Procuring Cybersecurity: Industry-Government Information Flow and Digital Supply Chains

NYU Law, April 18, 2019 - 22 Washington Square North, New York

NYU’s Center for Cybersecurity in cooperation with NYU School of Law’s Information Law Institute and the Guarini Global Law & Tech initiative of the Guarini Institute for Global Legal Studies are hosting a workshop to discuss questions of trade, international conflict, and industrial organization in cybersecurity at NYU Law on April 18, 2019 from 8:30am-2:30pm.

We use the term cybersecurity to refer to the operational security of information storage, processing, and transport systems. Within organizations like governments and corporations, cybersecurity is critical for operational and strategic success. Cybersecurity is primarily concerned with preventing breaches, i.e. unauthorized information flows from organizations to outsiders. These information flows may include: strategic information (such as a corporation’s position in negotiations, or military strategy), valuable intellectual property (such as software source code or trade secrets), or information exposing further security vulnerabilities.

Cybersecurity depends critically on the industrial organization of information technology -- including the ‘supply chain’ of technical components -- and the regulatory environment mediating the relationship between industrial and government actors. As examples: when a government pressures domestic information technology vendors to surveil users, this transforms an industrial supplier into a cybersecurity threat vector for any user that sees that government as an adversary. If a government forces foreign vendors to disclose source code for national security reasons, that vendor may consider that disclosure a cybersecurity threat if there is no guarantee that its trade secrets will remain protected. Meanwhile, international trade agreements have pushed back against certain national cybersecurity policies, e.g. by creating rules against mandatory source code disclosures and against requirements to use domestic computing facilities.

These intersecting concerns, along with potential feedback effects in innovation and cybersecurity that may escalate the pursuit of strategic advantage, have made cybersecurity a volatile field of trade and policy in recent years. We seek to disentangle the causes and interests behind these developments and to analyze the complex sociotechnical system of rules, regulations, and industrial alliances that have emerged. What are the key alliances and tensions that underlie the actions of corporations and governments? To what extent are domestic and international legal instruments repurposed in the process? And what new policies and corporate strategies are emerging in response to these complexities?

Our assumption is that the answers to these questions are not sufficiently grasped by any existing field of research. Hence, this symposium seeks to bring together experts from disciplines that each have a piece of the puzzle:

● International trade, intellectual property, and data protection law
● Cybersecurity engineering and supply chain management
● Economics and political economy of information and data
● Business and finance of the technology industry

Our aim is to facilitate an interdisciplinary discussion to generate a fresh perspective on global cybersecurity. Instead of a country-by-country analysis, we will frame the discussion through transnational vectors such as multinational corporations, international organizations and standard-setting bodies, and multi-country supply chains, among others. Instead of any one institutional or legal framing, we will address how information flows and reframings between institutional contexts constitute cybersecurity phenomena.


  • Sebastian Benthall, NYU, ILI/CCS
  • Dan Ciuriak, CIGI
  • Roel Dobbe, NYU, AINow
  • Henry Farrell, GWU
  • Geneveive Fried, NYU, AI Now
  • Sabine Gless, University of Basel
  • Jake Goldenfein, Cornell Tech, DLI
  • Rachel Greenstadt, NYU Tandon
  • Tara Hairston, Kaspersky Lab
  • Ben Heath, NYU Law
  • Benedict Kingsbury, NYU Law, GGLT
  • Ron Lee, Arnold & Porter
  • Randy Milch, NYU Law, CCS
  • Sun Ping, East China University of Political Science and Law
  • Jason Schultz, NYU, AI Now
  • Katherine Strandburg, NYU Law, ILI
  • Thomas Streinz, NYU Law, GGLT
  • Mark Verstraete, NYU Law, ILI