Public–Private Partnerships are no silver bullet: An expanded governance model for Critical Infrastructure Protection

doi:10.1016/j.ijcip.2009.08.006

International Journal of Critical Infrastructure Protection

Volume 2, Issue 4, December 2009, Pages 179-187

https://doi.org/10.1016/j.ijcip.2009.08.006 Get rights and content

Abstract

For more than a decade, efforts have been underway to establish Public–Private Partnerships (PPP) for Critical Infrastructure Protection (CIP). Due to issues arising in connection with their implementation, there has been increasing criticism in recent years questioning the usefulness of such PPP. However, cooperation between the state and the private corporate sector in CIP is not only useful, but inevitable. This paper will therefore sketch a new and above all broader approach to public–private cooperation to help solve some of the problems that have become apparent. Based on the network approach developed by governance theory, it is argued that CIP policy should increasingly rest on self-regulating and self-organizing networks. Thus, the government’s role would no longer consist in directing and monitoring, but of coordinating the networks and identifying instruments that can help motivate networks to meet the task of CIP.

Introduction

Critical infrastructure protection (CIP) is currently seen as an essential part of national security in numerous countries around the world and a broad range of political and administrative initiatives and efforts is underway in the US, in Europe, and in other parts of the world in an attempt to better secure critical infrastructures [1], [2].¹ One of the key challenges for such protection efforts arises from the privatization and deregulation of many parts of the public sector since the 1980s and the globalization processes of the 1990s, which have put a large part of the critical infrastructure in the hands of private enterprize. This creates a situation in which market forces alone are not sufficient to provide security in most of the CI ‘sectors’ [3]. At the same time, the state is incapable of providing the public good of security on its own, since an overly intrusive market intervention is not a valid option either; the same infrastructures that the state aims to protect due to national security considerations are also the foundation of the competitiveness and prosperity of a nation. Therefore, any policy for CIP must absorb the negative outcomes of liberalization, privatization, and globalization, without canceling out the positive effects.

Public–Private Partnerships (PPP), a form of cooperation between the state and the private sector, are widely seen as a panacea for this problem in the policy community—and cooperation programs that follow the PPP idea are part of all existing initiatives in the field of CIP today [1]. A large number of them is geared towards facilitating information exchange. While some of these arrangements are successful, others have scarcely generated more than joint statements of intent of the actors involved. In recent years, therefore, increasing criticism has been heard condemning the lack of efficiency in existing arrangements or even questioning the validity of the entire cooperation concept [4], [5]. However, if we take into account the origins of the PPP-idea, it comes as no big surprise that the initial high expectations have been lowered somewhat: The PPP concept was originally conceived in a completely different context, namely in the field of administrative reform and the concept of New Public Management in the 1980s. The aim of PPPs in this context was the debureaucratization of public services and the promotion of privatization. In his article “Conceptualizing the Use of Public–Private Partnerships as a Regulatory Arrangement in Critical Information Infrastructure Protection”, Dan Assaf highlights that the PPP concept was adopted rather uncritically by the US for its CIP policy at the end of the 1990s [6]. The PPPs in CIP were in line with the neoliberal conceptualization of PPPs as an instrument of outsourcing of public services from the state to private companies (in this case the owners and operators of CIs). Assaf criticizes this approach and discusses the normative problems of accountability, transparency and legitimacy of a “de facto privatization” in the field of CIP which is highly relevant for national security. He concludes that a greater role of government is needed to ensure the provision of the public good of security in CIP [6].

But for all the legitimate critique on the concept PPPs and its use in the field of CIP, we should not risk throwing the baby out with the bathwater. Clearly, cooperation between the state and private enterprize on CIP is not only sensible, but simply essential. The question is not whether Public–Private collaboration is necessary, but how it should be organized. Therefore, this article examines the following (timely) questions: What is the benefit of the PPP concept and what are the limitations as far as CIP is concerned? What other approaches are conceivably (more) suitable? And what exactly is the role of the government with regard to the collaboration with the private sector?

We will first trace the provenance of the term “PPP” and how it is embedded in a larger (economic policy) context. We then analyze the specific characteristics of PPP in the field of CIP and elicit the practical problems arising in connection with the concept. It is important to note that this article does not question the notion of cooperation in general, but only the way in which it has been organized and conceptualized so far. Specifically, we point out that direct partnerships between public and private actors do not constitute the only possible form of cooperation, but rather are one of several instruments that can be deployed for governance in the field of CIP [7]. In order to develop a new and broader understanding of public–private cooperation, we will therefore take recourse to governance theory. We argue that CIP policy should be based as far as possible on self-regulating and self-organizing networks. The potential of self-regulating networks for the provision of security of infrastructures has already been highlighted by Amitai Aviram [8]. While he is focusing on the aspect of self-regulation within these networks, we will discuss the role of the government with regard to these self-regulating networks. We argue that the government’s role no longer consists of close supervision and immediate control, but of coordinating networks and selecting instruments that can be used to motivate these networks for CIP tasks. In this, the article stays on a fairly theoretical level, though some examples are provided. We believe that the debate needs a theoretical infusion at this stage to move out of the deadlock—though more detailed studies should follow later.

Section snippets

Critical infrastructures and Public–Private Partnerships

The concept of PPP became popular during a wave of debureaucratization from the late 1970s onwards. Against the background of the global economic crisis, neoliberal critics diagnosed a crisis of the state and of the administration rather than of the market. They encouraged the public bureaucracy to hand over tasks to private actors, i.e., to privatize them, or at least to carry them out in partnership with private businesses, since this was allegedly the only way to enhance the efficiency of

An expanded governance model for CIP

Although some partnerships for information sharing seem to operate quite successfully, the PPP model is subject to narrow limitations in the context of CIP. Therefore, the question of alternative solutions arises. In concrete terms, what is required is an approach that does not reduce cooperation between the state and the private sector to direct partnership (as in the case of PPP), but also takes into account other forms of interaction. In order to develop such an approach, we take recourse to

Conclusion

We have attempted in this article to demonstrate the usefulness and limitations of PPP in the field of CIP by first offering a critical discussion of the concept and then setting it on a more solid theoretical foundation. We have shown that the PPP model was originally developed in a very different context and aimed primarily at enhancing efficiency. Nearly all of the problems that arise where PPP are formed for the purpose of CIP can be reduced to the fact that they are primarily intended to

References (49)

D. Assaf
Models of critical information infrastructure protection
International Journal of Critical Infrastructure Protection
(2008)
E. Brunner et al.
The International CIIP Handbook 2008/2009—An Inventory of Protection Policies in 25 Countries and 6 International Organizations
(2008)
R. Anderson et al.
The economics of information security
Science
(2006)
P.E. Auerswald et al.
Who will act—Integrating public and private interests to make a safer world
J.J. Andersson et al.
Public–Private Partnerships and the challenge of critical infrastructure protection
D. Assaf, Conceptualizing the use of Public–Private Partnerships as a regulatory arrangement in critical information...
A. Aviram
Network responses to network threats: The evolution into private cyber-security associations
E.S. Savas
Privatizing the Public Sector—How to Shrink Government
(1982)
D. Budäus et al.
Public Private Partnership—Konzeption und probleme eines instruments zur verwaltungsreform aus sicht der public choice theorie

S. Linder

Coming to terms with the Public–Private partnership—A grammar of multiple meanings

S. Linder et al.

Mapping the terrain of the Public–Private policy partnership

V. Kouwenhoven

Public–Private Partnership: A model for the management of Public–Private cooperation

PCCIP President’s Commission on Critical Infrastructure Protection, critical foundations, Protecting America’s...

B. Lopez

Critical infrastructure protection in the United States since 1993

W.J. Clinton, Protecting America’s Critical Infrastructures: Presidential Decision Directive 63, Washington, DC, 22 May...

W.J. Clinton, Protection Against unconventional threats to the Homeland and Americans overseas: Presidential Decision...

National Security Council, White Paper, The Clinton Administration’s policy on critical infrastructure protection:...

US general accounting office, critical infrastructure protection: Establishing effective information sharing with...

D.B. Prieto

Information sharing with the private sector: History, challenges, innovation, and prospects

S. Percy

Mercenaries: Strong norm, weak law

International Organization

(2007)

K. Campbell et al.

The economic cost of publicly announced information security breaches: Empirical evidence from the stock market

Journal of Computer Security

(2003)

H. Cavusoglu et al.

The effect of internet security breach announcements on market value: Capital market reactions for breached firms and internet security developers

International Journal of Electronic Commerce

(2004)

Cited by (141)

Transparency trade-offs in the operation of national Public Private Partnership units: The case of Ireland's National Development Finance Agency
2023, Journal of Accounting and Public Policy
Since 2002, the Irish National Development Finance Agency [NDFA] has played a leading role in the procurement of Public Private Partnership [PPP] projects in Ireland (UNECE, 2008). It has procured 9 PPP projects bundles, which are currently listed on its website, between 2002 and 2022 ¹ in addition to Primary Care, Justice, OPW and Education bundles not currently listed on its website. Ireland follows a global pattern where national or provincial PPP units, frequently organised as arm’s-length bodies, play a central role in managing the partnership-based procurement of infrastructure projects (Burger, 2009). This paper examines how the NDFA, acting as Ireland’s PPP unit, has affected the transparency and accountability of Irish PPP procurement. Our analysis indicates that the expanding role played by the NDFA has been depoliticisation and agencification. Our analysis deviates from some previous critical studies of PPP agency governance (Sześciło, 2020) in that we argue that agencification can adversely affect some aspects of PPP transparency while strengthening others, such as selection process transparency. Nonetheless, we suggest the approach to PPP procurement could harm the long-term sustainability of Irish PPP. Using the example of Ireland, our paper contributes to an understanding of the impact of such institutional arrangements on transparency and accountability of PPP procurement.
Power blackout: Citizens’ contribution to strengthen urban resilience
2023, Energy Policy
A long-lasting, large-scale power blackout has a huge impact on the infrastructure of public life, as well as on critical infrastructure including electricity and water supply. At the same time, it can be observed that the share of renewable energies, and thus the possibility of self-sufficiency, has increased enormously in recent years. This contribution focuses on the question to what extend citizens are willing to share their electricity resources in order to make their city more resilient. In reference to Ostrom's concept of club or common goods, it can be shown if and how the private good of citizen's electricity resources can be transformed into a club or even a common good. Drawing on survey data from the city of Darmstadt we investigated the willingness to share electricity and to participate in participatory formats to enhance urban resilience.
Exploring the concept of public-private partnership in building critical infrastructure resilience against unexpected events: A systematic review
2022, International Journal of Critical Infrastructure Protection
Citation Excerpt :
The PPP aspect in CIR is distinct from the traditional PPP in the engineering, architectural and construction industry. PPP in critical infrastructure resilience is more program-oriented which is not restrained by time periods but rather, it is aimed at increasing the functional performance of critical infrastructure [26]. This study argues that the objectives of PPP in CIR will be different from the objectives of traditional PPP.
This study explores the concept of public private partnership (PPP) in building critical infrastructure resilience (CIR) by looking at the attributes and objectives of the key stakeholders in PPP; government and private critical infrastructure (CI) operators. Although extant studies have been conducted on critical infrastructure resilience, the concept of PPP in CIR has not received much attention. This study conducted a systematic review on the objectives of the government and private CI operators in PPP to build CIR. A systematic methodology was used to retrieve 22 relevant publications that were subjected to content analysis to identify the objectives of PPP in CIR. 20 set of objectives were derived from the selected publications. In addition, social capital theory was used to explore the attributes of PPP in CIR. A conceptual framework was developed with the objectives and attributes of PPP in CIR. Some of the objectives included, conducting national risks assessment and vulnerability assessments, national critical infrastructure resilience plan and identifying what constitutes CI. In addition, social capital theory was used to explore the attributes of PPP in CIR. The findings outline the responsibilities of the government and private CI operators in partnership to build the resilience of critical infrastructure.
Advancing the concept of cybersecurity as a public good
2022, Simulation Modelling Practice and Theory
This paper presents an agent-based model of cybersecurity as a participatory public good. Ineffective cybersecurity measures pose serious threats and risks to the development and stability of information societies in the world. Various doctrines and thesis explore how this domain should be treated by the public and private stakeholders. One of these doctrines is cybersecurity as a public good. In this paper, we highlight divergent views about the type of cybersecurity as an economic good. Then, the paper proposes an agent-based simulation model of a repeated public goods game among a set of defenders that are in an uncertain environment with incomplete and imperfect information. In the model, defenders have a probability to choose contribution or being a free-rider, depending on their own preferences and facing with revealed preferences of other defenders. This model implements a utility maximization that applies to each individual, modeling the existence of free-riders, punishments, and interdependency of decisions under a polycentric governance structure. The results of this simulation model show that, over time, defenders update their preferences in reaction to the behavior of other defenders and the experience of cyber-attacks. They indicate a high level of contribution to the provision of cybersecurity as a public good and the effectiveness of decentralized punishment on increasing the contributions. The consistency of the pattern of our results across different empirical studies lends us some reassurance that our model behavior is in quantitative agreement with empirical macro-structures. Furthermore, implementation of a polycentric structure challenges all the relevant agents to take action, and provides more robust environment.
Exploring a Conceptual Framework of Spatial Governance for a Public-Private Partnership Response to Regional Uneven Development
2024, Journal of Urban Planning and Development
The Effect of Public–Private Partnerships on Innovation in Infrastructure Delivery
2024, Project Management Journal

View all citing articles on Scopus

View full text