Chapter

Conclusions and Implications for Practice and Future Studies on Public–Private Partnerships

Authors:
To read the full-text of this research, you can request a copy directly from the authors.

Abstract

Drawing on key elements of the study findings, this chapter includes the implications that expand on the interpretations of the findings by providing thematic alignment and comparison with the previous literature on this topic. The analysis of the collected data rendered 12 major themes. The resulting data of this qualitative study included various direct quotes from the interviews with private security professionals working for Canadian financial institutions. This analysis illustrated the perceptions of these security professionals regarding the phenomenon under study and it provides more information about why information sharing between PPPs actors is not optimal. This chapter also contains recommendations to decision-makers about what should be done to improve information sharing between security actors to reduce the impacts of cyber-threats on financial institutions. It offers key features for future public–private partnerships, strategic recommendations for practice as well as recommendations for future research for each of the 12 themes identified adding insight and knowledge to the field of study. It explores how financial institutions should manage cybersecurity and public–private partnerships in the future to improve its security posture and to protect its critical assets. In the future, the evidence-based cybersecurity approach should be used in order to measure the efficiency of cybersecurity public–private partnerships as well as the strategies that are employed to reduce the impacts of cyber-threats against financial institutions and its ecosystem.

No full-text available

Request Full-text Paper PDF

To read the full-text of this research,
you can request a copy directly from the authors.

ResearchGate has not been able to resolve any citations for this publication.
Article
Full-text available
While governments develop formal and informal structures or 'networks' to promote collaboration between governmental departments and agencies, there remains uncertainty on how to set up and develop cyber security networks. The latter is demonstrated when taking recent developments in the field of cyber security in Belgium into consideration. The 2012 decision to create the Belgian cyber security centre seems to entail a move towards a 'Weberian' hierarchical network coordination approach rather than the development of a cyber security network organisation. This article claims that - as the threats of cyber are becoming more complex - there is a growing need for governmental agencies to expand horizontal coordination mechanisms. From this follows, the growing demand for criminological research into the managerial aspects of cyber security networks. Generating knowledge on how to manage networks is required as the latter is not only decisive for the effectiveness and efficiency of cyber security networks but also contributes to the overall network cyber security governance.
Article
Full-text available
Purpose The purpose of this paper is to adopt an organisational network perspective to examine the structural properties underpinning the design and governance of multi-agency fusion centres and related environments, focussing particularly on how they are formed and internally managed. Design/methodology/approach The authors conducted several focus groups and follow-up interviews with executive and operational members of Australia’s principal fusion centres and related environments. Findings The authors argue that in order to understand the internal dynamics of fusion centres, and the ways in which they form and function, the analysis of interrelationships between partners and potential partners is critical. The authors have demonstrated that a network model can assist in this type of analysis. For example, hub-and-spoke network structures appear to be a particularly effective solution to the centralisation-density trade-off for such inter-agency networks. Originality/value The authors use a novel approach that combines a goal-oriented network framework with the existing literature on fusion centres to synthesise key features of the network structure of fusion centres and associated processes of information sharing.
Conference Paper
Full-text available
The success and failure of modern financial risk management in many instances are associated with understanding and managing extreme risk events. Risks can occur in either tails of probability distribution but the downside risk is what mainly focussed in risk management. To forward the measurement and theory advancing this practice, Diebold et al (2010) skilfully conceptualised the downside risks into Known (K), the unknown (u) and the Unknowable (U) risk categories based on the empirical and methodological knowledge. This research paper takes the form of a narrative synthesis applying a literature review approach to better understand this conceptual framework and the application to property risk management. Whilst existing literature on property risk management focusses extensively on Known risk, the gradual evolution of social, technical and ecological events has thrown up sudden, unexpected shocks that result in a possibility of regression from the K to u risk category. As a proactive outlook, decision maker's imperative for KuU risks is contradictory among different scholars which ranged from risk assessment to antifragility. The increased frequency and magnitude of these risks form part of this research paper and provide property professionals with valuable information to make major corporate property decisions.
Article
Full-text available
The governance of cyber-security risks is seen as increasingly important to the security of the nation. However, cyber-security risks are characterized by a fundamental uncertainty, which poses a great challenge to their governance and calls for new modes of organizing security politics. Public–private partnerships (PPPs) are often seen as the answer to this challenge by enhancing flexibility and robustness through knowledge-sharing. Engaging with the literature on PPPs and the Danish practice on cyber security, we show how PPPs involve controversies over different threat realities of cyber security. This plays out as controversies over what is considered threatened, the scope of the issue and the kind of expertise to be mobilized. Arguing that PPPs on security are not defined narrowly by short-sighted strategic self-interest but also loyalty and commitment, we suggest that the innovative potential of such PPPs lie not in a possible consensus on a common purpose and threat reality, but in the ability to embrace divergent definitions and approaches to cyber security. Acknowledging the corporate interests and loyalty, we suggest a move towards the notion of partnering through dissent.
Article
Full-text available
Security network research has grown considerably in the last decade as it has been increasingly recognised that security is pursued through networks of public, private and hybrid actors or nodes. This research deals with local, institutional, international and virtual security networks and includes techniques such as social network analysis and approaches more familiar to organisational theory and management. However, much of the security network research employs the network concept as a metaphor to suggest a relationship between a set of security nodes, without examining the structural pattern of these relationships or the underlying properties of security networks. Different uses of the network concept have led to confusion about the application of network theory across the security field. This article attempts to address these issues by clarifying the fundamental concepts of a network perspective and revisiting existing typologies of security networks. We review research on the use of network perspectives across the security field, evaluate theoretical and empirical trends, and give directions for future research. We examine the geographical properties of security networks operating at the subnational, national and transnational levels and put forward four types of networks that have the potential to improve security network research: information exchange networks, knowledge generating networks, problem-solving networks and coordination networks. The article concludes by highlighting the importance of networks for understanding and promoting the governance of security.
Article
Full-text available
Networks are increasing in number and in importance across the security field as a means of providing inter-agency coordination. Based on a large qualitative study of networks in the field of national security in Australia, this article aims to advance our knowledge of the internal properties of public sector networks in the field of national security and the conditions shaping their performance. It puts forward a multi-level theoretical framework involving five interdependent levels of analysis—structural, cultural, policy, technological, and relational—which aims to account for the internal properties of networks and examines each of these levels in relation to public sector networks in the field of national security. Using detailed interviews with senior members of security, law enforcement, and intelligence agencies, the article aims to highlight the potential lessons this framework has for strategically organizing and managing dynamic networks within and beyond the field of national security.
Chapter
Full-text available
The growing body of knowledge on the structure of terrorist networks, their flexibility to adapt to very hostile environments and their resilience in the face of law enforcement disruption, has spawned the idea that “it takes a network to fight a network”. A number of counter-terrorism strategies have resulted from this new philosophy, which attempt to leverage the network paradigm in order to improve the responsiveness and effectiveness of security bureaucracies. However, this chapter argues that some of the risks (or costs) inherent to the adoption of this nodal approach have been underestimated – or plainly ignored, despite their serious implications on the democratic governance of security. Three crucial dilemmas (the trust, information and legality dilemmas) faced by counter-terrorism networks will help explain why adversarial isomorphism should be considered with great caution and why bureaucracies should not be discarded from the counter-terrorism toolbox.
Technical Report
Full-text available
The EP3R (European Public-Private Partnership for Resilience) was established in 2009 and was the very first attempt at Pan-European level to use a Public-Private Partnership (PPP) to address cross-border Security and Resilience concerns in the Telecom Sector. The EP3R participants initiated many discussions, saw a lot of commitment, and produced interesting conclusions. It also revealed some further needs in the security and resilient field and also some gaps to be filled in order to reach a higher maturity level of the Telecom Sector. The EP3R closed down in April 2013, after 4 years of existence and practically 3 years of operations. The impact of the very first European Public -Private Partnership for Resilience had to be assessed and lessons had to be drawn for future similar initiatives and other funded actions for improving European resilience.
Article
Full-text available
This paper puts forward a multi-level model, based on system dynamics methodology, to understand the impact of cyber crime on the financial sector. Consistent with recent findings, our results show that strong dynamic relationships, amongst tangible and intangible factors, affect cyber crime cost and occur at different levels of society and value network. Specifically, shifts in financial companies’ strategic priorities, having the protection of customer trust and loyalty as a key objective, together with considerations related to market positioning vis-à-vis competitors are important factors in determining the cost of cyber crime. Most of these costs are not driven by the number of cyber crime incidents experienced by financial companies but rather by the way financial companies choose to go about in protecting their business interests and market positioning in the presence of cyber crime. Financial companies’ strategic behaviour as response to cyber crime, especially in regard to over-spending on defence measures and chronic under-reporting, has also an important consequence at overall sector and society levels, potentially driving the cost of cyber crime even further upwards. Unwanted consequences, such as weak policing, weak international frameworks for tackling cyber attacks and increases in the jurisdictional arbitrage opportunities for cyber criminals can all increase the cost of cyber crime, while inhibiting integrated and effective measures to address the problem.
Article
Full-text available
Based on a case study of the role of private financial institutions in the fight against terrorist financing, this article examines the rationales for, and actual results of, public-private partnerships in counterterrorism. It shows that there is still a lack of appreciation of the roles that regular private business play, both willingly and unwillingly, in the fight against terrorism. As profit, rather than security, maximizers, private sector actors may decide to take certain security risks rather than addressing them directly, which in contrast is expected from public agencies. As a consequence, public-private partnerships have not been the silver bullet that the representatives of public agencies had hoped for since 9/11. In fact, to many private sector representatives, they are more akin to public-private dictatorships.
Article
Full-text available
Using the literature on the networked society as a starting point, this article argues that security can also be conceptualized as being produced by various networks of actors—public and private. This approach eschews the usual debate between those who defend the pre‐eminence of the state (general interest) and those in favour of a plural mode of security production (market‐oriented) to focus instead on the shared complex morphology that characterizes security assemblages in the present era: networks. Security networks are found in both Anglo‐Saxon and Continental societies at the local, institutional, international and informational levels. In order to overcome the descriptive tendency of network approaches, a dynamic framework based on the capital metaphor shows how each actor of a security network mobilizes distinct forms of resources in order to maximize its position in the network. This framework can be applied to chart the emergence and transformation of security networks and the strategies deployed by their nodes.
Article
Full-text available
Cyber security is a complex issue that requires a smart, balanced approach to public-private partnership. However, there is not a simple gold standard or mandatory minimum standard of cyber security, which can cause friction in the relationship between government and private industry. There are fundamental differences in these two unevenly yoked partners: government's fundamental role under the U.S. Constitution is to provide for the common defense; industry's role, backed by nearly a hun-dred years of case law, is to maximize shareholder value. Further differ-ences are that government partners and industry players often assess risk differently, based on their differing missions and objectives. To be suc-cessful, both government and industry need to remain committed to the relationship and continue working on it by understanding the complexity of the situation, adapting where appropriate to their partner's perspec-tive. For the public-private partnership to endure and grow, an apprecia-tion of these differing perspectives—born from different legally mandated responsibilities—must be reached. Ultimately, the government should compensate private entities for making investments that align with the government's perspective, such as the social contract, rather than man-dating that the shareholders subsidize the government function of provid-ing for the common defense.
Book
Contemporary Security Studies provides an introduction to Security Studies. It features a wide breadth and depth of coverage of the different theoretical approaches to the study of security and the ever-evolving range of issues that dominate the security agenda in the twenty-first century. In addition to covering a large range of topical security issues, from terrorism and inter-state armed conflict to cyber-security, health, and transnational crime, the fourth edition features a new chapter on postcolonialism and expanded coverage of Critical Security Studies. Throughout, readers are encouraged to question their own preconceptions and assumptions, and to use their own judgement to critically evaluate key approaches and ideas. To help them achieve this, each chapter is punctuated with helpful learning features including ‘key ideas’, ‘think points’ and case studies, demonstrating the real world applications and implications of the theory.
Chapter
Can computing environments deter system trespassers and increase intruders’ likelihood to cover their tracks during the progression of a system trespassing event? To generate sufficient empirical evidence to answer this question, we designed a series of randomized field trials using a large set of target computers built for the sole purpose of being infiltrated. We configured these computers to present varying levels of ambiguity regarding the presence of surveillance in the system, and investigated how this ambiguity influenced system trespassers’ likelihood to issue clean tracks commands. Findings indicate that the presence of unambiguous signs of surveillance increases the probability of clean tracks commands being entered on the system. Nevertheless, even when given clear signs of detection, we find that intruders are less likely to use clean tracks commands in the absence of subsequent presentations of sanction threats. These results indicate that the implementation of deterring policies and tools in cyber space could nudge system trespassers to exhibit more cautiousness during their engagement in system trespassing events. Our findings also emphasize the relevance of social-science models in guiding cyber security experts’ continuing efforts to predict and respond to system trespassers’ illegitimate online activities.
Book
Organizations have always been a target of cybercrime. Hands-On Cybersecurity for Finance teaches you how to successfully defend your system against common cyber threats, making sure your financial services are a step ahead in terms of security. The book begins by providing an overall description of cybersecurity, guiding you through some of the most important services and technologies currently at risk from cyber threats. Once you have familiarized yourself with the topic, you will explore specific technologies and threats based on case studies and real-life scenarios. As you progress through the chapters, you will discover vulnerabilities and bugs (including the human risk factor), gaining an expert-level view of the most recent threats. You'll then explore information on how you can achieve data and infrastructure protection. In the concluding chapters, you will cover recent and significant updates to procedures and configurations, accompanied by important details related to cybersecurity research and development in IT-based financial services. By the end of the book, you will have gained a basic understanding of the future of information security and will be able to protect financial services and their related infrastructures.
Article
I. Introduction II. Governance: The New Frontier of Information Assurance III. State Cybersecurity Governance Extends Beyond the Network IV. Centralizing Security Governance to Defend State Networks V. Governance Beyond Network Defense ... A. Disruption Response ... B. Law Enforcement ... C. Cybersecurity Centers VI. Conclusion Appendix: States and Indicators
Article
Existing organizational cultures among agencies in the intelligence community serve as barriers to information sharing. These cultures are characterized by secrecy and limited disclosure of information. Their practices of limited information distribution and existing extensive compartmentalization of information serve as impediments to information exchange between agencies in the intelligence community. To remedy this, changes in the organizational cultures of agencies in the intelligence community are required.Without a change in organizational culture, the culture of information sharing envisioned by the reforms that have occurred in the intelligence community post-9/11 will not be realized.
Article
Research Summary The results of previous research indicate that the presentation of deterring situational stimuli in an attacked computing environment shapes system trespassers’ avoiding online behaviors during the progression of a system trespassing event. Nevertheless, none of these studies comprised an investigation of whether the effect of deterring cues influence system trespassers’ activities on the system. Moreover, no prior research has been aimed at exploring whether the effect of deterring cues is consistent across different types of system trespassers. We examine whether the effect of situational deterring cues in an attacked computer system influenced the likelihood of system trespassers engaging in active online behaviors on an attacked system, and whether this effect varies based on different levels of administrative privileges taken by system trespassers. By using data from a randomized experiment, we find that a situational deterring cue reduced the probability of system trespassers with fewer privileges on the attacked computer system (nonadministrative users) to enter activity commands. In contrast, the presence of these cues in the attacked system did not affect the probability of system trespassers with the highest level of privileges (administrative users) to enter these commands. Policy Implications In developing policies to curtail malicious online behavior committed by system trespassers, a “one‐policy‐fits‐all” approach is often employed by information technology (IT) teams to protect their organizations. Our results suggest that although the use of a warning banner is effective in reducing the amount of harmful commands entered into a computer system by nonadministrative users, such a policy is ineffective in deterring trespassers who take over a network with administrative privileges. Accordingly, it is important to recognize that the effectiveness of deterring stimuli in cyberspace is largely dependent on the level of administrative privileges taken by the system trespasser when breaking into the system. These findings present the need for the development and implementation of flexible policies in deterring system trespassers.
Article
This article reports on preliminary findings and recommendations of a cross-discipline project to accelerate international business-to-business automated sharing of cyber-threat intelligence, particularly IP addresses. The article outlines the project and its objectives and the importance of determining whether IP addresses can be lawfully shared as cyber threat intelligence. The goal of the project is to enhance cyber-threat intelligence sharing throughout the cyber ecosystem. The findings and recommendations from this project enable businesses to navigate the international legal environment and develop their policy and procedures to enable timely, effective and legal sharing of cyber-threat information. The project is the first of its kind in the world. It is unique in both focus and scope. Unlike the cyber-threat information sharing reviews and initiatives being developed at country and regional levels, the focus of this project and this article is on business-to-business sharing. The scope of this project in terms of the 34 jurisdictions reviewed as to their data protection requirements is more comprehensive than any similar study to date. This article focuses on the sharing of IP addresses as cyber threat intelligence in the context of the new European Union (EU) data protection initiatives agreed in December 2015 and formally adopted by the European Council and Parliament in April 2016. The new EU General Data Protection Regulation (GDPR) applies to EU member countries, a major focus of the international cyber threat sharing project. The research also reveals that EU data protection requirements, particularly the currently applicable law of the Data Protection Directive 95/46/EC (1995 Directive) (the rules of which the GDPR will replace in practice in 2018), generally form the basis of current data protection requirements in countries outside Europe. It is expected that this influence will continue and that the GDPR will shape the development of data protection internationally. In this article, the authors examine whether static and dynamic IP addresses are “personal data” as defined in the GDPR and its predecessor the 1995 Directive that is currently the model for data protection in many jurisdictions outside Europe. The authors then consider whether sharing of that data by a business without the consent of the data subject, can be justified in the public interest so as to override individual rights under Articles 7 and 8(1) of the Charter of Fundamental Rights of the European Union, which underpin EU data protection. The analysis shows that the sharing of cyber threat intelligence is in the public interest so as to override the rights of a data subject, as long as it is carried out in ways that are strictly necessary in order to achieve security objectives. The article concludes by summarizing the project findings to date, and how they inform international sharing of cyber-threat intelligence within the private sector.
Chapter
This chapter describes the fight against cybercrime from a European perspective. Law enforcement agencies always have had an important role when it comes to fighting crime. However, in this digital era, several problems hamper the effectiveness of the police combating crime. Therefore, the first part of this chapter describes the difficulties the police have in fighting cybercrime. The second part of the chapter focuses on one of the strategies to overcome some of these difficulties, namely forming alliances with private institutes. This joint-up approach is mostly realized by public–private partnerships (PPPs), consisting of formalized cooperation between governmental authorities and important stakeholders. Cooperation between governmental and private actors is no sinecure, as will appear from a public administration perspective. Successful cooperation depends on several factors, which will be theoretically described and practically illustrated. Conclusively, the discussion paragraph handles the common dilemma of the extent to which the government should play a leading role in the fight against (cyber) crime.
Article
Much of contemporary analysis treats the public and private sectors as two rather separate and fundamentally different realms. Many see one of the two sectors as inherently virtuous and the other as corrupt. The paper shows, in considerable detail, that the two sectors are deeply intertwined. It follows that we need a rather different framework to study state and society.
Article
The Internet threat landscape is fundamentally changing. A major shift away from hobby hacking toward well-organized cyber crime can be observed. These attacks are typically carried out for commercial reasons in a sophisticated and targeted manner, and specifically in a way to circumvent common security measures. Additionally, networks have grown to a scale and complexity, and have reached a degree of interconnectedness, that their protection can often only be guaranteed and financed as shared efforts. Consequently, new paradigms are required for detecting contemporary attacks and mitigating their effects. Today, many attack detection tasks are performed within individual organizations, and there is little cross-organizational information sharing. However, information sharing is a crucial step to acquiring a thorough understanding of large-scale cyber-attack situations, and is therefore seen as one of the key concepts to protect future networks. Discovering covert cyber attacks and new malware, issuing early warnings, advice about how to secure networks, and selectively distribute threat intelligence data are just some of the many use cases. In this survey article we provide a structured overview about the dimensions of cyber security information sharing. First, we motivate the need in more detail and work out the requirements for an information sharing system. Second, we highlight legal aspects and efforts from standardization bodies such as ISO and the National Institute of Standards and Technology (NIST). Third, we survey implementations in terms of both organizational and technological matters. In this regard, we study the structures of Computer Emergency Response Teams (CERTs) and Computer Security Incident Response Teams (CSIRTs), and evaluate what we could learn from them in terms of applied processes, available protocols and implemented tools. We conclude with a critical review of the state of the art and highlight important considerations when building effective security information sharing platforms for the future.
Article
Despite its centrality in the national cyber security strategies of the US and the UK, the public–private partnership is a nebulous arrangement, which is especially problematic in the context of critical infrastructure protection. Privately owned and operated critical infrastructure that is regarded as a potential national security vulnerability raises questions about the allocation of responsibility and accountability in terms of cyber security. As with many aspects of cyber security, this issue is often discussed with little reference to previous scholarship that could provide conceptual scaffolding. This article draws on the extensive literature on public–private partnerships in order to assess the tensions and challenges of this arrangement in national cyber-security strategies. It finds that there is a serious disjuncture in expectations from both ‘partners’. The government regards privately owned and operated critical infrastructure as a key element of national security but is reluctant to claim a mandate to oversee network security. At the same time, the private sector is not inclined to accept responsibility or liability for national cyber security. This challenge for governments to manage national cyber security raises questions about how well equipped these states are to promote their own security in the information age. Acknowledging the flaws in the ‘partnership’ is an essential step towards addressing them.
Article
This article focuses on the information requirements of public and private stakeholders engaged in critical infrastructure protection (CIP). With its emphasis on information management rather than information sharing, the article builds on existing research suggesting that the notion of information sharing inadvertently renders cooperation more difficult as it evokes impressions of information “dominance” rather than joint information ownership. The article proposes a joint public-private information management agenda based on core issues providing actionable information to tackle immediate threats and crosscutting issues looking at the long-term issues that are relevant to understand the overall context in which critical infrastructure development occurs.
Article
The Department of Homeland Security (DHS) has used a partnership planning model of implementation to address the protection of critical infrastructure and key resources (CIKR). The partnership relies upon existing regulators and operators to secure CIKR with little ability of DHS to compel action. Instead, the Department of Homeland Security acts to define and draw attention to tasks related critical infrastructure protection. This article analyzes Government Accountability Office reports to characterize variations in success of the partnership by assessing the extent to which DHS has addressed key components of partnership planning: creating a structure that encourages collaboration, establishing trust across partners, monitoring partners’ performance, attending to differences in partners’ organizational culture, identifying and leveraging existing relationships among partners, and instilling a sense of a common mission in the partnership. The findings underscore the limitations of partnership approaches in addressing complex problems that lack strong leadership and clear policy goals.
Article
Organizations have and will continue to face threats and crisis from a number of sources. We study trust from a contingency theory framework and hypothesize that trust levels vary depending on different organizational designs. Using data from the laboratory experimentation tool ELICIT, a multiplayer simulation, we examine the effect of trust levels and organizational design on performance. We find that trust and organizational design have strong interactions and that hierarchical organizations experience performance levels well below flexible organizational structures. We offer implications for managers who are responsible for identifying and responding to threat and crises.
Article
This article discusses the findings of three field researches on the development of informal networks based on horizontal contacts, interpersonal trust and common professional identity. Specifically, it examines interaction of personnel from law enforcement and intelligence agencies involved in countering terrorism and crime that are officially assigned outside of their traditional jurisdiction. Taken together, based on the findings of the three different studies, it suggests a basis for the scalability of inter-agency networking from the local to the national and international levels. On the international level, the acceleration of communications and movement associated with globalisation leads officers to seek and share information through direct contacts with peers in other agencies to skirt formal liaison barriers. Building interpersonal trust emerges as a crucial variable in the success or failure of these efforts.
Conference Paper
This paper focuses on the information requirements of public and private stakeholders engaged in critical infrastructure protection (CIP). It starts with a process-based ap-proach to CIP that underlines the importance of CIP-related joint public-private situa-tional awareness and situational understanding. With its emphasis on information man-agement rather than information sharing, the paper builds on well-established knowledge suggesting that the notion of information sharing inadvertently renders co-operation more difficult as it evokes impressions of information “dominance” rather than joint information ownership. Thus information management should be seen as a paradigm more suitable to CIP as it can be defined broad enough for every public and private stakeholder to have a stake in it. Against this background, the paper proposes a joint public-private information management agenda that differentiates between core and crosscutting issues. Core issues deal with actionable information that is needed to tackle immediate threats. Crosscutting issues, by contrast, look at the more long-term risks that are relevant to understand the overall context in which critical infrastructure development occurs.
Article
Critical Infrastructure Protection seeks to enhance the physical and cyber-security of key public and private assets and mitigate the effects of natural disasters, industrial accidents and terrorist attacks. In 2009, several Canadian governments published the National Strategy and Action Plan for Critical Infrastructure (NS&AP), a framework for governments and the owners and operators of critical infrastructure - largely in the private sector - to collaborate on the security and increased resiliency of Canada's critical assets. Drawing on the social science risk literature, audits, and a three-year research and education project, this article argues that the strategy of relationship building, collaborative risk management and information sharing is under-developed and limited by market competition, incompatible institutional cultures, and legal, logistical and political constraints. The NS&AP should better delineate risks and identify how governments can work with industry, and acknowledge the paradox between trust and transparency, the role of small- and medium-sized enterprise, and how risk management processes can vary. © The Institute of Public Administration of Canada/L'Institut d'administration publique du Canada 2013.
Article
System trespassing by computer intruders is a growing concern among millions of Internet users. However, little research has employed criminological insights to explore the effectiveness of security means to deter unauthorized access to computer systems. Drawing on the deterrence perspective, we employ a large set of target computers built for the sole purpose of being attacked and conduct two independent experiments to investigate the influence of a warning banner on the progression, frequency, and duration of system trespassing incidents. In both experiments, the target computers (86 computers in the first experiment and 502 computers in the second) were set either to display or not to display a warning banner once intruders had successfully infiltrated the systems; 1,058 trespassing incidents were observed in the first experiment and 3,768 incidents in the second. The findings reveal that although a warning banner does not lead to an immediate termination or a reduction in the frequency of trespassing incidents, it significantly reduces their duration. Moreover, we find that the effect of a warning message on the duration of repeated trespassing incidents is attenuated in computers with a large bandwidth capacity. These findings emphasize the relevance of restrictive deterrence constructs in the study of system trespassing.
Article
Purpose The paper's aim is to demonstrate how organizations related to public security and safety can more effectively partner with private sector companies under the rubric of corporate social responsibility (CSR). Design/methodology/approach An analysis of actual cases of collaboration between such bodies and the private sector informs a suggested engagement approach. Findings A structured approach of engagement to the private sector for CSR support is possible if public safety entities understand how to effectively involve private sector organizations in their work. This includes clear tangible asks with demonstrable returns and an eye to understanding what effective CSR encompasses from an outcome perspective but also from the perspective of what drives the private sector to engage in CSR. Practical implications The paper lays out a point‐by‐point engagement strategy which could increase public‐private partnerships in the public safety arena. Social implications This paper is a clear indication of how and where public sector engagement with the private sector in areas of security are a win‐win combination and augment public security and the effectiveness of both public and private sector bodies concerned with this outcome. Originality/value This paper lays out in a clear and novel way a “how to” guide for effective engagement with the private sector to public bodies with a relatively limited experiential base for this form of engagement. It offers a means to significantly expand this form of collaboration to the benefit of society overall.
Article
For more than a decade, efforts have been underway to establish Public Private Partnerships (PPP) for Critical Infrastructure Protection (CIP). Due to issues arising in connection with their implementation, there has been increasing criticism in recent years questioning the usefulness of such PPP. However, cooperation between the state and the private corporate sector in CIP is not only useful, but inevitable. This paper will therefore sketch a new and above all broader approach to public private cooperation to help solve some of the problems that have become apparent. Based on the network approach developed by governance theory, it is argued that CIP policy should increasingly rest on self­-regulating and self­-organizing networks. Thus, the government's role would no longer consist in directing and monitoring, but of coordinating the networks and identifying instruments that can help motivate networks to meet the task of CIP.
Banks of Canada announces partnership to improve resilience in financial sector
  • Canada Bank Of
Fighting cybercrime-What happens to the law when the law cannot be enforced?
  • W Dixon
National approach to cyber intrusion; A comparison of United Kingdom and Canada
  • A Perianayagam
  • R Nesbitt
  • M Caplan
Encyclopedia of security and emergency management
  • P L Pomerleau
  • PL Pomerleau
Horizontal evaluation of Canada’s cyber security strategy
  • Canada Public Safety
Group-IB: More than 70% of Russian banks are not ready for cyberattacks
  • V Baulin
The fifth domain; Defending our country, our companies, and ourselves in the age of cyber threats
  • A R Clarke
  • K R Knake
Perceptions of trust in public-private partnerships for critical infrastructure protection-Implications for civil security, leadership, policy, and management (Order No. 10259626)
  • L P Costantini
Countering money-laundering through public-private cooperation in the Netherlands; Qualitative, explorative analysis into influences of external, structural-and-cultural conditions on perceptions and attitudes of decision-makers during network formation (Unpublished master’s thesis)
  • Den Boer
Cybersecurity partnerships: A new era of public-private collaboration
  • H J Germano