Critical infrastructure
-
Upload
prof-david-e-alexander -
Category
Education
-
view
276 -
download
2
description
Transcript of Critical infrastructure
CriticalInfrastructure
Protection
David AlexanderUniversity College London
“Those facilities, systems, sites andnetworks necessary for the functioningof society and the delivery of essentialservices upon which daily life depends.”
What is critical infrastructure?
"Those infrastructure assets (physicalor electronic) that are vital to the
continued delivery and integrity of theessential services upon which society
relies, the loss or compromise of whichwould lead to severe economic or social
consequences or to loss of life."
What is critical infrastructure?
The sectors of critical infrastructure
• water• energy• food• health• transport• communications• finance• government• emergency
services
Elements of critical infrastructure
Water: dams, treatment plants, pipelines, sewers
Energy: power stations, transmission lines
Food: distribution networks, warehouses and sales points
Health: hospitals, emergency systems, pharmaceuticals
Transport: road, rail, air, water
airports, sea ports, roads, railways, bridges
Communications: telephone, radio, cyber
Finance: banks, money supply, financial services
Government: national, regional, local
Emergency services: fire, police, ambulance, specialist.
• national - of importance to thefunctioning of national life and affairs
• local - of importance to thefunctioning of local life and affairs.
The divisions of critical infrastructure
• natural events (floods, storms, etc.)
• technological failures and human error
• terrorism and sabotage.
Hazards to critical infrastructure
Water
treatment works Railway station
Fire station
Electricity sub-station
Broadband antenna
Hospital
Supermarket
Power station
Waste water
treatment works
FLOOD SITUATION
Generation
output
restricted
Generator
out of service
Generator
out of service
Generator
out of service
Generation
output
increased
Additional
generator
on stand-by
Example of regional flood impact on electricity grid
Previously affectedNear misses
At risk(1 in 100)
Low risk
Risk exposure level
Low
Medium
High
Threat
Historic
Predicted
Low
Criticality scale
Impacton life
Economicimpact
Impact onessentialservices
Impa
ct c
ate
gories 5
4321
Critical threshold
Critical nationalinfrastructure
Other nationalinfrastructure
Virtuallycertain
HIGH
ProbableSIGNI-FICANT
Possible
ImprobableINTER-
MEDIATE
Highlyunlikely
LOW
Trivial Low Moderate Extensive CatastrophicFailur
e p
robability
Effects and degree of damage
Infrastructure criticality matrix
HAZARD
VULNERABILITY
EXPOSURE
A simplerisk assessment
matrix
Different definitions of exposure:
• under threat for agiven period of time
• at risk to a given extentof possible loss.
A person who spends five minutestwice a day crossing a bridge thatis at risk of collapse is exposedto that risk for 10/(60x24x7)=
0.00098 of a week
Command& control
Delegationto agency
Delegationto agency &negotiation
Enforcedself-
regulation
Voluntaryself-
regulation
Moreinterventionist
Lessinterventionist
The regulatory continuum
Governmentownership
Marketforces
The ALARP concept
Negligible risk
Unacceptable risk
Broadly acceptableregion (no need fordetailed work todemonstrate ALARP)
Unacceptable region
ALARP or tolerabilityregion: risk assumedonly if benefit warrants it
Cost of risk reduction
Risk
Inefficientmeasures
Disproportionatemeasures
Insufficientmeasures
Optimalmeasures
Critical infrastructure
Safeguarding critical infrastructures• redundant systems• adequate levels of operating supplies• fault-tolerant design• "fail-safe" design• adequate and reserve manpower• scenarios for failures and disasters• contingency and emergency plans- kept current
• involvement of top management
• measuring weaknesses
• creating resilience and redundancy
• restoring essential services.
Critical infrastructure protection:a programme, a plan or an activity
SMART criteria:S - specificM - measurableA - attractive,
acceptableR - realistic,
realisableT - timing.
The risk management process
Establishthe context
Identify hazardsand threats
Analyse risks
Evaluate risks
Manage risks
Accept risks
Com
mun
icate
and
con
sult
Mon
itor
and
review
Yes
No
1
2
3
Fully opera-tional
Opera-tional
Life safeNear collapse
Frequent
Occa-sional
Rare
Very rare
Performance level
Design standards versus performance levels
Design
leve
l Unacceptableperformance
for newconstruction
• measure interdependency
• adopt design standards
• create resilience.
Protection strategies
Policyadoption
Risk assessment• hazard• vulnerability• exposure
Policy assessment• costs• benefits• consequences
Disaster
Expectedlosses
Risk PolicyAssessment
Cyber
Hum
an
Physica
l
Set goals and objectives
Identify assets, systems and networks
Assess risks: vulnerabilities,threats, consequences
Prioritise
Implement programmes
Measure effectiveness
Continuous improvementto enhance protection
of
criticalinfrastructure and key resources
Feedback loop
interim.cabinetoffice.gov.uk/media/349103/strategic-framework.pdf
http://www.bmi.bund.de/SharedDocs/Downloads/EN/Broschueren/Basisschutzkonzept_kritische_Infrastrukturen_en.html?nn=441658