Critical infrastructure

From Securipedia
Jump to navigation Jump to search
This is a page providing background in a specific field of expertise

Critical infrastructures (commonly abbreviated as CI) are those physical and information technology facilities, networks, services, and assets, which, if disrupted or destroyed, will have a serious impact on the health, safety, security and/or economic well-being of citizens or the effective functioning of societies or governments[1].

Description

Modern societies relies heavily on a number of infrastructures such as electricity, gas, water management, and information and communication technologies. The disruption of these infrastructures will have serious consequences for the economy and well-being of citizens. As these infrastructures are becoming increasingly interconnected, the protection of these Critical Infrastructures becomes increasingly important and protecting those infrastructures is nolonger the responsibility of individual companies or government bodies but of society as a whole. Protecting Critical Infrastructure implies safeguarding those structures form natural, technological, organizational and human threats. Regardsless whether the threats are intended (such as terrorist acts) or accidentally (such as road accidents or human oversight). This is also known as an all-hazard approach.

Critical infrastructure sectors

The extent of what is included in critical infrastructure and its classification differs from country to country, but the EU program EPCIP includes the following sectors:

  • energy installations and networks;
  • communications and information technology;
  • finance (banking, securities and investment);
  • health care;
  • food;
  • water (dams, storage, treatment and networks);
  • transport (airports, ports, intermodal facilities, railway and mass transit networks and traffic control systems);
  • production, storage and transport of dangerous goods (e.g. chemical, biological, radiological and nuclear materials);
  • government (e.g. critical services, facilities, information networks, assets and key national sites and monuments).

Although drafted for use on national scale, this list may also serve as a guideline what can be considered critical infrastructures in an urban context, as the interconnectedness of these infrastructures is equally valid on an urban scale. For example: A power failure will disrupt the telephone system equally independent of the scale of the outage: it can affect the switchboards, the cellular antennas, company telephone exchanges and the fixed telephones at people’s homes, this in its turn affects the possibilities of people to communicate, for example to call the alarm line.

Cascading effects and its origins

The example mentioned above illustrates the way an incident can propagate Such a chain of adverse consequences (power loss leads to loss of telephone services leads to loss of emergency services) is called a cascading effect. These cascading effects are a prime reason why protection of critical infrastructures exceeds the responsibility of individual operators; even if each operator assures an adequate level of protection, dependencies between infrastructures can result in (catastrophic) failure. There are typically two origins for simultaneous failure of infrastructures:

  • A dependency: a product or service of one infrastructure is required for the generation of the other product or service (for example electricity for the functioning of a drawbridge)
  • A common vulnerability: two products or services can be disrupted by a single cause (for example a power plant and sewage plant, both situated in a flooding-prone area)

Relevance of critical infrastructures for the urban planner

The first reason is inherent to a process and scarcely to be influenced by urban built structure, but the second reason is. The location of critical infrastructures can influence both the likelihood of an event taking place and the impact such an event would have.

An example of the location of likelihood of incident is demonstrated in the 9/11 attacks. This has shown that concentrating economic resources in one building in the economic capital of a country at war with religious fanatics, will make it a very attractive target. It will be perceived far more attractive than the individual companies housed in the building would be, and the likelihood that it will be picked as target will increase. Other examples would be locating a chemical plant near an airport (or even in the path of landing or starting airplanes), or locating a critical governmental service along a path where regular demonstrations are held.

Examples of the location influencing the impact of an events is demonstrated in a flooding of the river Elbe in Germany in August 2002: as crisis management stations were all located on one side of the river and all bridges were closed, delivering help to the other side of the river was severely hampered[2]. The emergency services in this case were vulnerable to the same circumstances they were supposed to fight. Another example would be the co-location of an embassy and a day-care centre in the same building; any attack on the embassy would likely involve the day-care centre too.

Consideration of critical infrastructures in the urban planning process

As the urban planner has a societal responsibility and the opportunity to look beyond the interests of individual organisations, it is the responsibility of the urban planner to consider the consequences of locating a particular function in a particular environment. This is not new, but is (and has always been) one of the added values of the urban planner. However, the explicit consideration of the societal importance of infrastructures, their interrelatedness and shared weaknesses is relatively new. Indications an increased attention for the criticality of infrastructures might be required, are:

  • One or more vulnerable objects are close enough located by to allow the impact of an incident in one object to affect the other object (as illustrated by the example of the day-care co-located with an embassy);
  • One object has the same vulnerabilities as another object it depends on or that depends on it (as illustrated by the examples of the crisis teams being located on one side of the Elbe, or locating both a sewage processing plant and a power plant in the same flood-prone area);
  • The object might be affected by a vulnerability of another object in the vicinity (as illustrated by the example of the location of government services along known demonstration paths, or locating a chemical plant in the path of an airport).

Reducing vulnerability

Reducing vulnerability of critical infrastructures is an important issue and should be an integrated part of the urban planning practice. The CRS Report for Congress Homeland Security[3] identifies three general principles in the context of critical infrastructure protection. The three general principles are:

  1. The first principle emphasizes the establishment and practice of comprehensive continuity and recovery plans.
  2. The second principle focuses on the decentralization of operations and the effectiveness of distributed communications. The lesson of decentralizing operations can be applied to the structure and location of an organization’s operations.
  3. The third principle involves the institutionalization of system redundancies to eliminate single points of weakness. In this context, the lesson of employing redundant service providers is applied primarily to telecommunications services.


Footnotes and references

  1. Derived from EU: Council Directive 2008/114/EC of 8 December 2008 on the Identification and Designation of European Critical Infrastructures and the Assessment of the need to Improve their Protection. Official Journal of the European Union L 345/75, 2008. Retrieved from http://eur-lex.europa.eu/LexUriServ/LexUriServ.do?uri=OJ:L:2008:345:0075:0082:EN:PDF [last access: 2010-10-14].
  2. Von Kirchbach, H-P. Franke, S., Biele, H., Bericht der Unabhängigen Kommission der Sächsischen Staatsregierung, Flutkatastrophe 2002, 2003. On-line: https://publikationen.sachsen.de/bdb/artikel/10825/documents/10951
  3. Reducing the Vulnerability of Public and Private Information Infrastructures to Terrorism: An Overview [2004]