Traditional approaches for the management of threats to different infrastructures and assets have been risk based. That is to say that having identified a threat, the vulnerability of an asset to that threat is determined and then the potential consequences of that threat on the asset are determined. Risk based approaches focus on the immediate impacts of an incident. This means that when developing plans for reducing the impact of a threat on an infrastructure there are two paths which can be taken: reducing the exposure, or reducing the impact. Both of these can be difficult. Reducing exposure requires the elimination or reduction in intensity of the threat, something which can be difficult or impossible to achieve especially when considering natural hazards. Reducing the impact effectively means strengthening somehow an asset so that the impact of a disaster is reduced. This can be technologically difficult or even impossible.
As a result of this there is a growing interest in the measurement and improvement of the resilience of critical infrastructure to man made threats and natural disasters. In contrast to a risk based approach, a resilience based approach focusses on the delivery of services of infrastructures over time. It encompasses not only the time of the incident, but also the time preceding the incident and the time following the incident. The assessment of the resilience of infrastructure requires consideration of:
This shift in focus from the risk based approach to the resilience based approach is however not without its challenges. If one considers, for example, the absorptive and recovery capacities of infrastructure these are closely linked to the well-established concept of business continuity planning. Absorptive capacity of an asset is also closely linked to the physical robustness of the asset or system. Many of the concepts related to resilience are not new and are in near daily use by infrastructure operators. There is therefore a need to incorporate what is already done by operators into any future work on resilience. This conclusion was evidenced through many discussions with infrastructure operators over the course of the IMPROVER project, who told the consortium that:
“The successful implementation of the concept of resilience to CI … relies on its successful integration in existing security activities; including the risk assessments at a CI operator, a system and a national level.”
ICI-REF (the IMPROVER Critical Infrastructure REsilience management Framework) is a high level framework for the integration of resilience management with risk management activities of infrastructure operators. It is based on the high level structure for risk management of ISO 31000 and reflects a mapping of the definitions for risk management to resilience management and the identification of cross-over potential between these different processes. These definitions are summarised in Table 2.1. Although this may seem trivial, in fact this helps to address a number of issues surrounding resilience analysis, assessment and evaluation tools where the output of the tools is not always reflected in the terminology used. This process also helps to increase familiarity with the different stages of resilience management, whilst also identifying the potential for crossover between the two paradigms.
The concept of resilience integrated into a risk assessment framework is shown schematically in Figure 2.1. This is based on the definitions associated with resilience outlined in Table 2.1.
Figure 2.1. Overall integration of resilience management in risk management.
Establishing the context required for resilience management requires knowledge about best practices common in the industry in question, national legislation, sector specific methods of risk assessment, as well as any relevant hazards identified in national risk assessments. This information provides input to the overall infrastructure risk assessment process.
Considering the relationship between a risk assessment and a resilience analysis, some of the expected outputs of a risk analysis contribute to some of the information required to carry out a resilience analysis. Those are indicators of, e.g. the vulnerability or fragility of an asset to various hazards or risks which are identified in the risk identification stage. These outputs may be utilised in the form of a single/multi-hazard engineering analysis to provide input to any suitable resilience analysis methodology. Further analysis in the form of determining, for example, the maturity of organisational processes provides more input to the resilience analysis methodology. Any suitable resilience analysis methodology could be used in this part of the assessment. Within the IMPROVER project, four different analysis methodologies has been designed, which are presented in lesson 3.
The results of an infrastructure resilience evaluation naturally feed back to the infrastructure risk assessment process at the risk evaluation stage, allowing the concepts introduced in the paradigm of resilience to be included in the resulting overall risk treatment plan. This risk treatment allows an operator to identify and take measures to reduce the overall threat to an asset from identified hazards; reducing the overall threat and vulnerability, etc.
The infrastructure resilience evaluation however also allows an operator to develop an internal resilience treatment plan, separate and complimentary to their risk treatment plan. The resilience treatment plan should promote the absorptive, adaptive and restorative capacity of the asset itself as needed to respond to perceived shortcomings in its resilience.
Table 2.1 – mapping of risk management definitions to resilience management
ICI-REF is a framework with a number of key advantages which address some of the issues raised in the background described:
By scaling up the ICI-REF framework, and using the same terminology, IMPROVER has developed the IS-REF framework (IMPROVER Societal Resilience management Framework).An assessment of infrastructure resilience should be closely linked to the study of social resilience. This understanding forms a part of the process related to the establishment of the context within which the risk and resilience assessments are to be carried out. The objective, however, of linking societal resilience to infrastructure resilience should be to give an indication of the needs and the tolerances of the community which is dependent on the service which the infrastructure provides. This information will help to set objectives for maintaining the function at a level that prevents or limits long term change in social groups. These expectations and tolerances could be managed through effective communication between the operator and the public. This suggests a bidirectional link between an infrastructure resilience assessment and social resilience, with information about needs and tolerances providing input (for example in the form of performance criteria) to an infrastructure resilience evaluation process, and with information sharing about the infrastructure resilience analysis possibly helping to manage or ideally leading to a higher degree of social resilience. The infrastructure resilience evaluation should be a methodology which compares the infrastructure resilience analysis with the performance criteria set by the dependent social group.
It was one of the intentions of the project that the frameworks should be compatible with the national risk assessment guidelines. This is enabled by the formalisation of the definitions of the key stages in the process which in turn enable information sharing between stakeholders. Further the need to address nationally identified hazards when carrying out the risk identification phase to an infrastructure means that there is a direct link between the National Risk Assessments and the infrastructure risk and resilience management process. An overview of the framework is presented in Figure 2.2.
Figure 2.2. Structure of the IS-REF framework.
However there is more opportunity than this for integration of infrastructure risk and resilience management to contribute to national risk assessments, this is through, for example, the consideration of the combined capacities of infrastructure operators as the physical capital which supports (amongst other capitals) the resilience of a society or a community. This is discussed in greater depth in lesson 3. This societal resilience assessment could enrich national risk assessments in the same way that the infrastructure risk assessments are enriched by information about the infrastructures resilience.
Resilience management goes beyond risk management and focusses on the services provided by infrastructure. It is an evolving paradigm which requires new methodologies and terminology to be defined but it is important that it is done in a way that the existing security activities are respected.
ICI-REF is based on formalised definitions related to resilience and enables the enrichment of risk management activities with resilience management. The framework is based on an extension of ISO 31000 and therefore remains compatible with the existing security related activities of operators. By considering the fact that it enables better communication between operators, it can also lead to better response to cascading effects, and by considering the holistic response of operators in a community by using IS-REF; it can lead to a more informed societal risk and resilience assessment.
This project has received funding from the European Union’s Horizon 2020 research and innovation programme under grant agreement no. 653390