Abstract

In 2005, the Working group on Internet governance agreed that responsibilities arise among different stakeholders «in their respective roles» of shaping the evolution of the Internet; however, their effective allocation, especially with regards to cybersecurity, relies on deeply politicized debates. The allocation of responsibilities, indeed, depends on how the notion of security in cyberspace is discussed as a priority by States and brought to security agendas. Building on the securitization theory by the Copenhagen School of international relations, we argue that cybersecurity is conceptualized as a geopolitical means meant to shape policy-making processes and the responsibilities of relevant actors. Nevertheless, while the securitization process of cybersecurity helps in contextualizing the problem in the security sphere, it does not immediately provide a framework for responsibility allocation. This article aims at bridging this gap by advancing the following research question: «How are cybersecurity responsibilities created in the political discourse? And to what extent is the role of the private sector implemented in the quest for responsible behavior in cyberspace?». We propose an empirical foreign policy analysis of Canada, Netherlands, and Switzerland, and advance the following hypothesis: «The extent to which States engage diplomatically with the private sector varies with the establishment of cybersecurity as a foreign policy priority». We address the question through qualitative research methods of text analysis and semi-structured elite interviews and assess the correlation between the establishment of cybersecurity as an existential threat in the securitization paradigm and the turn to cybersecurity as a foreign policy priority. Finally, we look at the establishment of innovative forms of diplomatic engagement with the private sector and analyze its role as an intermediary in cybersecurity through the lens of the Orchestration-intermediary theory.