This document provides an overview of critical infrastructure. It discusses what infrastructure is, including national, organizational, and digital infrastructures. It defines critical infrastructure as infrastructure that is essential for society to function. The document notes that infrastructure is vulnerable to faults, decay, accidents, attacks, and natural disasters. It discusses perspectives on critical infrastructure from the UK, EU, and USA. Key points made are that critical infrastructure is complex with many interdependencies, emerges over the long term through social and institutional processes rather than rational design, and vulnerabilities exist at both the system and component level.

1. CRITICAL
INFRASTRUCTURE
DR JOHN ROOKSBY

2. IN THIS LECTURE
What is infrastructure?
• National infrastructures
• Organisational infrastructures
• Digital infrastructures
What is critical infrastructure?
• How is infrastructure vulnerable?
Understanding infrastructure
• Problems of understanding existing infrastructure
• Interdependencies in infrastructure

3. “Public” infrastructure

4. Digital infrastructure

5. Organisational infrastructure

6. WHAT IS
INFRASTRUCTURE?
The installed base upon which operations and systems can run
Public infrastructure
• National and international systems upon which societies operate:
transport, energy, communications, etc. (Includes digital
infrastructure).
• Used to be publicly owned, but in the UK and many other counties it
has been privatised
Organisational infrastructure
• A much newer use of the term
• Physical and digital infrastructure used by an organisation
• Not necessarily owned by the organisation

7. WHAT IS
INFRASTRUCTURE?
Sometimes a distinction is made between hard and soft infrastructure.
Hard infrastructure
• Large, physical networks
• Energy networks, Transport, etc.
Soft infrastructure
• Institutions
• Emergency services, financial services, health
care, schools, etc.
This is an artificial distinction
Both hard and soft infrastructures are socio-technical

8. CHARACTERISTICS OF
INFRASTRUCTURE
• Large Scale
• Spread over large geographic areas
• Regional/National/International
• Complex
• Many components
• Many interdependencies (internal and external)
• Reliance on standards
• Heterogeneous parts rely on standards for interoperation
• Standards are not always uniformly applied across an
infrastructure
• Long term
• Modern and legacy components
• Emerges and changes over the long term
• We have to live with decisions made a long time ago

9. ECONOMIC CHARACTERISTICS
OF INFRASTRUCTURE
Rarely one single owner and authority
• Sub-systems and components are increasingly privatised
• The theory is that privately operated infrastructure will be more
efficient
• However it is difficult to optimise an infrastructure when sections of it
are run by self interested parties
• Crosses national and international boundaries
Often challenging to fund
• We are often reluctant to pay for infrastructure
• Where monopolies exist they are able to over-charge. However,
competition where operational costs are low can lead to under-
charging (and no re-investment).

10. SOCIAL CHARACTERISTICS
OF INFRASTRUCTURE
Learned as part of membership
• The use, and styles of use, of particular infrastructures signifies and is
often an essential marker of membership of a community.
Links with conventions of practice
• Infrastructure both shapes and is shaped by the conventions of a
community of practice, e.g. the ways that cycles of day-night work are
affected by and affect electrical power rates
Taken for granted
• Does not need to be re-invented every time we do something new
• We often don’t pay much attention to it. The normally invisible quality of
working infrastructure becomes visible when it breaks
Infrastructure is “a relation”
• Whether something is infrastructure depends on perspective
(particularly for digital infrastructure). A focus for one person can be
infrastructure for another.

11. THE EMERGENCE OF
INFRASTRUCTURE
Infrastructures are engineered, but not at the system level. They
emerge through social and institutional processes
• Begins with a “vision” (or visions). Later reality does not
necessarily match this.
• Competing designs emerge.
• One or more local technologies become adopted as standard
• We have to live with decisions made a long time ago
The history of power girds, sewer systems, railways and so on do not
portray a rational process in which an ideal system is designed and
built, but a chaotic one.
Cloud and grid computing are often likened to power grids
• There is nothing inevitable about these becoming
infrastructure, and the meaning of these terms continues to
evolve.

12. WHAT IS CRITICAL
INFRASTRUCTURE?
As individuals we often take infrastructure for granted, but
organisations and governments cannot.
• Infrastructure needs to be maintained and adapted/modernised
• Strategic decisions must be made about what kind of
infrastructure to invest in (and how)
• However, much infrastructure is not under control of a single
organisation or authority
• Infrastructure is vulnerable
Many countries now have critical infrastructure programmes

13. CRITICAL INFRASTRUCTURE
PROGRAMMES IN THE UK, EU, USA
UK Government
• Cabinet Office and the CPNI (Centre for the Protection of
National Infrastructure)
European Union
• European Programme for Critical Infrastructure Protection
USA
• Department of Homeland Security and the National
Programme of Critical Infrastructure Protection
Governments do not have direct control of infrastructure, and so
these are governance and advisory programmes.
What counts as critical varies from place to place

14. VULNERABILITIES
• Insufficient capability
• Insufficient capacity
• Faults
• Decay
• Accidents
• Physical Attack
• Electronic Attack
• Natural Disaster
• Civil Unrest

15. PERSPECTIVES
UK EU USA UK EU USA
Communications x x Nuclear industry x
Food x x x ICTs x x
Emergency x x Chemical x x
Services industry
Energy x x x Research x
Finance x x x facilities
Government x Space x
Health x x x Defence x
industrial base
Transport x x x
Postal/shipping x
Water x x x
Monuments and x
icons

16. UK SUB-CATEGORIES
Landline Phones
Mobile Telecommunications Production
Postal Services Processing
Communications Import
Broadcast Communications
Distribution
Food Retail
Ambulance
Fire and Rescue Electricity
Emergency Services
Marine Gas Payment, Clearing
Police Oil and Settlement
Energy
Fuel Systems
Public Finances
Finance Markets and
Central Government
Exchanges
Parliament
Government
Devolved Administrations
Regional and Local Authorities
Health Maritime
Health and Social Care Aviation
Transport Land (Road and rail)
Potable water supply
Water Dams
Waste Water
Services

17. USA – CHANGES OVER TIME
1983 1988 1996 1998 2001 2002 2003 2003
Transportation X X X X X X X X
Water X X X X X X X X
Education X
Public Health X X X X X
Prisons X
Industrial capacity X
Waste Services X
Telecommunications X X X X X X
Energy X X X X X X
Banking and Finance X X X X X
Emergency Services X X X X X
Gov. continuity X X X X
Information Systems X X X X X
Nuclear facilities X
Special events X
Agriculture/food X X X X
Defence industrial base X X X
Chemical industry X X X
Postal/shipping services X X X
Monuments and icons X X
Key industry/tech sites X
Large gathering sites X

18. COMPONENTS
We have been looking so far at a high level
• Ultimately, assurance has to be at the component level
Judgements need to be made about whether a technology or
component is a critical element of an infrastructure
• Not every bridge or cable is essential to the overall system
• Are VOIP services telecoms services?
Designation carries implications.
• “Critical” bridges get additional funding (so they all want one!)
• Telecoms services need to carry emergency calls
It is very difficult, if not impossible to map every individual component
• Yet many problems occur at the component level

19. INTERDEPENDENCIES
Functional: Reliance between components.
Informational: Data flow from one node aides decision making
elsewhere.
Shared Control: Control is from the same system/location
Geospatial: Physical proximity
Purpose: A shared function or purpose
Policy/procedural: A change in policy or procedure at one place may
have effects elsewhere.
Societal Interdependency: Changes to one component may have
societal effects which lead to changes to others

20. http://www.flickr.com/photos/brizo_the_scot/3736542522/

21. BALTIMORE, HOWARD
STREET TUNNEL FIRE
http://www.its.dot.gov/JPODOCS/REPTS_TE/13754.h
tml

22. ENERGY CRISIS IN CALIFORNIA
Deregulation
Policies
First Order Effects Second Order Third Order Effects
New Energy Effects
Marketplace
Dynamics Gas supply Cogeneration Oil Production
Tight, High-
Cost Gas Curtailed Natural Reduced Steam Reduced Heavy Oil
Supplies Gas Production Injection for Heavy Production
Oil Production
Utility Financial
Crisis
Refineries Road
transportation
Substantial
load growth Inventory build-up: Shortages of
Electric Power Oil pipelines Curtailed Specially
Operations Formulated
Disruption of Gasoline
Lack of New Supply demand
imbalance product pipelines Storage terminals Air transportation
Generating and
Transmission
Capacity Inventory Disruption of flight
Drawdown: schedules
Aging fleet of Shortages of
Power Plants Gasoline and Jet
Fuel
Low Hydro
Conditions Water Agriculture Banking and
Finance
Transmission/E Disruption of Crop losses Financial losses
nvironmental irrigation pumps
Constraints

23. PROTECTING AND ASSURING
INFRASTRUCTURE
A difficult problem
• Infrastructure is rarely under individual control
• Infrastructure is large scale
Assurance takes place through governance processes and risk
management
• Identify key components
• Identify vulnerabilities
• Identify threats
• Construct risk models
• Assess possible outcomes from loss
• Make/request/lobby for necessary improvements
• Make contingency plans
None of these steps are trivial!

24. KEY POINTS
Infrastructure is critical to business, security, health, society.
• We are increasingly reliant on digital infrastructure.
Infrastructure is large scale, complex, has modern and legacy
components, and many interdependencies.
Securing infrastructure is a hard problem
• Hard to know what you have
• Hard to assess vulnerabilities
• Difficult to make improvements because infrastructure is rarely
under direct control of those it is critical to

25. SOURCES
P. Pederson, D. Dudenhoeffer, S. Hartley, M. Permann (2006) Critical
Infrastructure Interdependency Modeling: A Survey of U.S. and International
Research. Idaho National Laboratory
John Moteff and Paul Parfomak (2004) Critical Infrastructure and Key Assets:
Definition and Identification. Report for Congress.
Susan Leigh Star, Karen Ruhleder, (1994) Steps Towards an Ecology of
Infrastructure: Complex Problems in Design and Access for Large-Scale
Collaborative Systems. CSCW 1994. ACM Press.
USA National Infrastructure Protection Plan
• http://www.dhs.gov/files/programs/editorial_0827.shtm
UK Centre For Protection of National Infrastructure
• http://www.cpni.gov.uk/