Cyberspace Meets Critical Infrastructure: Germany’s Two-Tier Governance Approach to Cyber-Physical Crisis Management

In political science literature, security challenges inherent to the process of digitalization have mainly be discussed as transboundary threats from the perspective of IR. Rather recently, the debate has been broadened by governance and public administration perspectives conceptualizing cybersecurity challenges not only as threats but also as risks (Weiss/Jankauskas 2018; Boeke 2018; Boin/Lodge 2016). Due to the increasing digitalization of the socio-technical world, the cyberspace is both an informational and a material structure (Weisss/Jankauskas 2018) creating new risks and vulnerabilities that have to be addressed by public crisis management, especially concerning the resilience of critical infrastructure. From a regulatory governance perspective, the paper will explore how the German public administrative system approaches the new risks and vulnerabilities inherent to the cyber-physical system that is characterized by a plurality of actors, crossing policy boundaries, and shared political responsibilities by federal levels.