Keywords
Polycentricity
Public-Private partnerships
Cybersecurity
Indo-Pacific
Comparative Policy Analysis
qualitative research
How to Cite
Number of views: 26
Number of downloads: 30
Abstract
Cybersecurity governance in the Indo-Pacific increasingly relies on both public–private partnerships (PPPs) and polycentric governance arrangements, yet the relationship between these two frameworks remains empirically under-examined. Policy discourse and scholarship frequently conflate PPPs with polycentricity, obscuring their distinct governance functions. This study employs comparative qualitative content analysis of national cybersecurity strategy documents from Australia, Japan, and Singapore (2015–2025), supplemented by regional and geopolitical reference documents. Using a theory-driven codebook with 22 codes across six thematic clusters, 573 text segments were systematically coded in Taguette and analyzed through within-case interpretation and cross-case comparison. The analysis demonstrates that PPPs function primarily as operational mechanisms for information sharing, incident response, and co-investment within state-led frameworks. By contrast, polycentric governance features such as overlapping jurisdictions, multistakeholder involvement, and decentralized decision-making emerge independently through international cooperation, regional initiatives, and multi-actor regulatory platforms. The three cases reveal distinct governance configurations: Japan’s technocratic polycentricity, Australia’s resilience-oriented model, and Singapore’s regionally projected governance, all positioned between U.S. multistakeholder polycentricity and China’s centralized framework. This article provides the first systematic empirical comparison disentangling PPPs from polycentric governance in Indo-Pacific cybersecurity strategies, offering a more precise analytical framework for comparative governance research.
References
Aligica, P. D. & Tarko, V. (2012). Polycentricity: From Polanyi to Ostrom, and beyond. Governance, 25(2), 237–262.
ASEAN & Government of Japan. (2024). ASEAN–Japan cybersecurity policy meeting joint statement. https://www.cyber.go.jp/eng/pdf/17thAJCPM_en.pdf
Bryman, A. (2016). Social research methods (5th ed.). Oxford University Press.
Carlisle, K. & Gruby, R. L. (2019). Polycentric systems of governance: A theoretical model for the commons. Policy Studies Journal, 47(4), 927–952.
Carr, M. (2016). Public–private partnerships in national cyber-security strategies. International Affairs, 92(1), 43–62.
Creemers, R. (2015). The pivot in Chinese cybergovernance: integrating internet control in Xi Jinping’s China. China Perspectives, 4, 5-13.
Center for Strategic and International Studies. (2013). Public-Private Partnerships for Critical Infrastructure Protection. Report, August 19. https://www.csis.org/analysis/public-private-partnerships-critical-infrastructure-protection
Cyber Security Agency of Singapore. (2021). Singapore cybersecurity strategy 2021. https://www.csa.gov.sg/resources/publications/the-singapore-cybersecurity-strategy-2021
Department of Home Affairs. (2023). Australia’s cyber security strategy 2023–2030. Australian Government. https://www.homeaffairs.gov.au/about-us/our-portfolios/cyber-security/strategy/2023-2030-australian-cyber-security-strategy
DiMaggio, P. J. & Powell, W. W. (1983). The iron cage revisited: Institutional isomorphism and collective rationality in organizational fields. American Sociological Review, 48(2), 147–160.
European Union Agency for Cybersecurity. (2020). Public–private partnerships (PPPs) in cybersecurity. https://www.enisa.europa.eu/publications/public-private-partnerships-ppp-cooperative-models
Hsieh, H.-F. & Shannon, S. E. (2005). Three approaches to qualitative content analysis. Qualitative Health Research, 15(9), 1277–1288.
Klijn, E. H. & Koppenjan, J. (2016). Governance networks in the public sector. Routledge.
Low, B. S., Ostrom, E., Simon, C. P., & Wilson, J. (2003). Redundancy and diversity: Do they influence optimal management? In F. Berkes, J. Colding & C. Folke (Eds.), Navigating social-ecological systems: Building resilience for complexity and change (pp. 83–114). Cambridge University Press.
McGinnis, M. D. & Ostrom, E. (2011). Reflections on Vincent Ostrom, public administration, and polycentricity. Public Administration Review, 72(1), 15–25.
National Center of Incident Readiness and Strategy for Cybersecurity. (2021). Cybersecurity strategy of Japan. https://www.nisc.go.jp/eng/index.html
National People’s Congress of China. (2017). Cybersecurity law of the People’s Republic of China. https://www.chinalawtranslate.com/cybersecurity-law/
Ostrom, E. (1999). Coping with tragedies of the commons. Annual Review of Political Science, 2(1), 493–535.
Ostrom, E. (2005). Understanding institutional diversity. Princeton University Press.
Ostrom, V. (1991). The meaning of American federalism: Constituting a self-governing society. ICS Press.
Ostrom, V., Tiebout, C. M., & Warren, R. (1961). The organization of government in metropolitan areas: A theoretical inquiry. American Political Science Review, 55(4), 831–842.
Przeworski, A. & Teune, H. (1970). The logic of comparative social inquiry. Wiley.
Quad Leaders. (2024). Quad cyber challenge joint statement. https://2021-2025.state.gov/2024-quad-cyber-challenge-joint-statement/
Ragin, C. C. (2014). The comparative method: Moving beyond qualitative and quantitative strategies (2nd ed.). University of California Press.
Raymond, M. & DeNardis, L. (2015). Multistakeholderism: Anatomy of an inchoate global institution. International Theory, 7(3), 572–616.
Rhodes, R. A. W. (1997). Understanding governance: Policy networks, governance, reflexivity, and accountability. Open University Press.
Schreier, M. (2012). Qualitative content analysis in practice. SAGE.
Shackelford, S. J. (2012). Toward cyberpeace: Managing cyberattacks through polycentric governance. American University Law Review, 62, 1273–1330.
Slayton, R. & Clark-Ginsberg, A. (2017). Beyond regulatory capture: Coproducing expertise for critical infrastructure protection. Regulation & Governance, 14(3), 451–467.
United States White House. (2024). National cybersecurity strategy implementation plan (Version 2). https://bidenwhitehouse.archives.gov/wp-content/uploads/2024/05/National-Cybersecurity-Strategy-Implementation-Plan-Version-2.pdf
World Economic Forum. (2023). Global cybersecurity outlook 2023. https://www.weforum.org/publications/global-cybersecurity-outlook-2023/
License
Copyright (c) 2026 Isti Marta Sukma
This work is licensed under a Creative Commons Attribution-NonCommercial 4.0 International License.
Manuscript authors are responsible for obtaining copyright permissions for any copyrighted materials included within manuscripts. The authors must provide permission letters, when appropriate, to the Society Register Editors. In addition, all published papers in Society Register are published under a Creative Commons Attribution-NonCommercial 4.0 International License. Authors retain copyright and publishing rights to their articles, granting the journal the right to distribute them under the terms of the CC BY-NC 4.0.
1.1 The Author hereby warrants that he/she is the owner of all the copyright and other intellectual property rights in the Work and that, within the scope of the present Agreement, the paper does not infringe the legal rights of another person. The owner of the copyright work also warrants that he/she is the sole and original creator thereof and that is not bound by any legal constraints in regard to the use or sale of the work.
1.2. The Publisher warrants that is the owner of the PRESSto platform for open access journals, hereinafter referred to as the PRESSto Platform.
2. The Author grants the Publisher non-exclusive and free of charge license to unlimited use worldwide over an unspecified period of time in the following areas of exploitation:
2.1. production of multiple copies of the Work produced according to the specific application of a given technology, including printing, reproduction of graphics through mechanical or electrical means (reprography) and digital technology;
2.2. marketing authorisation, loan or lease of the original or copies thereof;
2.3. public performance, public performance in the broadcast, video screening, media enhancements as well as broadcasting and rebroadcasting, made available to the public in such a way that members of the public may access the Work from a place and at a time individually chosen by them;
2.4. inclusion of the Work into a collective work (i.e. with a number of contributions);
2.5. inclusion of the Work in the electronic version to be offered on an electronic platform, or any other conceivable introduction of the Work in its electronic version to the Internet;
2.6. dissemination of electronic versions of the Work in its electronic version online, in a collective work or independently;
2.7. making the Work in the electronic version available to the public in such a way that members of the public may access the Work from a place and at a time individually chosen by them, in particular by making it accessible via the Internet, Intranet, Extranet;
2.8. making the Work available according to appropriate license pattern CC BY-NC 4.0 as well as another language version of this license or any later version published by Creative Commons.
3. The Author grants the Publisher permission to reproduce a single copy (print or download) and royalty-free use and disposal of rights to compilations of the Work and these compilations.
4. The Author grants the Publisher permission to send metadata files related to the Work, including to commercial and non-commercial journal-indexing databases.
5. The Author represents that, on the basis of the license granted in the present Agreement, the Publisher is entitled and obliged to:
5.1. allow third parties to obtain further licenses (sublicenses) to the Work and to other materials, including derivatives thereof or compilations made, based on or including the Work, whereas the provisions of such sub-licenses will be the same as with the Attribution 4.0 International (CC BY-NC 4.0) Creative Commons sub-license or another language version of this license, or any later version of this license published by Creative Commons;
5.2. make the Work available to the public in such a way that members of the public may access the Work from a place and at a time individually chosen by them, without any technological constraints;
5.3. appropriately inform members of the public to whom the Work is to be made available about sublicenses in such a way as to ensure that all parties are properly informed (appropriate informing messages).
6. Because of the royalty-free provision of services of the Author (resulting from the scope of obligations stipulated in the present Agreement), the Author shall not be entitled to any author’s fee due and payable on the part of the Publisher (no fee or royalty is payable by the Publisher to the Author).
7.1. In the case of third party claims or actions for indemnity against the Publisher owing to any infractions related to any form of infringement of intellectual property rights protection, including copyright infringements, the Author is obliged to take all possible measures necessary to protect against these claims and, when as a result of legal action, the Publisher, or any third party licensed by the Publisher to use the Work, will have to abandon using the Work in its entirety or in part or, following a court ruling in a legal challenge, to pay damages to a third party, whatever the legal basis
7.2. The Author will immediately inform the Publisher about any damage claims related to intellectual property infringements, including the author’s proprietary rights pertaining to a copyrighted work, filed against the Author. of liability, the Author is obliged to redress the damage resulting from claims made by third party, including costs and expenditures incurred in the process.
7.3. To all matters not settled herein provisions of the Polish Civil Code and the Polish Copyright and Related Rights Act shall apply.