2. “Those facilities, systems, sites and
networks necessary for the functioning
of society and the delivery of essential
services upon which daily life depends.”
What is critical infrastructure?
3. "Those infrastructure assets (physical
or electronic) that are vital to the
continued delivery and integrity of the
essential services upon which society
relies, the loss or compromise of which
would lead to severe economic or social
consequences or to loss of life."
What is critical infrastructure?
4. The sectors of critical infrastructure
• water
• energy
• food
• health
• transport
• communications
• finance
• government
• emergency
services
5. Elements of critical infrastructure
Water: dams, treatment plants, pipelines, sewers
Energy: power stations, transmission lines
Food: distribution networks, warehouses and sales points
Health: hospitals, emergency systems, pharmaceuticals
Transport: road, rail, air, water
airports, sea ports, roads, railways, bridges
Communications: telephone, radio, cyber
Finance: banks, money supply, financial services
Government: national, regional, local
Emergency services: fire, police, ambulance, specialist.
6. • national - of importance to the
functioning of national life and affairs
• local - of importance to the
functioning of local life and affairs.
The divisions of critical infrastructure
7. • natural events (floods, storms, etc.)
• technological failures and human error
• terrorism and sabotage.
Hazards to critical infrastructure
8. Water
treatment works Railway station
Fire station
Electricity sub-station
Broadband antenna
Hospital
Supermarket
Power station
Waste water
treatment works
FLOOD SITUATION
14. Different definitions of exposure:
• under threat for a
given period of time
• at risk to a given extent
of possible loss.
15. A person who spends five minutes
twice a day crossing a bridge that
is at risk of collapse is exposed
to that risk for 10/(60x24x7)=
0.00098 of a week
16. Command
& control
Delegation
to agency
Delegation
to agency &
negotiation
Enforced
self-
regulation
Voluntary
self-
regulation
More
interventionist
Less
interventionist
The regulatory continuum
Government
ownership
Market
forces
17. The ALARP concept
Negligible risk
Unacceptable risk
Broadly acceptable
region (no need for
detailed work to
demonstrate ALARP)
Unacceptable region
ALARP or tolerability
region: risk assumed
only if benefit warrants it
19. Safeguarding critical infrastructures
• redundant systems
• adequate levels of operating supplies
• fault-tolerant design
• "fail-safe" design
• adequate and reserve manpower
• scenarios for failures and disasters
• contingency and emergency plans
- kept current
• involvement of top management
20. • measuring weaknesses
• creating resilience and redundancy
• restoring essential services.
Critical infrastructure protection:
a programme, a plan or an activity
21. SMART criteria:
S - specific
M - measurable
A - attractive,
acceptable
R - realistic,
realisable
T - timing.
22. The risk management process
Establish
the context
Identify hazards
and threats
Analyse risks
Evaluate risks
Manage risks
Accept
risks
Communicateandconsult
Monitorandreview
Yes
No
1
2
3
26. Cyber
Human
Physical
Set goals and objectives
Identify assets, systems and networks
Assess risks: vulnerabilities,
threats, consequences
Prioritise
Implement programmes
Measure effectiveness
Continuous
improvement
to enhance
protection
of
critical
infrastructure
and key
resources
Feedback loop