文章基本信息

标题："Man plans, God laughs": Canada's national strategy for protecting critical infrastructure.
作者：Quigley, Kevin
期刊名称：Canadian Public Administration
印刷版ISSN：0008-4840
出版年度：2013
期号：March
出版社：Institute of Public Administration of Canada

"Man plans, God laughs": Canada's national strategy for protecting critical infrastructure.

Quigley, Kevin

Most critical infrastructure (CI) in Western countries, such as telecoms, banking and power, is owned and operated by private industry. Yet a market context does not always lend itself readily to proactive risk management. Corporate executives and their shareholders--sensitive to market pressures and shrinking margins--are sometimes reluctant to spend on risk management because its benefits are often indeterminate. Typically, industries invest in minimizing the risks of operational failures that the industries are unwilling to tolerate; they accept some level of risk with the rest. If their gamble fails and they are forced to take their systems offline due to some unexpected problem, then the market can punish them accordingly. Organizations that manage CI are dealing not only with critical social and economic assets, but also assets that are increasingly interdependent. As a result, individual decisions to under-spend on risk management pose a risk for the entire infrastructure and all those who depend on it.

Given this context, Canadian governments, like many other Western governments, are looking to work more closely with the private sector in order to overcome these impediments and manage vulnerabilities. In 2009 the federal, provincial and territorial governments published the National Strategy and Action Plan for Critical Infrastructure (NS&AP), which articulates a policy framework to enable these governments and the owners and operators of critical infrastructure to collaborate on its security.

Operationalizing the strategy requires the development of sector-level for a. The government has identified ten critical sectors (see below); each will have a forum comprised of members from industry and governments. These fora are intended to allow key stakeholders to share information on CI vulnerabilities and how best to address them.

Yet progress on the NS&AP has been slow and largely ineffective. Governments' proposed plans of (trust) relationship building, collaborative risk management and information sharing are under-developed. Not only are the conditions for building trust relationships, collaboration and sensitive information exchange not present, but it is also unlikely that government truly aspires to the transparency necessary to create such a context. The success of the NS&AP will be limited by the dynamics of market competition, incompatible institutional cultures as well as legal, logistical and political constraints. The NS&AP should demonstrate a more nuanced understanding of risks and how governments on behalf of citizens can work with industry to ensure a more resilient critical infrastructure. Such an approach would state more explicitly the paradoxical relationship between trust and transparency; the important role of small-and medium-sized enterprises in CI; and the different risk management processes necessary to protect CI depending on the nature of the risks.

This article draws extensively from the social science of risk literature to examine more thoroughly the NS&AP and, in particular, the social context that will influence the governments' capacity to meet the strategic objectives stated in the plan. It will also draw on evidence accumulated from a three-year research and education program on CIP. (1) Finally, the article will suggest ways in which the governments might address some of these challenges in order to achieve a better balance between trade-offs. Before engaging in these more substantive discussions, however, this article will summarize briefly the NS&AP.

The national strategy and action plan for critical infrastructure

There are many (relatively) recent examples of CI failures which caused death and economic and social disruption in Canada. In many of these cases, the problem was exacerbated by the failure of different agencies to share information and enforce standards in a timely manner. The Maple Leaf Foods listeriosis contamination, which resulted in twenty-two deaths, included a poorly coordinated response from Maple Leaf Foods and public health agencies (Weatherill 2009). The de la Concorde bridge collapse in Montreal, which resulted in five deaths and six injuries, included poor construction by industry and equally poor oversight from government safety inspectors (Quebec, Commission of Inquiry into the Collapse of a Portion of the de la Concorde Overpass 2007). The Walkerton E. coli water contamination, which caused seven deaths and two thousand illnesses, included poor reporting practices from water inspection services at both the municipal and provincial levels (Ontario, Ministry of the Attorney General 2002). Finally, during the 2009 HIN1 pandemic, health officials shipped an unusually large number of cadaver bags to a remote Manitoba Aboriginal reserve, which resulted in protests and disruption at a critical point in government preparations for the onset of the critical second wave of the pandemic (CBC News 2009). In all of these cases, responsibility was initially unclear, which often resulted in finger pointing, blame shifting and a poorly coordinated response.

The purpose of the NS&AP is "to build a safer, more secure and more resilient Canada" (Canada, Public Safety Canada 2009: 2, emphasis added) by encouraging more cooperation and pre-event information sharing among governments and owners and operators of CI. The term resilience is used in many fields--engineering, psychology and sociology--and typically refers to an object's, a person's, a community's or a system's capacity to recover after a shock (see, for example, Roe and Shulman 2008; Masten 2009) The NS&AP defines CI as the essential underlying systems and facilities upon

which the health, safety, security or economic well-being of Canadians, and the effective functioning of government rely. It notes: "Disruptions of this critical infrastructure could result in catastrophic loss of life, adverse economic effects, and significant harm to public confidence" (Canada, Public Safety Canada 2009: 2). It also suggests that a common strategy will provide a comprehensive and collaborative pan-Canadian approach to enhancing the resiliency of critical infrastructure. A common approach will enable partners to respond collectively to risks and target resources to the most vulnerable areas of CI.

The NS&AP has three strategic objectives:

1. build partnerships;

2. implement an all-hazards risk management approach; and

3. advance the timely sharing and protection of information among partners (Canada, Public Safety Canada 2009: 3).

To support these objectives, governments aim to develop some consistency across key sectors and propose to develop information-sharing tools and delivery mechanisms, such as secure websites. The centrepiece of the NS&AP is the creation of sector networks--one for each of the ten sectors deemed critical to the national infrastructure. Its membership will derive from relevant federal departments and agencies, provinces, territories, national associations and key members of the private and public sectors. Participation will be voluntary and largely self-funded. Importantly, individual stakeholders will be responsible for implementing a risk management approach that they believe is appropriate for their situation (Canada, Public Safety Canada 2009: 6). In addition, the NS&AP proposes a National Cross-Sector Forum with membership drawn from the sector members. Figure I depicts this arrangement.

Despite some exceptions such as energy and utilities, and transportation, the departments representing each of the ten critical infrastructure sectors have shown little progress in operationalizing their emergency management plans (Canada, Office of the Auditor General 2009). Figure 2 identifies the number of milestones reached by each sector at the time of the audit (out of a total of 37) in making their plans fully operational.

One discernible trend, other than the slow progress by all, seems to be the distinction between those sectors that have experienced large scale infrastructure failures at a transnational level and those that have not. Transportation (e.g., Air India, Swiss Air, 9/11, London Underground and Madrid bombings) and Energy/Utilities (2003 North Eastern power failure) have made the most progress. There is also considerable interdependence between Canada and the United States in these two sectors.

[FIGURE 1 OMITTED]

[FIGURE 2 OMITTED]

Building partnerships

In 2008 several Canadian governments (federal, provincial and territorial) published a draft version of the national strategy. The first strategic objective was to build trusted and sustainable partnerships (Canada, Public Safety Canada 2008, emphasis added). "Trust" and "sustainable" were removed from the strategic objective in the final version but the term "trust" appears throughout the new document. Developing trust between the public and private sectors is cited frequently in many Western governments' CIP strategies (see, for example, Australia, Attorney-General's Department 2003; for the United Kingdom, Centre for the Protection of National Infrastructure 2006; United States, Department of Homeland Security 2008). Trust increases group cohesion (Jeffcott et al. 2006). In this case, governments seek to develop trust relationships with and among CI stakeholders in the public and private sectors to facilitate, among other things, the exchange of sensitive information about vulnerabilities.

Although social scientists have given considerable attention to the problem of defining trust, a concise and universally accepted definition remains elusive. As a consequence, the term "trust" is used in a variety of distinct and not always compatible ways in organizational research (Rousseau et al. 1998; Kramer 1999). Barbalet argues that trust is often confused with consideration of legitimacy or loyalty. He suggests that trust must be understood "in terms of a) acceptance of dependency in b) the absence of information about the other's reliability in order to c) create ah outcome otherwise unavailable" (2006: 3). Kramer (1999) describes several ways to think about trust: history-based trust, which characterizes trust as something that evolves over time and is based on past experiences with individuals; category-based trust, based on membership; and roles-based trust, based on one's place or formal authority in an organization. Hardin (2006) argues that the key is trustworthiness--the context that allows trust to develop -and that its value is in making social cooperation possible and even easier. Generally, there are two broad tendencies in defining trust. Some formulations highlight the strategic and calculative dimensions of trust in organizational settings; others emphasize the relational and social context for building trust. The first tradition draws largely from economics and political science; individuals are expected to maximize expected gains or minimize expected losses from their transactions. Viewed through this lens, two elements are critical to understanding the potential for trust: 1) the knowledge that enables one person to trust another; and 2) the private incentive for the person to honour and fulfill that trust. This approach is criticized for being too narrowly cognitive; it gives too little a role to emotional and social influences (Kramer 1999).

If governments assume that this first perspective on trust is accurate, then they should seek to align their interests with those of CI owners and operators. Agranoff (2006, 2007) notes that when there is goal alignment between entities there exists a foundation on which partnerships, like the sector networks, can be built with less formal organizational structure. These relationships can be mutually beneficial. In CIP and emergency management, more generally, these benefits can include inter- organizational training and learning opportunities; identifying key organizational contacts in emergencies; and understanding the emergency management process, including who has the legal authority to make decisions and redirect scarce resources during events (McEntire and Dawson 2007). Indeed, these issues should be a good place for government and industry to start their information sharing and standard setting.

Beyond these first practical exchanges, however, one can imagine instances in which these parties' incentives may not be aligned and information sharing will be more constrained. While governments may wish to obtain information about vulnerabilities in the infrastructure in order to mitigate the risk of cascading failures, owners and operators of CI may be reluctant to disclose the vulnerabilities of their assets because of the risk to their organization's security, liability, share value and public image (Willis, Lester and Treverton 2009). There are other challenges. Governments might like industry to take a more proactive stance by adopting certain risk management practices, which industry might see as an unnecessary drain on much-needed resources, particularly in tough economic times.

The second broad approach to trust derives from relational models, which consider social orientation to other people and society as a whole. Here the focus is on social rather than merely instrumental (resource-based) motives driving trust behaviour. Most in this tradition agree that trust is a multidimensional concept that reflects an interaction of values, attitudes and other sociocultural references (Jeffcott et al. 2006). However, there is no standard definition of trust and therefore no set list of qualities that are required in order to create a setting conducive to trust building. There are, nonetheless, some trends in the literature.

Peters, Covello and McCallum (1997) identified three dimensions that people tend to look for in others to develop trust: knowledge and expertise; care and concern; and openness and honesty (cited in Eiser and White 2006). Medical doctors, for example, tend to rank highly in all three categories, which is why they tend to be highly trusted (Royal College of Physicians 2009). These concepts can be applied equally at the organizational level (Gillespie and Dietz 2009). The concept of open communication, in particular, appears repeatedly in research on developing organizational trust (Clarke and Payne 1997) and encompasses free data sharing, inclusive decision making, and collaborative work (Firth-Cozens 2004; Jeffcott et al. 2006).

Calman (2002) notes that trust comes on foot, but leaves on horseback. It is easy to lose because negative information that can diminish people's feelings of trust is more attention grabbing, more powerful and often more readily available than positive information (Eiser and White 2006). CI failures are particularly susceptible to this bias because they tend to be spectacular and generate considerable media coverage. Several broad social trends seem to be incompatible with developing trust. Public sector reform has tended towards market-driven or market-inspired solutions. While the stress on competitive and consumerist logic may conform to our first understanding of trust, it potentially undermines a core component of socially constructed trust, since the motivation of providers is declared to be self-interest in response to market signals, rather than public interest (Taylor-Gooby 2006). In a study of British railways post privatization, for instance, Jeffcott and colleagues noted that fragmentation, performance regimes, proceduralization, loss of expertise and major accidents all affect the trust relationships across industry (2006).

If governments assume the sociocultural approach to trust, none of the three conditions identified above (knowledge, care and openness) is readily achieved in CIP. To start, the complexity and interdependence of the networks arguably make knowledge claims suspect. With terrorist acts and pandemics, the absence of reliable data makes the magnitude of the risk problem uncertain (Renn 2008, and also referred to in the next section). Even care and concern might be difficult to achieve. Sato (1988) concludes that trust effects weaken as group size increases; participants feel their impact is less in larger groups, which arguably leads to a sense of helplessness or even indifference rather than one of care and concern. Finally, government also faces a trust/transparency conundrum. On the one hand, researchers note that "open communication" is a prerequisite to organizational trust. On the other hand, too much transparency might make owners and operators of CI nervous about disclosing information on vulnerabilities to government. However, government has not yet shown itself to be transparent on these issues. Ata June 2008 Conference Board of Canada CIP event, for instance, private sector representatives noted that even classified briefings to which they have been invited tend to be vague and unhelpful. There are several constraints that prevent government from sharing information, which will be explored below. Can government generate a context that is conducive to trust building if government itself cannot be transparent?

While most governments refer to trusted partnerships with industry, in many cases they may actually be referring to dependencies. Government takes risks when it aspires to be seen as a "trusted partner" in this context. CI and emergency events can result in clashes over public and private sector accountability structures (Koliba, Mills and Zia 2011; Koski 2011). Industry responds to its shareholders and is rewarded for taking successful risks. Govemment has a regulatory role to play on behalf of citizens to ensure appropriate adherence to standards. Strengthening these relationships can produce stability and collegiality among regulators and CI owners and operators, bur may also result in compromises on transparency and prevent dramatic changes, if required (Vogel 1986).

Therein lies perhaps a more serious problem: do people trust the government to regulate such firms? Polling in most Western countries suggests that trust in government is in decline. In this sense, in trying to build up trust with CI owners and operators, government might be going in the wrong direction. Rather, they should try to build up trust among citizens in government's ability to regulate CI and those responsible for it. After all, critical infrastructure is not critical for industry but society as a whole. Ironically, while citizen response is crucial to successful emergency management (Clarke 2005), the NS&AP is completely silent on citizen engagement and outward accountability.

Implementing an all-hazards risk management approach

The two schools of thought which define the debate about the safety and reliability of complex technological and social systems are known as High Reliability Organizations (HRO) and Normal Accidents. HRO literature argues that hazardous technologies can be safely controlled by complex organizations if the correct design and management techniques are followed, such as strong and persuasive leadership, and commitment and adherence to a "safety culture," including learning from mistakes, creating redundancies and increasing transparency in accountability and operational settings (LaPorte and Consolini. 1991; Weick and Roberts 1993; LaPorte 1996; Weick and Sutcliffe 2001). The Normal Accidents literature, in contrast, holds that accidents are inevitable in organizations that have social and technical interactive complexity and little slack. Normal Accidents advocates suggest that the discipline required of an HRO is unrealistic. Systems fail due to their inherent fallibility and the non-responsive nature of bureaucratic organizations. Efforts to increase accountability result in blame shifting. Indeed, safety is only one priority, which competes with many others (Sagan 1993; Vaughan 1996; Perrow 1999).

More recently, growing technical, social and organizational interdependencies have refocused the debate from the single organization to networks of organizations. Many scholars now consider resilience as the desired objective, which accepts the possibility of massive systems failures due to these complex interdependencies, and seeks proactive and reactive strategies to manage a variety of possible consequences (Clarke 2005; Boin and McConnell 2007; McCarthy 2007; Roux-Dufort 2007; Schulman and Roe 2007). Within this context, the search for security is seen as a dynamic process that balances mechanisms of control with processes of information search, exchange and feedback in a complex multi-organizational setting. It is guided by public organizations and seeks participation from private and not-for-profit organizations and informed citizens (Comfort 2002; Aviram and Tor 2004; Aviram 2005; Auerswald et al. 2006; de Bruijne and van Eten 2007; Egan 2007).

The "all-hazards" concept emphasizes that CIP is about more than responding to (possible) acts of terrorism. Indeed, natural disasters are far more common, typically require more resources during post-event reconstruction, and injure and kill more people (Caruson and MacManus 2011; see also Canada, Public Safety Canada n.d.). However, a generic all-hazards approach is inadequate: different risks have different characteristics and require different analyses, preparations and responses in the event of failure. Some risks generate more anxiety and are susceptible to provoking overreactions, such as pandemics and terrorism, while others may cost society more in financial terms but are overlooked and under-reported, such as cyber-threats. Here the NS&AP does not provide any specific guidance: it cites the usual list of hazards--floods, ice storms, terrorist attacks, blackouts, pandemics and hurricanes--but does little to group or distinguish among them meaningfully (Canada, Public Safety Canada 2009: 4).

Renn (2008) usefully distinguishes among four types of risk: simple, complex, uncertain and ambiguous. Simple risks are those involving frequent predicted events and obvious causal chains (e.g., car accidents). Complex risks are technically difficult to understand and model (e.g., interconnected infrastructures; regularly occurring natural disasters) though some data and experiential learning usually exist. For complex risks, Renn argues that we should rely heavily on experts to characterize the available evidence, increase redundancy and improve capacity to cope with failures. Lessons are fed into routine operations. The thinking here is akin to the HRO literature (LaPorte 1996; Weick and Sutcliffe 2001). There is optimism that the risks can be managed and, in any event, the benefits associated with the risk exposure are often seen to outweigh potential costs. Uncertain risks are those for which the influencing factors are known, but the likelihood of any adverse effects cannot be precisely described (e.g., terrorism, rare and unpredictable natural disasters or pandemics). If little reliable data exist, a precautionary approach should be employed (Clarke 2005), particularly when the harm is potentially catastrophic or irreversible (Sunstein 2009). Such risks require flexibility and diversity of approaches to providing mission-critical services, as well as data gathering and learning along the way. Uncertain risks draw from the Normal Accidents literature (Perrow 1999, 2007) and can be very costly to manage. The extent of uncertainty requires consultation not just with experts but with a broader group of stakeholders directly affected by realized risks. The lack of consultation with the Aboriginal community prior to the HIN1 pandemic illustrates the consequences of failing to engage particular groups in preparing for uncertain risks. Finally, ambiguous risks lead to diverse meaningful and legitimate interpretations of accepted risk assessment. Ambiguity-induced risks imply that we have data but the values of those assessing risk are in conflict; in other words, stakeholders do not necessarily agree on what the data mean or what to do. Renn argues that we should focus on engagement and conflict resolution to overcome the differences.

[FIGURE 3 OMITTED]

Cultural theory (Douglas 1992; Hood 1998) can be useful in interpreting and perhaps extending Renn's notion of ambiguous risks. These theorists see risk not as a calculable probability, but rather as a danger or threat to a value system. They suggest that different value systems generate different institutional responses to risk. Hood (1998) used the theory to explore the recurring nature of debates in public administration and the irreconcilable assumptions underpinning different views and preferences. The theory measures regulation and social integration to determine value systems and the preferred institutional arrangements flowing from them, leading to the characterization of four types: hierarchists, individualists, egalitarians, and fatalists (see Figure 3). Each type has a preferred governance arrangement, particular blind spots and vulnerabilities. This suggest that not only will the NS&AP's ten sectors each show different tendencies in preferred governance arrangements, but each will also have associated blind spots and inherent weaknesses that the government should address.

Government bureaucracies are archetypal hierarchies; Public Safety Canada's approach to CIP demonstrates such bias. Public Safety has noted that it will focus on "larger infrastructure" first (Lavoie 2008); its plans for small-and medium-sized enterprises (SMEs) are under-developed, and rest mainly on generic on-line business continuity guidance and after-the-fact financial assistance, assuming the SME in question meets the criteria. That members must develop and self-fund in-house capacity for risk management, business continuity planning, and government outreach/ liaison implies a bias towards large, bureaucratic organizations.

On the positive side, a smaller number of bigger players can be easier to organize. This could work particularly well in the finance and energy and utilities sectors, where a handful of large organizations dominate; these sectors are likely to enjoy stable and collegial relationships, which can facilitate consensus on risk management priorities for the sector (Vogel 1986). Bureaucracies are sluggish and poor at responding to emergencies (Clarke 2005; Rudner 2009). They subdivide and specialize, which constrain horizontal initiatives (Aucoin 1997; Bakvis and Juillet 2004). For example, Environment Canada has the lead for drinking water in the NS&AP, which is regulated by both federal and provincial governments. But water could just as easily be the responsibility of Natural Resources Canada (as a coolant for energy) or Transport Canada (as means of transportation). The NS&AP includes the National Cross-Sector Forum and the Federal-Provincial-Territorial CI Working Group for cross-sectoral collaboration, but it is unclear how discrepancies and disagreements about multiple uses and accountabilities will be handled. This approach also risks leaving some players behind. SMEs are critical to supply chains, particularly in manufacturing, and crucial service-delivery agents in many sectors for smaller communities. Because they frequently work on the smallest margins, SMEs are least likely to have business continuity plans or disaster insurance coverage (Boardman 2005).

Individualism is most prevalent in highly deregulated industries that are especially sensitive to competition and market dynamics, such as manufacturing. Here competition is natural; companies will choose different risk management options based on return on investment. They do not see risks in isolation: the cost of mitigating risks will be weighed against the consequences of failures, as well as opportunities to exploit risk for private gain and the costs of risk management investments. There are troubling implications. For example, manufacturers of chlorine--crucial to treating drinking water--are not obligated to provide chlorine during emergencies and shortages to water providers unless it is stated in their service contracts, and rarely is it so. This leaves smaller communities particularly vulnerable.

Individualists are motivated by private gain, not public good, so the NS&AP has little to offer. Indeed, other than potential opportunities to lobby government for preferential treatment, membership has few privileges. The plan offers no direct cash incentives to develop business continuity plans or cash investments from the government's recent infrastructure spending (Canada, Department of Finance 2009). Interactions at the sector level will be constrained by competition among many participants. While a firm may be motivated to ensure that a supply chain functions efficiently and securely, and resilience can provide a potential competitive advantage (Sheffi 2005), companies are unlikely to disclose such information to competitors. Moreover, company vulnerabilities tend to be "dirty little secrets;" industry leaders are reluctant to discuss the vulnerabilities of assets because of the risk to their organization's security, liability, share value and public image. Ata minimum, highly competitive industries will almost certainly insist on anonymized data sharing and non-disclosure agreements to preclude proactive disclosure to the public (the latter is proposed in the NS&AP).

The NS&AP also states that individual CI owners and operators will be responsible for their own systems and performances. How will governments hold these sectors to account if, for example, operators choose to deplete assets for short-term financial gains and in so doing risk operational failure, as has been suggested about CI in the United Kingdom (Feakin 2009)? At what point will governments impose necessary standards?

Governments have tended recently towards more egalitarian approaches to governance to deal with controversial policy areas. Egalitarian models include public meetings, surveys, open houses, workshops, polling, citizen's advisory committees and other forms of direct involvement with the public (International Association for Public Participation 2012). In many respects, it is a flat, leaderless approach to risk management. Indeed, this is what one sees in the NS&AP in the government-industry sector-level forum, which attempts to reconcile the rule-oriented impulses of regulators and the competitive, market-oriented tendencies of industry. Power is ostensibly shared between government and industry, but egalitarian structures tend to be inwardly accountable; they struggle with outward transparency. First, the NS&AP does not articulate how the sector networks will report on progress to outside parties. Volunteer members, paying their own way and with the responsibility for the nation's critical assets, are unlikely to join if they believe they will be embarrassed if such membership threatens their share value or reputation. Unwanted disclosures would also undermine any trust that the governments would like to establish with these groups. Second, it is unclear how the sectors will prioritize risks, agree on standards or force behavior change. Non-hierarchical groups are good at generating ideas, but bad at making and enforcing decisions. The NS&AP is silent on how differences will be resolved.

The least-studied type (Hood 1998), and perhaps the one with the most to offer on resilience, is fatalism. Fatalists suggest that plotting and planning for all hazards is an act of hubris: for fatalists, "Man plans, God laughs."

There is too much complexity and interdependence; our reporting mechanisms cannot anticipate all failures; and bureaucracies are insufficiently responsive. The almost unpredictable spread of food contamination, such as E. coli in North American spinach in 2006 and the U.K.'s BSE and Foot-and-Mouth crisis in the 1990s, exemplifies this problem.

So, somewhat paradoxically, we must plan to respond to that which we cannot anticipate. In the case of agriculture, strong local and regional networks can help: if grassroots members are strongly networked, information can be collected and disseminated to disparate members quickly as events occur. In many respects, the federal government's, Is Your Family Prepared? initiative (Canada, Public Safety Canada 2011), which recommends that people be prepared to look after themselves for up to 72 hours during an emergency, draws from this fatalist impulse - that government cannot be relied upon to respond in ah immediate, fully satisfactory manner to every emergency.

For many sectors planning for the unplanned is extremely difficult. Many government departments run emergency management drills to familiarize staff with emergency procedures for occasions when the unexpected occurs, but their success is mixed. Emergency exercises sometimes involve people from one organization or, at best, "convenient and friendly" partners. The logistics of organizing larger events can be too resource intensive, and it is not politically palatable to plan for some events (Sagan 1993). Unless there is a commitment to learning and a tolerance of some level of failure, such planned exercises are likely to test for incidents for which organizations have largely prepared. Reliable information gathering after these events can also be a problem because large government bureaucracies can easily sweep indiscretions under the rug (Hood 1998), and, as noted above, private companies are loathe to disclose vulnerabilities (Nicol 2007). Finally, regular staff turn-over makes continuity and stability in emergency management training and preparedness a challenge.

Cultural theory does not map perfectly to Renn's model: the four types (hierarchists, individualists, egalitarians and fatalists) will tend towards preferred solutions whether dealing with a simple, complex or uncertain risk. Strictly speaking, in cultural theory terms, everything is an ambiguous risk. The four types of risk to which Renn refers, however, do suggest that, when governments reach beyond their public agencies for further consultation, as they should with uncertain risks in particular, they are likely to experience clashes in values.

Helping to balance the conflicts between types will be an important and appropriate role for Public Safety Canada. Government regulators must strengthen the links among sectors lest the risks of one sector be off-loaded to another. In this sense, a governments-only forum, which the NS&AP proposes, has promise. The government should draw more from the fatalist lens and, in so doing, develop cross-sectoral networks focusing more on supply chains than on sectors. Finally, while the list of risks seems endless and daunting, Public Safety can help to group risks in a more meaningful (and perhaps less alarmist) way, and thus give stronger direction on when expert advice is adequate and when more stakeholder and citizen engagement might be required.

Advancing the timely sharing and protection of information among partners

Since 9/11, the Government of Canada has used legislative means to increase its capacity to gather security-related information. (2) The challenge, however, is not simply in getting sensitive information but in sharing it. Certain emergencies, such as pandemics, raise an immediate conflict between privacy rights and the public good. The NS&AP proposes focusing largely on government-to-government or government-to-business interactions. In addition to creating the sector fora, the Canadian government is attempting to facilitate the exchange of sensitive information among CI owners and operators through the new Emergency Management Act (EMA). The EMA includes consequential amendments to the Access to Information Act that protect specific critical infrastructure/emergency management information shared in confidence by third Earties with the federal government (Canada, Public Safety Canada 2007: 9-10). This can help to reassure private sector CI owners and operators that information deemed sensitive - either for commercial or liability reasons-will not be disclosed if shared with the federal government.

Information exchange across sectors becomes problematic because data from different sectors may be collected differently and therefore may be incompatible. Moreover, organizations require the ability to secure data; they must therefore restrict access to only those with appropriate security clearance. This requires rime and resources. There have been calls to declassify more information (Chertoff 2009), which can partly alleviate the problem but this strategy will only achieve so much.

There is also an expectations gap between the private sector and intelligence community about the utility of intelligence reports. As noted above, private sector representatives have found classified briefings to be vague. Successful information exchange has to be a two-way street: industry must be forthcoming about its vulnerabilities but government, too, must share information with industry (Willis, Lester and Treverton 2009). Until now, it has been loath to do so. This is not necessarily the government's fault. Intelligence work is rarely clear-cut, even for specialists. (3) There are often reams of data, which are only useful when analyzed and interpreted in local contexts and then placed in the broader context of national security (Willis, Lester and Treverton 2009). Much of it is informed guess-work and is therefore usually only shared with caution and caveats. Government also has to be careful not to overshare information received from other governments, lest it lose the trust of its allies. Those in the private sector who go through security clearance processes expecting clarity at the end will likely be disappointed.

There are other institutional challenges for governments. The EMA covers federal institutions only. The federal government cannot share information provided by private organizations in confidence with provincial counterparts unless the latter have similar legislation in place. Further, incentive structures in the safety and security community do not lend themselves to sharing information, even among federal agencies. If one agency incurs all of the costs of gathering information and then shares the information with another government agency, the latter could claim credit for the outcome. This is further complicated by the fact that the agencies may have different objectives. Intelligence agencies might wish to use sensitive information for building up intelligence; policing and justice departments, in contrast, might wish to use information as evidence to prosecute suspected criminals. It would be difficult to use the information for both purposes simultaneously (Baker 2010). Such competing goals potentially limit the sharing of information, as we saw with the RCMP and CSIS immediately before the Air India disaster (Canada, Commission of Inquiry into the Investigation of the Bombing of Air India Flight 182 2010).

No rational person wants to withhold information that could prevent a disaster. Bellamy and Raab (2005) note, however, that without proper guidance, a rational, risk-averse public official could "over" share sensitive information or "under" share sensitive information, depending on what issues are politically "hot." This dynamic was at work in the case of Maher Arar, a Canadian citizen of Syrian descent, who was detained in New York and deported to Syria against his will by U.S. officials acting on information partly provided by Canadian officials. In the anxious days following 9/11, the Canadian government shared information with American officials, including a complete database, without caveats, and frequently acted against RCMP policies on information sharing (Canada, Commission of Inquiry 2006: 13-14).

Sector networks do provide some value to private industry, however imperfectly. By exchanging ideas on "best practices" in their sectors, organizations can learn about what is working without having to discuss their vulnerabilities. Non-disclosure agreements and anonymized information can usefully facilitate learning opportunities. But even the exchange of information about best practices is not innocuous; organizations can be held liable if the information that they provide about business continuity planning is eventually deemed incorrect, even if offered in good faith (Quigley 2008).

Some information-gathering tools are being created, but it is unclear if they will generate the expected outcome. Public Safety Canada has noted the development of a web-based information exchange mechanism that helps to standardize information gathering bur this may raise other issues. The United States Government Accountability Office (2004) suggested that collecting secure information on-line does not always reassure participants that the information is indeed secure. The recent penetration of IT systems at Treasury Board, the Department of Finance, and Defence Research and Development Canada, which allowed hackers to gain access to privileged information (CBC News 2011), did little to reassure industry that government can indeed protect sensitive information.

Securing the integrity of data is crucial; so too is sharing it in a timely manner. Equally, government should develop more tools and processes to distinguish between types of risk (e.g., complex and uncertain ones), guide thinking and develop judgment in uncertain situations. These tools should provide guidance on determining tolerance levels for certain risks and how to prioritize in an event. This requires leadership dedicated to developing these skills among staff. When commenting on how the Canada Revenue Agency responded during a major systems failure,, the Chief Information Officer noted the importance of developing staff's decision-making skills during more routine failures so that they would be better able to handle "the big one," should it come (Kuffner 2008).

Government should also consider carefully how to integrate SMEs into their information-sharing processes. In many instances, SMEs are seeking practical, rather than classified, information about how to respond to CI failures and how to get reliable information. The U.K. government developed such models in the run-up to the 2012 Olympics. The Cross-Sectoral Security Council (CSSC), for example, is a voluntary body that includes SMEs in the City of London. It deals strictly in unclassified information, avoiding intractable problems over security clearance.

Finally, controlling information is only one part of a control system. A cybernetic understanding points to three components to a control system: information gathering, standard setting, and behaviour modification. Government CIP initiatives focus considerable attention on exchanging sensitive information. Information exchange in the absence of common standards and behaviour modification, however, will leave the system uncontrolled. In some respects, information sharing can be a "light touch" form of regulation. The plan assumes that, by sharing information, standards and behaviour modification will occur. In the absence of more transparency, this is a potentially faulty assumption.

Conclusion

When Western economies slowed in 2008 and 2009, governments rushed to intervene. Infrastructure spending was a key strategy for reinvigorating economic performance and an effective way to get cash out the door quickly. Despite the focus of many governments on strengthening national infrastructure, the security of the infrastructure as a whole received little explicit attention. Living in the shadow of 9/11, this is perhaps surprising. There is reason to believe that vulnerabilities in this area persist and governments-after a decade of work on domestic security issues - should help to address them.

Governments should indeed follow through with national strategies, such as the NS&AP, including the development of public/private information-sharing fora and protocols, as well as sector-specific risk assessments and work plans. These plans are in their infancy; there is much to learn and gain. The public and private sectors have a shared interest in resilience, and governments should capitalize on the common ground. The economic circumstances have changed since these plans were first released, and amendments might be in order. Bad economic times will make global supply chains generally more vulnerable. The plan might therefore include tax incentives for industry and SMEs, in particular, to develop business continuity and recovery plans.

The government might place less emphasis on trust in the short term and more on transparency and accountability. Different levels of trust require different approaches (L6fstedt 2009). It is important to understand specific contexts, and then adopt an appropriate solution. At times discretion and information protection are crucial, but the NS&AP's silence on outward reporting is alarming. Uncertain risks should include more stakeholder and citizen engagement. Informed citizens, including SMEs, will improve community response during an emergency. Determining our tolerance for uncertain risks will be important, for example. This will not be without cost: more engagement will result in more controversy and conflict. In addition, more transparency and clearer accountability will help to generate a more effective dialogue and stable solutions.

In any event, pursuing trust as a Holy Grail may result in misplaced trust. Government has a regulatory and leadership role to play. By sitting at a sectoral roundtable only as a partner, government potentially compromises its capacity to play the role of enforcer. Indeed, forging reasonable standards backed by a strong audit function and appropriate incentives might align industry interests with those of government more effectively, while generating context for a strategic dialogue among government and industry on CIP.

Finally, collaboration (public-public and public-private) is not simply a matter of developing partnerships among organizations that are predisposed to working together: there is work to be done within bureaucracies including clarifying rules, overcoming bureaucratic turf wars, and creating a culture conducive to agency-to-agency collaboration (Bardach 1999, 2008). In order to thrive, Public Safety Canada should focus on capacity building. This will require staff, tules and tools, ,along with supportive leadership from senior civil servants and elected officials, a commitment to learning, developing judgment among those with responsibility, and gauging our level of tolerance for risk.

Given the competitive nature of industry and the organizational dynamics that constrain public bureaucracies from responding quickly, governments should draw more from the lens of fatalism and actively encourage multisectoral CI and emergency management networks that focus on supply chains (as opposed to the NS&AP's disproportionate focus on sectors) and genuine (less predictable) scenario planning. This shift will facilitate quicker and potentially more relevant information exchange among stakeholders with shared interest in ensuring the successful supply of goods and services.

Few would dispute the government's recent infrastructure investments in such uncertain economic times. In addition to providing short-term economic stimulus, however, the government should also ensure that the infrastructure built today results in a more resilient infrastructure in the future. Making policies immediately following crises produces mixed results. While a sense of urgency can break through inert and turf-warn bureaucracies and mobilize considerable resources to accomplish ambitious projects, it must be remembered that "they stumble that run fast," as Shakespeare's Friar Laurence observed. Policy discussions about criticalinfrastructure security immediately following high-profile failures can prompt overreaction from the public and politicians. This, too, is part of the shadow of 9/11. The current relative calm in security issues presents an opportunity to make some thoughtful progress.

References

Agranoff, Robert. 2006. "Enhancing performance through public sector networks: Mobilizing human capital in communities of practice." Public Performance and Management Review 31 (3): 320-47.

--. 2007. Managing Within Networks: Adding Value to Public Organizations. Washington, DC: Georgetown University Press.

Aucoin, Peter. 1997. "The design of public organizations for the 21st century: Why bureaucracy will survive in public management." Canadian Public Administration 40 (2): 290- 306.

Auerswald, Philip, Lewis Branscomb, Todd LaPorte, and Erwan Michel-Keqan. 2006. Seeds of Disaster, Roots of Response: How Private Action Can Reduce Public Vulnerability. Cambridge: Cambridge University Press.

Australia. Attorney-General's Department. 2003. Trusted Information Sharing Network [website]. Available at http://www.tisn.gov.au/Pages/default.aspx [accessed on 30 November 2012].

Aviram, Amitai. 2005. "Network responses to network threats: The evolution into private cybersecurity associations." In The Law and Economics of Cybersecurity, edited by M. F. Grady and F. Parisi. New York: Cambridge University Press, pp. 143-92.

Aviram, Amitai, and Avishalom Tor. 2004. "Overcoming impediments to information sharing." Alabama Law Review 55: 231.

Baker, Stewart. 2010. Skating on Stilts: Why We Aren't Stopping Tomorrow's Terrorism. Hoover Institution Press Publication no. 591. Stanford, CA: Hoover Institution at Leland Stanford Junior University.

Bakvis, Herman, and Luc Juillet. 2004. The Horizontal Challenge: Line Departments, Central Agencies and Leadership. Ottawa: Canada School of Public Service.

Barbalet, Jack. 2006. "A characterization of trust and its consequences." Working Paper 13-2006. Social Contexts and Responses to Risk Network. Canterbury, U.K.: School of Social Policy, Sociology and Social Research, University of Kent.

Bardach, Eugene.1999. Getting Agencies to Work Together: The Practice and Theory of ManageriaI Craftsmanship. Washington, DC: Brookings Institution.

--. 2008. "Developmental processes: A conceptual exploration." In Innovations in Government: Research, Recognition and Replication, edited by Sandford Borins. Washington DC: Brookings Institution, pp. 113-37.

Bellamy, Christine, and Charles Raab. 2005. "Multi-agency working in British social policy: Risk, information-sharing and privacy." lnformation Polity 10 (1-2): 51-63.

Boardman, Michelle. 2005. "Known unknowns: The illusion of terrorism insurance." Georgetown Law Journal 93 (3): 783-844.

Boin, Arjen, and Allan McConnell. 2007. "Preparing for critical infrastructure breakdowns: The limits of crisis management and the need for resilience." Journal of Contingencies and Crisis Management 15 (1): 50-59.

Calman, Kenneth. 2002. "Communication of risk: Choice, consent, and trust." Lancet 360 (9327): 166-68.

Canada. Commission of Inquiry into the Actions of Canadian Officials in Relation to Maher Arar. 2006. Report of the Events Relating to Maher Arar. Ottawa: Minister of Public Works and Government Services Canada.

--. Commission of Inquiry into the Investigation of the Bombing of Air lndia Flight 182. 2010. Air lndia Flight 182: A Canadian Tragedy. Ottawa: Minister of Public Works and Government Services Canada.

--. Department of Finance. 2009. Canada's Economic Action Plan. Available at http://www.plandaction.gc.ca/eng/index.asp [accessed on 4 March 2010].

--. Office of the Auditor General. 2009. "Emergency Management--Public Safety Canada" (Chapter 7). Fall 2009 Report of the Auditor General of Canada to the House of Commons. Ottawa: Minister of Public Works and Government Services.

--. Public Safety Canada. 2007. "Canada's New Emergency Management Act: Implications for Information-Sharing" (Fall). The CIP Exchange. Halifax, NS: School of Public Administration, Dalhousie University.

--. --. 2008. Working towards a National Strategy and Action Plan. Ottawa: Government of Canada.

--. --. 2009. National Strategy for Critical Infrastructure. Ottawa: Her Majesty the Queen in Right of Canada. Available at http://www.publicsafety.gc.ca/prg/ns/ci/_fl/ntnl-eng.pdf.

--. --. 2011. Is Your Family Prepared? [website] Available at http://www.getprepared.gc.ca/index-eng.aspx [accessed on 20 August 2012].

Caruson, Kiki, and Susan MacManus. 2011. "Gauging disaster vulnerabilities at the local level: Divergence and convergence in an 'alt-hazards' system." Administration & Society 43 (3): 346-71.

CBC News. 2009. "Health minister orders probe over flu body bags." Available at http://www.cbc.ca/news/canada/story/2009/09/17/liberals-swine-flu-body-bags- reserves.html [Accessed on 17 September 2009].

--. 2011. "Classified info: Should information security be a higher government priority?" 2 June. Available at www.cbc.ca/news/yourcommunity/2011/06/classified-govemmentinfo-hacked-should- information-security-be-a-higher- government-priority.html [Accessed on 1 June 2011].

Centre for the Protection of National Infrastructure. 2006. CPNI [website]. Available at http://www.cpni.gov.uk/ [Accessed on 2 March 2009].

Chertoff, Michael. 2009. "Seven questions for Michael Chertoff" (spring). The CIP Exchange. Halifax, NS: School of Public Administration, Dalhousie University.

Clarke, Lee. 2005. Worst Cases: Terror and Catastrophe in the Popular Imagination.Chicago: University of Chicago Press.

Clarke, Murray C., and Roy L. Payne. 1997. "The nature and structure of workers' trust in management." Journal of Organizational Behaviour 18 (3): 205-24.

Comfort, Louise. 2002. "Rethinking security: Organizational fragility in extreme events." Public Administration Review 62 (1) 98-107.

de Bruijne, Mark, and Michel van Eten. 2007. "Systems that should have failed: Critical infrastructure protection in an histitutionally fragmented environment." Journal of Contingencies and Crisis Management 15 (1): 18-29.

Douglas, Mary. 1992. Risk and Blame: Essays in Cultural Theory. London: Routledge.

Egan, Matthew. 2007. "Anticipating future vulnerability: Defining characteristics of increasingly critical infrastructure-like systems." Journal of Contingencies and Crisis Management 15 (1): 4-17.

Eiser, J. Richard, and Mathew P. White. 2006. "A psychological approach to understanding how trust is built and lost in the context of risk." Working Paper 12-2006. Social Contexts and Responses to Risk Network. Canterbury, U.K.: School of Social Policy, Sociology and Social Research, University of Kent.

Feakin, Tobias. 2009. "Reflections on RUSI's Critical National Infrastructure (CNI) 2009 Conference: Protecting Critical Infrastructure in a changing world" (Spring). The CIP Exchange. Halifax, NS: School of Public Administration, Dalhousie University.

Firth-Cozens, Jemly. 2004. "Organizational trust: The keynote to patient safety." Quality and Safety in Health Care 13: 56-61.

Gillespie, Nicole and Dietz, Graham. 2009. "Trust repair after organization- level failure." Academy of Management Review 34(1): 127-145.

Hardin, Russell. 2006. Trust. Cambridge: Polity Press.

Hood, Christopher. 1998. The Art of the State: Culture, Rhetoric, and Public Management. Oxford: Oxford University Press.

International Association for Public Participation. 2012. IAP2 [website]. Available at http://www.iap2.org/ [accessed on 17 May 2012].

Jeffcott, Shelley, Nick Pidgeon, Andrew Weyman, and John Walls. 2006. "Risk, trust, and safety culture in U.K. train operating companies." Risk Analysis 26 (5): 1105- 21.

Koliba, Christopher, Russell Mills, and Asim Zia. 2011. "Accountability in governance networks: An assessment of public, private, and non-profit emergency management practices following Hurricane Katrina." Public Administration Review 71(2): 210- 20.

Koski, Chris. 2011. "Committed to protection? Partnerships in critical infrastructure Protection." Journal of Homeland Security and Emergency Management 8 (1).

Kramer, Roderick M. 1999. "Trust and distrust in organizations: Emerging perspectives, enduring questions." Annual Review of Psychology 50: 569-98.

Kuffner, Gloria. 2008. "Taxing Times" (Spring). The CIP Exchange. Halifax, NS: School of Public Administration, Dalhousie University.

LaPorte, Todd. 1996. "High reliability organizations: Unlikely, demanding and at risk." Journal of Crisis and Contingency Management 4 (2): 60-71.

LaPorte, Todd, and Paula Consolini. 1991. "Working in practice but not in theory: Theoretical challenges of high reliability organizations." Journal of Public Administration Research and Theory 1 (1): 19-47.

Lavoie, Daniel. 2008. "Partners in time: Public Safety Canada seeks partnerships in its new strategy and action plan" (Fall). The CIP Exchange. Halifax, NS: School of Public Administration, Dalhousie University.

Lofstedt, Ragnar E. 2009. Risk Management in Post Trust Societies. London: Earthscan.

Masten, Anne. 2009. "Ordinary magic: Lessons from research on resilience in human development." Education Canada 49 (3): 28-32. Available at htt-p://www.cea-ace.ca/sites/ default/files/EdCan-2009-v49-n3-Masten.pdf. [Accessed 16 May 2012].

McCarthy, John. 2007. "From protection to resilience: Injecting moxie into the infrastructure security continuum." Critical Thinking: Moving from Infrastructure Protection to Infrastructure Resilience. CIP Program Discussion Paper Series, George Mason University. Fairfax, VA: George Mason University, pp. 1-8. Available at http://cip.gmu.edu/ [Accessed on 14 May 20121.

McEntire, David, and Greg Dawson. 2007. "The intergovernmental context." [n Emergency Management: Principles and Practice for Local Government, 2nd ed., edited by William Waugh Jr. and Kathleen Tierney. Washington, DC: ICMA Press, pp. 57-70.

Nicol, Peter. 2007. "Vision and the hidden infrastructure" (Fall). The CIP Exchange. Halifax, NS: School of Public Administration, Dalhousie University.

Ontario. Ministry of the Attorney General. 2002. Report of the Walkerton Inquiry. Commission chaired by The Honourable Dennis R. O'Connor. Toronto, ON: Queen's Printer for Ontario.

Perrow, Charles. 1999. Normal Accidents: Living with High Risk Technologies, 2nd ed. Princeton, N.J.: Princeton University Press.

--. 2007. The Next Catastrophe: Reducing our vulnerabilities to natural, industrial, and terrorist disasters. Princeton, N.J: Princeton University Press.

Peters, Richard, Vincent Covello, and David McCallum. 1997. "The determinants of trust and credibility in environmental risk communication: An empirical study." Risk Analysis 17 (1): 43-54.

Quebec. Commission of Inquiry into the Collapse of a Portion of the de la Concorde Overpass. 2007. Report. Quebec: Gouvernement du Quebec.

Quigley, Kevin. 2008. Responding to Crises in the Modern Infrastructure: Policy Lessons from Y2K. Basingstoke, U.K.: Palgrave Macmillan.

Remi, Ortwin. 2008. "White Paper on Risk Governance: Toward an integrative framework." In Global Risk Governance: Concept and Practice Using the IRGC Framework, edited by Ortwin Renn and Katherine Walker. Dordrecht: Springer.

Roe, Emery, and Paui Shulman. 2008. High Reliability Management: Operating on the Edge. Palo Alto, CA: Stanford University Press.

Rousseau, Denise, Sim Sitkin, Ronald Burt, and Colin Camerer. 1998. "Not so different after all: A cross-discipline view of risk." Academy of Management Review 23 (3): 393- 404.

Roux-Dufort, C. 2007. "Is crisis management (only) a management of exceptions?" Journal of Contingencies and Crisis Management 15 (2): 105-114.

Royal College of Physicians. 2009. Trust in Doctors: Annual Survey of Trust in Professions. London, U.K.: Royal College of Physicians. Available at http://www.ipsos- mori.com/ DownloadPublication/1305_sri-trust-in-professions-2009.pdf [accessed August 2011].

Rudner, Martin. 2009. "Protecting Canada's critical infrastructure from terrorism: Mapping a proactive strategy for energy security." International Journal 64 (3): 775-97.

Sagan, Scott. 1993. The Limits of Safety: Organizations, Accidents, and Nuclear Weapons. Princeton, NJ: Princeton University Press.

Sato, Kaori. 1988. "Trust and group size in a social dilemma." Japanese Psychological Research 30 (2): 88-93.

Schulman, Paul, and Emery Roe. 2007. "Designing infrastructures: Dilemmas of design and the reliability of critical infrastructures." Journal of Contingencies and Crisis Management 15 (1): 42-49.

Shade, Leslie. 2008. "Reconsidering the right to privacy in Canada." Bulletin of Science, Technology & Society 28 (1): 80-91.

Sheffi, Yosef. 2005. The Resilient Enterprise: Overcoming Vulnerability for Competitive Advantage. Cambridge: MIT Press.

Sunstein, Cass. 2009. Worst Case Scenarios. Cambridge: Harvard University Press.

Taylor-Gooby, Peter. 2006. "The efficiency/trust dilemma in public policy reform/' Working Paper 9-2006. Social Contexts and Responses to Risk Network. Canterbury, U.K.: School of Social Policy, Sociology and Social Research, University of Kent. United States. Department of Homeland Security. 2008. One Team, One Mission, Securing Our Homeland: US Department of Homeland Security Strategic Plan, Fiscal Years 2009- 2013. Washington, D.C.: GPO.

--. Government Accountability Office. 2004. Critical Infrastructure Protection: Improving Information Sharing with Infrastructure Sectors. GAO-04-780. Washington, D.C.: GPO.

Vaughan, Diane. 1996. The Challenger Launch Decision: Risky Technology, Culture and Deviance at NASA. Chicago: Chicago University Press.

Vogel, David. 1986. National Styles of Regulation: Environmental Policy in Great Britain and the United States. Ithaca: Cornell University Press.

Weatherill, Sheila. 2009. Report of the Independent Investigator Into the 2008 Listeriosis Outbreak. Ottawa: Government of Canada.

Weick, Karl, and Karlene Roberts. 1993. "Collective mind in organizations: Heedful interrelating on flight decks." Administrative Science Quarterly 38 (3): 357-81.

Weick, Karl, and Kathleen Sutcliffe. 2001. Managing the Unexpected: Assuring High Performance in an Age of Complexity. San Francisco: Jossey-Bass.

Willis, Henry, Genevieve Lester, and Gregory Treverton. 2009. "Information sharing for infrastructure risk management: Barriers and solutions." Intelligence and National Security. 24 (3): 339~5.

Notes

(1) The project's website and related publications can be found at www.cip.management.dal.ca.

(2) The Anti-Terrorism Act, for instance, substantially amended the Criminal Code, leading to consequential amendments to the Security of Information Act, the Canada Evidence Act, the Proceeds of Crime and Terrorist Financing Act and the Charities Registration Act (Shade 2008).

(3) Phil Lacombe from Secure Mission Solutions and former Director of the President's Commission on Critical Infrastructure Protection presented this argument at the Security Analysis and Risk Management Association (SARMA) Conference, The Relevance of Risk Management and Information-Sharing to Homeland Security. George Mason University, Fairfax, Virginia, 30 March 2010.

The author is associate professor and director, School of Public Administration, Dalhousie University, Halifax, Nova Scotia. He would like to thank the anonymous reviewers for their comments, and Public Safety Canada. He would also like to acknowledge the support of the Social Sciences and Humanities Research Council (Grant No. 410-2008-1357) and the Canada School of Public Service (Innovative Public Management Research Fund). The views expressed in this publication are not necessarily those of the Canada School of Public Service or of the Government of Canada.