The Invisible Hand? Critical Information Infrastructures, Commercialisation and National Security

Corporatisation of critical information infrastructure (CII) is rooted in the ‘privatisation wave’ of the 1980s-90s, when the ground was laid for outsourcing public utilities. Despite well-known risks relating to reliability, resilience, and accountability, commitment to efficiency imperatives have driven governments to outsource key public services and infrastructures. A recent illustrative case with enormous implications is the 2017 Swedish ICT scandal, where outsourcing of CII caused major security breaches. With the transfer of the Swedish Transport Agency’s ICT system to IBM and subcontractors, classified data and protected identities were made accessible to non-vetted foreign private employees – sensitive data could thus now be in anyone’s hands. This case clearly demonstrates accountability gaps that can arise in public-private governance of CII.
Keywords: Critical infrastructures, public-private partnership, privatisation, computer networks, outsourcing, remote management, Swedish ICT scandal