Lars Gjesvik, Comparing Cyber Security. Critical Infrastructure protection in Norway, the UK and Finland, May 2019
Cybersecurity and protecting critical infrastructures from digital harm are of increasing importance for governments around the globe. Tackling this issue is challenged by two distinct features of cybersecurity in Western states: Firstly, the transnational nature of digital risks and threats necessitates cooperation and engagements beyond the state, through international and regional organizations and institutions. Secondly, the considerable extent of private ownership forces states to rely on and engage with private companies, through regulation or public-private partnerships (PPP). Through a comparative analysis of the approaches taken to PPP and European cooperation for energy and telecommunication in Finland, Norway and the UK, this report examines how states engage with these issues. The greatest difference is found to lie between the two Nordic states and the UK. This is not the result of divergent national perceptions and understandings, but of the more centralized and intelligence-centred approach taken by the UK in contrast to the whole-of-society trust-based approach of the Nordic states. Both approaches entail distinct benefits and drawbacks. The major concern in the Nordic states is the lack of public resources and capacity, as well as the fragmentation of responsibility and capabilities. Realizing the importance of culture, context and history in shaping how public authorities respond to cyber-security concerns is of vital importance for enabling better policies. This report concludes by presenting a set of best practices identified in the three case countries.
Read the full publication here.