Critical Infrastructure Interdependency
Creating efficient protection, alleviation, and improvement measures for critical infrastructure systems are vital especially in the face of increasing natural and artificial dangers and threats. Some interdependencies among infrastructure organs include the power to influence security, rescue, and revival measures. Recognizing different interdependencies is important in the reduction and minimization of the tremendous failures among composite interdependent infrastructure systems. Critical Infrastructure represents an immense, global sector. As such, ensuring its total protection at all times and in every place is usually difficult. Regrettably, some attempted terrorist attacks against critical infrastructure will probably be successful (Bagget, 2018). An efficient aspect of an all-inclusive plan to defend critical infrastructure is being able to reduce the impact of terrorist attacks through adaptation-impact reduction, emergency response, and recovery. Presently, the United States government is moving homeland Security policy from that of asset-level critical infrastructure protection to all-dangers critical infrastructure resilience, developing the need for a uniting framework for assessing the resilience of critical infrastructure systems and the economies that rely on them.
Critical Infrastructure Interdependency
In the present day, the public’s security is fundamentally intertwined with different infrastructures and key asset provisions. Damage to critical assets can lead to extensive loss of properties, loss of human life, and profoundly affect a nation’s prestige and confidence. As such, these infrastructures are critical to national security, economic security, and public safety. Generally referred to as Critical Infrastructures, they, whether physical or virtual, are very important to any nation, that their loss would bring devastating consequences to the entire nation. This paper’s main objective is to bring an understanding of the importance of recognizing how the interdependencies among components of and infrastructures systems help in enhancing asset designs and protection. This paper gives the reasons why dependable infrastructures are necessary, examines themes related to critical infrastructure protection, and explores the term infrastructure interdependency to highlight the fact that upholding public wellbeing needs dependable interdependent systems.
What is Critical Infrastructure?
Efforts need to be combined to ensure the security and protection of certain vulnerable targets, like infrastructure and public environments, against terrorism. Even though each country determines that which makes up its critical infrastructure, member countries and academicians have tried to establish a common understanding (Kamien, 2012). Critical infrastructure is referred to, by several authors, as, “the fundamental capabilities, technical systems, and organizations accountable for the dissemination of assets” (Lewis, 2006). Critical Infrastructure according to the European Commission is, “an asset 2006or a system which is necessary for the maintenance of crucial societal functions”. Different countries have also adopted their own definition of critical infrastructure (Lewis, 2006). The United Kingdom, for instance, regards critical infrastructure as comprising of national resources, service, and structure that sustain the economic, political, and social life of the UK, whose loss would; result in great loss of lives, significantly impact the economy and be an urgent concern for the government (Bagget, 2018). Critical infrastructure includes but is not limited to: communications, emergency services, energy, water, transport, economics, civil service, health, industry, finance, food, radio, and commercial facilities. Most countries continue to depend on infrastructure and assets found partly or wholly out of their jurisdiction and have no control over.
The Private sector, in almost all states, owns the critical infrastructure. According to an estimate by Kamien (2012), over 80 percent of Western Countries’ critical infrastructure is held and managed by the private sector. As a consequence, wherever the location of the infrastructure, the national government has no power in ensuring total security of critical infrastructure and may mostly depend on the private sector for this purpose (Lehr, 2018). As such, there is a need for a well-defined public and private sector partnership for a policy on the protection of critical infrastructure.
There is significant tension in establishing which assets should be regarded as ‘critical”. Since there are intense interconnection, networks, bumps, links, and interdependencies between sectors-enabled by cyberspace-it is usually difficult to give priority. Furthermore, that which should be regarded as “critical” undergoes alterations over time (TRADOC, 2006). Decision-makers are often not willing to be responsible for the political risk of removing items from a “critical list”, leading to resource wastage. Usually, ‘critical lists’ and priorities are a representation of the popular fears and political priorities and do not precisely mirror risks and probabilities (TRADOC, 2006). It is this uncertainty that deters the development of security measures. Additionally, the fact that some major infrastructures are self-healing-for instance roads continues to be functional even without lighting-is always left out of consideration. Thus, establishing which assets are critical often needs detailed judgment and calculation.
What are the steps of a proper critical infrastructure protection cycle?
Critical Infrastructure Protection is a conception that involves the awareness of and response to serious happenings concerning the critical infrastructure of a state or region. The American Presidential directive created a state program of Critical Infrastructure Protection (Miller, 2016). The Critical Infrastructure Protection program was created for the primary purpose of securing the exposed and interconnected U.S assets. The directive provided for some parts of the national infrastructure being more critical to the nation and its citizens as opposed to others. In the directive, the U.S is described as having several critical infrastructures that so important to the nation that its destruction would greatly affect the nation’s security, economic status, and public safety.
In the directive, the Department of Defense was responsible for the protection of the most important aspect of the nation’s infrastructure since it was impractical to offer protection to all critical infrastructures in their different locations; therefore focus was put on protecting the critical defense infrastructure (DHS, 2013). The Department of Defense Critical Infrastructure protection cycle is built on six major steps to develop a framework for an all-inclusive solution for infrastructure protection (DHS, 2013). The steps in the cycle happen before, during, and after a happening that may harm the critical infrastructure. The steps include:
- Analysis Assessment
This step happens before the event of infrastructure degradation like terrorism. It carries the most weight compared to other steps in the cycle. Here, identification of infrastructures of importance to the success of the operation is done and their weaknesses and interdependencies established. After, an assessment is carried out to determine the operational impact of assets loss or dilapidation (DHS, 2013). This step involves following five key procedures; identification of critical assets, Infrastructure characterization, Operational impact analysis, vulnerability assessment, and finally interdependency analysis. This step applies
This step involves addressing all the known weaknesses and vulnerabilities. It involves taking deliberate, precautionary measures to solve notorious virtual and physical vulnerabilities before an event happens (Miller, 2016). The idea behind remediation is to ensure that critical assets and infrastructures are more reliable, available, and can survive an attack. Examples of remediation actions are education and knowledge, operational process, or routine alterations.
- Indications and Warnings
This step can be done before and/or during an infrastructure attack. It involves everyday sector observation to evaluate the mission readiness abilities of critical infrastructure assets and to see whether there are any looming events or attacks to report about (Kamien, 2012). Indications are preliminary activities that identify a probable infrastructure attack that is going to happen or is being deliberated (Bagget, 2018). Indications rely on contributions at the tactical, operational, theatre, and strategic levels. At the tactical level, information is disseminated by asset owners; the operational level relies on information from the NDI sectors; at the theatre level, contributions are made by regional assets like the allied intelligence, and coalition forces; the strategic level is then informed by the intelligence, security bodies and the non-governmental sectors (Allen, 2016). On the other hand, a warning is a practice of signaling those who possess assets of impending danger or attack.
This step also takes place before or after an attack. It comprises of afore-planned harmonized activities in response to infrastructure warnings or incidents. Alleviation steps are taken before or during an attack on critical infrastructure. These mitigating activities are meant to reduce the asset losses arising from an attack or event, allow for incident response, and reinstate back the infrastructure service as soon as possible (Allen, 2016). A major purpose of the mitigation step is to lessen the operational impact on other critical infrastructures in the event of a loss of a critical asset.
- Incident Response
This step is done after an infrastructure attack. It involves the plans taken to get rid of the cause of an infrastructure attack. For instance, in the wake of the 9/11 attacks on the pentagon and World Trade Centre, all non-military airplanes were grounded over the U.S to avert any other attacks of the same kind (Kamien, 2012). Response actions involve several activities including talking emergency measures from both the public and the security bodies.
This is the last step usually happening after an infrastructure attack. It is usually concerned with the steps taken to re-establish or renovate a critical infrastructure capability after it has undergone damage due to an attack. It is often the most challenging step of them all (Lehr, 2018).
Step one is the most crucial part of the Critical Infrastructure Program cycle since it is vital to identify the right assets for infrastructure protection. The analysis and Assessment step is the foundation of all the other five steps in the cycle of Infrastructure protection (Kamien, 2012). There being no solid start, the rest of the cycle would be flawed, resulting in a protection strategy that fails to do what it is intended for.
Why critical infrastructure protection is a ‘moving target’
With all the benefits that the internet comes with, it might be easy to forget that this heightened interconnectivity also carries with it high chances of fraud, theft, and many other cyber threats. Attacks on critical infrastructure can have immense consequences like the loss of life and national insecurity Terrorist operations like planning, recruitment; research and propaganda are now supported and aided by cyberspace (Miller, 2016). According to the United States Cyber Consequence Unit, a single attack on U.S critical infrastructure would total to more than 700 billion dollars in losses (Bagget, 2018). Therefore guarding the nation’s assets against cyber-attacks should be a major focus for the United States government. More importantly, it is a great challenge to guard the infrastructure against remote attacks that can be operated from a distance to disable the Industrial Control Server’s system (Lehr, 2018). No matter how much effort is put into trying to protect critical infrastructure, a significant number of systems are still susceptible to advanced cyber attacks. As such it is paramount to have solutions to curb these remote attacks on critical infrastructure (Miller, 2016). This would involve creating a cyber moving target defense system of securing a nation’s critical assets from cyber attacks.
Moving target defense is the present day’s most impactful security innovation opportunity. Moving target approaches are a whole new model for approaching the security of critical infrastructures. Rather than protecting unchanging infrastructure by noticing, preventing, observing, trailing, or remediating threats, moving defense renders the attack surface force (Allen, 2016). A force moving target attack surface inflicts asymmetric drawbacks against cyber enemies. Moving target techniques comprise of system randomization, bio-inspired Moving Target Defense, dynamic network configurations, cloud-based Moving Target Defense, and dynamic compilation.
What is critical infrastructure interdependency, and why does it matter?
Interdependency is a bidirectional association between two infrastructures where the operations of one infrastructure impact those of another infrastructure and vice versa. Interdependency can also be regarded as the inclusion of two dependencies where the comprehension of the interdependency needs thoughtfulness, evaluation, and categorization of the two, one-way dependencies (TRADOC, 2006). Critical Infrastructure interdependencies comprise of a risk multiplier: they can exist as a hazard or a danger, affect the flexibility and defense activity of critical infrastructure, and result in surging and intensifying failures. Interdependencies are present at individual levels and between levels (TRADOC, 2006). Critical Infrastructure Interdependencies affect all components of risk.
Conceptually, interdependencies mean the associations among aspects of different infrastructures in a general system of systems. However, practically, interdependencies among infrastructures heighten the general intricacy of the system of systems (Bagget, 2018). The composite interdependent relationships among different infrastructures are characterized by several connections among infrastructures, feedback and feed-forward paths, and complex branching systems (Allen, 2016). The connections lead to an elaborate web that, depending on the distinctiveness of its connections, can send out shocks all over the economic scene and across multiple infrastructures (Miller, 2016). Clearly, it is not possible to make a comprehensive analysis of or comprehend the conduct of a certain infrastructure in seclusion from the setting of other infrastructures. Rather, it is paramount to consider several interconnected infrastructures and their interdependencies as a whole (Miller, 206). There are different types of interdependencies and each has its own characteristics and effects on infrastructure.
Why is there a shift away from ‘protection’ to ‘resilience’ and ‘survivability’?
For over two decades now, the United States’ major concern regarding the nation’s infrastructure has been sole to protect the infrastructure. These assets include, but are not limited to, communication systems, transport systems, and the internet, which together are the backbone of the U.S economy and society (CIPP, 2007). Because of the attack of September 11th attack on U.S soil, the Department of Homeland Security became more focused on finding out how these infrastructures function at the time of, and after the occurrence of such threats as terrorism. To comprehend this performance, Homeland Security has majorly laid focus on running consequence analyses that approximate the effects on these infrastructures as a result of threats (Bagget, 2018). Apart from focusing on consequence analysis, Homeland Security also seeks to recognize the value of comprehending restoration and recovery processes that the critical infrastructures go through after a threat (DHS, 2013). The idea of critical infrastructure resilience involves both of these concerns, and Critical Infrastructure Resilience has been made a vital component of the nation’s Critical Infrastructure.
After having solely focused on Infrastructure protection for many years, the 9/11 attack changed the government’s efforts towards critical infrastructure security. After the attack, two major presidential directives that entirely focus on protecting the nation against terrorist attacks were issued (DHS, 2013). The directives were: The Homeland Security Presidential directive stating that in the event of a threat, an effective set of protective measures would be implemented by efficient infrastructure agencies; and another directive which calls for strengthening of crucial assets (CIPP, 2007). The Homeland Security council recommended that the Department of Homeland Security should be more concerned with Critical Infrastructure Resilience as the main purpose of critical Infrastructure delivery.
Protecting every vulnerable asset against every possible threat is not possible; all vulnerabilities can never be eliminated. As such making resilience the main strategic objective would catalyze synergetic actions that are balanced across the three components of risk; Infrastructure protection alone is a weak strategy (Bagget, 2018). Moreover, it is almost impractical to describe a preferred result-just what amount of protection is satisfactory-when the main objective is to lessen liabilities. Additionally, Critical Infrastructure Resilience, according to the Directive of Homeland Security, is not a substitute for Critical Infrastructure Protection; rather it is an all-inclusive objective intended to facilitate systems-level saving strategies (DHS, 2013). Adoption of Critical Infrastructure Resilience as the goal provides a readily quantifiable objective-determining the amount of time needed to reinstate full functionality of the affected assets, hence survivability.
The efficiency and wellbeing of contemporary urbanized societies are built upon the existing infrastructures. When working flawlessly together these assets that power the urban world, such as information and communication systems, electricity, transport, emergency services, and financial services are the driving forces of the urban world’s existence. Nonetheless, the interdependency of these critical infrastructure systems also renders them susceptible to attacks from both natural and man-made threats. It is therefore upon the national governments to develop key strategies to avert such attacks to strategize on the best recovery procedures after such attacks happen on our critical infrastructure.
Allen, Gregory/Derr, Rachel (2016): Threat Assessment and Risk Analysis. An Applied Approach. Amsterdam et al.: Elsevier. E-book available at https://www.sciencedirect.com/science/book/9780128022245(accessed 29/06/2018)
Bagget, Ryan/Simpkins, Brian K. (2018): Homeland Security and Critical Infrastructure Protection. Westport, CT, and London: Praeger
CIPP (2007): Critical Thinking: Moving from Infrastructure Protection to Infrastructure Resilience. CIPP Discussion Paper Series, George Mason University School of Law, Critical Infrastructure Protection Program, February; at
DHS (2013): NIPP 2013. Partnering for Critical Infrastructure Security and Resilience. Washington D.C.: Department of Homeland Security (pages 18-20);
http://citeseerx.ist.psu.edu/viewdoc/download;jsessionid=C359CF09E0E785A43C91C0A1871A9B4E?doi=10.1.1.169.9384&rep=rep1&type=pdf (accessed 29/06/2018)
Kamien, David G. (2012): The McGraw-Hill Homeland Security Handbook.New York et al., McGraw-Hill
Lehr, Peter (2018): Counter-Terrorism Technologies: A Critical Assessment. Amsterdam et al.: Springer
Lewis, Ted (2006): Critical Infrastructure Protection in Homeland Security: Defending a Networked Nation.
Miller, Erin (2016): “Terrorist Attacks Targeting Critical Infrastructure in the United States, 1970-2015.” Report to the Office of Intelligence and Analysis, U.S. Department of Homeland Security. June. College Park, MD: START. https://www.start.umd.edu/pubs/DHS_I%26A_GTD_Targeting%20Critical%20Infrastructure%20in%20the%20US_June2016.pdf(accessed 29/06/2018)
TRADOC (2006): Critical Infrastructure Threats and Terrorism. Fort Leavenworth, Kansas: US Army Training and Doctrine Command, 10 August; at http://www.fas.org/irp/threat/terrorism/sup2.pdf(accessed 29/06/2018)