While there is not a commonly accepted definition of critical infrastructure (CI), all definitions emphasize the contributing role of a CI to the society or the debilitating effect in the case of disruption1. On 17 November 2005, the European Commission adopted a Green Paper on a European Programme for Critical Infrastructure Protection. In 2008, the European Council issued the Directive 2008/114/EC, which required the Member States to identify and designate European CI and assess the needs for their protection. This Directive defined ‘critical infrastructure’ as:
“An asset, system or part thereof located in Member States which is essential for the maintenance of vital societal functions, health, safety, security, economic or social well-being of people, and the disruption or destruction of which would have a significant impact in a Member State as a result of the failure to maintain those functions”.
This directive referred to infrastructures of European dimension, but it triggered several Member States to identify their national CI as well. The directive also defined the term Critical Infrastructure Protection in an all-hazard perspective: “all activities aimed at ensuring the functionality, continuity and integrity of critical infrastructures in order to deter, mitigate and neutralise a threat, risk or vulnerability”.
However, the most interesting question is why we need to increase our interest about the protection and resilience of such systems. The answer to this question can be found still in the PDD-63 that about 20 years ago stated:
“Many of the nation’s critical infrastructures have historically been physically and logically separate systems that had little interdependence. As a result of advances in information technology and the necessity of improved efficiency, however, these infrastructures have become increasingly automated and interlinked. These same advances have created new vulnerabilities to equipment failure, human error, weather and other natural causes, and physical and cyber attacks” 2.
Many economic, social, political and technological reasons have caused a rapid change in the organisational, operational and technical aspects of infrastructures. These infrastructures that in the past could be considered as autonomous vertically integrated systems with very few points of contact with respect to other infrastructures are now tightly coupled and show large numbers of dependencies. This has generated many positive effects to our society and the well-being of populations, but has increased the complexity, the vulnerability of infrastructures and the related risk to our societies at the same time. The 2017 Global Risks Report of the World Economic Forum points out how “greater interdependence among different infrastructure networks is increasing the scope for systemic failures – whether from cyberattacks, software glitches, natural disasters or other causes – to cascade across networks and affect society in unanticipated ways”3.
The main argument for focusing on resilience is that, due to the adverse and changing landscape of hazards and threats to CI, it is not possible to foresee, prevent, prepare for, or mitigate, all of these events, which in several cases can be unknown or emergent. Moreover:
“Protective security measures alone cannot mitigate supply chain disruption, nor ensure the rapid restoration of services. Owners and operators of critical infrastructure often have limited capacity to continue operations indefinitely if the essential goods and services they require are interrupted” 4.
Currently, there are not many national, official definitions of the concept of CI Resilience, but several national policy and strategy reports include it as a key component in their CI Protection programs, which depicts a shift of the CI Protection field towards Resilience.
Looking at the different definitions and approaches, one can notice commonalities and differences5. Alsubaie et al. (2016)6 observes that properties such as ‘ability to recover’ and ‘ability to adapt’ were incorporated in several definitions. Most of the proposed definitions include ‘the ability to withstand’ or ‘absorb’ a disturbance as a key attribute. Similarly, Bruneau et al. (2003)7 assigns four properties to resilience for both physical and social systems: robustness, redundancy, resourcefulness, and rapidity. In another review of resilience concepts used for CI, Francis and Bekera8 observe the evolution in the resilience concept and also conclude that the definitions seem to converge “in the direction of a common definition, as these definitions share several common elements: absorptive capacity, recoverability, adaptive capacity, and retention of identity (structure and functions)”. They argue that the objective of resilience is to retain predetermined dimensions of system performance and identity or structure in view of forecasted scenarios.
Three resilience capacities, i.e. absorptive, adaptive, and restorative capacities are at the centre of these approaches and are linked with the various stages of typical infrastructure response cycle to disruption (before, during and after the event):
Resilience can, and has been, defined in many different ways depending on context, research field and country. Within the IMPROVER project, a general definition of resilience provided by UNISDR has been applied consistently throughout the project, as:
“The ability of a system, community or society exposed to hazards to resist, absorb, accommodate, adapt to, transform and recover from the effects of a hazard in a timely and efficient manner, including through the preservation and restoration of its essential basic structures and functions through risk management.”
Resilience encompass several domains; such as technological, organisational, societal, environmental and economic ones. We observe that national resilience policies recently include, except for economic and environmental aspects, social aspects in their definitions of resilience as CI are vital for maintaining key societal functions. These refer to the community and highlight how infrastructures contribute with essential services to it. Below follows a more in depth depiction of the three resilience domains that are related to CI; technological, organisational and societal.
Technological resilience is considered a property of a system, possible to define for a critical infrastructure (CI) within the technical domain. The technological domain refers primarily to the physical properties of infrastructure components, systems, networks or ‘system-of-systems’ and refers to the characteristics and behaviour of these in the case of a change or incident. In particular, regarding an external perturbation that exceeds the capacity of a component or element of infrastructure: technological resilience may be related to the impact that failure of or damage to that component has on the ability of the infrastructure to carry on functioning; and to the time required for recovery from this damaged state.
This is illustrated by the performance loss and recovery function shown in Figure 1.1. This describes the residual performance from damage and disruption from an incident well as the pattern of restoration. In Figure 1.1 these are linked to 4 phases of the crisis management cycle, with anticipation being the phase before an incident, followed by response and absorption when the incident occurs, and then recovery and adaption following the incident.
For an aging infrastructure which has experienced some degradation, or which is not functioning at 100 % of its as built performance, it is also important to account for the degradation over time of the infrastructure as a result of normal wear and tear and aging of the individual components. This may also account for the changing use of the infrastructure and the different expectations that society places on it.
This measure of resilience is easily calculated assuming that the behavior of the infrastructure over time and in response to an incident can be measured or calculated, and is simply the area underneath the performance loss and recovery function between the time that the incident occurred and the time that performance was restored to normal; or some variant of this.
Figure 1.1. The performance loss and recovery function.
This dimension is very prominent when referring to engineering resilience or to CI Resilience and it is the aspect most of the modelling, simulation and analysis tools and approaches focus on. Measuring the technological resilience of a system is a way of compiling of how well the physical infrastructure itself is able to resist, absorb, accommodate to and retrieve back to providing the intended service in a timely manner after a sudden hazard. The technical domain can however never completely stand alone, but is reliant on organizational as well as societal functions.
Technological resilience is about knowing your infrastructure, the system, the interdependent systems, material, monitoring device, redundancy, back up storage and capacity of the personnel. This is where the technical domain touches the organizational domain of a CI. A monitor device is only useful if there are trained personnel to evaluate the data and the recovery of a breakage in a system is only bound to happen if trained personnel initiate it.
Our societies are becoming more complex, a development with many different drivers. For example, digitalisation provides new ways of gathering, processing and sharing information. Automation causes profound changes to the control of industrial processes. Organisations are constantly growing larger and more intertwined, not least because of economic pressures, sub-contracting and globalisation. While these changes promise to increase our reach and productivity, they have also been found at the root of many major industrial accidents in our time.
The last decade has seen a shift in safety research. Traditional safety management is centred on identifying risks and countering them with rules and barriers, an approach that has meant serious progress for industrial safety. But research and experience show that we cannot foresee every possible combination of factors that may result in an accident. Work in the real world is never only about sticking strictly to the procedures. People at work are problem solvers. Most work tasks require people to tackle issues that cannot be included in rules and procedures, simply because these issues are the product of a dynamic, ever-changing environment. Any kind of work offers surprise, and surprises require people to think and act flexibly. Most of the time, thankfully, people can navigate their tasks and reach successful outcomes. At the core of Organisational Resilience is the idea that we can cater for the strengths and abilities of people instead of treating them as threats to the process. Doing so will improve the organisation’s ability to predict negative events and to adapt to surprises, all-the-while enhancing motivation and job satisfaction. That is why we define Organisational Resilience as “the ability to adapt and succeed under varying conditions and circumstances”.
Figure 1.2. From Safety I to Safety II.
Organisational resilience is about supporting human work under everyday circumstances, in contrast to risk based approaches that focus on the protection against specific threats. The reason for this approach is that the abilities and relations that people develop in their normal work also make up the core of their ability to handle crises. To understand what enables smooth operations, an organisation most look at work through a systems perspective.
Critical infrastructure systems are never purely technical, but can instead be understood through a systems perspective. On all levels they involve people who use technology to realise a number of operational goals. These people collaborate in organisations, which in turn operate in relation to public interests and in a legal and economic climate. This network of people and technology is what we need to examine in order to understand both negative and positive events in the industry. The work that people do is affected by many different factors, and with Organisational Resilience we try work with these factors in order to produce more positive outcomes.
A dynamic world requires people to adapt and act flexibly with respect to actions, methods, roles and collaborations. It requires them to be creative and to take initiatives, and they need to be motivated enough to care about the outcomes. But Organisational Resilience does not suggest behavioural interventions. From a systems perspective we cannot explain operative decisions simply in terms of beliefs and attitudes. Instead we should focus on what organisational structures and conditions build these capacities and what allows them to grow.
Figure 1.3. A systems perspective on operations.
Looking back at the definition of resilience from UNISDR, resilience is not a state but rather a way of managing an uncertain future. Neither is resilience a quick fix to overcome challenges coupled to safety and sustainability. Resilience can be seen as an emergent property of interactions and relations on a local level. This principle springs from complexity theory and means that the behaviour of a system as a whole will depend on the behaviours on a local scale, but not through direct control i.e. the system as a whole cannot be reduced to its smaller parts. Resilience is thus an emergent property of actions and relations on every level of society. Therefore, it is important to consider resilience both on an individual, organizational and societal level.
In the field of societal resilience, the concept of coping capacity, adaptive capacity and transformative capacity are common denominators that are used to categorize capacities needed to achieve resilience. Coping capacity refers to the ability to respond, absorb and recover from a disruptive event and is generally related to a time frame close to the event. Adaptive capacity includes the ability to plan for and adjust to future challenges, which is related to a longer time-frame both before and after an event. Resilience is not only about quick recovery and adjusting to new circumstances; the aspect of transformation must also be taken into account. Transformative capacity refers to the ability to transform the stability landscape in order to create new, better, pathways for the system and is thus related to major changes in the long-term. Resilience is by definition a complex and multidimensional topic, and a resilience assessment should ideally include all of these dimensions and their interdependencies. One way of categorizing societal resilience is presented below, and refers to six major resilience dimensions of society.
Social capital refers to the quality and quantity of social networks, social relations and trust within a community. Social capital includes informal social processes both on an individual and community level, and is thus broader than political capital. It can be described as the “glue” that binds people in a community together and make them work towards a common goal, which enhances societal resilience. A well-developed social capital shows the ability to rely on others in times of crisis and an open communication between different stakeholder groups in the community.
Human capital can be seen as one of the most important elements for societal resilience as it comprises education, knowledge, skills of work force as well as health of the working-age population. The human capital in a community forms a basis for the productivity of other kinds of capitals by, for example, providing a skilled and experienced work force for capacity building and economic development. Human capital can be attained both on an individual and communal level; on an individual level in terms of educational level, knowledge of hazard risk and hazard experience and on a communal level in terms of accessibility to skills and labour within the community, which is also strongly coupled to innovation. Health status of the population is moreover an important aspect of human capital since the population needs to be healthy to be able to utilize other forms of capital.
Natural capital denotes the natural resources in a community e.g. land, water, forest, environmental services etc. There is strong evidence that show how societal resilience is directly linked to the maintenance of natural resources and the state of the natural environment. Effective management and environmental protection is essential for sustaining life on earth, including human life, as we need access to e.g. clean water and air. Moreover, land use and environmental planning can have a mitigating effect in terms of natural hazards where e.g. wetlands and vegetation cover can decrease the impacts of hurricanes and floods.
Economic capital refers to the financial resources that communities and households use to achieve their livelihoods and includes savings, credits, income and investments. Economic capital can directly reduce vulnerabilities in a community by e.g. using insurance or investing in protected buildings and infrastructures. The connection to resilience is quite straight-forward as economic capital increases the ability of community members to absorb impacts from disasters and speed up the recovery process.
Political capital concerns both formal and informal power relationships, which are important to consider as they very often determine how decisions are made in a community. Public access to, and influence on, the political system, both at local and higher level, are also part of the political capital. The political capital is important for societal resilience as the regulatory measures taken in a community should reflect the needs and priorities of all parts of the community. Moreover, public involvement in decision making and implementation of plans is a key factor to ensure mutual trust between authorities and the public.
Physical capital refers to infrastructure and other basic services in a society. For the ISRA methodology (presented in Lesson 3), the physical capital is assessed in the overall IMPROVER critical infrastructure resilience management framework ICI-REF.
Overall, a resilience-based approach for critical infrastructure is an approach that is gradually adopted by nations in order to face the challenges and costs of achieving maximum protection in an increasingly complex environment and to overcome limitations of the traditional scenario-based risk management approach, where the organisation may lack capabilities to face risk from unknown or unforeseen threats and vulnerabilities.
1For definitions related to Critical Infrastructures, visit: www.cipedia.eu
2White House (1998) The Clinton’s Administration’s Policy on critical infrastructure protection: presidential decision directive 63/PDD-63, White paper, 22 May 1998. Available online here.
3World Economic Forum. (2017). The Global Risks Report 2017 12th Edition. Insight Report. https://doi.org/10.1017/CBO9781107415324.004
4Australian Government (2010) Critical infrastructure resilience strategy. ISBN: 978-1-921725-25-8. Available online here.
5Theocharidou M et al. (2016) IMPROVER deliverable D1.3 Final lexicon of definitions related to Critical Infrastructure Resilience, 6 December 2016. Available online here.
6Alsubaie A, Alutaibi K, Marti J (2016) Resilience assessment of interdependent critical infrastructure. In: Rome E, Theocharidou M, Wolthusen S (eds) Critical information infrastructures security, 10th international conference, CRITIS 2015, Berlin, Germany, 5–7 Oct 2015, Revised Selected Papers, pp 43–55
7Bruneau M, Chang SE, Eguchi RT, Lee GC, O’Rourke TD, Reinhorn AM, Shinozuka M, Tierney AM, Wallace AM, Von Winterfeldt D (2003) A framework to quantitatively assess and enhance the seismic resilience of communities. Earthq Spectra 19(4):733–752. Available online here.
8Francis R, Bekera B (2014) A metric and frameworks for resilience analysis of engineered and infrastructure systems. Reliab Eng Syst Saf 121:90–103.
This project has received funding from the European Union’s Horizon 2020 research and innovation programme under grant agreement no. 653390