Cybersecurity Risk Governance in Public Administration

The focus of this research project is the study of cybersecurity applied to public actors (State and Public Administrations). It aims to theorise a cybersecurity risk governance model that complements the model currently adopted in the European Union and Italian legal order. However, the currently used public cybersecurity model, which is based on the logic of public control over the activities of private technology provider companies, has critical issues that are partly related to the typical characteristics of the technology market and the bureaucratic organisation of the Public Administration, as well as to additional factors (e.g. information asymmetry, lock-in effect). Critical issues capable of damaging the digital networks and infrastructures used by the State in the exercise of administrative functions and in the provision of public services, adversely affecting the protection of rights and the pursuit of the public interest. By means of an interdisciplinary study and perspective of analysis, which synergistically combines the knowledge and expertise of law (administrative, comparative private law and the informatics of law), corporate organisation, and computer science - both theoretically and practically - the need arises to develop a theoretical model that, complementing the current one, can minimise the risks of cyber-attacks and cyber-incidents by protecting the digital infrastructures and networks used by public actors to protect rights and pursue the public interest.