Critical infrastructures, e.g., electricity transmission / distribution, public transport and health care systems, need to be protected against various internal and external risks which can be safety- and / or security-relevant. Predominately probability-based methods are hitherto used for analysing the whole spectrum of risks. We think this is an insufficient approach, presumably leading to inefficient resource allocation and biased risk perception, as it does not consider the different natures of risk. This paper looks at the key difference between safety- and security-relevant risks, highlights resulting implications for critical infrastructure protection and describes a possible approach for handling these different types of risk
