New Challenges in Critical Infrastructures : A US Perspective

L'émergence d'un plus large spectre de vulnérabilités (terrorisme, sabotage, conflits locaux et catastrophes naturelles) et l'interdépendance croissante de l'activité économique rendent particulièrement vulnérables les grands réseaux vitaux des pays industrialisés. Pour y faire face, des actions importantes doivent être menées à une échelle nationale, en particulier par le développement de partenariats étroits entre le secteur public et la sphère privée.Cet article analyse l'initiative présidentielle lancée dès 1996 aux Etats-Unis -premier pays au monde à inscrire ces questions à l'agenda du plus haut niveau décisionnel- ainsi que la structure nationale de partenariats mis en place depuis lors. Une telle démarche pourrait constituer un point de départ pour d'autres pays désireux d'élaborer leur propre analyse de vulnérabilités et leur stratégie d'amélioration.Les événements du 11 septembre 2001, comme les attaques à l'anthrax, ont néanmoins montré que les avancées américaines ne constituaient qu'une première étape d'un processus plus global de préparation nationale; les infrastructures critiques des Etats-Unis demeurent hautement vulnérables. Enfin, plusieurs idées fausses, par trop souvent récurrentes, doivent être dépassées pour traiter beaucoup plus efficacement ces risques à grande échelle sur un plan international.Partenariats public-privé;Risques à grande échelle;Infrastructures critiques;Nouvelles vulnérabilites;Sécurité nationale;Préparation collective

Towards a Common Language of Infrastructure Interdependency

Infrastructure systems can exist interdependently with one another either by design, necessity or evolution. There is evidence that interdependencies can be the source of emergent benefits and hazards, and therefore there is value in their identification and management. Achieving this requires collaboration and communication between infrastructure stakeholders across all relevant sectors. Recognising, developing and sharing multiple understandings of infrastructure interdependency and dependency will facilitate a wide range of multi-disciplinary and cross-sectorial work and support productive stakeholder dialogues. This paper therefore aims to initiate discussion around the nature of infrastructure interdependency and dependency in order to establish the basis of a useful, coherent and complete conceptual taxonomy. It sets out an approach for locating this taxonomy and language within a framework of commonplace stakeholder viewpoints. The paper looks at the potential structural arrangements of infrastructure interdependencies before exploring the qualitative ways in which the relationships can be characterised. This builds on the existing body of knowledge as well as experience through case studies in developing an Interdependency Planning and Management Framework for Infrastructure

Post-tsunami road reconstruction in Sri Lanka: Efficacy of mainstreaming disaster risk reduction

Following the 2004 Indian Ocean tsunami all roads in the affected areas in Sri Lanka were inaccessible during the immediate aftermath of the disaster either due to the damages they sustained or poor networking of roads and lack of contingency planning within the road network systems. This paper aims at proving the necessity of effective mainstreaming of disaster risk reduction during road reconstruction as a basic precondition for reduced exposure of road structures to hazards; improved resistance of road structures; improved resilience of authorities/teams involved in road projects. It presents the experiences of the road reconstruction sector in Sri Lanka following the 2004 Indian Ocean Tsunami. The paper discusses the perceptions of the key project stakeholders on mainstreaming disaster risk reduction and the effects of mainstreaming disaster risk reduction on vulnerability reduction. The study was empirically supported by the case study approach and independent expert interviews. This paper only presents the analysis of one case study which was conducted in a post-tsunami road reconstruction project in the Southern Sri Lanka, out of two case studies conducted within the stud

Meeting the Challenge of Interdependent Critical Networks under Threat : The Paris Initiative

NARisques à grande échelle;Gestion des crises internationale;Interdépendances;Infrastructures critiques;Anthrax;Initiative collective;Stratégie;Préparation des Etats-majors

New Challenges in Critical Infrastructures : A US Perspective

The emergence of a larger threat spectrum -terrorism, sabotage, local conflicts, political unrest, and natural disasters- combined with the growing globalization of economic activities, makes networks highly vulnerable. Rethinking national vulnerabilities requires the creation and the improvement of long-term public-private partnerships. The article discusses the US Presidential initiative launched in 1996 -the first initiative worldwide to put these issues on the top-level agenda- as well as the national structure of developed partnerships. It might constitute a starting point for other countries to develop their own national strategy, adapting it of course to their own national particularities.Terrorists attacks in 2001 show, however, that such an initiative constitutes nothing but a first step in a general process to build preparedness nationwide; America still remains highly vulnerable. I conclude with a few myths that must be confronted to deal more efficiently with these new large-scale risks at an international level.L'émergence d'un plus large spectre de vulnérabilités (terrorisme, sabotage, conflits locaux et catastrophes naturelles) et l'interdépendance croissante de l'activité économique rendent particulièrement vulnérables les grands réseaux vitaux des pays industrialisés. Pour y faire face, des actions importantes doivent être menées à une échelle nationale, en particulier par le développement de partenariats étroits entre le secteur public et la sphère privée.Cet article analyse l'initiative présidentielle lancée dès 1996 aux Etats-Unis -premier pays au monde à inscrire ces questions à l'agenda du plus haut niveau décisionnel- ainsi que la structure nationale de partenariats mis en place depuis lors. Une telle démarche pourrait constituer un point de départ pour d'autres pays désireux d'élaborer leur propre analyse de vulnérabilités et leur stratégie d'amélioration.Les événements du 11 septembre 2001, comme les attaques à l'anthrax, ont néanmoins montré que les avancées américaines ne constituaient qu'une première étape d'un processus plus global de préparation nationale; les infrastructures critiques des Etats-Unis demeurent hautement vulnérables. Enfin, plusieurs idées fausses, par trop souvent récurrentes, doivent être dépassées pour traiter beaucoup plus efficacement ces risques à grande échelle sur un plan international

Infastructure Interdependencies Modeling and Analysis - A Review and Synthesis

The events of 9/11 and the occurrence of major natural disasters in recent years has resulted in increased awareness and renewed desire to protect critical infrastructure that are the pillars to maintaining what has become normal life in our economy. The problem has been compounded because the increased connectedness between the various sectors of the economy has resulted in interdependencies that allow for problems and issues with one infrastructure to affect other infrastructures. This area is now being investigated extensively after the Department of Homeland Security (DHS) prioritized this issue. There is now a vast extant of literature in the area of infrastructure interdependencies and the modeling of it. This paper presents a synthesis and survey of the literature in the area of infrastructure interdependency modeling methods and proposes a framework for classification of these studies. The framework classifies infrastructure interdependency modeling and analysis methods into four quadrants in terms of system complexities and risks. The directions of future research are also discussed in this paper

Critical Infrastructure Protection Approaches: Analytical Outlook on Capacity Responsiveness to Dynamic Trends

Overview: Critical infrastructures (CIs) – any asset with a functionality that is critical to normal societal functions, safety, security, economic or social wellbeing of people, and disruption or destruction of which would have a very significant negative societal impact. CIs are clearly central to the normal functioning of a nation’s economy and require to be protected from both intentional and unintentional sabotages. It is important to correctly discern and aptly manage security risks within CI domains. The protection (security) of CIs and their networks can provide clear benefits to owner organizations and nations including: enabling the attainment of a properly functioning social environment and economic market, improving service security, enabling integration to external markets, and enabling service recipients (consumers, clients, and users) to benefit from new and emerging technological developments. To effectively secure CI system, firstly, it is crucial to understand three things - what can happen, how likely it is to happen, and the consequences of such happenings. One way to achieve this is through modelling and simulations of CI attributes, functionalities, operations, and behaviours to support security analysis perspectives, and especially considering the dynamics in trends and technological adoptions. Despite the availability of several security-related CI modelling approaches (tools and techniques), trends such as inter-networking, internet and IoT integrations raise new issues. Part of the issues relate to how to effectively (more precisely and realistically) model the complex behavior of interconnected CIs and their protection as system of systems (SoS). This report attempts to address the broad goal around this issue by reviewing a sample of critical infrastructure protection approaches; comprising tools, techniques, and frameworks (methodologies). The analysis covers contexts relating to the types of critical infrastructures, applicable modelling techniques, risk management scope covered, considerations for resilience, interdependency, and policy and regulations factors. Key Findings: This research presents the following key findings: 1. There is not a single specific Critical Infrastructure Protection (CIP) approach – tool, technique, methodology or framework – that exists or emerges as a ‘fit-for-all’; to allow the modelling and simulation of cyber security risks, resilience, dependency, and impact attributes in all critical infrastructure set-ups. 2. Typically, two or more modelling techniques can be (need to be) merged to cover a broader scope and context of modelling and simulation applications (areas) to achieve desirable highlevel protection and security for critical infrastructures. 3. Empirical-based, network-based, agent-based, and system dynamics-based modelling techniques are more widely used, and all offer gains for their use. 4. The deciding factors for choosing modelling techniques often rest on; complexity of use, popularity of approach, types and objectives of user Organisation and sector. 5. The scope of modelling functions and operations also help to strike the balance between ‘specificity’ and ‘generality’ of modelling technique and approach for the gains of in-depth analysis and wider coverage respectively. 6. Interdependency and resilience modelling and simulations in critical infrastructure operations, as well as associated security and safety risks; are crucial characteristics that need to be considered and explored in revising existing or developing new CIP modelling approaches. Recommendations: Key recommendations from this research include: 1. Other critical infrastructure sectors such as emergency services, food & agriculture, and dams; need to draw lessons from the energy and transportation sectors for the successive benefits of: i. Amplifying the drive and efforts towards evaluating and understanding security risks to their infrastructure and operations. ii. Support better understanding of any associated dependencies and cascading impacts. iii. Learning how to establish effective security and resilience. iv. Support the decision-making process linked with measuring the effectiveness of preparedness activities and investments. v. Improve the behavioural security-related responses of CI to disturbances or disruptions. 2. Security-related critical infrastructure modelling approaches should be developed or revised to include wider scopes of security risk management – from identification to effectiveness evaluations, to support: i. Appropriate alignment and responsiveness to the dynamic trends introduced by new technologies such as IoT and IIoT. ii. Dynamic security risk management – especially the assessment section needs to be more dynamic than static, to address the recurrent and impactful risks that emerge in critical infrastructures