On the third floor of The Vincent and Elinor Ostrom Workshop in Political Theory and Policy Analysis building, nestled in the corner at the end of a hallway in, sits a room, devoid of clutter and noise, with vibrantly patterned carpeting. This is where professor Scott Shackelford directs his new program, Governance of Internet and Cybersecurity.
The Ostrom workshop, founded in 1973 by Nobel Prize-winning economist Elinor Ostrom and her husband, Vincent, aims to address issues of public policy and governance through interdisciplinary research by academics and students alike.
Shackelford said the new cybersecurity program was a joint idea between him and the workshop’s director, Lee Alston. It will use resources from the Kelley School of Business, the Maurer School of Law and the School of Informatics and Computing.
“I took what’s called a bottoms-up approach to cybersecurity,” Shackelford said.
At the lower end of the cyber spectrum is hardware, Shackelford said. Following hardware to software and eventually up to national policy regarding the internet is a way to address cyber issues, according to his approach. Elinor Ostrom, who read pieces of Shackelford’s dissertation, was also concerned with a bottom-up approach.
Shackelford published a book, “Managing Cyber Attacks in International Law, Business, and Relations: In Search of Cyber Peace,” in 2014. In the book he tried to flip the paradigm of cyber warfare into an analysis of public and private sector cybersecurity and risk management. He said cyber peace does not necessarily mean the end of cyber attacks.
“It’s about building toward a more positive idea of internet,” Shackelford said.
He teaches business law and ethics, according to his faculty page from the Kelley School of Business. He spent last semester on sabbatical at the Harvard Kennedy School of Government, which he said was part of his goal of having real policy in his research.
Shackelford said he, having started as an international lawyer, is most interested in cyber law and how cyber regulation can influence risk management strategy.
He gave the example of West African countries that are experiencing an increase in internet availability. The new program would examine how this internet access in absence of regulation might lead to more cybercrime and how governments and private institutions should address it.
Shackelford said having researchers from three different schools unite toward a common goal is beneficial for his work. IU offers a master’s degree that incorporates the management aspect of the business school, the tech aspect of the School of Informatics and the School of Law’s law.
The workshop’s other research program in governance of natural resources is only a semester older than Shackelford’s program, which he said was exciting and difficult. He said the hardest part was figuring out what he wanted to do with the research in the most efficient way possible.
“There’s not a lot to go by and not a lot of precedents,” Shackelford said.
He said he hopes the program can be of value on a national and international level. A collaboration with researchers at the University of Maryland, College Park, may even result in a shared cyber research campus in Washington, D.C., and delegates he met with from Australia expressed interest in an exchange program with the University of Canberra.
The program also hopes to co-brand one of the Ostrom workshop’s weekly speaker series to be focused on cyber-related topics on a monthly basis.
Shackelford said faculty members who are interested in the program need only apply. Some graduate students engage in research through the Ostrom workshop, but Shackelford said some who are not in academia may still be interested in the program, in which case they should contact him to inquire about program-affiliate status.
He said while the Ostrom workshop is a research center and not a degree-granting program, it is not an area lacking traditional instruction.
“It’s a place where you come to think deep thoughts, not teach, but you do do a lot of teaching,” Shackelford said.