Academic journal article Canadian Public Administration

"Man Plans, God Laughs": Canada's National Strategy for Protecting Critical Infrastructure

Academic journal article Canadian Public Administration

"Man Plans, God Laughs": Canada's National Strategy for Protecting Critical Infrastructure

Article excerpt

Most critical infrastructure (CI) in Western countries, such as telecoms, banking and power, is owned and operated by private industry. Yet a market context does not always lend itself readily to proactive risk management. Corporate executives and their shareholders--sensitive to market pressures and shrinking margins--are sometimes reluctant to spend on risk management because its benefits are often indeterminate. Typically, industries invest in minimizing the risks of operational failures that the industries are unwilling to tolerate; they accept some level of risk with the rest. If their gamble fails and they are forced to take their systems offline due to some unexpected problem, then the market can punish them accordingly. Organizations that manage CI are dealing not only with critical social and economic assets, but also assets that are increasingly interdependent. As a result, individual decisions to under-spend on risk management pose a risk for the entire infrastructure and all those who depend on it.

Given this context, Canadian governments, like many other Western governments, are looking to work more closely with the private sector in order to overcome these impediments and manage vulnerabilities. In 2009 the federal, provincial and territorial governments published the National Strategy and Action Plan for Critical Infrastructure (NS&AP), which articulates a policy framework to enable these governments and the owners and operators of critical infrastructure to collaborate on its security.

Operationalizing the strategy requires the development of sector-level for a. The government has identified ten critical sectors (see below); each will have a forum comprised of members from industry and governments. These fora are intended to allow key stakeholders to share information on CI vulnerabilities and how best to address them.

Yet progress on the NS&AP has been slow and largely ineffective. Governments' proposed plans of (trust) relationship building, collaborative risk management and information sharing are under-developed. Not only are the conditions for building trust relationships, collaboration and sensitive information exchange not present, but it is also unlikely that government truly aspires to the transparency necessary to create such a context. The success of the NS&AP will be limited by the dynamics of market competition, incompatible institutional cultures as well as legal, logistical and political constraints. The NS&AP should demonstrate a more nuanced understanding of risks and how governments on behalf of citizens can work with industry to ensure a more resilient critical infrastructure. Such an approach would state more explicitly the paradoxical relationship between trust and transparency; the important role of small-and medium-sized enterprises in CI; and the different risk management processes necessary to protect CI depending on the nature of the risks.

This article draws extensively from the social science of risk literature to examine more thoroughly the NS&AP and, in particular, the social context that will influence the governments' capacity to meet the strategic objectives stated in the plan. It will also draw on evidence accumulated from a three-year research and education program on CIP. (1) Finally, the article will suggest ways in which the governments might address some of these challenges in order to achieve a better balance between trade-offs. Before engaging in these more substantive discussions, however, this article will summarize briefly the NS&AP.

The national strategy and action plan for critical infrastructure

There are many (relatively) recent examples of CI failures which caused death and economic and social disruption in Canada. In many of these cases, the problem was exacerbated by the failure of different agencies to share information and enforce standards in a timely manner. The Maple Leaf Foods listeriosis contamination, which resulted in twenty-two deaths, included a poorly coordinated response from Maple Leaf Foods and public health agencies (Weatherill 2009). …

Search by... Author
Show... All Results Primary Sources Peer-reviewed

Oops!

An unknown error has occurred. Please click the button below to reload the page. If the problem persists, please try again in a little while.