A Study of the Danish Critical Information Infrastructure Protection Systems of Governance: A multiscale systems representation of the Danish Critical Information Infrastructure
Author
Hansen, Mille Skovgaard
Term
4. term
Education
Publication year
2019
Submitted on
2019-12-20
Pages
114
Abstract
Det er i dag uklart og inkonsistent—strategisk, taktisk og operationelt—hvad der tæller som Danmarks kritiske informationsinfrastruktur, dvs. de digitale systemer og tjenester, som samfundet er afhængigt af. Denne afhandling udfylder et videnshul ved at kortlægge, hvordan beskyttelsen af denne infrastruktur styres i dag, og ved at foreslå en ny ramme for governance af beskyttelse af kritisk informationsinfrastruktur (CIIP). Studiet anvender en flerniveaus systemidentifikationsanalyse, der undersøger styringssystemet på flere niveauer, og gennemfører en bibliometrisk analyse, som gennemgår både peer-reviewet og grå litteratur om alternative governance-tilgange og kritisk informationsinfrastruktur for at vurdere den aktuelle praksis. Ved at sammenligne single-hazard, multi-hazard og all-hazard tilgange—planlægning for én type trussel, flere typer eller alle typer—diskuterer forskningen udfordringer med horisontal koordinering på tværs af sektorer og vertikal sammenhæng mellem politik og drift, herunder hvordan man prioriterer og fastlægger, hvad der er mest kritisk. Afhandlingen anbefaler at indføre adaptiv risikogovernance (en fleksibel, læringsorienteret tilgang) og etablere en regeringsenhed på ministerielt niveau, der prioriterer CIIP, sammen med styrket horisontal koordinering baseret på identifikation af kritikalitet på tværs af eksisterende sektorer.
It is currently unclear and inconsistent—strategically, tactically, and operationally—what counts as Denmark’s critical information infrastructure, meaning the digital systems and services society depends on. This thesis fills a knowledge gap by mapping how protection of this infrastructure is governed today and by proposing a new framework for Critical Information Infrastructure Protection (CIIP) governance. The study applies a multi‑scale system identification analysis that examines the governance system at several levels, and it conducts a bibliometric analysis reviewing peer‑reviewed and grey literature on alternative governance approaches and critical information infrastructure to assess current practice. By comparing single‑hazard, multi‑hazard, and all‑hazard approaches—planning for one type of threat, several, or all kinds—the research discusses challenges with horizontal coordination across sectors and vertical integration between policy and operations, including how to set priorities and define what is most critical. The thesis recommends adopting adaptive risk governance (a flexible, learning‑oriented approach) and establishing a ministerial‑level governmental body to prioritize CIIP, alongside stronger horizontal coordination based on identifying criticality across existing sectors.
[This abstract was generated with the help of AI]
Documents