[CII] Who pays for the protection of critical infrastructure
Dan Kaminsky
dan at doxpara.com
Sun Jan 17 14:00:21 UTC 2010
All investment depends on consequences of not investing. Security is
not a special case here.
Companies that are under constant serious attack tend to evolve
defenses. Regulated industries, such as the kind we usually refer to
as Critical Infrastructure, can experience a special form of 'attack'
-- the fine for noncompliance.
Ultimately, 'who cares' is a bigger predictor of security work
happening than 'who pays'. The latter is politics at best and
accounting at worst. The former actually determines if security work
is done.
On Jan 17, 2010, at 6:05 AM, Hernan Espinoza
<hespinoza at interior.gov.cl> wrote:
> Hi:
>
> According to your experience:
>
> Who pays for the protection of critical infrastructure: the state or
> the
> industry?
>
> There is a government incentive to support this task?
>
> Atte
> Hernan Espinoza Medina
> CHILE
> _______________________________________________
> CII mailing list
> CII at isotf.org
> http://isotf.org/mailman/listinfo/cii
More information about the CII
mailing list