Difference between revisions of "Critical infrastructure"

From Securipedia
Jump to navigation Jump to search
 
(34 intermediate revisions by 4 users not shown)
Line 1: Line 1:
[[Category:Economic]]
 
[[Category:Mobility]]
 
[[Category:Safety]]
 
[[Category:Social]]
 
[[Category:Threat]]
 
 
[[Category:Urban environment]]
 
[[Category:Urban environment]]
  +
[[File:ae.png|25px|right|This is a page providing background in a specific field of expertise]]
[[Category:Urban object]]
 
  +
'''Critical infrastructures''' (commonly abbreviated as CI) are those physical and information technology facilities, networks, services, and assets, which, if disrupted or destroyed, will have a serious impact on the health, safety, security and/or economic well-being of citizens or the effective functioning of societies or governments<ref>Derived from EU: Council Directive 2008/114/EC of 8 December 2008 on the Identification and Designation of European Critical Infrastructures and the Assessment of the need to Improve their Protection. Official Journal of the European Union L 345/75, 2008. Retrieved from http://eur-lex.europa.eu/LexUriServ/LexUriServ.do?uri=OJ:L:2008:345:0075:0082:EN:PDF [last access: 2010-10-14].</ref>.
   
  +
==Description==
=Critical Infrastructure=
 
  +
Modern societies relies heavily on a number of infrastructures such as electricity, gas, water management, and information and communication technologies. The disruption of these infrastructures will have serious consequences for the economy and well-being of citizens. As these infrastructures are becoming increasingly interconnected, the protection of these Critical Infrastructures becomes increasingly important and protecting those infrastructures is nolonger the responsibility of individual companies or government bodies but of society as a whole.
  +
Protecting Critical Infrastructure implies safeguarding those structures form natural, technological, organizational and human threats. Regardsless whether the threats are intended (such as terrorist acts) or accidentally (such as road accidents or human oversight). This is also known as an [[All-hazard approach|all-hazard approach]].
   
  +
==Critical infrastructure sectors==
==Introduction==
 
  +
The extent of what is included in critical infrastructure and its classification differs from country to country, but the EU program EPCIP includes the following sectors:
In the EU, '''[http://en.wikipedia.org/wiki/Critical_infrastructure critical infrastructures]''' (commonly abbreviated as CI) are those physical and information technology facilities, networks, services, and assets, which, if disrupted or destroyed, would have a serious impact on the health, [[safety]], [[security]] and/or economic well-being of citizens or the effective functioning of societies or governments in EU Member States countries. <ref>EU (2008): COUNCIL DIRECTIVE 2008/114/EC of 8 December 2008 on the identification and designation of European critical infrastructures and the assessment of the need to improve their protection. Official Journal of the European Union L 345/75. Retrieved from http://eur-lex.europa.eu/LexUriServ/LexUriServ.do?uri=OJ:L:2008:345:0075:0082:EN:PDF [2010-10-14].</ref> provides commonly adopted definitions of “'''critical infrastructure'''” (CI) and “'''European critical infrastructure'''” (ECI).
 
  +
* energy installations and networks;
  +
* communications and information technology;
  +
* finance (banking, securities and investment);
  +
* health care;
  +
* food;
  +
* water (dams, storage, treatment and networks);
  +
* transport (airports, ports, intermodal facilities, railway and mass transit networks and traffic control systems);
  +
* production, storage and transport of dangerous goods (e.g. chemical, biological, radiological and nuclear materials);
  +
* government (e.g. critical services, facilities, information networks, assets and key national sites and monuments).
  +
Although drafted for use on national scale, this list may also serve as a guideline what can be considered critical infrastructures in an urban context, as the interconnectedness of these infrastructures is equally valid on an urban scale. For example: A power failure will disrupt the telephone system equally independent of the scale of the outage: it can affect the switchboards, the cellular antennas, company telephone exchanges and the fixed telephones at people’s homes, this in its turn affects the possibilities of people to communicate, for example to call the alarm line.
   
  +
==Cascading effects and its origins==
==Critical infrastructure protection==
 
  +
The example mentioned above illustrates the way an incident can propagate Such a chain of adverse consequences (power loss leads to loss of telephone services leads to loss of emergency services) is called a cascading effect. These cascading effects are a prime reason why protection of critical infrastructures exceeds the responsibility of individual operators; even if each operator assures an adequate level of protection, dependencies between infrastructures can result in (catastrophic) failure.
  +
There are typically two origins for simultaneous failure of infrastructures:
  +
* A dependency: a product or service of one infrastructure is required for the generation of the other product or service (for example electricity for the functioning of a drawbridge)
  +
* A common vulnerability: two products or services can be disrupted by a single cause (for example a power plant and sewage plant, both situated in a flooding-prone area)
   
  +
==Relevance of critical infrastructures for the urban planner==
[http://en.wikipedia.org/wiki/Critical_infrastructure_protection Critical infrastructure protection] (CIP) has become a major issue in civil [[security]], [[Crisis management cycle|crisis and emergency management]] and natural hazard management. The [[all-hazard approach]] has gained ground on the international scale, and the [[comprehensive approach]] in security policies and [[security research]] has been advanced in order to meet current and future [[threat|threats]] and [[risk|risks]] based on better integrated information, assessment, policies and capabilities. Basically, owners, operators and respective member states hold the responsibility for critical infrastructure protection.
 
  +
The first reason is inherent to a process and scarcely to be influenced by urban built structure, but the second reason is. The location of critical infrastructures can influence both the likelihood of an event taking place and the impact such an event would have.
   
  +
An example of the location of likelihood of incident is demonstrated in the 9/11 attacks. This has shown that concentrating economic resources in one building in the economic capital of a country at war with religious fanatics, will make it a very attractive target. It will be perceived far more attractive than the individual companies housed in the building would be, and the likelihood that it will be picked as target will increase. Other examples would be locating a chemical plant near an airport (or even in the path of landing or starting airplanes), or locating a critical governmental service along a path where regular demonstrations are held.
The [http://europa.eu/legislation_summaries/justice_freedom_security/fight_against_terrorism/l33260_en.htm European Program for Critical Infrastructure Protection (EPCIP)]<ref>Commission of the European Communities (2006): COM(2006) 786 final COMMUNICATION FROM THE COMMISSION on a European Programme for Critical Infrastructure Protection. Brussels. Retrieved from: http://eur-lex.europa.eu/LexUriServ/site/en/com/2006/com2006_0786en01.pdf [2012-05-23].</ref><ref>see also http://europa.eu/legislation_summaries/justice_freedom_security/fight_against_terrorism/l33260_en.htm; http://www.euinfrastructure.com/article/critical-infrastructure-protection/ [2012-05-23].</ref> points out the [[all-hazard approach]] (prioritizing [[Urban terrorism|terrorism]]) and the principles of subsidiarity, complementarity, confidentiality, [[stakeholders|stakeholder]] cooperation, proportionality and sector-by-sector approach <ref>EU (2008): COUNCIL DIRECTIVE 2008/114/EC of 8 December 2008 on the identification and designation of European critical infrastructures and the assessment of the need to improve their protection. Official Journal of the European Union L 345/75: 3. Retrieved from http://eur-lex.europa.eu/LexUriServ/LexUriServ.do?uri=OJ:L:2008:345:0075:0082:EN:PDF [2010-10-14]</ref>. The framework comprises the identification and designation of CI, an action plan, the establishment of a Critical Infrastructures Warning Information Network (CIWIN) and a CIP Contact and Expert Group; further the support of the member states, a contingency planning and the external dimension. The objectives to guarantee European-wide adequate and equal protection levels, minimal single points of failure, and rapid and tested recovery processes were defined earlier on <ref>Commission of the European Communities (2005): COM(2005) 576 final. Green Paper on a European Programme for Critical Infrastructure Protection (presented by the Commission). Retrieved from http://www.libertysecurity.org/IMG/pdf/EC_-_Green_Paper_on_CI_-_17.11.2005.pdf [2011-07-14].</ref>. Together with the EU Member States, the European Commission will develop guidelines and thresholds for criteria application. As a first step the directive addressed the energy and transport sectors differentiating subsectors for each (electricity, oil, gas respectively road, rail, air, inland waterways transport, ocean and short sea shipping, and ports).
 
   
  +
Examples of the location influencing the impact of an events is demonstrated in a flooding of the river Elbe in Germany in August 2002: as crisis management stations were all located on one side of the river and all bridges were closed, delivering help to the other side of the river was severely hampered<ref>Von Kirchbach, H-P. Franke, S., Biele, H., Bericht der Unabhängigen Kommission der
  +
Sächsischen Staatsregierung, Flutkatastrophe 2002, 2003. On-line:
  +
https://publikationen.sachsen.de/bdb/artikel/10825/documents/10951</ref>. The emergency services in this case were vulnerable to the same circumstances they were supposed to fight. Another example would be the co-location of an embassy and a day-care centre in the same building; any attack on the embassy would likely involve the day-care centre too.
   
  +
==Consideration of critical infrastructures in the urban planning process==
===European policy landscape around Critical Infrastructure Protection===
 
  +
As the urban planner has a societal responsibility and the opportunity to look beyond the interests of individual organisations, it is the responsibility of the urban planner to consider the consequences of locating a particular function in a particular environment. This is not new, but is (and has always been) one of the added values of the urban planner. However, the explicit consideration of the societal importance of infrastructures, their interrelatedness and shared weaknesses is relatively new. Indications an increased attention for the criticality of infrastructures might be required, are:
  +
* One or more vulnerable objects are close enough located by to allow the impact of an incident in one object to affect the other object (as illustrated by the example of the day-care co-located with an embassy);
  +
* One object has the same vulnerabilities as another object it depends on or that depends on it (as illustrated by the examples of the crisis teams being located on one side of the Elbe, or locating both a sewage processing plant and a power plant in the same flood-prone area);
  +
* The object might be affected by a vulnerability of another object in the vicinity (as illustrated by the example of the location of government services along known demonstration paths, or locating a chemical plant in the path of an airport).
   
  +
==Reducing vulnerability==
 
  +
Reducing vulnerability of critical infrastructures is an important issue and should be an integrated part of the urban planning practice. The CRS Report for Congress Homeland Security<ref>Reducing the Vulnerability of Public and Private Information Infrastructures to Terrorism: An Overview, 2004.</ref> identifies three general principles in the context of critical infrastructure protection. The three general principles are:
 
  +
#The first principle emphasizes the establishment and practice of comprehensive continuity and recovery plans.
 
  +
#The second principle focuses on the decentralization of operations and the effectiveness of distributed communications. The lesson of decentralizing operations can be applied to the structure and location of an organization’s operations.
[[File:CIP_EUpolicies.jpg|500px|thumb|center]]
 
  +
#The third principle involves the institutionalization of system redundancies to eliminate single points of weakness. In this context, the lesson of employing redundant service providers is applied primarily to telecommunications services.
 
 
==Critical infrastructure sectors and sector designation==
 
The concept of '''critical infrastructures''' (CI) and '''CI sectors''' is not self-evident. Rather, sector designation is a permanent process of awareness rising on the political level, characterized by spatial and temporal variation. It is influenced by various national trends, by the political situation and current crises and disasters. Traditional and consensual sectors have been identified to be physical-technical infrastructures. Industrial-commercial CI sectors have evolved stepwise. By trend, multiple socio-cultural CI sectors have been only recently acknowledged to be of concern for society and added to the conventional sector spectrum.
 
 
 
 
[[File:Grafik CI Sector Classification.jpg|400px|thumb|right|'''Critical infrastucture sector classification''']]
 
 
Involving increasing accuracy and detailed perspectives, the process of designation is dependent on public and trans-boundary discussion and views, but also on subjective/political perception, region-specific priorities and economic values. <ref>Cf. Metzger Jan (2004): Das Konzept „Schutz kritischer Infrastrukturen“ hinterfragt. In: Wenger Andreas (2004): Bulletin 2004 zur schweizerischen Sicherheitspolitik. Forschungsstelle für Sicherheitspolitik: Zürich. Retrieved from http://kms2.isn.ethz.ch/serviceengine/Files/SSN/.../doc_6804_259_de.pdf [2011-06-09].</ref>.
 
 
 
The EU approach so far has covered the following critical infrastructure:
 
 
* Energy Installations and Networks;
 
* Communications and Information Technologies;
 
* Transport;
 
* Water;
 
* Production, Storage and Transport of Dangerous Goods;
 
* Food;
 
* Health Care;
 
* Finance;
 
* Government.
 
 
 
 
 
The EU encourages the member states to set up national programmes for designation and qualitative and quantitative aspects, to accomplish sector identification and dependency studies and to elaborate a common terminology, general criteria, guidelines and procedures as a first step. Further steps include identification of deficiencies, suggestions for measures and financing, the implementation of minimum protection standards and their surveillance.
 
 
The EU-Directive 2008/114/EC introduces a practice to identify and designate European critical infrastructures (ECI), committing each member state to designating potential ECI according to the EU-definition and according to cross-sectoral criteria (casualties, economic and public effects) and sector specific criteria (taking into account individual sector characteristics). Further criteria to be considered, as addressed in the European Programme of Critical Infrastructure Protection (EPCIP), are geographic scope of impact (when disrupted or destroyed), severity and consequences (public, economic, environmental, political and psychological effects, public health consequences) or geographic and sector specific dependencies.
 
 
 
== Criticality of infastructure ==
 
 
'''Infrastructure criticality''' is generally set at varying variables:
 
*symbolic criticality vs. systemic criticality (Metzger 2004);
 
*dimension-based perspective: the geographic dimension of disruption and breakdown (local to international), the magnitude (low to massive) and the time factor (short term to long term) (IRGC 2007);
 
 
'''EU criteria for criticality''' (EU 2008)<ref>EU (2008): COUNCIL DIRECTIVE 2008/114/EC of 8 December 2008 on the identification and designation of European critical infrastructures and the assessment of the need to improve their protection. Official Journal of the European Union L 345/75. Retrieved from http://eur-lex.europa.eu/LexUriServ/LexUriServ.do?uri=OJ:L:2008:345:0075:0082:EN:PDF [2010-10-14].</ref> refer to cross-cutting criteria described as:
 
 
*''casualties criterion'' (potential number of fatalities or injuries);
 
*''economic effects criterion'' (economic loss and/or degradation of products or services; potential environmental effects);
 
*''public effects criterion'' (impact on public confidence, physical suffering and disruption of daily life; including the loss of essential services).
 
 
 
Divergence in the assessment of criticality generally results from diverging national situations and (legislative and cultural) preconditions: Are there culturally valuable goods? Are there hazardous chemical and industrial goods? Are there security facilities? In case of positive answers to such questions, these sectors usually are assessed to be critical and risk prone both in definition and in the political perception and discourse.
 
Objective quantification and determination of criticality are doubtful. Hence, qualitative knowledge of physical [[risk|risks]] and social vulnerabilities is essential to determine indicators and factors such as [[Social risk perception and communication of risk|risk perception]], individual cognition, political discourses, loss of trust, and public reaction to disastrous events and counter-/mitigating measures.
 
 
 
== Perception of criticality ==
 
 
The systematic analyses of citizens' perceived criticality of infrastructure and necessity to protect it is an essential component for the determination of security demands as a public good, also as related to strategic urban planning. A state of the art review leads to the following indicators for citizens’ subjective needs to provide for protection of critical infrastructure, as well as of their over-perception or under-perception of the criticality of that infrastructure.<ref>Cf. results from the project SFI@SFU: "Development of an Austrian Centre for Comprehensive Security Research at Sigmund Freud Private University Vienna" (http://www.sfi-sfu.eu) in the Austrian national security research programme KIRAS, funded by the Austrian Ministry of Technology, Transport and Innovation (bmvit); project deliverable 2.3: ''Integrierte Risikobewertungssystematik (comprehensive risk assessment) und subjektive Schutzbedürfnisbewertung für kritische Infrastruktur'' (not published), p. 98.</ref> The determination of the perception of criticality of infrastructure and related protection requirements is not only an important subjective component, influenced by generic laws of human risk perceptions as well as by cultural features, that needs considering in sector designation and prioritization of protective measures for built infrastructure. It is also in important factor to consider in urban planning that seeks legitimacy and public acceptance.
 
 
Knowledge of such kind can for example help urban planners to design in protective measures that not only reflect objective vulnerability but also citizens’ security cultures. Thus, public support for urban planning that is conscious of security aspects can be enhanced and citizens’ acceptance of resulting built infrastructure enhanced.
 
 
 
===List of indicators for assessment of subjective protection requirements of critical infrastructure===
 
 
 
[[File:CI_perception.jpg|500px|thumb|center]]
 
 
 
 
From this list of indicators, it also follows that subjective protection requirements, similar to [[Perception of (in)security|perception]], highly depend on individual level of information and knowledge. Thus, strategic urban planning should be accompanied by a full-fledged public communication strategy in addressing security aspects. Personal experience and confrontation with critical infrastructure breakdown play an essential role in citizens’ subjective perception of criticality and requirements to protect, as does the individual direct use of the respective critical infrastructure.
 
 
In order to enhance citizens perception of safety in urban places various dimensions must be considered (view [[Checklists_for_dimension_consideration|Practical checklists]]).
 
 
 
==Impact of critical infrastructure failure on citizens and society<ref>Security research project SFI@SFU (http://www.sfi-sfu) results</ref>==
 
It is generally acknowledged that failure of critical infrastructure, such as malfunctions and accidents in transportation, health service, emergency care or power supply, has an impact on the social components of a system. If an infrastructure-endangering event occurs, domino effects and/or cascading effects are very likely due to interference or outages of the critical infrastructure. Since crises and disasters always take place in (social) contexts, those effects have the potential to bring different sectors of society to standstill, especially because of the multiple vulnerabilities of the social system and its indispensable connections with different critical infrastructure sectors. Beyond negative psycho-social consequences on the affected community, natural disasters or other types of critical infrastructure breakdown affect the society also from the urban planners point of view – for example through physical loss of structures, homes, entire parts of cities etc.
 
Following an analysis of several case studies that were based on interviews with disaster victims, site investigations and questionnaire surveys<ref>Platz U. (2006): Vulnerabilität von Logistikstrukturen im Lebensmittelhandel. Eine Studie zu den Logistikstrukturen des Lebensmittelhandels, möglichen Gefahrenquellen und den Auswirkungen verschiedener Gefahren bei einem Ereigniseintritt. Landwirtschaftsverlag Münster-Hiltrup.(Serie Band: Schriftenreihe des Bundesministeriums für Verbraucherschutz, Ernährung und Landwirtschaft : Reihe A, Angewandte Wissenschaft; 512 / ISBN-ISSN-ISMN: 3-7843-0512-1). Retrieved http://www.ble.de/cln_099/nn_467872/SharedDocs/Downloads/03__Vorsorge/Ernaehrungsvorsorge/Literatur/Vulnerabilitaet.html#Inhalt [2011-03-31].; Picou J. S., Martin C. G. (2006): Community Impacts of Hurricane Ivan: A Case Study of Orange Beach, Alabama. Department of Sociology, Anthropology and Social Work, University of South Alabama. Retrieved from http://www.colorado.edu/hazards/research/qr/qr190/qr190.html [2011-04-12].; Lasley C. B., Simpson D. M., Rockaway T. D., Weigel T. (2007): Understanding Critical Infrastructure Failure: Examining the experience of Biloxi and Gulfport Mississippi after Hurricane Katrina. Study made by: Center for hazards research and policy development, University of Louisville. Retrieved from http://hazardcenter.louisville.edu/images/Research/sgerfinalprojectworkingpaper.pdf [2011-04-11].; Queste A. (2009): Dissertationsarbeit Vulnerabilität der Kritischen Infrastruktur Wasserversorgung gegenüber Naturkatastrophen. Universität Bielefeld. Retrieved from http://bieson.ub.uni-bielefeld.de/volltexte/2010/1635/pdf/KRITIS_queste.pdf [2011-04-11].; Birkmann J., Bach C., Guhl S., Witting M., Welle T., Schmude M. (2010): State of the Art der Forschung zur Verwundbarkeit Kritischer Infrastrukturen am Beispiel Strom/Stromausfall. Schriftreihe Sicherheit Nr. 2 Forschungsforum Öffentliche Sicherheit, Freie Universität Berlin. Retrieved from http://www.sicherheit-forschung.de/publikationen/schriftenreihe/sr_v_v/sr_2.pdf [2011-05-12].; Lorenz D. F. (2010). Kritische Infrastrukturen aus der Sicht der Bevölkerung. Schriftreihe Sicherheit Nr. 3 Forschungsforum Öffentliche Sicherheit, Freie Universität Berlin. Retrieved from http://www.sicherheit-forschung.de/publikationen/schriftenreihe/sr_v_v/sr_3.pdf [2011-05-04].; Verdon-Kidd D.C., Kiem A.S., Willgoose G., Haines P. (2010): East Coast Lows and the Newcastle/Central Coast Pasha Bulker storm. Report for the National Climate Change Adaptation Research Facility, Gold Coast, Australia. Retrieved from http://www.nccarf.edu.au/sites/default/files/FINAL%202-East%20Coast%20Lows(2).pdf 2011-04-12].</ref>, different types of impact of critical infrastructure failure on citizens and society can be summarized. They also represent aspects to address in forward-looking, resilience-enhancing urban planning. It can be concluded that the complexity of the consequences from critical infrastructure failure increases with increasing citizens’ factual as well as felt dependence on that infrastructure.
 
 
 
===Types of impact of critical infrasture failure on citizens and society===
 
 
[[File:Grafik_Social_Imp_CI_failure.jpg|700px|thumb|center]]
 
 
 
 
== Critical infrastructure protection and urban planning==
 
 
[[Urban planning]] and critical infrastructure planning are inseparably linked. Hence, EU Critical Infrastructure Protection policy will inevitably have an impact on future critical infrastructure planning and, thus, urban planning.
 
 
There are several foreseeable future [[legal aspects]] that urban planning should address pre-emptively and that can be expected to have an influence on security issues. Aspects of critical infrastructure protection could be addressed in forward-looking urban planning based on the European Commission’s Staff Working Paper on Risk Assessment and Mapping Guidelines for Disaster Management (European Commission 2010)<ref>European Commission (2010): Commission Staff Working Paper. Risk Assessment and Mapping Guidelines for Disaster Management. SEC(2010) 1626 final. Brussels. Retrieved from: http://ec.europa.eu/echo/civil_protection/civil/pdfdocs/prevention/COMM_PDF_SEC_2010_1626_F_staff_working_document_en.pdf [last access: 2011-06-18].</ref>.
 
*Accordingly, uniform risk analyses based on standardized criteria to establish a Common Risk Management Framework (CRMF) should be promoted. The [http://www.vitruv-project.eu/consortium.html VITRUV] tools make an important contribution towards this.
 
*At European level, the aim is to focus efforts and contributions for a European Risk Atlas, serving as a further basis for an adequate coherent [[All-hazard approach|all-hazard]] risk policy due to be established by 2014 (European Commission 2010). These policies and risk assessment and mapping outcomes will expectedly affect future urban planning as well as require legal adaptation of planning requirements.
 
 
 
With respect to intentional hazards and [[threat|threats]] (above all [[urban terrorism]]) urban planning will be increasingly required to support critical infrastructure protection. "Designing in" and [["designing out" approach|"designing out" approaches]] aim to reduce risk due to crime and terrorism and are important [[Crisis management cycle|mitigation]] instruments in critical infrastructure protection at an early stage of planning.
 
 
Sustainable cities are also vis-à-vis [[Natural threat|natural hazards]] and global environmental change. The [http://eur-lex.europa.eu/LexUriServ/LexUriServ.do?uri=OJ:L:2007:288:0027:0034:en:pdf EU Flood Directive 2007/60/EC], entered into force on 26 November 2007, commits member states to undertake actions on the assessment and management of flood risks. Outcomes of these assessments are expected to be integrated in future comprehensive urban and management planning .
 
 
In this context following examples from the [http://www.focusproject.eu/web/focus/home FOCUS] project<ref>FOCUS (2012): FOCUS – Foresight Security Scenarios – Mapping Research to a Comprehensive Approach to Exogenous EU Roles. Deliverable 4.2 / Literature and small-world study on future nature-related disasters. To be published on http://www.focusproject.eu. </ref> respectively from EU guidelines and directives also have relevance for critical infrastructure protection in urban planning from a societal security point of view:
 
*City planning should take account of increasing frequency and intensity of heat waves by making use of and enhancing natural processes to cool the cities, such as facilitating natural circulations, be it along rivers, from mountains and valleys surrounding cities, etc., introducing more vegetation into the city (roofs, facades, parks, recreational areas, etc.).
 
*Building standards should be adapted to assure optimal interaction with the sun (e.g. large input in winter, small input in summer e.g. through sun shades positioned outside the building); make use of natural ventilation; use the best possible materials in terms of isolation properties; etc.
 
   
   
 
{{references}}
 
{{references}}
 
= MAP =
 
 
<websiteFrame>
 
 
website=http://securipedia.eu/cool/index.php?wiki=securipedia.eu&concept=Insert your pagename here
 
 
height=1023
 
 
width=100%
 
 
border=0
 
 
scroll=auto
 
 
align=middle
 
 
</websiteFrame>
 
 
 
 
<headertabs/>
 

Latest revision as of 10:57, 10 December 2013

This is a page providing background in a specific field of expertise

Critical infrastructures (commonly abbreviated as CI) are those physical and information technology facilities, networks, services, and assets, which, if disrupted or destroyed, will have a serious impact on the health, safety, security and/or economic well-being of citizens or the effective functioning of societies or governments[1].

Description

Modern societies relies heavily on a number of infrastructures such as electricity, gas, water management, and information and communication technologies. The disruption of these infrastructures will have serious consequences for the economy and well-being of citizens. As these infrastructures are becoming increasingly interconnected, the protection of these Critical Infrastructures becomes increasingly important and protecting those infrastructures is nolonger the responsibility of individual companies or government bodies but of society as a whole. Protecting Critical Infrastructure implies safeguarding those structures form natural, technological, organizational and human threats. Regardsless whether the threats are intended (such as terrorist acts) or accidentally (such as road accidents or human oversight). This is also known as an all-hazard approach.

Critical infrastructure sectors

The extent of what is included in critical infrastructure and its classification differs from country to country, but the EU program EPCIP includes the following sectors:

  • energy installations and networks;
  • communications and information technology;
  • finance (banking, securities and investment);
  • health care;
  • food;
  • water (dams, storage, treatment and networks);
  • transport (airports, ports, intermodal facilities, railway and mass transit networks and traffic control systems);
  • production, storage and transport of dangerous goods (e.g. chemical, biological, radiological and nuclear materials);
  • government (e.g. critical services, facilities, information networks, assets and key national sites and monuments).

Although drafted for use on national scale, this list may also serve as a guideline what can be considered critical infrastructures in an urban context, as the interconnectedness of these infrastructures is equally valid on an urban scale. For example: A power failure will disrupt the telephone system equally independent of the scale of the outage: it can affect the switchboards, the cellular antennas, company telephone exchanges and the fixed telephones at people’s homes, this in its turn affects the possibilities of people to communicate, for example to call the alarm line.

Cascading effects and its origins

The example mentioned above illustrates the way an incident can propagate Such a chain of adverse consequences (power loss leads to loss of telephone services leads to loss of emergency services) is called a cascading effect. These cascading effects are a prime reason why protection of critical infrastructures exceeds the responsibility of individual operators; even if each operator assures an adequate level of protection, dependencies between infrastructures can result in (catastrophic) failure. There are typically two origins for simultaneous failure of infrastructures:

  • A dependency: a product or service of one infrastructure is required for the generation of the other product or service (for example electricity for the functioning of a drawbridge)
  • A common vulnerability: two products or services can be disrupted by a single cause (for example a power plant and sewage plant, both situated in a flooding-prone area)

Relevance of critical infrastructures for the urban planner

The first reason is inherent to a process and scarcely to be influenced by urban built structure, but the second reason is. The location of critical infrastructures can influence both the likelihood of an event taking place and the impact such an event would have.

An example of the location of likelihood of incident is demonstrated in the 9/11 attacks. This has shown that concentrating economic resources in one building in the economic capital of a country at war with religious fanatics, will make it a very attractive target. It will be perceived far more attractive than the individual companies housed in the building would be, and the likelihood that it will be picked as target will increase. Other examples would be locating a chemical plant near an airport (or even in the path of landing or starting airplanes), or locating a critical governmental service along a path where regular demonstrations are held.

Examples of the location influencing the impact of an events is demonstrated in a flooding of the river Elbe in Germany in August 2002: as crisis management stations were all located on one side of the river and all bridges were closed, delivering help to the other side of the river was severely hampered[2]. The emergency services in this case were vulnerable to the same circumstances they were supposed to fight. Another example would be the co-location of an embassy and a day-care centre in the same building; any attack on the embassy would likely involve the day-care centre too.

Consideration of critical infrastructures in the urban planning process

As the urban planner has a societal responsibility and the opportunity to look beyond the interests of individual organisations, it is the responsibility of the urban planner to consider the consequences of locating a particular function in a particular environment. This is not new, but is (and has always been) one of the added values of the urban planner. However, the explicit consideration of the societal importance of infrastructures, their interrelatedness and shared weaknesses is relatively new. Indications an increased attention for the criticality of infrastructures might be required, are:

  • One or more vulnerable objects are close enough located by to allow the impact of an incident in one object to affect the other object (as illustrated by the example of the day-care co-located with an embassy);
  • One object has the same vulnerabilities as another object it depends on or that depends on it (as illustrated by the examples of the crisis teams being located on one side of the Elbe, or locating both a sewage processing plant and a power plant in the same flood-prone area);
  • The object might be affected by a vulnerability of another object in the vicinity (as illustrated by the example of the location of government services along known demonstration paths, or locating a chemical plant in the path of an airport).

Reducing vulnerability

Reducing vulnerability of critical infrastructures is an important issue and should be an integrated part of the urban planning practice. The CRS Report for Congress Homeland Security[3] identifies three general principles in the context of critical infrastructure protection. The three general principles are:

  1. The first principle emphasizes the establishment and practice of comprehensive continuity and recovery plans.
  2. The second principle focuses on the decentralization of operations and the effectiveness of distributed communications. The lesson of decentralizing operations can be applied to the structure and location of an organization’s operations.
  3. The third principle involves the institutionalization of system redundancies to eliminate single points of weakness. In this context, the lesson of employing redundant service providers is applied primarily to telecommunications services.


Footnotes and references

  1. Derived from EU: Council Directive 2008/114/EC of 8 December 2008 on the Identification and Designation of European Critical Infrastructures and the Assessment of the need to Improve their Protection. Official Journal of the European Union L 345/75, 2008. Retrieved from http://eur-lex.europa.eu/LexUriServ/LexUriServ.do?uri=OJ:L:2008:345:0075:0082:EN:PDF [last access: 2010-10-14].
  2. Von Kirchbach, H-P. Franke, S., Biele, H., Bericht der Unabhängigen Kommission der Sächsischen Staatsregierung, Flutkatastrophe 2002, 2003. On-line: https://publikationen.sachsen.de/bdb/artikel/10825/documents/10951
  3. Reducing the Vulnerability of Public and Private Information Infrastructures to Terrorism: An Overview, 2004.