Skip to main content

Jackson School Students Research Cybersecurity Policy for Microsoft

March 12, 2024

Over summer quarter 2022, Jackson School teaching faculty Dr. Jessica Beyer supervised two Global Research Groups of students and faculty tackling cybersecurity governance questions with a policy team at Microsoft. The first project profiled 29 countries’ cybersecurity regulatory frameworks to understand which countries have unitary, transitional, or disparate frameworks. The second project examined the landscape of standalone software regulation across 19 democratic countries and the European Union.

The teams were made up of undergraduate and graduate research fellows. The team tackling the question of regulatory frameworks included: Marquis G. Bullock, Nuqu Xiong, Yucheng Xue, Yolanda Yang, and senior researcher Yelyzaveta Ismatullayeva. The team tackling the question of standalone software regulation included: Andrew Dooley, Yiqi Huang, and Cale Fuoco as the senior researcher.

In the work on regulatory systems, the students analyzed the regulatory systems of 29 countries to identify countries with unitary, transitional, or disparate cybersecurity regulatory frameworks. Students built a dataset of these 29 countries’ regulatory systems and with dataset this identified five country cases for in depth exploration: Brazil, Chile, France, Lithuania, and Singapore. Three of these countries – France, Lithuania and Singapore – have unitary models of cybersecurity governance and two of the cases – Brazil and Chile – have disparate models with plans to transition to a unitary system. Case studies of those five countries outline cybersecurity governing agencies, regulatory frameworks, international and public/private relationships, and general system effectiveness. Effectiveness is measured as a connection between the system model and streamlined communication networks.

In the report on the regulatory landscape related to standalone software, students examined the landscape of standalone software regulation across 19 democratic countries and the European Union. Researchers found very few regulations specific to standalone software. The majority of the regulations researchers found and analyzed did not explicitly mention standalone software, but addressed software in general. Despite this, students determined that, in some cases, the regulation of software generally was being broadly applied to cover standalone software.

The Global Research Group was conceived by Professor Sara Curran as a way to leverage Jackson School faculty expertise beyond academia, accelerate students’ advanced training, and demonstrate students’ career-relevant skills. The GRG teams are comprised of faculty experts, Ph.D. and Master’s students, and advanced undergraduates who conduct research and produce reports on pressing global issues for external clients from the public or private sectors. Students gain valuable experience doing directed and applied research, while clients receive expert insights on emerging issues that affect their operations. Read more about Global Research Groups here.

The cybersecurity regulatory frameworks report is available here. (PDF)
The standalone software regulation report is available here (PDF)