Network governance in Sweden’s cybersecurity efforts– participation and power in policy forums Author: Kajsa Colde Department of Government Master thesis in political science Autumn 2019 Word count: 18331 Supervisor: Daniel Nohrstedt Abstract This thesis aims to empirically describe the current network structure of forums and actors within the field of cybersecurity in Sweden. To discern and identify powerful actors and forums within the network. Also, the thesis studies the emergence of forums since the emergence and creation of forums previously have been neglected. Furthermore, it will describe collaboration opportunities between actors with different organizational types. For example, relationships taking place across different sectors, levels, and jurisdictions. A multimethod approach used to purposefully gather information about relevant actors through both online data collection as well as interviews with 17 actors in the network. Social Network Analysis and centrality measures used to provide an insight into the power structures in the network. The thesis finds that the question of how networks and forums emerge are still relatively difficult to answer since there is a wide variety of processes. There is little documentation regarding the initiative behind the forums. Further, Sweden has a broad cybersecurity network with both public and private actors. However, there has been little cross-sectoral and cross-level collaboration through these forums. The observed power structures are also highly asymmetrical as there are a few dominant forums and actors within the network that in turn, can dictate and influence policy outcomes. CONTENTS 1. Introduction ......................................................................................................... 1 1.2 Research question .................................................................................................. 2 1.3 Outline ................................................................................................................. 4 2. Case-study Context ............................................................................................... 4 3. Previous research .................................................................................................. 5 3.1 Collaborative governance ................................................................................... 5 3.2 Security research on collaborative strategies ............................................................... 7 3.3 The state of cybersecurity ........................................................................................ 9 4. Theory .............................................................................................................. 11 4.1 Institutional complexity ........................................................................................ 12 4.2 Policy networks ................................................................................................... 13 4.3 Policy forum processes and structure ....................................................................... 14 4.4 Power structures in policy forums ........................................................................... 16 5. Method ............................................................................................................. 17 5.1 Case Selection ..................................................................................................... 17 5.2 Social Network analysis ........................................................................................ 18 5.3 Data collection .................................................................................................... 21 5.3.1 Interviews ........................................................................................................................................................................................................ 22 5.4 Constructing the dataset ........................................................................................ 23 5.5 Measures of centrality........................................................................................... 25 6. Analysis ............................................................................................................ 26 6.1 Actors and forums ................................................................................................ 27 6.2 Emergence of forums ........................................................................................... 27 6.3 Collaboration across organizational types ................................................................. 29 6.4 Power structures .................................................................................................. 30 6.4.1 Degree centrality ....................................................................................................................................................................................... 30 6.4.2 Betweenness centrality ........................................................................................................................................................................ 32 7. Discussion ......................................................................................................... 34 8. Conclusion ......................................................................................................... 37 References .................................................................................................................. 39 Appendix .................................................................................................................... 44 1. INTRODUCTION Transnational issues and crises are discussed in terms of cooperation and collaboration. Many suggest that there is a need for a new form of a collaborative governance system in which actors across borders, jurisdiction and authority levels cooperate. The approach is especially prominent in environmental policies for dealing with so-called "wicked problems". Wicked problems have the assumption that collaboration and cooperation is the only effective and possible solution. There has been evidence that claim the opposite and that we should be cautious in using a collaborative governance structure as a cohesive approach to all wicked problems (Bodin, 2017). Furthermore, asymmetrical power relations and power dynamics is an issue within collaboration and polycentrism. These power dynamics may influence the emergence of policy forums and collaborative efforts as well as the outcomes of such efforts (Morrison et al., 2019). Hence, studying the power dynamics within a given network structure is crucial within public policy issues. The increasing institutional complexities have been a defining character in modern governance structures as our world is becoming increasingly dependent on networks for a functioning society (Lubell, 2013). The rise in interconnectedness and automatization has improved the quality of life but also increased security risks. With the rapid development of technology and especially information technology, incidents can often strike the core of governance and governance ability. An increase in interconnectedness is changing our world. It has become the focus for scientists and researchers to understand the concept of governance to adapt it to the modern world. Since cybersecurity is an aspect of society that involves many actors, both public, private, and individual citizens, it is essential to increase civil security to be able to maintain the way of life created today. When considering both the benefits and the risk with cyberspace in the governmental system, a multi-level system may require more collaboration cross-level, jurisdictions and sectors. As many securitization scholars suggest a crucial part of "solving" the problem of cybersecurity is a collaboration (Boin, Rhinard and Ekengren, 2014, Pernice, 2018, Quigley and Roy, 2012, Dalgaard-Nielsen, 2017). The ideal collaborative governance is focused on policy-making and decision-making and the initiative behind it. It centres around the sharing of information on the issue at hand and creating joint resolutions. While this is prominent and helpful in other fields, it could be considered a risk in cybersecurity. The risks increase when information is shared with a broader network. One example of such vulnerability is to release information on security systems to unauthorized individuals. Carelessness is a reoccurring incident within private as well as public actors in Sweden. Carelessness has resulted in disastrous consequences, for example, the poor IT management at The Swedish Transport Agency that results in a leakage of citizens’ personal information (DS 2018:6). 1 There is a clash between the ideal of collaborative governance, and the risks governance and networks could cause in the systems. This clash can create influences that, in turn, cause effects in the network system, influential actors manipulating the collaboration as an asset in one stakeholder’s interest. The research says that there is a need for collaboration on wicked problems such as cybersecurity. However, "freeriding" is a risk with collaboration since many of the actors want to maximize their profits. A risk is that actors do not comply with the agreed- upon arrangements and get away with it (Bodin, Sandström, Crona, 2016). Collaboration needs trust in others within the same network to be willing to reduce their profits for the common goal. Further, risks