ABSTRACT

This article evaluates the conditions under which national cybersecurity policy changes or remains stable. Consistent with theories of policy and bureaucratic inertia, particularly punctuated equilibrium theory (PET), it finds that national-level cybersecurity policy during the Trump administration was constrained by existing conceptual, political, and strategic commitments. It uses government and media documentation to observe two pivotal policy periods during the Trump administration. It finds that despite shifting from a nominally defensive to a nominally offensive posture, rather than revise policy categories and priorities, policy makers interpreted cyber threats within existing threat and policy categories. These findings offer two contributions to policy scholarship. First, they begin the process of situating the Trump administration in the larger context of US cybersecurity policy. Second, they demonstrate constraints on senior policy makers as well as the utility of a punctuated equilibrium model. The Trump administration’s “defending forward” concept represented one of the most ambitious efforts to break with existing US cybersecurity policy; however, even this effort was constrained in ways consistent with punctuated equilibrium theory.

摘要

本文评估了国家网络安全政策发生变化或保持稳定的条件。与政策和官僚惰性理论，特别是间断均衡理论 (PET) 一致，它发现特朗普政府期间的国家级网络安全政策受到现有概念、政治和战略承诺的约束。它使用政府和媒体文件来观察特朗普政府期间的两个关键政策时期。研究发现，尽管从名义上的防御姿态转变为名义上的进攻姿态，但政策制定者并未修改政策类别和优先事项，而是在现有威胁和政策类别内解释网络威胁。这些发现为政策研究提供了两个贡献。第一的，他们开始将特朗普政府置于美国网络安全政策的更大背景中。其次，它们证明了对高级决策者的限制以及间断均衡模型的效用。特朗普政府的“前卫”概念代表了打破美国现有网络安全政策的最雄心勃勃的努力之一；然而，即使是这种努力也受到了与间断均衡理论一致的限制。