Breaking Bad? How and Why IOs Expand Their Role in the Governance of Cybersecurity

Many international organizations (IOs) have expanded their scope and infringed on other IOs‘s turf. While the IO and global governance literature as developed research programs around the creation, design and crowdedness (aka as regime complexity) of IOs, we know much less about why and how IOs expanded their scope into others activities and to what result. We want to contribute to a better understanding of IOs’ scope expansion by looking at three IOs that are particularly relevant for the discussion about global governance in the Internet era: the ITU, the Council of Europe, and the Organization for Security Cooperation in Europe. The ITU’s expansion into the field of cybersecurity and cybercrime, for instance, has often placed it in direct competition with the Council of Europe. Initially, the primary focus of the ITU was the coordination of legal and regulatory frameworks for electronic communications and the stimulation of the markets among its membership. Over time, however, it developed a significant cybersecurity component. For instance, cybersecurity guidelines proposed under HIPSSA were subsequently used by RECs to develop model laws (i.e. ECOWAS Cybersecurity Guidelines, ECCAS model law, SADC model laws on data protection, e-transaction and cybercrime). However, the ITU’s approach to cyber capacity-building has been criticized for the lack of transparency and absence of formal intergovernmental process for the development and adoption of model laws, as well as lack of competence in the areas of criminal justice – in particular by the Council of Europe. Looking at these three specific cases, we argue that scope expansion is an expression of capable and empowered international secretariats. Scope expansion, however, is contested by those regional organizations that themselves have a competent staff that want their organization to be the focal point. Normative arguments are used to undermine each other’s standing but are actually secondary to the inter-organizational dynamics.