PPPS iN SECuriTy PoliCy: oPPorTuNiTiES ANd limiTATioNS

(1)

CSS Analysis in Security Policy CSS

_{ETH Zurich}

No. 111 • April 2012

PPPS iN SECuriTy PoliCy:

oPPorTuNiTiES ANd limiTATioNS

Cooperation between public and private actors has become an important instrument of

domestic security policy. Public-Private Partnerships (PPPs) take on essential tasks in protecting critical infrastructures, in cybersecurity, and in ensuring security of supply. However, difficulties in implementing such partnerships in the areas of coordination, expectation management, transparency, and ensuring coherence should not be underestimated.

Since the 1990s, the boundaries between the corporate sector and the state have become increasingly permeable. The policy of New Public management set off a wave of privatisations in a broad variety of public services. The fundamental idea underlying this reform of the public sector is to harness the private sector’s efficient production methods for the provision of public services. in this model, the authorities concentrate on political and strategic governance and leave the operative implementation to private actors. Against this background, so-called Public-Private Partnerships (PPPs) have been formed in a number of policy areas. The “PPP” label is applied to several forms of cooperation.

it is generally used for long-term cooperation between private and public actors for fulfilling a public task.

For a long time, there was little to be seen of this tendency to explore new forms of public-private cooperation when it came to security policy. Providing security is not just one of many services that the state must deliver. Because security is directly linked to the question of the monopoly on force, security policy is traditionally regarded as an exclusive domain of the state. Nevertheless, in this area, too, there is a tendency towards more cooperation between the corporate sector and the state. The most visible, but also the most

controversial example of this is the outsourcing of military tasks to private security providers, as seen in the case of the uS military.

less attention is usually given to cooperation in the field of domestic security.

However, such cooperation has become increasingly important. in many countries today, PPPs take on tasks in connection with civil protection. Examples include partnerships for Critical infrastructure Protection, prevention of cyberattacks, or ensuring security of supply.

Increasing importance within security policy

Why do states increasingly seek cooperation with the private sector even in the sensitive area of domestic security? Two factors are decisive here. First of all, the increased cooperation is the result of economic liberalisation. Privatisation of state-owned businesses means that the government no longer has direct influence on certain companies whose services are essential for the functioning of the state. This can be seen clearly in the case of the telecommunication sector, which was long subject to direct state control.

Governments were able to determine directly the security standards for the respective networks. in today’s liberalised telecommunications market, the government can only exert indirect influence by intervening with regulation, offering incentives, or seeking cooperation with operators.

Cooperation between public and private actors is becoming increasingly important in security policy.

istockphoto.com

(2)

CSS Analysis in Security Policy No. 111 • April 2012

tor in the area of cybersecurity has con- tributed to the enormous success of PPPs in this area. in almost all countries, PPPs are mentioned as important instruments for cybersecurity.

Programmes for critical infrastructure protection and for the promotion of cybersecurity are examples of newly estab- lished partnerships. The increased cooperation in the domestic sphere is also the result of an intensification of already ex- isting forms of cooperation. in the area of supply policy, for example, such collaboration has a long tradition. one of the core tasks of the state is to ensure the supply of essential goods such as foodstuffs, raw material, energy, or medicine even dur- ing times of crisis. in the sphere of supply policy – which, in the case of Switzerland, is based on the experiences made in two world wars – the state sought cooperation with the providers of such goods at an early stage. The authorities have fre- quently intervened directly in the market, for instance by requiring the creation of mandatory depots for certain goods.

Today, rather than issuing regulations, the tendency is to ensure the security of supply by means of increased cooperation. in order to comprehend the complex national and international integration of the economy and construct an efficient supply policy based on that un- derstanding, the authorities are de- pendent on cooperation with the private sector. Conversely, corporations also are interested in effective regulation. on the one hand, they wish to avoid unneces- sary market intervention, while on the other hand, they themselves rely on the resources of other companies and are therefore interested in a high security of supply.

The example of Switzerland’s National Economic Supply (NES) demonstrates how the policy of supply security – which was long dominated by the (supposed) antithesis of intervention and free-market principles – has evolved in recent years towards a collaborative partnership. The present structure of the NES is strongly shaped by the collaboration of militia staff from the corporate sector and the public administration. in total, more than 300 executives from corporations and the public sector are involved.

relevant information between the operators of critical infrastructures and the representatives of the public authorities involved.

Cooperation is usually organised by sector. This means that mainly companies and public authorities from the same economic sectors will exchange information about risks, trends, and possible protection measures. Coordination of the various sectoral partnerships is usually the task of a superordinate body that is, in turn, made up of public and corporate representatives form all sectors. This structured form of

private-public collaboration may be described as the

“flower model” (see graphic). The pro-

grammes for critical infrastructure protection in the uK, the Netherlands, in Australia, or in the uS, for instance, follow this model or similar ones.

A similar logic determines the work of partnerships for cybersecurity. in these PPPs, too, the main intention is to exchange information. The business owners inform the authorities about which inci- dents they have registered, which possible security gaps they have identified, and which countermeasures they have taken.

This allows the authorities to get a better picture as to threats and risks in the area of cybersecurity. in return, the companies are supported in incident prevention and in incident response. Because cyberspace knows no national boundaries, the authorities are in especially high demand when it comes to coordination with other countries. The strong mutual dependency between the state and the corporate sec- The second factor contributing to the

growing importance of PPPs in security policy is the complexity of the socio-economic environment. modern societies are marked by a high degree of interdepend- ence in a broad variety of sectors. For instance, if the power supply fails, this may easily result in the disruption of transportation systems, which in turn may mean that individuals are prevented from reaching their workplace, and thus certain important tasks are no longer carried out. The widespread use of information and communication technologies has even increased this interconnectedness and mutual dependence. Failures at neu- ralgic nodes can have cascading effects, the dynamics of which are very difficult to predict.

in the interest of optimising collaboration between various service businesses in case of a crisis, the authorities must know where the interfaces between the companies are. Civil protection requires integrated planning that can only be achieved with cooperative networks. one of the core tasks of civil protection, therefore, is to build partnerships in which the responsible representatives of businesses and of the authorities involved can pre- pare for potential crises.

Examples of cooperation

Cooperation between public and private actors is especially important in the protection of critical infrastructures. These are companies that ensure the availability of crucial goods or services (e.g., energy, transportation, or telecommunication).

many countries have developed compre- hensive programmes in order to organise cooperation in this area. All these efforts revolve around the exchange of security-

PPP 1:

Companies and public authorities in

the energy sector PPP 2:

Companies and public authorities in

the financial sector PPP 6:

Companies and public authorities in the communication

sector

PPP 3:

Companies and public authorities in the

transport sector PPP 4:

industry sector PPP 4:

industry sector PPP 5:

Companies and public authorities in the health

sector

Coordinating body: Public and private

delegates from all sectors

The “flower model”: PPPs in the area of critical infrastructure protection

Source: Modelled on the organisational structures of the Centre for the Protection of National Infrastructure (UK)

In a networked and dynamic environment, security cannot be

ensured via regulations.

(3)

a partnership approach in security policy is successful and remains acceptable throughout society.

PPPs in Switzerland

There are a number of examples of successful cooperation between the state and the corporate sector in Switzerland in the field of security policy. in addition to the FoNES, the critical infrastructure protection programme of the Federal office of Civil Protection (FoCP) is also based on public-private collaboration. Another notable example is the reporting and Analysis Centre for information Assur- ance, which focuses on the protection of critical information infrastructures.

These functioning partnerships between public and private actors reveal the potential of collaboration in Swiss security policy. in an international comparison, conditions in Switzerland are particularly favourable for this approach. Whereas in many other countries, the relationship between the state and the corporate sector is marked by strong mutual distrust, which often obstructs cooperation, this problem is noticeably smaller in Switzer- land due to the militia system and the country’s small geographic expanse. in fact, there are a number of cross-sectoral networks that can be used for cooperation.

The main challenge in implementing the PPP approach in Switzerland is the strongly developed federalist system.

The sharing of tasks between the federal administration, the cantons, and com- munities may cause the allocation of re- sponsibilities among public authorities to be unclear. However, collaboration with the private sector can only be successful if there is clarity regarding which actor from the public sector is the correct contact person for businesses. Therefore, implementation of PPPs requires careful to the concept of public-private collabo-

ration creates expectations that are occasionally very high. Both representatives of public bodies and the delegates of private companies are accountable to their superiors. it is sometimes difficult to gain a sympathetic hearing for the fact that concrete results may be long in coming.

Because many companies operate inter- nationally, there may be an additional challenge in convincing management of the importance of national or even local collaboration.

in addition to these practical challenges, another decisive factor is that cooperation must also respect democratic principles. Even if it is legitimate for authorities to cooperate primarily with immediately security-relevant companies, this may not lead to distortion of competition. Addi- tionally, a minimum of transparency must be ensured even in partnerships where sensitive information is exchanged.

representatives of public bodies must ensure that the PPPs do not operate out- side of democratic control mechanisms, and that they are able to report to their respective democratic oversight body on their activities.

in the implementation of a partnership approach, it is crucial that cohesion in security policy not be lost. Setting priori- ties in security policy and implementing defined policy measures remains the task of the government. PPPs can be a promis- ing instrument in this context, because cooperation is often more effective than regulation. However, collaboration requires that the government preserve its independence vis-à-vis private interests and steer and coordinate PPPs in a way that serves overarching goals of security policy. This is the only way to ensure that Their work is coordinated and structured

by the Federal office of National Eco- nomic Supply (FoNES) as the responsible staff section. The representatives of companies and the civil service work jointly on developing precautions for contingen- cies. There is a realisation that neither the market nor the state can ensure the supply of essential goods to the population on their own without mutual support.

The prevalence of PPPs in the area of critical infrastructure protection, cybersecurity, and supply policy shows how important public-private cooperation has become in security policy. it is essential to understand that Public-Private Part- nerships in the policy field of domestic security do not serve to privatise security policy-related tasks, but constitute a complement and alternative to regulative state intervention. in a strongly networked and dynamic environment, security can no longer be ensured effectively via regulations. A focus on the shared interest in a secure and calculable environment can be useful for bridging the gap between security and economic considerations that does occasionally come to the fore.

Challenges and limitations

The difficulties in implementing a partnership approach in security policy should not be underestimated. Two major challenges can be identified in practice.

First of all, the cooperation can only be a fruitful one if it is well coordinated. This involves a number

of tasks. First of all, all relevant actors must be convinced of the value of cooperation. Then, joint

goals and approaches must be agreed upon, and participants must determine who will be responsible for implementing which measures. All of these steps harbour a strong potential for conflict and must be discussed in sometimes pro- tracted processes. Therefore, actors are required who will coordinate, structure, and advance this cooperation in substan- tial terms. These actors may be drawn from either the public or the private sector. What matters is that they must have at their disposal the necessary resources for managing the partnership and be ac- knowledged as organisers of cooperation by the other partners.

The second challenge is external communication. The great potential ascribed

PPPs in practice: Exemplary activities in the sphere of cybersecurity

Incident support: The network of PPPs is used to analyse an incident (virus, hacker attack, etc.) and to define technical countermeasures. If required, public actors offer support in initiating legal measures or in coordination with foreign authorities.

Early warning: Via internal communications channels, members are swiftly informed about attacks on other members. this allows them rapidly to initiate countermeasures, if required.

Workshops: In regular meetings, members are informed by experts about new dangers and protective measures against cyberattacks. These workshops not only promote the exchange of professional information, but also help to strengthen mutual trust.

Public relations: Members are jointly engaged in educating users of internet services about potential dangers. This joint approach enhances the credibility of warnings.

Cooperation can only be fruitful if it is

well coordinated.

(4)

coordination between the various admin- istrative entities. in this respect, it may be useful if one actor is awarded a clear mandate for coordinating partnerships in a concrete field of security policy.

it would be a welcome development if the cooperative approach were taken into ac- count as far as possible in the formulation of future domestic policy. This requires clear requirements for the individual public authorities to promote and implement collaboration with the private sector. it is precisely because the instrument of PPPs has so much potential that it must be applied carefully and responsibly.

Previous issues

No. 110: The OSCE: Fighting for renewed relevance No. 109: Afghanistan: Withdrawal and a Regional Solution?

No. 108: Representing Foreign Interests: Rebirth of a Swiss Tradition?

No. 107: Nuclear Weapons in the Middle East: Here to Stay No. 106: Swiss Foreign Policy 2012: Challenges and Perspectives No. 105: Mediating Conflicts with Religious Dimensions No. 104: Fukushima and the Limits of Risk Analysis

No. 103: Crisis Mapping: A Phenomenon and Tool in Emergencies No. 102: South Africa: A Hamstrung Regional Power

No. 101: The Muslim Brotherhood in Egypt: Hurdles on the Way to Power No. 100: New Libya: Political transition and the role of the West No. 99: A Fragmented Europe in a Frail Congo

No. 98: Al-Qaida’s Uncertain Future No. 97: Pakistan after Bin Laden

No. 96: EU Foreign Policy: Still in the Making No. 95: Russia’s North Caucasus: An Arc of Insecurity

No. 94: The Middle East Conflict: Changing Context, New Opportunities No. 93: Brazil: Powering Ahead

No. 92: Clashing over Fighters: Winners and Losers No. 91: Impartial and Stuck: NATO’s Predicament in Libya No. 90: Human Security: Genesis, Debates, Trends

No. 89: Nuclear Disarmament: A Slow March on a Long Road

No. 88: Progress in Biotechnology as a Future Security Policy Challenge No. 87: EU Civilian Crisis Management: A Crisis in the Making?

No. 86: NATO and Missile Defence: Opportunities and Open Questions No. 85: NATO Summit: Forward-looking Decisions, Difficult Implementation No. 84: The African Standby Force Put to the Test

No. 83: Economic Sanctions: Silver Bullet or Harmless Dud?

No. 82: Intelligence Agencies: Adapting to New Threats

No. 81: Switzerland and the EU: Challenges and Uncertainties of Bilateralism No. 80: Privatising Security: The Limits of Military Outsourcing

No. 79: Post-Conflict Democratization: Pitfalls of External Influence No. 78: The Military Utility of Drones

No. 77: The Libyan Affair: Afterthoughts on Swiss Crisis Management No. 76: Unconventional Gas: Producer Pickle or Consumer Curse?

No. 75: To Draft or Not to Draft? Conscription Reform in the EU No. 74: Obama’s Nuclear Policy: Limited Change

No. 73: Rising India: Challenges and Constraints No. 72: UN Security Council Reform: A Gordian Knot?

No. 71: Cyberwar: Concept, Status Quo, and Limitations No. 70: Yemen: Challenges of Counterterrorism No. 69: European Energy: The ‘Solidarity’ Conundrum No. 68: Finland: Crisis Management and Territorial Defence No. 67: Swiss Military Operations Abroad: Challenges and Options No. 66: Shanghai Cooperation Organisation: An Anti-Western Alignment?

No. 65: The Crisis of the NPT

No. 64: British Defence Policy at a Crossroads: East of Suez Revisited?

No. 63: Swiss Civilian Peace Support No. 62: Risk Communication in Security Policy

No. 61: Swiss Foreign Policy 2009: Crises and Challenges

No. 60: Resilience: A Tool for Preparing and Managing Emergencies No. 59: Iran: Domestic Crisis and Options for the West

No. 58: US$147/b One Year on: Political Winners and Strategic Losers No. 57: The New Appeal of Nuclear Energy and the Dangers of Proliferation No. 56: Conflict and Cooperation in Europe’s Eastern Neighborhood No. 55: Making Waves: Piracy Floods the Horn of Africa

No. 54: Alliance of Contradictions: After NATO’s Anniversary Summit No. 53: Nuclear Disarmament: US and Russia Resume Negotiations No. 52: Strategic Foresight: Anticipation and Capacity to Act No. 51: Last Throw of the Dice? US Strategy in Afghanistan Author: manuel Suter

suter@sipo.gess.ethz.ch

responsible editor: daniel Trachsler sta@sipo.gess.ethz.ch

Translated from German:

Christopher Findlay

other CSS Analyses / mailinglist:

www.sta.ethz.ch

German and French versions:

www.ssn.ethz.ch