Governance Mesh Approach for Cybersecurity Ecosystem

Publication Type:

Journal Article


Aljosa Pasic


Information & Security: An International Journal, Volume 53, Issue 1, p.105-130 (2022)


cybersecurity ecosystems, cybersecurity governance, cybersecurity mesh


Four EU pilot projects have been launched in 2019 (ECHO, SPARTA, CSEU, and CONCORDIA) with the focus on specific context of EU Regulation that is establishing the European Cybersecurity Competence Centre (ECCC), together with the Network of National Coordination Centers (NCCs), and Competence community (CC). These projects are continuously providing their feedback on open issues regarding the overall governance in this emerging EU cybersecurity ecosystem. We look at similar cybersecurity initiatives from the past, as well as related work. While hybrid governance model, that combines top-down and bottom-up elements seems to be the most reasonable and acceptable outcome for all communities involved, there is a further need to decompose complex model and perform precise analysis of Processes, Rules, Norms, and Actions (PRNA), linked to fundamental areas of work of this ecosystem (e.g., capacity building, incident response, R&D management etc.). This article provides an overview of several challenges that need to be addressed and presents the approach to governance we call “governance mesh.”

Last updated: Wednesday, 25 January 2023