(President, Italian Association of Critical Infrastructures)
This note summarizes some of the findings of the EU – CIPS co-funded project National and European Information Sharing and Alert System (NEISAS).
Public – private partnerships are becoming a popular mode of tackling large and complex problems. The idea has recently emerged in national as well as international policy discussions. Yet the new partners in these initiatives are strangers to each other in many ways. And we are still learning about how best to manage these partnerships. We know little about the conditions when partnerships succeed and about the strategies for structuring partnerships.
There is the need for a culture of information sharing to be promoted at the national government level within all Member States. Without the support of their central governments, the take-up of an information sharing mechanism of any kind is less likely to be successful, and could possibly provoke a negative reaction within the private sector which might see little advantage in sharing potentially confidential information without the presence of a trusted third party. They might also fear the national Regulator viewing an information sharing community as a form of cartel.
There is the need to begin building trust in those critical infrastructure communities that would benefit from information sharing. This includes private sector trust in the national government (assuming that it is to be the government that will take-up an information sharing mechanism) as well as building trust between private sector organizations within those communities, many of whom are in fierce competition with one another.
Trust is not built overnight, and may take months or years to reach the point where private sector organizations feel comfortable with sharing sensitive information with each other and with their national governments. This is compounded by private sector organizations operating across national boundaries, exhibiting differing levels of trust with the respective governments.
There are benefits both to the private and public sectors in the use of an information sharing mechanism. Private sector organizations will receive timely warnings of threats and vulnerabilities and examples of good practice from specialists in both the private and public sectors that will allow them better to protect their areas of the critical information infrastructure. Public sector organizations will benefit from an increased confidence that private sector organizations are actively pursuing due diligence and taking appropriate steps to maintain the integrity of their parts of the critical infrastructure.
Member States shall ensure that undertakings providing public communications networks take all appropriate steps to guarantee the integrity of their networks, and thus ensure the continuity of supply of services provided over those networks.