Stefan Brem - Critical infrastructure protection and resiliency


Published on

Panel III: "Appropriateness of Resiliency as a National Strategy"
Stefan Brem, Head of Risk Analysis and Research Coordination, Swiss Federal Agency for Civil Protection, Berne, Switzerland

Published in: Technology
  • Be the first to comment

  • Be the first to like this

No Downloads
Total views
On SlideShare
From Embeds
Number of Embeds
Embeds 0
No embeds

No notes for slide

Stefan Brem - Critical infrastructure protection and resiliency

  1. 1. Federal Office for Civil Protection FOCP Critical infrastructure protection – and resiliency? The national approach in Switzerland Panel on Building a National Strategy for Addressing Resiliency Dr. Stefan Brem Head Risk Analysis and Research Coordination Federal Office for Civil Protection FOCP Fed. Department of Defence, Civil Protection and Sport 4th Conference on Community Resilience Building the Critical Infrastructure for Resiliency Davos, August 29, 2013 2Federal Office for Civil Protection FOCP Agenda •  Concept of Critical Infrastructure Protection (CIP) in Switzerland •  Swiss CIP Programme •  National CIP Strategy •  Identification of CI Objects •  CI Guideline •  Risk Assessment •  Conclusion and Discussion
  2. 2. 3Federal Office for Civil Protection FOCP Our vision: CIP concept in Switzerland RISK RISK TECHNICAL HAZARDS INTERVENTION Public Administration Industry Energy Waste Disposal Financial Services Health ICT Water and Food Public Safety Transport Preventing breakdowns Reducing damages 4Federal Office for Civil Protection FOCP Mandate by the Federal Council • Implementation of the national CIP strategy 2012 Role of the Federal Office for Civil Protection ! Chairing the CIP Working Group ! Coordination of the activities based on the national strategy Aim and purpose of the CIP Programme • Development of uniform approach • Creation of joint basic documents • Facilitation of dialogue and collaboration • Protection of the population and its livelihood (Art. 2, Federal CPCD Law) CIP Programme in Switzerland
  3. 3. 5Federal Office for Civil Protection FOCP National CIP Strategy 2012 Strategic Goal Basic Principles •  Comprehensive risk-based approach •  Proportionality of measures •  Responsibility of the actors on every level •  Public-private partnership The national CP strategy aims at improving the resiliency of critical infrastructures in Switzerland. It ensures a coordinated and unified approach of all actors involved. 6Federal Office for Civil Protection FOCP Resiliency in the National CIP Strategy Four components of resiliency 1. Robustness of the systems (CI, state, economy, and society) 2. Availability of redundancies 3. Ability to mobilize effective relief efforts 4. Speed and efficiency of relief efforts Resilience refers to the ability of a system, an organization, or a society to withstand internal or external disruptions and to maintain functionality as far as possible, or, failing that, to re-attain it.
  4. 4. 7Federal Office for Civil Protection FOCP Measures of the National CIP Strategy •  Improve the general framework of the cross-sectoral collaboration •  Improve the CI’s resiliency (CI guideline) •  Key points of the strategy ! Identification and compilation of CI objects (CI-Inventory) ! Establishment of cross-sectoral platforms ! Improving information exchange (incl. risk analysis and early warning) ! Handling of CI failures (federal support) •  CIP as a permanent process (inventory, comprehensive protection concepts, risk dialogue, etc.) 8Federal Office for Civil Protection FOCP Prioritisation: 3 categories of criticality Very high criticality High criticality Normal criticality Banks Air transport Chemical & pharma- ceutical industry Army Information technology (incl. Control systems) Food supply Insurance companies Emergency services Oil Supply Medical care and hospitals Natural gas supply Fluvial transport Power supply Parliament, government, justice, administration Protection and support service Foreign representations and hq of international organ. Rail transport Postal services Media Laboratories Road transport Waste water management Waste management Machine, electro & metal industry Telecommunication (incl. Internet) 10 critical sectors and 28 critical subsectors Cultural assets Water supply Research institutes
  5. 5. 9Federal Office for Civil Protection FOCP Failure of a national critical infrastructureFailure of a regional critical infrastructure Inventory of Critical Infrastructure Objects •  Aim: Inventory of Swiss Critical Infrastructure objects !  Contribution to the provision of important goods and services and / or hazard potential •  Purpose: Basis for planning and prioritisation in risk and disaster management !  Confederation, Cantons, CI operators •  CI Inventory replaces Catalogue to Ensure Basic Needs (previously operated by the military) •  Extension in terms of CI sectors, operators, threat and measure spectrum •  Identification of CI objects uses standardised process •  Method elaborated and approved by CIP WG •  28 committees of relevant actors on national level 10Federal Office for Civil Protection FOCP Prioritisation process: ID of CI objects 1)  Creation of a function structure 2)  Determination of relevant object groups 3)  Definition of threshold levels 4)  Compilation and evaluation of CI objects a) Output potential b) Hazard potential 5)  Completion with cantonal objects ! Swiss approach is similar / compatible with the EU approach " Focus lies on national importance rather than on cross-border effects " CIP Inventory considers international aspects IneveryCI subsector
  6. 6. 11Federal Office for Civil Protection FOCP Improving resiliency: CI guideline •  Generic guideline / standard for the elaboration of comprehensive protection concepts for critical infrastructures •  CI objects (CIP Inventory) •  CI sub-sectors •  Protection concepts •  Build on existing guidelines and regulations •  Consider a comprehensive hazard and measure spectrum •  Are elaborated in collaboration with relevant authorities and CI operators 12Federal Office for Civil Protection FOCP CI guideline: A comprehensive framework to enhance resiliency of critical infrastructure • Identification of critical processes, operators, systems, elements etc. • Analysis of hazards / vulnerabilities • Within the respective political domain • Risk based cost-benefit analysis Analysis Determination of protection objectives Measures Implemen- tation Monitoring / Controlling Preparation • Prevention • Preparation • Continuity Management • Project Organisation • Assignment
  7. 7. 13Federal Office for Civil Protection FOCP From the hazard catalogue to a risk diagram !(Scenario)! Methodology Hazard file incl scenario Consequences Hazard Catalogue Risk diagram Risk report 14Federal Office for Civil Protection FOCP Selected hazards for assessment in 2012 (published in Risk Report 2012, issued April 2013) Natural Hazards Technical hazards Sociatal Hazards Earthquake Electricity outage Attack with dirty bomb Inland flooding Road accident with dangerous goods Attack with Sarin Windstorm Accident in a chemical plant Cyber Attack Drought Pandemic Animal disease Mass influx of refugees Hazard selected based on • National priority and responsibility • Rapid spread / nation-wide impact • Diversity (test methodology)
  8. 8. 15Federal Office for Civil Protection FOCP Hazard files and scenario Hazard files !  Systematic structure of the hazard files •  Definition / general info •  Similar incidents •  Driving factors •  Dependencies •  Scenario •  Description •  Impacts •  Legal foundation and references •  Scenario as reference for the assessment of impact and likelihood. •  Scenario in risk file is one of many possible scenarios (significant / major / extreme). •  Scenario is no prediction / forecast. •  Scenarios help to anticipate possible impacts to get better prepared. 16Federal Office for Civil Protection FOCP • Transfer project into process • Develop further scenarios and hazard files 2013/2014 • Severe weather • Solar storms • Accident in nuclear power plant • ICT outage • Electricity supply shortfall • Attack with biological ingredients • Conventional attack • Etc. Future steps in risk assessment
  9. 9. 17Federal Office for Civil Protection FOCP Support by CIP Programme to Operators and Cantons (i.e. states) •  Excerpts from CI-Inventory •  Guideline on comprehensive protection concept •  Information exchange Federal level – Cantons – Operators •  Methodical support in CIP context (Criticality assessment, risk catalogue, risk files, etc.) •  Support in CIP-related aspects (risk assessments, scenarios, contacts to federal offices, etc.) 18Federal Office for Civil Protection FOCP General recommendations " Identify critical infrastructure objects in area of your responsibility " Identify critical processes and functions of your CI objects " Assess risks of own critical infrastructure and interdependencies " Include possible failure of critical infrastructure in planning documents and exercises " Intensify contacts between (local) authority and CI operator (joint exercises, etc.)
  10. 10. 19Federal Office for Civil Protection FOCP Conclusion and outlook •  Increasing importance of CIP •  Various actors with diverse interest •  Value added of comprehensive approach •  The aim is not absolute security, but optimized security •  Resources are increasingly scarce •  Criticality ! vulnerability ! actual threat •  Cross-sector cooperation and coordination become more and more important •  Cross-country cooperation and coordination as well 20Federal Office for Civil Protection FOCP Contact information Dr. Stefan Brem Head of Risk Analysis and Research Coordination Federal Office for Civil Protection Monbijoustrasse 51A, 3003 Bern Tel +41 31 322 51 37 Fax +41 31 324 87 89 stefan.brem[at] CIP: National Risk Assessment: Cantonal Risk Assessment: