The 21st century has so far signaled an era of wide-scale deregulation and privatization, with much of the nation’s critical infrastructures (energy, transport, finance, medicine) now in the hands of the private sector.
These critical infrastructures are constantly targeted by adversaries ranging from non-state actors such as terrorist groups, hacktivist groups, organized criminals, etc. to state actors, and due to our high degree of interconnectedness across the globe security incidents can exert cascading and crippling effects nationally, regionally and even internationally.
Part of the reason why it can be difficult to secure critical infrastructures is due to the divergence of interests between the private and public sectors. The private sector’s primary focus is corporate efficiency: in terms of security, it does what it believes is “enough”, implementing the bare minimum level of security, since its main goal is profit-making. The government, in contrast, is principally concerned with achieving social order, national security and economic prosperity for its population.
A 2010 Euro Social Survey reported that almost 70% of EU citizens find it very important that governments ensure the safety of citizens against all threats. Yet governments today do not provide close supervision of, or operational control over, these critical infrastructures that now fall within the realm of the private sector. As a result, it has been argued that the role of government as the legitimate provider of security has diminished, and that it will continue to weaken moving forward.
As I meet with different governing bodies around the world, my strong impression is that this matter is by no means straightforward for them, and that they are indeed grappling with the challenge of determining what their roles in cyber security could or should be, especially vis-a-vis the private sector.
I argue, however, that the changing global landscape should not require that the role of governments as the legitimate provider of security be diminished, on the condition they are able to understand clearly how the world has changed and is changing, and what their role(s) should be within this new environment of increasing interconnectedness.
Furthermore, I argue that, in order for governments to be successful in this new environment, their remit must transcend what their historical regulatory role has typically entailed. They now need to tackle the questions of how they can best assist the private sector to invest in security (facilitation), and how public and private sectors can together improve the current state of security (collaboration). To formulate a viable approach going forward, this is the framework through which governments must strategize, and they must be ready to draw upon analogous lessons learned from past preparedness efforts geared towards other areas of threat, such as pandemic and terrorism.
For more information and to view my presentation on Cyber Security please visit our slideshare account here.