The document discusses infrastructure resilience and how to achieve it. Resilience is the ability to withstand disruptive events and continue providing essential services. Pandemics and cyberattacks are major risks. Infrastructure depends on power and communications, so failures in those have the largest impacts. Vulnerabilities include outdated software and lack of monitoring/coordination. Achieving resilience involves resistance to anticipated threats, reliable systems, redundant capacity, and response/recovery planning. Key points are that resilience allows infrastructure to continue operating during hazards and depends on contingency planning and resilient design principles.

1. <Infrastructure resilience, 2013 Slide 1
Infrastructure resilience
Ian Sommerville

2. <Infrastructure resilience, 2013 Slide 2
Resilience
• Resilience is the ability of assets, networks
and systems to anticipate, absorb, adapt to,
and recover from a disruptive event or series
of events.
• Resilience is about maintaining the continuity
of a service in the presence of disruptive
events

3. <Infrastructure resilience, 2013 Slide 3

4. <Infrastructure resilience, 2013 Slide 4
Pandemic disease
• Pandemic disease is the highest impact
risk because it potentially affects the
whole of a national infrastructure as
people become ill

5. <Infrastructure resilience, 2013 Slide 5
Cyber attacks
• Cyber attacks that compromise
confidentiality are not likely to have a
major impact on the availability of a
national infrastructure
• But cyber attacks that affect the control
systems are more serious

6. <Infrastructure resilience, 2013 Slide 6
Risk impact
• Risk impact is related to the extent of
the damage to infrastructure assets

7. <Infrastructure resilience, 2013 Slide 7
Impact depends on locality
• Local incidents, such as a terrorist
attack on physical infrastructure, have
limited impact because they only affect
a small part of that infrastructure

8. <Infrastructure resilience, 2013 Slide 8
Organisational infrastructure
• Organisations may be more vulnerable
than physical infrastructure
• Incidents that affect the organisational
infrastructure can have more significant
impact
– Organisations are less likely to be distributed

9. <Infrastructure resilience, 2013 Slide 9
Risk impact
• Because physical infrastructure is
distributed, failures in one part of a
physical network are localised
– A crack is discovered in one bridge but this does
not affect other bridges in the network

10. <Infrastructure resilience, 2013 Slide 10
Software vulnerability
• However, software control changes this
– If common elements of an infrastructure are
networked and controlled by the same software, a
failure in one element (especially a malicious
attack) can propagate throughout the network
– Large-scale failures and unavailability therefore
become possible

11. <Infrastructure resilience, 2013 Slide 11
Infrastructure dependencies
• All infrastructure
elements now
depend on power and
communications
• Failure and
unavailable of these
infrastructures has
the most impact
Photo: creative commons/flickr/anemoneprojectors

12. <Infrastructure resilience, 2013 Slide 12
Infrastructure vulnerabilities
• Limited
physical
protectio
n

13. <Infrastructure resilience, 2013 Slide 13
Infrastructure vulnerabilities
• Old/insecure
software
control
systems
Image: http://commons.wikimedia.org/wiki/File:SCADA_PUMPING_STATION_1.jpg

14. <Infrastructure resilience, 2013 Slide 14
Infrastructure vulnerabilities
• Lack of monitoring systems
• Lack of coordination across
infrastructure elements

15. <Infrastructure resilience, 2013 Slide 15
Infrastructure vulnerabilities
• Lack of knowledge of infrastructure
state or dependencies
• Lack of knowledge of infrastructure
demand

16. <Infrastructure resilience, 2013 Slide 16
Achieving resilience

17. <Infrastructure resilience, 2013 Slide 17
Resistance
Provide protection
against
anticipated events
or attacks
– Flood defences
– Cybersecurity
awareness© Adrian Pingstone 2005

18. <Infrastructure resilience, 2013 Slide 18
Resistance
• Based on previous experience and
assumptions
• Changing world or external
circumstances may mean that
assumptions are invalid

19. <Infrastructure resilience, 2013 Slide 19
Reliability
• Infrastructure components should be
designed to operate under a range of
(anticipated) conditions not just
‘normal’ operating conditions

20. <Infrastructure resilience, 2013 Slide 20
Reliability
• Components, as far as possible, should
be designed for ‘soft’, incremental rather
than catastrophic failure

21. <Infrastructure resilience, 2013 Slide 21
Digital and analog systems
• Digital systems are more brittle than
analog systems
• Analog systems often fail gradually;
computer-based systems often simply
crash

22. <Infrastructure resilience, 2013 Slide 22
Redundancy
• The network or system as a whole
should be designed so that there
are backup installations and spare
capacity available.

23. <Infrastructure resilience, 2013 Slide 23
Redundancy
• Examples
– Computing support should be provided by different
providers in different locations
– Diverse generation capacity for electricity
– Multiple locations for command and control

24. <Infrastructure resilience, 2013 Slide 24
Response and recovery
• Respond to distruptive events quickly,
limiting the damage as far as possible
and ensuring public safety

25. <Infrastructure resilience, 2013 Slide 25
Response and recovery
• Plan how to restore services as quickly
as possible in the event of a loss of
capability
• Business continuity planning
• Disaster recovery

26. <Infrastructure resilience, 2013 Slide 26
Achieving resilience
• Advance planning to draw up contingency plans to
cover anticipated problems
• (a) good design of the network and systems to
ensure it has the necessary resistance, reliability and
redundancy (spare capacity), and
• (b) by establishing good organisational resilience to
provide the ability, capacity and capability to respond
and recover from disruptive events.

27. <Infrastructure resilience, 2013 Slide 27
Key points
• Critical infrastructure resilience is the ability of
the infrastructure to continue to deliver
essential services during and after a
hazardous event
• Infrastructure resilience depends on planning
for contingencies and effective infrastructure
design

28. <Infrastructure resilience, 2013 Slide 28
Key points
• Software control of infrastructure systems
potentially increases vulnerability because the
effects of an event may not be localised
• Resilient infrastructure design is based on 4
R’s – resistance, reliability, redundancy, and
recovery