacks). Recent publications are showing the consideration of cyber-security as a management problem. Even so, the literature shows that cyber-security is not often on the radar screen of public administrators. We argue that our future research should focus on the administrative dimensions of cybersecurity. In this context, emerging research needs to focus on leadership awareness, budgetary allocation, and cyber insurance policies.
- Raymond F. Zammuto, Terri L. Griffith, Ann Majchrzak, Deborah J. Dougherty, and Samer Faraj. 2007. Information Technology and the Changing Fabric of Organization. Organization Science, 18(5), 749-762. https://doi.org/10.1287/orsc.1070.0307Google ScholarDigital Library
- Min-Seok Pang, Gwanhoo Lee, and William H. DeLone. 2014. IT Resources, Organizational Capabilities, and Value Creation in Public-Sector Organizations: A Public-Value Management Perspective. Journal of Information Technology, 29, 187–205. https://doi.org/10.1057/jit.2014.2Google ScholarCross Ref
- Aurélien Buffat. 2015. Street-level Bureaucracy and E-government. Public Management Review, 17(1), 149-161. https://doi.org/10.1080/14719037.2013.771699Google ScholarCross Ref
- Christopher Hood and Helen Margetts. 2010. Cyber-bureaucracy: If Information Technology is so Central to Public Administration, Why is it so Ghetto-ized? In John Pierre and Patricia W. Ingraham (eds.), Comparative Administrative Change and Reform. Montreal, Canada: University Press, 114-135. https://www.jstor.org/stable/j.ctt80j26Google Scholar
- Christopher Pollitt. 2011. Mainstreaming Technological Change in the Study of Public Management. Public Policy and Administration, 26(4), 377-397. https://doi.org/10.1177/0952076710378548Google ScholarCross Ref
- Fiona Feng Chen and William Earle Klay. 1994. Managerial Behaviors, Motivations, and Computerization in Public Agencies. International Journal of Public Administration, 17(1), 33-58. https://doi.org/10.1080/01900699408524891.Google ScholarCross Ref
- M. Jae Moon, Joohoo Lee, and Chul-Young Roh. 2014. The Evolution of Internal IT Applications and E-Government Studies in Public Administration: Research Themes and Methods. Administration & Society, 46(1), 3–36. https://doi.org/10.1177/0095399712459723Google ScholarCross Ref
- Patrick R. Mullen. 2005. US Performance-Based Laws: Information Technology and E-Government Reporting Requirements. International Journal of Public Administration, 28(7-8), 581-598. https://doi.org/10.1081/PAD-200064204Google ScholarCross Ref
- Statista. Volume of data/information created, captured, copied, and consumed worldwide from 2010 to 2020, with forecasts from 2021 to 2025. Retrieved from https://www.statista.com/statistics/871513/worldwide-data-created/Google Scholar
- Arie Halachmi. 1992. The Brave New World of Information Technology. Public Personnel Management, 21(4), 533–554. https://doi.org/10.1177/009102609202100409Google ScholarCross Ref
- Donald P. Moynihan. 2004. Building Secure Elections: E-Voting, Security, and Systems Theory. Public Administration Review, 64(5), 515-528. https://doi.org/10.1111/j.1540-6210.2004.00400.xGoogle ScholarCross Ref
- Jonathan Lewallen. 2021. Emerging Technologies and Problem Definition Uncertainty: The Case of Cybersecurity. Regulation & Governance, 15(4), 1035–1052.*Google ScholarCross Ref
- Irina Brass and Jesse H. Sowell. 2021. Adaptive Governance for the Internet of Things: Coping with Emerging Security Risks. Regulation & Governance, 15(4), 1092–1110.* https://doi.org/10.1111/rego.12343Google ScholarCross Ref
- Symbat Issabayeva, Botagoz Yesseniyazova, and Matúš Grega. 2019. Electronic Public Procurement: Process and Cybersecurity Issues. NISPAcee Journal of Public Administration and Policy, 12(2), 61–79.* https://doi.org/10.2478/nispa-2019-0014Google ScholarCross Ref
- Fred Bolton. 2013. Cybersecurity and Emergency Management: Encryption and the Inability to Communicate. Journal of Homeland Security and Emergency Management, 10(1), 379-385.* https://doi.org/10.1515/jhsem-2012-0038Google ScholarCross Ref
- Michael Chertoff. 2008. The Cybersecurity Challenge. Regulation & Governance, 2(4), 480-484.* https://doi.org/10.1111/j.1748-5991.2008.00051.xGoogle ScholarCross Ref
- Richard J. Harknett and James A Stever. 2009. The Cybersecurity Triad: Government, Private Sector Partners, and the Engaged Cybersecurity Citizen. Journal of Homeland Security and Emergency Management, 6(1).* https://doi.org/10.2202/1547-7355.1649Google ScholarCross Ref
- Angelyn Flowers and Sherali Zeadally. 2014. US Policy on Active Cyber Defense. Journal of Homeland Security and Emergency Management, 11(2), 289-308.* https://doi.org/10.1515/jhsem-2014-0021Google ScholarCross Ref
- Richard J. Harknett , John P. Callaghan and Rudi Kauffman. 2010. Leaving Deterrence Behind: War-Fighting and National Cybersecurity. Journal of Homeland Security and Emergency Management, 7(1).* https://doi.org/10.2202/1547-7355.1636Google ScholarCross Ref
- Donald F. Norris, Laura Mateczun, Anupam Joshi, and Tim Finin. 2019. Cyberattacks at the Grass Roots: American Local Governments and the need for High Levels Of Cybersecurity. Public Administration Review, 79(6), 895–904.* https://doi.org/10.1111/puar.13028Google ScholarCross Ref
- Aneta Chodakowska, Sławomira Kańduła, and Joanna Przybylska. 2022. Cybersecurity in the Local Government Sector in Poland: More work needs to be done. Lex localis-Journal of Local Self-Government, 20(1), 161–192.* https://doi.org/10.4335/20.1.161-192Google ScholarCross Ref
- Ashlee Frandell and Mary Feeney. 2022. Cybersecurity Threats in Local Government: A Sociotechnical Perspective. American Review of Public Administration, 52(8), 558–572.* https://doi.org/10.1177/02750740221125432Google ScholarCross Ref
- Moritz Weiss and Vytautas Jankauskas. 2019. Securing Cyberspace: How States Design Governance Arrangements. Governance, 32(2), 259-275.* https://doi.org/10.1111/gove.12368Google ScholarCross Ref
- Angelyn Flowers , Sherali Zeadally, and Acklyn Murray. 2013. Cybersecurity and US legislative efforts to address cybercrime. Journal of Homeland Security and Emergency Management, 10(1), 29-55.* https://doi.org/10.1515/jhsem-2012-0007Google ScholarCross Ref
- Richard J. Harknett and James A. Stever. 2011. The New Policy World of Cybersecurity. Public Administration Review, 71(3), 455-460.* https://doi.org/10.1111/j.1540-6210.2011.02366.xGoogle ScholarCross Ref
- Austen D. Givens and Nathan E. Busch. 2013. Integrating Federal Approaches to Post-Cyber Incident Mitigation. Journal of Homeland Security and Emergency Management, 10(1), 1-28.* https://doi.org/10.1515/jhsem-2012-0001Google ScholarCross Ref
- Les Stanaland, Ross Baldick, Alvaro Cardenas, Jennifer Holmes. 2022. Protecting the Texas electric grid: A cybersecurity strategy for the Electric Reliability Council of Texas (ERCOT) and the Public Utility Commission of Texas (PUCT). Risk, Hazards & Crisis in Public Policy, 13, 322–336.* https://doi.org/10.1002/rhc3.12241Google ScholarCross Ref
- Sean Atkins and Chappell Lawson. 2021. An Improvised Patchwork: Success and Failure in Cybersecurity Policy for Critical Infrastructure. Public Administration Review, 81(5), 847–861.* https://doi.org/10.1111/puar.13322Google ScholarCross Ref
- Jacob Shively. 2021. Cybersecurity Policy and the Trump Administration. Policy Studies, 42(5-6), 738–754.* https://doi.org/10.1080/01442872.2021.1947482Google ScholarCross Ref
- Bernd W. Wirtz and Jan C. Weyerer. 2017. Cyberterrorism and Cyber Attacks in the Public Sector: How Public Administration Copes with Digital Threats. International Journal of Public Administration, 40(13), 1085-1100. https://doi.org/10.1080/01900692.2016.1242614Google ScholarCross Ref
- Jensen J. Zhao and Sherry Y. Zhao. 2010. Opportunities and Threats: A Security Assessment of State E-Government Websites. Government Information Quarterly, 27(1), 49-56. https://doi.org/10.1016/j.giq.2009.07.004Google ScholarCross Ref
- Nawaf Alharbi, Maria Papadaki, and Paul Dowland. 2017. The Impact of Security and its Antecedents in Behaviour Intention of Using E-Government Services. Behaviour & Information Technology, 36(6), 620-636. https://doi.org/10.1080/0144929X.2016.1269198Google ScholarCross Ref
Recommendations
A Review on Cybersecurity: Challenges & Emerging Threats
NISS '20: Proceedings of the 3rd International Conference on Networking, Information Systems & SecurityIn recent years the cybersecurity has evolved significantly in order to cater to the changes that occur within the cyberspace. Cybersecurity is the means by which a country or organization can utilize to protect its products and information that operate ...
Threat modeling – A systematic literature review
AbstractCyber security is attracting worldwide attention. With attacks being more and more common and often successful, no one is spared today. Threat modeling is proposed as a solution for secure application development and system security ...
Cybersecurity Innovation in Government: A Case Study of U.S. Pentagon's Vulnerability Reward Program
dg.o '17: Proceedings of the 18th Annual International Conference on Digital Government ResearchThe U.S. federal governments and agencies face increasingly sophisticated and persistent cyber threats and cyberattacks from black hat hackers who breach cybersecurity for malicious purposes or for personal gain. With the rise of malicious attacks that ...
Comments