Towards a Baltic Sea Region Strategy in Critical ... - Helsinki.fi

More documents

Recommendations

Info

CRITICAL INFRASTRUCTURE PROTECTION IN THE BALTIC SEA REGION Central governments bodies and policy makers involved in CIP to a large extent lack the technical expertise and the means to monitor or control CI operations.” (de Bruijne and van Eeven 2007, p. 24) Globalization, with its tendency to move private companies outside the nation state, has moreover made the situation more complex from the perspective of the government control. The fact that national CI are dependent not only on other sectors but on situation of other countries’ CI complicates the situation, because no single country is either immune to effects or able to predict outcomes if neighbours suffered from serious infrastructure disruptions (cf. Mussington 2002, p. 25, 26), and thus the issue of how to organise CIP responsibilities between public and private actors becomes even more of a challenge. Here we face the dilemma of common good. Indeed, de Bruijne and van Eeven have noticed that while PPP may seem self-evident and is celebrated by all parties, this ‘shallow consensus’ usually is broken when it becomes clear that the governments expect the private sector to make considerable investments beyond their cost-benefit calculations. As de Bruijne and van Eeven put it: “[G]overnment argues that measures are needed to protect the public interests, but it is the responsibility of the private infrastructure owners and operators to implement these measures. The private parties, in turn, predictably resist taking measures that go substantially beyond their business continuity requirements, arguing that these threaten the viability of their business model.” (de Bruijne and van Eeven 2007, p. 24) They claim that this dilemma leaves the government with only two options: to provide the necessary resources itself, funded from public budget; or to increase regulation. According to de Bruijne and van Eeven, the first option is mostly impossible, mainly for financial resource reasons but also for the reasons related to the necessary separation of public funding from private rent-seeking use. The second option, adding regulation, would force the private sector to put more resources to deal with the protection or resilience of the systems they own or operate. Egan, among others, has proposed that, because markets are at present externalizing the CI risks, state regulation should mean establishing “liability rules based on the notion that organizations should internalize the costs of the risks they produce and that by internalizing them, they will make wiser choices about the technologies they use” (Egan 2007, p. 14). However, de Bruijne and van Eeven (2007, p. 25) claim that here we would “come full circle” (from liberalisation back to state regulation). Indeed, while there might be some willingness in Europe to increase regulation in CI, in the United States this approach is traditionally been seen as unwise, presumably based on the ideological commitment to the idea that the state’s role in business should be minor. Thus, the Presidential Decision Directive concluded in 1998 as follows, for instance: “Since the targets of attacks on our critical infrastructures would likely include both facilities in the economy and those in the government, the elimination of our potential vulnerability requires a closely coordinated effort of both the public and private sector. To succeed, this partnership 36 NORDREGIO REPORT 2007:5
CHAPTER I: INTRODUCTION must be genuine, mutual and cooperative. In seeking to meet our national goal to eliminate the vulnerabilities of our critical infrastructure, therefore the U.S. government should, to the extent feasible, seek to avoid outcomes that increase government regulation or expand unfunded government mandates to the private sector.” (PDD 1998, p. 2) Indeed, the above quotation illustrates the argument of de Bruijne and van Eeven (2007, p. 25) that when governments have the two options – that of providing the necessary CIP resources themselves, or by adding state regulation – most CIP strategies propose neither. Instead, national CIP strategies are usually confined to the status quo by advocating mere awareness raising, best practice exchange, and soft ‘commitment power’ efforts with regard to private actors. In a way, the PPP in CIP is a typical dilemma in that it is worse than a mere problem, as there are no good solutions available. In these conditions, government involvement in practical CIP efforts in the private sector remains rather limited, an argument widespread in more academic debates whereas given less emphasis so in practical PPP debates. As Robinson et al. (1998) notice, the natural starting point is that private industry determines investments in protecting the infrastructure from a business perspective. However, at the same time as the vulnerabilities are increasing, it has been noticed that while market liberalisation supports policies which emphasise the importance of low prices for consumers, one ‘side effect’ has been to reduce the funds available for investment in and maintenance of key assets (IRGC 2005, p. 1-2). Indeed, security has never been a design driver for market forces in their dealing with CI (Dunn 2006, p. 29-30). However, Robinson et al. propose that the key is that in order to have a proper security strategy it is important that industry has all the information it needs to perform risk assessment. The primary focus of industry-government cooperation should therefore be to share information and techniques related to risk management assessment, the identification of weak spots, plans and technology to prevent attacks and disruptions, and plans for how to recover from them. Hurley (2000, p. 4) argues that in this cooperation the private sector’s role would be to help government authorities in risk analysis and technical issues and so help them to arrive more quickly at practical, workable solutions to real challenges. Mussington (2002, p. 31), in turn, argues that this kind of information sharing should be non-hierarchic. Decentralised, confederated response and information sharing mechanism for enhancing information assurance seems to provide a more flexible means of meeting a fast-changing threat to infrastructure vulnerability than ‘top-down’ methods of managing information assurance. However, Robinson et al. (1998) have further pointed out that in practice there are some barriers for this information sharing from the private sector side to that of the government authorities. From the private company’s point of view, collaboration may include or require passing over classified and secret materials, proprietary and competitively sensitive information, liability concerns, fear of regulation, and legal restrictions. These issues make far-reaching PPP difficult in practice. On the other hand, Hurley (2000, p. 4) sees a possibility here. The active participation of the private sector in development of CIP strategies would help in promoting general acceptance by the private sector of any regulatory approach that NORDREGIO REPORT 2007:5 37
Page 1:
Towards a Baltic Sea Region Strateg
Page 4 and 5:
Nordregio Report 2007:5 ISSN 1403-2
Page 6 and 7:
5.4 Impacts caused by terrorism, na
Page 8 and 9:
CRITICAL INFRASTRUCTURE PROTECTION
Page 11 and 12:
PREFACE PREFACE With the Commission
Page 13:
PREFACE The study includes tens of
Page 16 and 17:
Page 18 and 19:
Page 20 and 21:
Page 22 and 23:
Page 24 and 25: CRITICAL INFRASTRUCTURE PROTECTION
Page 39: CHAPTER I: INTRODUCTION CHAPTER I:
Page 95 and 96: CHAPTER II: ELECTRICITY 2 ELECTRIC
Page 97 and 98: CHAPTER II: ELECTRICITY electricity
Page 99 and 100: CHAPTER II: ELECTRICITY Recent clim
Page 101 and 102: CHAPTER II: ELECTRICITY Figure II
Page 103 and 104: CHAPTER II: ELECTRICITY possibiliti
Page 105 and 106: CHAPTER II: ELECTRICITY continental
Page 107 and 108: CHAPTER II: ELECTRICITY Indirect Im
Page 109 and 110: CHAPTER II: ELECTRICITY fire depart
Page 111 and 112: CHAPTER II: ELECTRICITY • Local c
Page 113 and 114: CHAPTER II: ELECTRICITY these, syst
Page 115 and 116: CHAPTER II: ELECTRICITY • long in
Page 117 and 118: CHAPTER II: ELECTRICITY • The net
Page 119: CHAPTER II: ELECTRICITY centres etc
Page 123 and 124: CHAPTER III: INFORMATION AND COMMUN
Page 125 and 126:
CHAPTER III: INFORMATION AND COMMUN
Page 127 and 128:
Page 129 and 130:
Page 131 and 132:
Page 133 and 134:
Page 135 and 136:
Page 137 and 138:
Page 139 and 140:
Page 141 and 142:
Page 143 and 144:
Page 145 and 146:
Page 147 and 148:
Page 149 and 150:
Page 151 and 152:
Page 153 and 154:
Page 155 and 156:
Page 157 and 158:
Page 159 and 160:
Page 161 and 162:
Page 163 and 164:
Page 165 and 166:
Page 167 and 168:
Page 169 and 170:
Page 171 and 172:
Page 173 and 174:
Page 175 and 176:
Page 177:
Page 181 and 182:
CHAPTER IV: OIL TRANSPORTATION AND
Page 183 and 184:
Page 185 and 186:
Page 187 and 188:
Page 189 and 190:
Page 191 and 192:
Page 193 and 194:
CHAPTER IV: OIL TRANSPORTATION ANDM
Page 195 and 196:
Page 197 and 198:
Page 199 and 200:
Page 201 and 202:
Page 203:
CHAPTER V: GAS CHAPTER V: GAS Sven
Page 206 and 207:
Page 208 and 209:
Page 210 and 211:
Page 212 and 213:
Page 214 and 215:
Page 216 and 217:
Page 218 and 219:
Page 220 and 221:
Page 222 and 223:
Page 225:
CHAPTER VI: WATER CHAPTER VI: WATER
Page 228 and 229:
Page 230 and 231:
Page 232 and 233:
Page 234 and 235:
Page 236 and 237:
Page 238 and 239:
Page 240 and 241:
Page 242 and 243:
Page 244 and 245:
Page 246 and 247:
Page 248 and 249:
Page 250 and 251:
Page 252 and 253:
Page 254 and 255:
Page 256 and 257:
Page 258 and 259:
Page 260 and 261:
Page 262 and 263:
Page 264 and 265:
Page 266 and 267:
Page 268 and 269:
Page 270 and 271:
Page 272 and 273:
Page 274 and 275:
Page 276:
show all

Towards a Baltic Sea Region Strategy in Critical ... - Helsinki.fi

Create successful ePaper yourself

Delete template?

Save as template?