Critical infrastructure


Published on

Published in: Education, Technology, Business
  • Be the first to comment

No Downloads
Total views
On SlideShare
From Embeds
Number of Embeds
Embeds 0
No embeds

No notes for slide

Critical infrastructure

  1. 1. Critical Infrastructure Protection David Alexander University College London
  2. 2. “Those facilities, systems, sites and networks necessary for the functioning of society and the delivery of essential services upon which daily life depends.” What is critical infrastructure?
  3. 3. "Those infrastructure assets (physical or electronic) that are vital to the continued delivery and integrity of the essential services upon which society relies, the loss or compromise of which would lead to severe economic or social consequences or to loss of life." What is critical infrastructure?
  4. 4. The sectors of critical infrastructure • water • energy • food • health • transport • communications • finance • government • emergency services
  5. 5. Elements of critical infrastructure Water: dams, treatment plants, pipelines, sewers Energy: power stations, transmission lines Food: distribution networks, warehouses and sales points Health: hospitals, emergency systems, pharmaceuticals Transport: road, rail, air, water airports, sea ports, roads, railways, bridges Communications: telephone, radio, cyber Finance: banks, money supply, financial services Government: national, regional, local Emergency services: fire, police, ambulance, specialist.
  6. 6. • national - of importance to the functioning of national life and affairs • local - of importance to the functioning of local life and affairs. The divisions of critical infrastructure
  7. 7. • natural events (floods, storms, etc.) • technological failures and human error • terrorism and sabotage. Hazards to critical infrastructure
  8. 8. Water treatment works Railway station Fire station Electricity sub-station Broadband antenna Hospital Supermarket Power station Waste water treatment works FLOOD SITUATION
  9. 9. Generation output restricted Generator out of service Generator out of service Generator out of service Generation output increased Additional generator on stand-by Example of regional flood impact on electricity grid
  10. 10. Previously affected Near misses At risk (1 in 100) Low risk Risk exposure level Low Medium High Threat Historic Predicted Low
  11. 11. Criticality scale Impact on life Economic impact Impact on essential services Impactcategories 5 4 3 2 1 Critical threshold Critical national infrastructure Other national infrastructure
  12. 12. Virtually certain HIGH Probable SIGNI- FICANT Possible Improbable INTER- MEDIATE Highly unlikely LOW Trivial Low Moderate Extensive Catastrophic Failureprobability Effects and degree of damage Infrastructure criticality matrix
  13. 13. HAZARD VULNERABILITY EXPOSURE A simple risk assessment matrix
  14. 14. Different definitions of exposure: • under threat for a given period of time • at risk to a given extent of possible loss.
  15. 15. A person who spends five minutes twice a day crossing a bridge that is at risk of collapse is exposed to that risk for 10/(60x24x7)= 0.00098 of a week
  16. 16. Command & control Delegation to agency Delegation to agency & negotiation Enforced self- regulation Voluntary self- regulation More interventionist Less interventionist The regulatory continuum Government ownership Market forces
  17. 17. The ALARP concept Negligible risk Unacceptable risk Broadly acceptable region (no need for detailed work to demonstrate ALARP) Unacceptable region ALARP or tolerability region: risk assumed only if benefit warrants it
  18. 18. Cost of risk reduction Risk Inefficient measures Disproportionate measures Insufficient measures Optimal measures Critical infrastructure
  19. 19. Safeguarding critical infrastructures • redundant systems • adequate levels of operating supplies • fault-tolerant design • "fail-safe" design • adequate and reserve manpower • scenarios for failures and disasters • contingency and emergency plans - kept current • involvement of top management
  20. 20. • measuring weaknesses • creating resilience and redundancy • restoring essential services. Critical infrastructure protection: a programme, a plan or an activity
  21. 21. SMART criteria: S - specific M - measurable A - attractive, acceptable R - realistic, realisable T - timing.
  22. 22. The risk management process Establish the context Identify hazards and threats Analyse risks Evaluate risks Manage risks Accept risks Communicateandconsult Monitorandreview Yes No 1 2 3
  23. 23. Fully opera- tional Opera- tional Life safe Near collapse Frequent Occa- sional Rare Very rare Performance level Design standards versus performance levels Designlevel Unacceptable performance for new construction
  24. 24. • measure interdependency • adopt design standards • create resilience. Protection strategies
  25. 25. Policy adoption Risk assessment • hazard • vulnerability • exposure Policy assessment • costs • benefits • consequences Disaster Expected losses Risk Policy Assessment
  26. 26. Cyber Human Physical Set goals and objectives Identify assets, systems and networks Assess risks: vulnerabilities, threats, consequences Prioritise Implement programmes Measure effectiveness Continuous improvement to enhance protection of critical infrastructure and key resources Feedback loop
  27. 27.
  28. 28. Basisschutzkonzept_kritische_Infrastrukturen_en.html?nn=441658