Reflections on CNI 2009: Protecting Critical Infrastructure in a Changing World

The world is going through a period of change more rapid and arguably more profound than at any time in its modern history. The degree and speed of change is having profound impacts on the critical infrastructures on which States rely. Climate change will entail huge upheavals in the longer term, but already it is linked to increasingly frequent bouts of extreme weather. Our utilisation of ICT continues to break new ground, but also entails new dependencies and vulnerabilities. The networks which our most vital infrastructure is part of, and dependent upon, have become so complex that they are almost impossible to fully analyse. Our systems are more tightly coupled and susceptible to cascade failure, while our society and economy is less resilient to temporary disruptions than ever.

Against this backdrop, over the 28th and 29th April the latest of RUSI’s annual conferences on Critical National Infrastructure (CNI) focused on the challenge of protecting our most critical assets and networks in this changing world. With International Airport Review as a media partner the event was supported by the Home Office, Centre for Protection of Critical Infrastructure (CPNI), Cabinet Office and the Energy Networks Association. Its authoritative line-up of Government ministers, senior Whitehall officials and Chief Executives from the private sector reconfirmed the conference’s status as the key forum for policy discussion around the UK’s critical infrastructure.

A number of interesting themes emerged from the conference. Lord West, the Government’s Security and Counter Terrorism Minister made it clear that the threat to critical infrastructure from terrorism continues to occupy much of their thinking on the subject. Aside from these malicious threats, the Civil Contingencies Agency (CCA) offered some more detail on a new programme of work that they are undertaking in response to the Pitt Review of the summer flooding in 2007. The failures of critical infrastructure caused by the flooding were much more costly than the direct flood damage and their consequences for local people and businesses lasted much longer. The entire episode exposed some real weaknesses in the way that government advises critical infrastructure on non-malicious threats which is set to be addressed now through CCA.

Senior speakers from the US DHS, and the EU were able to offer some insight into the way that new infrastructure challenges were being met elsewhere in the world. Being increasingly confident about the level of protection it is able to afford internal infrastructure, the US is now concertedly turning increasing attention to dependencies which lie outside its borders. Similarly, the increasingly interdependent nature of the European Union has been driving more and more ambitious initiatives from the European Commission and delegates were updated on the status of European Programme for Critical Infrastructure Protection (EPCIP) among a number of initiatives aimed at thinking about Infrastructure of pan-European importance in a more coherent fashion.

The number of international speakers and guests at the conference gave ample opportunity for comparisons of national critical infrastructure regimes around the world. The UK is certainly well thought of, if not envied by many of its international partners in terms of its preparations for external shocks and the work it has done around countering the terrorist threats. However, what became clear through the conference was that there were a number of systemic, governance issues which will have to be addressed if the UK is to meet the challenges of a changing world. Among these, the question of regulation appeared to be the most pressing.

For those who were not already aware, what emerged starkly from the conference was the fact that the system of regulation and regulators which currently surrounds our essential services is severely lacking and is undermining our efforts to achieve a secure, resilient national infrastructure. The UK currently works under a regulatory regime which is designed for utilities as they were, not as they are. Professor Dieter Helm, of Oxford University, in particular painted a vivid picture of regulators operate in silos focussing on the essential service for which they are responsible in isolation with no regard for the complexities and interdependencies which are now a feature of our essential services. Further, price setting by the regulators takes almost no account of the need to build in or maintain redundancy. Historically, regulators have indulged in the ‘sweating’ of assets as they have competed to drive down prices for consumers at the expenses of long term capacity into the system. If this were to continue it would leave the UK in a perilous state and reform of the regulatory system must now be a priority.

The conference was widely regarded as a considerable success, leaving delegates from the public and private sectors with much to think about until next year.