Paper - Harvard Kennedy School
Ensuring (and Insuring?) Critical Information Infrastructure Protection
Abstract
Protecting infrastructure from calamity has always been important for industry, government, and society. Yet with more activities dependent on computer networks — from banking and aviation to emergency services — the reliability and security of information and communication systems against disasters, both natural and man-made, are in doubt. The question of protection is difficult because the majority of critical information infrastructure is privately-owned, interlinked with other firms, and crosses international borders. Evidence suggests there are currently insufficient incentives for protection to be adequately implemented. Companies internalize the costs and hope for the best; governments are loath to regulate lest they do it badly. Indeed, without really knowing the risk profile, it is not even clear what constitutes adequate protection in the first place. And, as always, it poses the question: who should pay? To understand the obstacles for protecting critical information infrastructure and to consider solutions, over 25 experts from industry, government, and academia met for the fifth annual Conference on Information Law and Policy for the Information Economy, organized by Professors Lewis M. Branscomb and Viktor Mayer-Schönberger of Harvard University’s John F. Kennedy School of Government, with the support of Swiss Re, from June 16–18, 2005, at the Swiss Re Center for Global Dialogue in Rueschlikon, Switzerland. The report that is meant not only as an analytical summary of the discussion, but also as a roadmap for future work. It is comprised of five sections. The first explains the problems of protecting critical information infrastructure, and the second section considers the economics of it. The third section examines different models of network security, and the fourth identifies roles for business, government, and the insurance industry. The fifth section takes a practical turn and proposes a series of next steps that the private and public sectors can take. The report concludes that global economic development may be the force that best addresses the problem. As society increasingly depends on critical information infrastructure, it is important for new forms of partnerships to develop, involving numerous stakeholders. As a first step, information-sharing requires a permissible legal framework, regarding both antitrust and liability concerns. Moreover, the introduction of insurance could provide a foundation for market-based risk analysis and cooperation among infrastructure operators. The participants of the Rueschlikon conference were largely optimistic that provided market forces could be brought to bear on the issue of critical information infrastructure protection, many of today’s challenges could be alleviated.
Want to Read More?
The full text of this publication is available via the original publication source.
For more information on this publication:
Please contact
Science, Technology, and Public Policy
For Academic Citation:
Cukier, Kenneth Neil, Viktor Mayer-Schoenberger, and Lewis M. Branscomb. “Ensuring (and Insuring?) Critical Information Infrastructure Protection.” Paper, RWP05-055, Harvard Kennedy School, October 11, 2005.
The Authors
Lewis M. Branscomb
- Director Emeritus of the Science, Technology and Public Policy Program; Aetna Public Service Professor Emeritus of Public Policy and Corporate Management
- Member of the Board, Belfer Center for Science and International Affairs
Viktor Mayer-Schoenberger
- Former Faculty Affiliate, Science, Technology, and Public Policy Program
Kenneth Neil Cukier
- Recommended
- In the Spotlight
- Most Viewed
Recommended
Analysis & Opinions
- The Hill
Funding the Removal of Huawei in Our Networks is Smart Investment
Book
- MIT Press
Beyond 9/11: Homeland Security for the Twenty-First Century
Analysis & Opinions
- Project Syndicate
After the Liberal International Order
In the Spotlight
Most Viewed
Policy Brief
- Quarterly Journal: International Security
The Future of U.S. Nuclear Policy: The Case for No First Use
Discussion Paper
- Belfer Center for Science and International Affairs, Harvard Kennedy School
Why the United States Should Spread Democracy
Abstract
Protecting infrastructure from calamity has always been important for industry, government, and society. Yet with more activities dependent on computer networks — from banking and aviation to emergency services — the reliability and security of information and communication systems against disasters, both natural and man-made, are in doubt. The question of protection is difficult because the majority of critical information infrastructure is privately-owned, interlinked with other firms, and crosses international borders. Evidence suggests there are currently insufficient incentives for protection to be adequately implemented. Companies internalize the costs and hope for the best; governments are loath to regulate lest they do it badly. Indeed, without really knowing the risk profile, it is not even clear what constitutes adequate protection in the first place. And, as always, it poses the question: who should pay? To understand the obstacles for protecting critical information infrastructure and to consider solutions, over 25 experts from industry, government, and academia met for the fifth annual Conference on Information Law and Policy for the Information Economy, organized by Professors Lewis M. Branscomb and Viktor Mayer-Schönberger of Harvard University’s John F. Kennedy School of Government, with the support of Swiss Re, from June 16–18, 2005, at the Swiss Re Center for Global Dialogue in Rueschlikon, Switzerland. The report that is meant not only as an analytical summary of the discussion, but also as a roadmap for future work. It is comprised of five sections. The first explains the problems of protecting critical information infrastructure, and the second section considers the economics of it. The third section examines different models of network security, and the fourth identifies roles for business, government, and the insurance industry. The fifth section takes a practical turn and proposes a series of next steps that the private and public sectors can take. The report concludes that global economic development may be the force that best addresses the problem. As society increasingly depends on critical information infrastructure, it is important for new forms of partnerships to develop, involving numerous stakeholders. As a first step, information-sharing requires a permissible legal framework, regarding both antitrust and liability concerns. Moreover, the introduction of insurance could provide a foundation for market-based risk analysis and cooperation among infrastructure operators. The participants of the Rueschlikon conference were largely optimistic that provided market forces could be brought to bear on the issue of critical information infrastructure protection, many of today’s challenges could be alleviated.
Want to Read More?
The full text of this publication is available via the original publication source.The Authors
Lewis M. Branscomb
- Director Emeritus of the Science, Technology and Public Policy Program; Aetna Public Service Professor Emeritus of Public Policy and Corporate Management
- Member of the Board, Belfer Center for Science and International Affairs
Viktor Mayer-Schoenberger
- Former Faculty Affiliate, Science, Technology, and Public Policy Program
Kenneth Neil Cukier
- Recommended
- In the Spotlight
- Most Viewed
Recommended
Analysis & Opinions - The Hill
Funding the Removal of Huawei in Our Networks is Smart Investment
Book - MIT Press
Beyond 9/11: Homeland Security for the Twenty-First Century
Analysis & Opinions - Project Syndicate
After the Liberal International Order
In the Spotlight
Most Viewed
Policy Brief - Quarterly Journal: International Security
The Future of U.S. Nuclear Policy: The Case for No First Use
Discussion Paper - Belfer Center for Science and International Affairs, Harvard Kennedy School
Why the United States Should Spread Democracy
