Critical infrastructure

From Securipedia
Revision as of 09:39, 18 July 2012 by Rosemarie (talk | contribs)
Jump to navigation Jump to search

Critical Infrastructure

Introduction

In the EU, critical infrastructures (commonly abbreviated as CI) are those physical and information technology facilities, networks, services, and assets, which, if disrupted or destroyed, would have a serious impact on the health, safety, security and/or economic well-being of citizens or the effective functioning of societies or governments in EU Member States countries. The Council Directive 2008/114/EC on the identification and designation of European critical infrastructures (ECI) and the assessment of the need to improve their protection[1] provides commonly adopted definitions of “critical infrastructure” (CI) and “European critical infrastructure” (ECI).


Critical infrastructure protection

Critical infrastructure protection (CIP) has become a major issue in civil security, emergency management and natural hazard management. The all-hazard approach has gained ground on the international scale, and the “comprehensive approach” in security policies and security research has been advanced in order to meet current and future threats based on better integrated information, assessment, policies and capabilities. Basically, owners, operators and respective member states hold the responsibility for critical infrastructure protection.

The European Program for Critical Infrastructure Protection (EPCIP)[2][3] points out the all-hazard approach (prioritizing terrorism) and the principles of subsidiarity, complementarity, confidentiality, stakeholder cooperation, proportionality and sector-by-sector approach [4]. The framework comprises the identification and designation of CI, an action plan, the establishment of a Critical Infrastructures Warning Information Network (CIWIN) and a CIP Contact and Expert Group; further the support of the member states, a contingency planning and the external dimension. The objectives to guarantee European-wide adequate and equal protection levels, minimal single points of failure, and rapid and tested recovery processes were defined earlier on [5]. Together with the EU Member States, the European Commission will develop guidelines and thresholds for criteria application. As a first step the directive addressed the energy and transport sectors differentiating subsectors for each (electricity, oil, gas respectively road, rail, air, inland waterways transport, ocean and short sea shipping, and ports).


European policy landscape around Critical Infrastructure Protection


Critical infrastructure sectors and sector designation

The concept of critical infrastructures (CI) and CI sectors is not self-evident. Rather, sector designation is a permanent process of awareness rising on the political level, characterized by spatial and temporal variation. It is influenced by various national trends, by the political situation and current crises and disasters. Traditional and consensual sectors have been identified to be physical-technical infrastructures. Industrial-commercial CI sectors have evolved stepwise. By trend, multiple socio-cultural CI sectors have been only recently acknowledged to be of concern for society and added to the conventional sector spectrum.


File:Grafik CI Sector Classification.jpg
Critical infrastucture sector classification

Involving increasing accuracy and detailed perspectives, the process of designation is dependent on public and trans-boundary discussion and views, but also on subjective/political perception, region-specific priorities and economic values. [6].


The EU approach so far has covered the following critical infrastructure:

  • Energy Installations and Networks;
  • Communications and Information Technologies;
  • Transport;
  • Water;
  • Production, Storage and Transport of Dangerous Goods;
  • Food;
  • Health Care;
  • Finance;
  • Government.



The EU encourages the member states to set up national programmes for designation and qualitative and quantitative aspects, to accomplish sector identification and dependency studies and to elaborate a common terminology, general criteria, guidelines and procedures as a first step. Further steps include identification of deficiencies, suggestions for measures and financing, the implementation of minimum protection standards and their surveillance.

The EU-Directive 2008/114/EC introduces a practice to identify and designate European critical infrastructures (ECI), committing each member state to designating potential ECI according to the EU-definition and according to cross-sectoral criteria (casualties, economic and public effects) and sector specific criteria (taking into account individual sector characteristics). Further criteria to be considered, as addressed in the European Programme of Critical Infrastructure Protection (EPCIP), are geographic scope of impact (when disrupted or destroyed), severity and consequences (public, economic, environmental, political and psychological effects, public health consequences) or geographic and sector specific dependencies.


Criticality of infastructure

Infrastructure criticality is generally set at varying variables:

  • symbolic criticality vs. systemic criticality (Metzger 2004);
  • dimension-based perspective: the geographic dimension of disruption and breakdown (local to international), the magnitude (low to massive) and the time factor (short term to long term) (IRGC 2007);
  • cross-cutting criteria described as: casualties criterion (potential number of fatalities or injuries), economic effects criterion (economic loss and/or degradation of products or services; potential environmental effects) and public effects criterion (impact on public confidence, physical suffering and disruption of daily life; including the loss of essential services) (EU 2008).

EU criteria for criticality refer to cross-cutting criteria described as:

  • "casualties criterion (assessed in terms of the potential number of fatalities or injuries);
  • economic effects criterion (assessed in terms of the significance of economic loss and/or degradation of products or services; including potential environmental effects);
  • public effects criterion (assessed in terms of the impact on public confidence, physical suffering and disruption of daily life; including the loss of essential services)."[7]


Divergence in the assessment of criticality generally results from diverging national situations and (legislative and cultural) preconditions: Are there culturally valuable goods? Are there hazardous chemical and industrial goods? Are there security facilities? In case of positive answers to such questions, these sectors usually are assessed to be critical and risk prone both in definition and in the political perception and discourse. Objective quantification and determination of criticality are doubtful. Hence, qualitative knowledge of physical risks and social vulnerabilities is essential to determine indicators and factors such as risk perception, individual cognition, political discourses, loss of trust, and public reaction to disastrous events and counter-/mitigating measures.


Perception of criticality

The systematic analyses of citizens' perceived criticality of infrastructure and necessity to protect it is an essential component for the determination of security demands as a public good, also as related to strategic urban planning. A state of the art review leads to the following indicators for citizens’ subjective needs to provide for protection of critical infrastructure, as well as of their over-perception or under-perception of the criticality of that infrastructure.[8] The determination of the perception of criticality of infrastructure and related protection requirements is not only an important subjective component, influenced by generic laws of human risk perceptions as well as by cultural features, that needs considering in sector designation and prioritization of protective measures for built infrastructure. It is also in important factor to consider in urban planning that seeks legitimacy and public acceptance.

Knowledge of such kind can for example help urban planners to design in protective measures that not only reflect objective vulnerability but also citizens’ security cultures. Thus, public support for urban planning that is conscious of security aspects can be enhanced and citizens’ acceptance of resulting built infrastructure enhanced.


List of indicators for assessment of subjective protection requirements of critical infrastructure


From this list of indicators, it also follows that subjective protection requirements, similar to perception, highly depend on individual level of information and knowledge. Thus, strategic urban planning should be accompanied by a full-fledged public communication strategy in addressing security aspects. Personal experience and confrontation with critical infrastructure breakdown play an essential role in citizens’ subjective perception of criticality and requirements to protect, as does the individual direct use of the respective critical infrastructure.

In order to enhance citizens perception of safety in urban places various dimensions must be considered (view Practical checklists).


Impact of critical infrastructure failure on citizens and society[9]

It is generally acknowledged that failure of critical infrastructure, such as malfunctions and accidents in transportation, health service, emergency care or power supply, has an impact on the social components of a system. If an infrastructure-endangering event occurs, domino effects and/or cascading effects are very likely due to interference or outages of the critical infrastructure. Since crises and disasters always take place in (social) contexts, those effects have the potential to bring different sectors of society to standstill, especially because of the multiple vulnerabilities of the social system and its indispensable connections with different critical infrastructure sectors. Beyond negative psycho-social consequences on the affected community, natural disasters or other types of critical infrastructure breakdown affect the society also from the urban planners point of view – for example through physical loss of structures, homes, entire parts of cities etc. Following an analysis of several case studies that were based on interviews with disaster victims, site investigations and questionnaire surveys[10], different types of impact of critical infrastructure failure on citizens and society can be summarized. They also represent aspects to address in forward-looking, resilience-enhancing urban planning. It can be concluded that the complexity of the consequences from critical infrastructure failure increases with increasing citizens’ factual as well as felt dependence on that infrastructure.


Types of impact of critical infrasture failure on citizens and society


Critical infrastructure protection and urban planning

Urban planning and critical infrastructure planning are inseparably linked. Hence, EU Critical Infrastructure Protection policy will inevitably have an impact on future critical infrastructure planning and, thus, urban planning.

There are several foreseeable future legal aspects that urban planning should address pre-emptively and that can be expected to have an influence on security issues. Aspects of critical infrastructure protection could be addressed in forward-looking urban planning based on the European Commission’s Staff Working Paper on Risk Assessment and Mapping Guidelines for Disaster Management (European Commission 2010)[11].

  • Accordingly, uniform risk analyses based on standardized criteria to establish a Common Risk Management Framework (CRMF) should be promoted. The VITRUV tools make an important contribution towards this.
  • At European level, the aim is to focus efforts and contributions for a European Risk Atlas, serving as a further basis for an adequate coherent all-hazard risk policy due to be established by 2014 (European Commission 2010). These policies and risk assessment and mapping outcomes will expectedly affect future urban planning as well as require legal adaptation of planning requirements.


With respect to intentional hazards and threats urban planning will be increasingly required to support critical infrastructure protection. "Designing in" and "designing out" approaches such as "designing out terrorism" aim to reduce risk due to crime and terrorism and are important mitigation instruments in critical infrastructure protection at an early stage of planning.

Sustainable cities are also vis-à-vis natural hazards and global environmental change. The EU Flood Directive 2007/60/EC, entered into force on 26 November 2007, commits member states to undertake actions on the assessment and management of flood risks. Outcomes of these assessments are expected to be integrated in future comprehensive urban and management planning .

In this context following examples from the FOCUS project[12] respectively from EU guidelines and directives also have relevance for critical infrastructure protection in urban planning from a societal security point of view:

  • City planning should take account of increasing frequency and intensity of heat waves by making use of and enhancing natural processes to cool the cities, such as facilitating natural circulations, be it along rivers, from mountains and valleys surrounding cities, etc., introducing more vegetation into the city (roofs, facades, parks, recreational areas, etc.).
  • Building standards should be adapted to assure optimal interaction with the sun (e.g. large input in winter, small input in summer e.g. through sun shades positioned outside the building); make use of natural ventilation; use the best possible materials in terms of isolation properties; etc.


Footnotes and references

  1. EU (2008): COUNCIL DIRECTIVE 2008/114/EC of 8 December 2008 on the identification and designation of European critical infrastructures and the assessment of the need to improve their protection. Official Journal of the European Union L 345/75. Retrieved from http://eur-lex.europa.eu/LexUriServ/LexUriServ.do?uri=OJ:L:2008:345:0075:0082:EN:PDF [2010-10-14].
  2. Commission of the European Communities (2006): COM(2006) 786 final COMMUNICATION FROM THE COMMISSION on a European Programme for Critical Infrastructure Protection. Brussels. Retrieved from: http://eur-lex.europa.eu/LexUriServ/site/en/com/2006/com2006_0786en01.pdf [2012-05-23].
  3. see also http://europa.eu/legislation_summaries/justice_freedom_security/fight_against_terrorism/l33260_en.htm; http://www.euinfrastructure.com/article/critical-infrastructure-protection/ [2012-05-23].
  4. EU (2008): COUNCIL DIRECTIVE 2008/114/EC of 8 December 2008 on the identification and designation of European critical infrastructures and the assessment of the need to improve their protection. Official Journal of the European Union L 345/75: 3. Retrieved from http://eur-lex.europa.eu/LexUriServ/LexUriServ.do?uri=OJ:L:2008:345:0075:0082:EN:PDF [2010-10-14]
  5. Commission of the European Communities (2005): COM(2005) 576 final. Green Paper on a European Programme for Critical Infrastructure Protection (presented by the Commission). Retrieved from http://www.libertysecurity.org/IMG/pdf/EC_-_Green_Paper_on_CI_-_17.11.2005.pdf [2011-07-14].
  6. Cf. Metzger Jan (2004): Das Konzept „Schutz kritischer Infrastrukturen“ hinterfragt. In: Wenger Andreas (2004): Bulletin 2004 zur schweizerischen Sicherheitspolitik. Forschungsstelle für Sicherheitspolitik: Zürich. Retrieved from http://kms2.isn.ethz.ch/serviceengine/Files/SSN/.../doc_6804_259_de.pdf [2011-06-09].
  7. EU (2008): COUNCIL DIRECTIVE 2008/114/EC of 8 December 2008 on the identification and designation of European critical infrastructures and the assessment of the need to improve their protection. Official Journal of the European Union L 345/75. Retrieved from http://eur-lex.europa.eu/LexUriServ/LexUriServ.do?uri=OJ:L:2008:345:0075:0082:EN:PDF [2010-10-14].
  8. Cf. results from the project SFI@SFU: "Development of an Austrian Centre for Comprehensive Security Research at Sigmund Freud Private University Vienna" (http://www.sfi-sfu.eu) in the Austrian national security research programme KIRAS, funded by the Austrian Ministry of Technology, Transport and Innovation (bmvit); project deliverable 2.3: Integrierte Risikobewertungssystematik (comprehensive risk assessment) und subjektive Schutzbedürfnisbewertung für kritische Infrastruktur (not published), p. 98.
  9. Security research project SFI@SFU (http://www.sfi-sfu) results
  10. Platz U. (2006): Vulnerabilität von Logistikstrukturen im Lebensmittelhandel. Eine Studie zu den Logistikstrukturen des Lebensmittelhandels, möglichen Gefahrenquellen und den Auswirkungen verschiedener Gefahren bei einem Ereigniseintritt. Landwirtschaftsverlag Münster-Hiltrup.(Serie Band: Schriftenreihe des Bundesministeriums für Verbraucherschutz, Ernährung und Landwirtschaft : Reihe A, Angewandte Wissenschaft; 512 / ISBN-ISSN-ISMN: 3-7843-0512-1). Retrieved http://www.ble.de/cln_099/nn_467872/SharedDocs/Downloads/03__Vorsorge/Ernaehrungsvorsorge/Literatur/Vulnerabilitaet.html#Inhalt [2011-03-31].; Picou J. S., Martin C. G. (2006): Community Impacts of Hurricane Ivan: A Case Study of Orange Beach, Alabama. Department of Sociology, Anthropology and Social Work, University of South Alabama. Retrieved from http://www.colorado.edu/hazards/research/qr/qr190/qr190.html [2011-04-12].; Lasley C. B., Simpson D. M., Rockaway T. D., Weigel T. (2007): Understanding Critical Infrastructure Failure: Examining the experience of Biloxi and Gulfport Mississippi after Hurricane Katrina. Study made by: Center for hazards research and policy development, University of Louisville. Retrieved from http://hazardcenter.louisville.edu/images/Research/sgerfinalprojectworkingpaper.pdf [2011-04-11].; Queste A. (2009): Dissertationsarbeit Vulnerabilität der Kritischen Infrastruktur Wasserversorgung gegenüber Naturkatastrophen. Universität Bielefeld. Retrieved from http://bieson.ub.uni-bielefeld.de/volltexte/2010/1635/pdf/KRITIS_queste.pdf [2011-04-11].; Birkmann J., Bach C., Guhl S., Witting M., Welle T., Schmude M. (2010): State of the Art der Forschung zur Verwundbarkeit Kritischer Infrastrukturen am Beispiel Strom/Stromausfall. Schriftreihe Sicherheit Nr. 2 Forschungsforum Öffentliche Sicherheit, Freie Universität Berlin. Retrieved from http://www.sicherheit-forschung.de/publikationen/schriftenreihe/sr_v_v/sr_2.pdf [2011-05-12].; Lorenz D. F. (2010). Kritische Infrastrukturen aus der Sicht der Bevölkerung. Schriftreihe Sicherheit Nr. 3 Forschungsforum Öffentliche Sicherheit, Freie Universität Berlin. Retrieved from http://www.sicherheit-forschung.de/publikationen/schriftenreihe/sr_v_v/sr_3.pdf [2011-05-04].; Verdon-Kidd D.C., Kiem A.S., Willgoose G., Haines P. (2010): East Coast Lows and the Newcastle/Central Coast Pasha Bulker storm. Report for the National Climate Change Adaptation Research Facility, Gold Coast, Australia. Retrieved from http://www.nccarf.edu.au/sites/default/files/FINAL%202-East%20Coast%20Lows(2).pdf 2011-04-12].
  11. European Commission (2010): Commission Staff Working Paper. Risk Assessment and Mapping Guidelines for Disaster Management. SEC(2010) 1626 final. Brussels. Retrieved from: http://ec.europa.eu/echo/civil_protection/civil/pdfdocs/prevention/COMM_PDF_SEC_2010_1626_F_staff_working_document_en.pdf [last access: 2011-06-18].
  12. FOCUS (2012): FOCUS – Foresight Security Scenarios – Mapping Research to a Comprehensive Approach to Exogenous EU Roles. Deliverable 4.2 / Literature and small-world study on future nature-related disasters. To be published on http://www.focusproject.eu.

MAP

<websiteFrame>

website=http://securipedia.eu/cool/index.php?wiki=securipedia.eu&concept=Insert your pagename here

height=1023

width=100%

border=0

scroll=auto

align=middle

</websiteFrame>


<headertabs/>