EISS 2024 - Annual Conference

Exploring the cybersecurity policy design space in the EU: a mixed methods approach based on machine-learning techniques

Not scheduled

20m

Institute of Political Studies, Faculty of Social Sciences, Charles University

Paper Abstract (Closed Panels)

Speaker

Mattia Sguazzini (University of Genova, Italy)

Description

Social scientists are increasingly focusing on the factors that explain the development, organisation, and enforcement of cybersecurity capabilities. However, a systematic analysis of these capabilities in terms of the policy instruments used has not been attempted so far. Which policy instruments can actors use? How do they vary between the institutions? How can the variation in the availability and use of capabilities be explained? This paper aims to answer these research questions using text-as-data techniques to analyse policy documents of EU Member States and European institutions.
Reviewing the literature concerning the different phases of cybersecurity policy design, I develop a set of hypotheses within a general theoretical framework. I use mixed methods to cross-validate hypotheses and refine the theoretical framework. The data used are policy documents from 1990 to 2023, sourced from the online libraries of the UN, NATO, EU, and Member States, focusing on the cybersecurity policy sub-areas of Defence, Crime, Diplomacy, and Resilience. The identification of the policy instruments and the actors involved is conducted using Named Entity Recognition (NER) in the documents. Furthermore, I combine NER with a machine-learning method for estimating bureaucratic constraint variation to consider potential effects on implementation. Upon obtaining numerical values that represent the variety and frequency of policy instruments, I assess the consistency of the models corresponding to hypotheses through regression analysis.
The findings offer a comparative analysis of state policy instruments within the EU’s supranational framework.
The paper’s contributions are threefold: it provides a method for analysing the policies of individual states, considering the influence of supra-national frameworks, replicable in other policy areas; this methodological contribution follows the development of a theoretical framework that combines the literature of IR, policy analysis, IPE, and organisational studies in the field of cybersecurity; and it provides a systematisation of European cybersecurity policy documents.