1 Introduction
An asset, system or part thereof located in Member States which is essential for the maintenance of vital societal functions, health, safety, security, economic or social well-being of people, and the disruption or destruction of which would have a significant impact in a Member State as a result of the failure to maintain those functions [6].
2 Importance of Protection and Resilience
Many of the nation’s critical infrastructures have historically been physically and logically separate systems that had little interdependence. As a result of advances in information technology and the necessity of improved efficiency, however, these infrastructures have become increasingly automated and interlinked. These same advances have created new vulnerabilities to equipment failure, human error, weather and other natural causes, and physical and cyber attacks” [1].
1998 |
On May 19, 1998, the telecommunication satellite Galaxy IV spun out of control. That produced many unexpected problems in North America for several days before another replacement satellite could take over the services: about 40 million of pagers out-of-services causing major problems to dispatch doctors and nurses in hospitals and to notify first responders fast. CBS, ABC, CNN and other media networks lost nation-wide transmission signals. Air transportation was affected due to absence of high-altitude weather reports; 30 flights from Huston airport were cancelled or delayed. At the highway: drivers could not perform refuel because gas-stations lost the capability to process credit cards. |
2001 |
On July 18, 2001, train wagons containing chloride acid derailed in a downtown tunnel in Baltimore. Fire fighters, in the absence of information about the presence of chloride acid on the train, decided to let the train burn. Unknown was also that a high-pressure water mains, a set of glass fibres and a power transmission cable were located just up the same tunnel. Due to the fire, the water transport pipeline to downtown burst open. As a result over 70 million gallons of water flooded downtown streets and houses; the drinking water supply failed, and the fire fighters lost their water supply. Glass fibres melted and caused a noticeable world-wide slowdown on the internet and caused local and international telephony outages. Over 1200 buildings lost power. |
2001 |
The collapse of Twin-towers due to the “9/11 events” caused the inoperability of many infrastructures (electricity, water, gas, communication, steam distribution, metro, operations of key financial institutions) in a broad area of Manhattan. Moreover, the presence in that area of important telco-nodes induced degradation in telecommunication and on Internet also outside US. This large impact has been caused by the co-location of a multitude of vital CI inside the World Trade Centre. Indeed in those building there were the Port Authority Emergency Management centre, the Office of Emergency Management Operations Center, electrical power substations, steam and gas distribution, metro stations, further to be the headquarters of a number of financial institutions. Moreover also the emergency operations were affected by such extreme co-location For instance, the Verizon building 140 West St., contained 306,000 telephony and over 55,000 data lines from 30 operators and provided services to 34,000 customers in Lower Manhattan. A set of these lines was connected to antennas for first responders and mobile telephony at the roof of the towers and adjacent buildings. The communication capacity for the first responders was almost immediately lost due the fire and subsequent collapse of the WTC towers. Data and telephony services failed as the Verizon building became damaged by falling debris. Lines were cut and backup power was lost due to the flooding of batteries. Many of the communication back-up lines for first responders and agencies involved in disaster management were co-located with the primary circuits and failed. The remaining fixed and wireless communication for emergency response failed as police did not allow Verizon to refill the fuel tanks for their back-up power generators at two other, still operating, communication switch locations. During the recovery phase, police did not allow crews of all co-located operators to enter the closed-off area; only crews of Verizon were allowed to work on repairs. Verizon T-shirts allowed repair crews of AT&T and other telecommunication companies to enter the area and perform their work. |
2004 |
In the area on Rome (Italy) during the night of 31st December there was a problem at the air-conditioning system of an important telecommunication node. The problem had not been adequately managed causing an increased degradation up to the complete collapse of the node. The telecommunication operator had no elements (neither information) to foresee which services would be impacted by the failure. They decided to not provide any warning while trying to solve the problem internally. Unfortunately they were unable to manage the situation. The direct consequence was the stop for some 6 h of all wired and mobile telephone communication in large area of Rome. Moreover as an indirect consequence, more than 5000 bank and 3000 postal offices nationwide were without communications. Moreover, 70% of check-in desks at Rome airport were inoperable (with delays for several flights). Finally they were close to an electric blackout because the electric distribution system operators abruptly lost the ability to supervise and manage of half of Rome’s power grid. |
2010 |
Mid April 2010, the Eyjafjallajoekull volcano on Island erupts through fast cooling ice cap (a so-called VEI 4 class eruption). As a result glass particles are blown into air and transported to Europe in several waves during a month. Depending on the jet stream, some 30 European nations from Sweden to Turkey had to close down their airspace affecting hundred thousands of passengers. Just-in-time transport by plane, e.g. of repair parts, as well as medicines and donor organs for transplantation could not take place. The financial loss for the tourist sector was 1 billion euro. The air transport industry lost 1.5–2.5 billion euro. The worldwide GDP impact was 5 billion US dollar. |
2016 |
On January 4, 2016, a special weather condition caused a layer of five centimetre of black ice in the northern part of The Netherlands which impacted various CI for several days. High voltage lines develop a “wing profile” causing dangling of the lines with power dips as a result. Hospitals regard the risk of power outages too high and stopped all non-life threatening surgeries. Schools are closed. Road and rail transport was not possible to a large extent. Milk collection at farms was halted. Milk products cannot be produced anymore and distributed to supermarkets across a larger part of the Netherlands. Schools were closed for days. The air force cannot scramble their F16s anymore. |
3 Government Initiatives: Policies and Research
3.1 The US Approach
Systems and assets, physical or virtual, so vital to the United States that the incapacity or destruction of such systems and assets would have a debilitating impact on security, national economic security, national public health and safety, or any combination of those matters.
3.2 Initiatives in Europe
-
The creation of a procedure to identify and assess Europe’s CI and learn how to better protect them.
-
Measures to aid protection of CI including the establishment of expert groups at EU level and the creation of the Critical Infrastructure Warning Information Network (CIWIN)—an internet-based communication system for exchanging information, studies, and best practices in Europe [22].
-
Funding for over 100 CIP projects between 2007 and 2013. These projects focused on a variety of issues including national and European information sharing and alerting systems, the development of ways to assess the dependencies between ICT and electricity transmission networks, and the creation of a ‘good practices’ manual for CIP policy makers [23].
-
International cooperation with European Economic Area (EEA) and European Free Trade Area (EFTA) nations, as well as expert meetings between the EU, USA, and Canada.
-
The EU’s electricity transmission grid
-
The EU’s gas transmission network
-
EUROCONTROL—the EU’s Air Traffic Management
-
GALILEO—the European programme for global satellite navigation.
3.3 The Australian Approach
Coordinated planning across sectors and networks, responsive, flexible and timely recovery measures, and development of an organisational culture that has the ability to provide a minimum level of service during interruptions, emergencies and disasters, and return to full operations quickly.
-
operate an effective business-government partnership with critical infrastructure owners and operators
-
develop and promote an organisational resilience body of knowledge and a common understanding of organisational resilience
-
assist owners and operators of CI to identify, analyse and manage cross-sectorial dependencies
-
provide timely and high quality policy advice on issues relating to CI resilience
-
implement the Australian Government’s Cyber Security Strategy to maintain a secure, resilient and trusted electronic operating environment, including for CI owners and operators, and
-
support the CI resilience programs delivered by Australian States and Territories, as agreed and as appropriate.
4 CI Resilience
Protective security measures alone cannot mitigate supply chain disruption, nor ensure the rapid restoration of services. Owners and operators of critical infrastructure often have limited capacity to continue operations indefinitely if the essential goods and services they require are interrupted [29].
-
Absorptive capacity refers to the degree to which a system can absorb the impacts of system perturbations and minimise consequences with little effort. In practice, though, it is a management feature depending on configuration, controls, and operational procedures. System robustness and reliability are prototypical pre-disruption characteristics of a resilient system.
-
While absorptive capacity is the ability of a system to absorb system perturbations, adaptive capacity is the ability of a system to adjust to undesirable situations by undergoing some changes. A system’s adaptive capacity is enhanced by its ability to anticipate disruptive events, recognise unanticipated events, re-organise after occurrence of an adverse event, and general preparedness for adverse events.
-
Restorative capacity of a resilient system is often characterised by rapidity of return to normal or improved operations and system reliability. This capacity should be assessed against a defined set of requirements derived from a desirable level of service or control.