I recently received a pair of reports on critical infrastructure protection in the mail, and have now had a chance to read them. Both are written by Kenneth Cukier, reporter for The Economist. They are well-written, thought-provoking, balanced, and blessedly brief. They summarize a roundtable and a working group convened by an organization I had not heard of before called The Rueschlikon Conference.
One is called Protecting Our Future: Shaping Public-Private Cooperation to Secure Critical Information Infrastructures. The other is Ensuring (and Insuring?) Critical Information Infrastructure Protection. They focus on an important question: How do we make sure that the facilities of our networked economy and society survive terrorists acts and natural disasters?
I want to come back to the ‘compliment’ I gave both papers: “balanced.” The first report finds, among other things, that we should “harness the power of the private sector” and “use market forces” to protect critical information infrastructures. It notes that Wal-Mart had 66% of its stores in the region of Hurricane Katrina back in operation 48 hours after the storm. It also notes how, with electrical lines downed by Katrina, BellSouth’s backup generators had kicked in. When fuel supplies ran low, government officials confiscated the fuel being trucked in to keep them running. Yet, for reasons I cannot discern, the report maintains that “public-private cooperation” is what’s needed rather than getting the public sector out of the way.
The second report finds that the marketplace is insufficient to protect critical infrastructure because it lacks proper incentives. It also finds that the insurance industry can create a market for security. It’s got to be one or the other. The “balance” of these reports becomes more and more just contradiction.
A telling line can be found in the second report: “[O]ne person expressed skepticism that relying on the market to solve [critical information infrastructure] security would work, since it seemed to fall too neatly into the modern ideological mantra that markets solve all problems.” In other words, a conclusion in favor of market solutions was avoided because it might further validate markets as a problem solving tool. The uncomfortable seeking after balance in these otherwise good reports may reflect an ideological preference for government involvement–despite the harm that did in the case of Hurricane Katrina.
It is insufficient, of course, to identify ideological bias (or anti-ideological bias?) in the reports. I did find them useful and interesting, and they inspired a few thoughts that I think deserve more exploration: 1) Anti-trust law thwarts communication among companies responsible for infrastructure protection. Rather than convening so many government work-groups, the root of the problem in anti-trust law should be addressed. 2) Government secrecy is one of the things undoubtedly keeping the insurance industry from having the confidence to insure against terrorism risk. Thus, it does not promulgate better terror-security practices among its insureds, and a valuable tool in the struggle against terrorism lies on the shop floor. Rather than subsidies, the government should give the insurance industry information. 3) People interested in these issues should attend or watch Cato’s upcoming forum on John Mueller’s book Overblown: How Politicians and the Terrorism Industry Inflate National Security Threats, and Why We Believe Them.
The Technology Liberation Front is the tech policy blog dedicated to keeping politicians' hands off the 'net and everything else related to technology.