Critical infrastructure has become the central nervous system of the economy in all countries. It is not possible to achieve the goals of energy sustainability, economic or social development if the operation of its infrastructure network are at risk or vulnerable.

The protection of critical infrastructure systems has recently become a major con-cern for many countries. This is due to the effect of these systems on the every day life of all citizens and the high possibility of disruption because of their complex structure and hidden interdependencies, which subsequently attracts the attention of many researchers and scientists. The investigations of researchers have encom- passed issues of national security, policy making, infrastructure system organization, and behavior analysis and modeling.

Today, critical infrastructures have become an integral part of cyberspace and they play a vital role in supporting many of our daily activities (including travel, water and power usage, financial transactions, telecommunications, and so on). Today, the reliability, high performance, continuous operation, safety, maintenance and protection of these critical infrastructures are national priorities for many coun- tries around the world. We explore the various vulnerabilities and threats currently present in critical infrastructures and describe protection measures that can be de- ployed to mitigate those threats. We highlight and discuss some of the challenging areas such as governance and security management, network design and securecommunication channels, self-healing, modeling and simulation, wide-area situa-tional awareness, forensic, and finally, trust management and privacy that must be considered to further enhance the protection of critical infrastructures in the future.

A Critical Infrastructure (CI) consists a set of systems and assets, whether physical or virtual, so essential to the nation that any disruption of their services could have a serious impact on national security, economic well-being, public health or safety, or any combination of these. The European Union (EU), through its European Programme for Critical Infrastructure Protection (EPCIP), also stresses the importance of CI protection to all its Member States and their citizens. To address CI Protection (CIP), an EPCIP communication, COM(2006) 786 final, was developed to estab-lish a legislative framework on CIP to transparently operate and enable cooperation across different borders. According to the EPCIP, CIs can be classified as follows:

• Energy: energy production sources, storage and distribution (oil, gas, electricity).

• Information, Communication Technology (ICT): information system and net- work protection (e.g., the Internet); provision of fixed telecommunications; pro- vision of mobile telecommunication; radio communication and navigation; satel-lite communication; broadcasting.

• Water: Provision of water (e.g., dams); control of quality; stemming and control of water quantity.

• Food and agriculture: Food provision, safety and security.

• Health care and public health: Medical and hospital care; medicines, serums, vaccines, and pharmaceuticals; bio-laboratories and bio-agents.

• Financial systems: banking, payment services and government financial assign-ment.

• Civil administration: government facilities and functions; armed forces; civil administration services; emergency services; postal and courier services.

• Public, legal order and safety: maintaining public and legal order, safety and security; administration of justice and detention.

• Transportation systems: road transport, rail transport, air traffic; border surveil- lance; inland waterways transport; ocean and short-sea shipping.

• Chemical industry: production and storage of dangerous substances; pipelines of dangerous goods.

• Nuclear industry: production and storage of nuclear substances.

• Space: Communication and research.

• Research facilities.

However, the National Infrastructure Protection Plan (NIPP), defined by the United States Department of Homeland Security (DHS), also considers other critical sectors such as:

• National Monuments and Icons: monuments, physical structures, objects or geo-graphical places that are acknowledged as representing national culture, or have a religious or historical importance.

• Commercial Facilities: commercial centers, office buildings, sports stadiums, any other place that can accommodate a large number of people.

• Critical Manufacturing: Transformation of materials into goods. This includes all the processes involved in manufacturing and transportation equipment.

• Defense Industry Base: production facilities of military resources (e.g., weapons, aircraft or ships) and maintenance of essential services (e.g., communication) to protect a nation.

In recent years, the European Commission (EC), the United States (US) Department of Homeland Security, and others, have been concerned about the security of their country infrastructure as a result of new  nternational threats. In 2005, the EC adopted the green paper ‘‘European programme for critical infrastructure protection’’ (EC, 2005). Subsequently, the Council of the European Union adopted Directive 114/08/EC, ‘‘on the identification and designation of European critical infrastructures and the assessment of the need to improve their protection’’ (CEU, 2008), which gave rise to the European Programme for Critical Infrastructure Protec-tion (EPCIP). One year later the US published and launched the US National Infrastructure Protection Plan (NIPP, 2009). An appropriate, integrated and reliable network of critical infrastructure is an essential prerequisite not only for energy policy objectives, but also for a national economic strategy.

Protection and security of critical infrastructure networks will not only allow the achievement of a properly functioning economy market, but will also enhance the security of energy supply, enable market integra- tion and allow consumers to benefit from new technologies. The success in protecting a country critical energy infrastructure requires the involvement of every element of the energy infra- structure in the definition and implementation of a risk manage- ment programme, incorporating analysis of the vulnerabilities, risk assessment and implementation of hazard mitigation procedures.

It is important to point out that the term ‘‘risk’’ refers here to a combination of what can happen, how likely it is, and its consequences. The term ‘‘threat’’ is more related to harmful acts to infrastructure. ‘‘Vulnerabilities’’ refers to the weakness level of a system to failures, disasters or attacks. In this paper, the authors survey the methodologies, applications and tools to conduct studies in critical infrastructure protection, through a literature review and classification of the international journal articles, reports and standards that appeared during the period from 1999 to 2010, selected on the basis of their applic- ability and best-practice methodologies. A critical analysis of the methodological approaches and specific considerations on electric infrastructures are also presented. In order to enable this research the authors first carried out a review of essential concepts around energy security and international strategies on infrastructure protection plans.

This paper also seeks to compile and to enrich the scientific and political debate around the strategic interests associated with the security of a nation’s critical infrastructure, along with a classification of the strategies to manage both risks and threats to critical infrastructure systems.

Sections 2 and 3 of this paper cover and discuss both definitions and international experiences on energy security, critical infra- structure and key resources, as well as the importance achieved by this issue in the current public research. Some international experiences are shown, including highlights on critical infrastruc-ture protection, EPCIP and NIPP programme which, together, con- stitute the international reference in this area. Section 4 contains an overview of current methodologies and software applications which support scientific research on critical infrastructure protection, with an emphasis on their classification and functionality.

This survey is focused on the steps of risk management programmes: identification, risk assessment, prior- itisation of actions, programme implementation and effectiveness measurement. The subsequent discussion is intended to guide further research in this specific area. Section 5 reviews informa- tion sharing and inter-institutional collaboration in infrastructure protection, with some recommendations on cooperation between public and private sectors on security.

Energy security and critical infrastructure protection

A review and a discussion on concepts and definitions of energy security are proposed as the preamble for a conceptual framework of strategies and methodologies on critical infrastructure protection.

The literature regarding the definition of the term ‘‘energy security’’ is extensive and mostly based upon open sources. In general, a scientific and political literature review provides information on the use of this term in the areas of energy supply indicators; diversification of energy sources; tools for decision making; critical infrastructure and key resources; geopolitics and military thinking, etc.

The concept of energy supply covers different notions which are analysed under various scenarios. As a consequence, the class- ical definition of energy security as ‘‘providing enough affordable energy’’ also requires the addition of new concepts including price stability, diversification of energy sources, energy storage, economic investments, infrastructure protection, political and military power balance, geopolitics, homeland security, energy efficiency, energy markets, sustainability, etc.

Energy security had traditionally focused on geopolitics, acci- dents and natural disasters. After the 11th September of 2001 authorities in countries of Europe and North America, and also the industry, were required to consider the threat of intentional damage to a much greater degree than before (Giroux, 2010). Other approaches consider the notion of ‘‘energy security’’ on critical infrastructure and key resources (Belluck et al., 2007). Furthermore, the term ‘‘critical infrastructure’’ is defined as any element, system or part thereof, situated in a state that is con- sidered essential for the maintenance of vital societal functions, health, physical integrity and security, social and economic welfare. Another definition around the term ‘‘energy security’’, under-taken by international agencies such as the International Energy Agency (IEA), refers to the probability that the energy is supplied continuously to a nation (Le Coq and Paltseva, 2009). Nonetheless, a low reliability of energy supply generally leads to high and volatile prices (IEA, 2002).

The concept of critical infrastructure and key resources includes all assets that are so vital for any country that their destruction or degradation would have a debilitating effect on the essential functions of government, national security, national economy or public health (Hull et al., 2006). Disruption of a single sector of critical infrastructure, due to terrorist attacks, natural disasters or man-made damage, is likely to have cascading effects on other sectors (L ̈oschel et al., 2010).

Literature generally agrees to define a country’s energy system as interconnected and complex. Disruptions in one part of the infrastructure may spread out through the system. This definition is called ‘‘interdependence’’ (Consolini, 2009). Fig. 1 outlines, as an example, how interlinked with the country’s energy infra-structure are key resources and water services, electronics and telecommunications (Ness, 2006), essential to sustain the devel- opment of a modern society. In case an emergency arises decision makers must understand the interdependences in the underlying infrastructure.

Not understanding these interdependences would lead to ineffective responses and lack of coordination between decision-making organisations and the groups responsible for rescue, recovery and restoration.

Consequently, governments, regulators and industry experts have focused their attention on studying the vulnerabilities of the national energy supply system to intentional attacks, accidents or natural disasters. Currently, the issue of energy security is seen as one of the most important issues in national policies. Govern- ments play a vital role in protecting the energy sector in supply- related crisis prevention and management (Belluck et al., 2007). It is important to keep in mind that the vulnerabilities and their consequences are not entirely obvious. Identifying the threats from malicious individuals are different from the threats caused by natural phenomena. In summary, the classical definition of energy security, origin- ally restricted to the supply of enough affordable energy, has now turned in such a broad concept that strategies should be tuned on the protection of the different threats.

Infrastructure protection plans

There is broad consensus in defining the critical infrastructure as the one whose sudden unavailability may cause loss of life, serious or severe impact on health, safety or economy of citizens. Although the possibility of a cyber-attack to critical infrastruc-tures was identified already in the late 1990s, risks on energy infrastructure became more prominent as a consequence of the events on the twenty-first century (terrorist attacks and natural disasters) that significantly impacted and affected public opinion and raised the profile of critical infrastructure issues. Further- more, the level-7 nuclear accident at the Fukushima nuclear power plant in Japan in March 2011 has put critical energy infrastructure issues even higher up in the political agendas.

The need of governments to define strategies and security initiatives became vital (CIEP, 2004). Their energy paradigm has even been reformulated, in some cases switching from a less nuclear electricity generation to a much higher contribution of renewables energies in the electricity mix (CEU, 2007; Duffield and Woodall, 2011).

Both the United States of America and the Member States of the European Union instituted committees and working groups on prevention, preparedness, response to terrorist attacks and solidarity programs on the consequences of terrorist threats. As a result the European Commission adopted in 2005 a green paper on a ‘‘European programme for critical infrastructure protection’’ (EC, 2005). Subsequently, in December 2008 the Council adopted the Directive 114/08 (CEU, 2008). In 2009, the United States adopted its National Infrastructure Protection Plan (NIPP, 2009). Both world leading programs, NIPP and Directive 114/08, define critical areas in which efforts must focus on prevention and protection of infrastructure. Table 1 summarises the list of critical infrastructure as defined by each of those approaches.

These plans provide the opportunity to define more clearly the warning systems in order to protect critical infrastructure, includ- ing planning and execution of activities to ensure continuity and reliability of these infrastructures. Such infrastructure protection plans are mainly concentrated in the sectors of energy, transport, information technology and communications. A broader vision is specified by the NIPP, as it covers more sectors in which it identifies critical infrastructure. Although the approach given by the European Commission green paper (EC, 2005) had initially aimed to cover as much infrastructure as possible, the Directive (CEU, 2008) finally agreed mainly in the sectors of energy and transport, also including the value chain and supply.

Table 1 List of critical infrastructure sectors, in NIPP (USA) and the European Union Directive.

These methodologies also suggest the use of risks management techniques to decide prioritisation of actions for both mitigation and protection. Activities such as the creation of an inventory of the components of the infrastructure network are required prior the identification of risks that affect the resilience of the system (an infrastructure is resilient when its elements maintain interactions, despite loss of connection nodes or changes in the system network).

NIPP programme of the United States

The national plan for protection of critical infrastructure and key resources is a large-scale and integrated plan that defines and determines goals, objectives, major events and key initiatives. This plan provides a comprehensive and unified framework for the protection of critical infrastructure and key resources (CI/KR) through federal, state, territorial, local, tribal and private sector (US Dept Home Security, 2003). The NIPP identified three specific areas of interest: the inter- dependencies between sectors, cybersecurity and the interna- tional nature of threats to critical infrastructure (Consolini, 2009).

The NIPP risk management framework includes six steps that contain: establishment of security objectives; identification of assets, systems, networks and functions; risk assessment; prior- itisation of actions; implementation of protection programs and measuring effectiveness. Additionally, it provides a framework for feedback and continuous improvement in a flexible approach. The outline of this plan is shown in Fig. 2.

From an industry perspective and in the context of risk management the first step is establishing safety goals. Crucial issues such as loss of life, economic impact and impact of national security, should be considered in the formulation of safety goals.

The second stage, identifying resources, systems, networks and functions, requires the development of a complete inventory, con- taining basic information about the resources, systems and net- works in the country and including material goods, human features and system information. This is the first step to ensure resilience.

The methodologies on the risk assessment stage provide reasonably complete  using quantitative, systematic and rigorous processes. For the stage of prioritising actions, the US Department of Homeland Security is working with security partners to establish priorities for risk assessments, in order to identify where risk reduction is more compelling and then to determine protective measures that need to be taken. This item requires a comparison of the relative levels of risk and resources sectors, along with options for achieving security goals. Thus, the protective mea- sures are applied where possible to reduce the security risk, resulting in a more cost-effective decision. In the stage of implementation of protection programs, pro- tection measures are aimed at reducing the risk.

The stage of measuring effectiveness is established from a system of indicators to provide information on achieving specific security goals, as defined in NIPP (2009). Such result indicators are descriptive and process-based.

EPCIP: European programme for critical infrastructure protection

The overall EPCIP objective is to enhance the protection of critical infrastructure in the European Union. This task will be achieved through the implementation of European legislation as directives and recommendations released by the European Commission (Costantini et al., 2007). The legislative EPCIP framework consists of the following elements (EC, 2005):

 A procedure for the identification and designation of European Critical Infrastructures (ECI) and a common approach to assess the need to improve their safety, the latter being established by a Directive.

 Measures to facilitate the EPCIP improvements, which include an action plan, a warning system on critical infrastructures (CIWIN), by the creation of boards on Critical Infrastructure Protection (CIP) at the level of European Union, procedures for sharing information about the CIP, identification and analysis of interdependence.

 Help to Member States (MS) to improve the security of critical national infrastructure (CNI) and intervention plans (EC, 2011).

 Complementary financial procedures and, in particular, the specific programme ‘‘prevention, preparedness and conse-quence management of terrorism and other security risks’’ for the period 2007–2013, that makes available new financing measures for critical infrastructure protection.

The European energy sector gives higher attention to the protection of its large scale energy infrastructure and facilities. It has also been established a network of critical energy infra- structure operators from electricity, gas and oil sectors to exchange their experience at European level on security related issues (EC, 2011).

Other international experience

Several countries have critical infrastructure protection as a political objective, with commitment and support from a national leadership standpoint which is reflected in the structure and organisation of the role and responsibility of certain government departments. A few of these countries have established commit- tees, task forces and working groups whose mandate include scenario definition, risk assessment, and establishment of early warning systems. Table 2 presents the main governmental plans that have been documented through the respective designated agencies, regarding the protection of critical infrastructure.

Many of those governmental agencies are vertically structured organisations in the field of critical infrastructure which are directed from the highest level of every government.

Many governments have entrusted critical infrastructure protection to both owners and operators of the systems and networks. This task is always performed through a strong relationship with civil and military authorities in order to guarantee the protection of both assets and networks part of that infrastructure. Most critical infrastructure protection plans have been based on risk manage- ment frameworks as those conceived in standards either as the Australian (AS/NZS, 1999) or the ISO 31000 (ISO, 2010). Table 2 shows that governments have significant concerns in the area of network security systems and information technology, for whose protection they follow the recommendations of inter- national organisations to combat cyber attacks and cybercrime (Zielstra, 2010). Most countries now implement policies for protection of information technologies in two areas, Internet and telecommunications, in accordance with the CERT/CSIRT methodology. Computer Emergency Response Team (CERT) is a name given to expert groups that handle computer security incidents. The generic term CERT/CSIRT refers to an essential part of national coordination centres that involve government boards and corporations in cyber security (Alberts et al., 2004).

Table 2 Records of current national critical infrastructure plans.

Methodologies for critical infrastructure protection

This section presents an overview of methodologies and applications with emphasis on their classification and function- ality for Critical Infrastructure Protection (CIP). Methodologies referenced in Table 3 contain procedures, definitions and explanations of techniques used to collect and to analyse information in critical infrastructure protection. Many of these methodologies have led to development of applications, be it in the form of a computer programme or a set of instructions e.g. to collect and analyse information. They perform specific tasks based upon the modelling techniques.

We found 55 journal articles, reports and standards, in the period from 1999 to 2010, proposing different methodologies, applications and software tools for critical infrastructure protec-tion. Table 3 lists the reviewed literature along with the classifi- cation of each methodology according to the infrastructure affected, modelling techniques, level of maturity/availability and risk stage. A brief explanation on these features is given as follows:

 Types of critical infrastructure. This list is extracted from the NIPP (2009) and Directive 114/08 (CEU, 2008), as it was presented in Table 1. The following infrastructure sectors are covered: electricity; natural gas; oil and pipelines; drinking water; sewage and wastewater; industrial control; telecom- munications; computer networks and information systems; railways; highways and roads; human activities including services and emergency evacuation; banking and finance.

The policies and regulations feature was added since many models emphasise the importance of policy formulation and decision making in the impact of their results.

 Modelling techniques. The modelling techniques used by the different methodologies are applied to CIP by means of simulation paradigms and decision-making procedures: multi-agent systems, system dynamics, rating matrices, rela- tional data-bases and the network theory. Those modelling techniques are also combined with supplementary computa- tional methods and techniques: continuous time-step simula- tion (CS), discrete time-step simulation (DS), Monte Carlo simulation (MC), decision trees (DT), geographic information systems (GIS), risk management techniques (RISK) and event monitoring or real time record (RTR).

 Maturity and availability. Applications and platforms may be still under research (R) and/or development (D), or already available for use by the general public with commercial purposes (C) or by a limited or restricted group, normally the
military (L).

 Risk management stages: This survey is focused on a frame- work for the protection of critical infrastructure that was outlined in Fig. 2. Applications and methodologies are classi- fied according to their functionality in each of the stages of risk management programmes (identification, risk assessment, prioritisation of actions, implementation programs and effec- tiveness measurement).

Table 3 also indicates methodologies that are represented directly as a software tool. A deeper explanation of each of these software tools are detailed in the Appendix. Information classified this way will allow a clearer analysis of the different trends in the area of analysis, modelling and managing risks to critical infrastructures, according to the major- ity of research, so they become a source of empirical information for the reader.

Although the list of methodologies and applications shown in Table 3 is not exhaustive, it does reflect most of the research being conducted in the area of critical infrastructure protection. The Appendix compiles a brief overview of the main features of each of these systems. We review first the combination of the modelling techniques for general critical infrastructure and then discuss the specific case of electrical critical infrastructure. Our survey reveals two major trends in the reviewed meth-odologies. A first trend focuses on the study, analysis and under- standing of the infrastructure from the earliest stages of construction and assembly. This trend identifies methods, techniques, tools and charts to describe the current state of the infrastructure, and uses methods of evaluating the threat to obtain a clearer view on the operation of infrastructure.

For this, it takes into account each of the possible risks that affect a system and determines their possible consequences. It should be noted that although many of the potential causes of hazards can be detected with this approach, their consequences or impact not necessarily can be perceived or understood.

Another research trend focuses on understanding the dynamic behaviour of the infrastructure systems, and uses simulation techniques (systems dynamics, Monte Carlo simulation, multi- agent systems, etc.) with which it explores both processes and operation in order to identify the causes of instability in a system infrastructure. Each application examined in the surveyed articles, reports and standards offers unique capabilities and provides specific insights into various aspects of the problem domain. Instead of analysing every single methodology, the main focus of the following sub-sections is dedicated to identify common features, their advantages and drawbacks, and the trend in the use of modelling techniques. It is estimated that the research in this area will keep increasing in the coming years because of the emergent policies and the growing concern of the society, as previously discussed in Section 3, so the information presented here can provide guidance to address the gaps in such areas.

The subsequent discussion mainly focuses on the study of mathematical models and computational techniques of the meth-odologies and applications presented in Table 3, systematically analysing the approaches, finding out some advantages, draw- backs and trends.

 

Applications for critical infrastructure protection

Of the 55 applications and platforms, 69% are software tools and 31% are analytical and generic methodologies.

A first discus-sion is driven from the following perspectives:

 Availability and maturity of applications.

 Combination of mathematical models and complimentary computational techniques that are currently used in research on critical infrastructure protection.

 Use of mathematical/computational models applied to the list of critical infrastructure sectors.

 Usage of modelling techniques in each stage of the risk
management framework.

Critical infrastructure information sharing

It was mentioned above that legal instruments delivered by governments give the highest attention to the protection of their large-scale energy infrastructure and facilities. Nonetheless, the processes and practices used for monitoring and reporting inci-dents differ considerably from country to country. Many govern-
ments lack the entity (e.g. an agency) which could serve as a monitoring centre. Even when mutual assistance is fundamental to achieve an adequate protection to threats and attacks on critical infrastruc- ture, current cooperation among states is poorly developed and exchange of reliable information on security incidents is mainly informal, based upon bilateral or multilateral agreements to exchange information (EC, 2009b).

Many gaps in CIP information sharing are explained by today’s competing pressures faced by corporate executives which include meeting global market demands, managing risks to their enter- prise, protecting trade secrets and proprietary information and limiting corporate and shareholder exposure to legal liabilities. Efforts to promote information sharing on critical infrastruc- ture protection have now been committed. For example, the European Commission encourages public private cooperation to achieve security objectives. Such public–private partnerships are based on existing national initiatives and operational activities. Once identified, critical infrastructures would then be inventoried within a European dimension in regard of their protection (EC, 2009a).

The US Department of Homeland Security established an information-sharing network that is guided primarily by the National Infrastructure Protection Plan (NIPP) and works in coordination with the efforts of the Information Sharing Environ-ment (US Dept Home Security, 2006). Information sharing is
currently being implemented through the systemic development of information-sharing policies and the coordinated public– private implementation of core and enhanced mission-related, information-sharing processes. This ensures coordination, clear identification of roles and responsibilities and the technological and content requirements needed to make information exchange secure, effective and valued.

The US Department of Homeland Security established an information-sharing network that is guided primarily by the NIPP and works within an Information Sharing Environment (US Dept Home Security, 2006). Information sharing can be implemented through the systemic development of information-sharing poli- cies and the coordinated public–private sector application of core and enhanced, mission-related, information-sharing processes. This ensures coordination, clear identification of roles and respon- sibilities, and the technological and content requirements needed to make information exchange secure, effective and valued. One significant mechanism to promote and expand informa- tion sharing is the enhancement of multilateral CERT/CSIRT cooperation (see Tables 2 and 3). This leads to better preparation, greater capacity, and better reaction and response to incidents, particularly on ICT critical infrastructure. In general, when owners and operators receive a comprehensive picture of threats or hazards to infrastructure, and participate in on-going information flow, their ability to assess risks, make security investments, and take protective actions is substantially enhanced. Similarly, when the government understands the information needs of the private sector, it can adjust its information collection, analysis, synthesis and dissemination activities accordingly. Information sharing occurs in multiple environments at the time that each organisation develops its own policies, rules, standards, architectures and systems to channel the available
information. Coordinated and collaborative processes must beмaddressed to improve information sharing among all the stakeholders:

 It is recommended for a government to establish an organisa- tion with a clear mandate and appropriate levels of authority and responsibility, which would coordinate research, informa- tion sharing and dissemination of issues related to critical infrastructure protection nationwide. As previously discussed, only a few governments have committed efforts to constitute such agencies (and most of them are only focused in cyber-protection initiatives). This coordination should contri- bute to a shift from a strictly hierarchical to a networked model, allowing distribution and access to information both vertically and horizontally, as well as the ability to enable decentralised decision making and actions.

Protecting the interconnected and interdependent infrastructure requires a robust public–private partnership that provides the private sector with information on incidents, threats and vulner- abilities. The actors taking part in a coordination agency could be:

– infrastructure owners and operators

– industry association representatives

– government agencies and officials with responsibilities on CIP

– military and civil intelligence bodies

– expert advisory groups

– local and regional authorities

Promotion of a culture of information sharing through the coordination by the proposed agency should aim to facilitate data exchange on:

– alerts and warnings on credible threats

– reporting suspicious activity

– asset vulnerabilities

– status of the infrastructure

– business continuity plans

– actions and programmes

Application of basic procedures to facilitate information shar- ing requires:

– collaboration and coordination under emergencies orincidents

– information sharing protocols and document management

– conditions for membership

– subject matter expertise

There is a need for coordinated and trusted interagency partnerships across all levels of government. Military and civil intelligence entities, law enforcement, defence, homeland security, foreign affairs offices and market regulatory bodies must be synchronised under a unique authority and have aligned objectives for CIP.

Supranational coordination is also required to respond to international threats.

 Different levels of information sharing could be useful for this purpose:

– Inventorying and classifying national critical infrastructure assets would be the first tool to implement a risk management framework for CIP. Such activities should be aimed through national legislation but aligned to the recommendations established in supranational CIP programmes as EPCIP, or international risk management frameworks as ISO 31000.

Administration of the information contained in those national and supranational catalogues has to rest on the responsible agencies. Information sharing through this agency must com- ply with adequate levels of safeguards, classified data, means of protection and adequate information sharing protocols.

– Risk assessment and protective actions are commonly under national custody, but periodical information sharing among states could be useful for exchange CIP best practices and methods. A supranational coordination mechanism is needed to ensure safe communications and data storage.

– Allied national intelligence and security agencies already exchange information on confidential basis, and often infrastructure operators only receive warnings from their respective intelligence national agencies in order to avoid information leaks.

Conclusions

This lecture contributes a review of the capabilities of different strategies, applications and methodologies for the identification and evaluation of risks in critical infrastructure, with emphasis in electric systems. Security, economic prosperity and social welfare depend on the effective performance and resilience of a country’s energy infrastructure.

We have analysed the state-of-the-art on ‘‘critical infrastruc- ture protection’’ examining recent specialised literature and other open sources. The survey is complemented with information of the reviewed applications and methodologies, which are sum- marised in the appendix to this paper.

The main conclusions that arise from the developed work are:

 The classical definition of energy security, originally conceived as policies to ensure supply of enough affordable energy, nowadays evolves into a broader concept that includes cost- effective strategies on the protection of different threats, among which are price stability, diversification of energy resources, energy storage, economic investments, infrastruc- ture protection, political and military power balance, geopo- litics, homeland security, energy efficiency, energy markets, sustainability, etc.

 Most critical infrastructure protection plans have been based on risk management frameworks. NIPP is the most advanced programme in objectives, strategies and organisation, and a main reference for other infrastructure protection plans around the world. Countries adopting similar plans have established committees, task forces and working groups whose mandate incorporates scenario definition, risk assess- ment and establishment of early warning systems. These tasks are performed through a strong relationship between civil and military authorities whose efforts focus on prevention and protection of infrastructure.

 In general, the study of threats and vulnerabilities in critical infrastructure systems shows two distinct trends in the devel- opment of methodologies and applications. The first trend relates to the identification of methods, techniques, tools and diagrams to describe the current state of infrastructure. In this first trend, assessment techniques use threats and risk management frameworks to obtain a clearer view of infrastructure performance and its response to vulnerabilities.

Another trend of research deals with understanding dynamic behaviour of the infrastructure systems, by means of simulation techniques (system dynamics, Monte Carlo simulation, multi-agent systems, etc.). In this way, it is possible to identify the causes of instability in an infra- structure system. This can be done through the recognition of the highest risks that may have catastrophic impacts in the system.

 Within the concepts established in the risk management framework, we distinguish between five analysis stages: hazard identification, risk assessment, prioritisation of actions, programme implementation and measurement of effective-
ness. As a result our literature review identifies the models used for each stage. Multi-agent systems and rating matrices are the most widespread modelling techniques in every risk management framework.

 Critical infrastructure modelling is mainly associated with simulation techniques merging multi-agent systems, system dynamics, the network theory or relational databases. This simulation paradigm, such as agent-based and system dynamics, is becoming more attractive for interdependence analysis among critical infrastructures, as they also predict responses under emergencies and policy implementation. Rating matrices combined with risk management techniques are also among the most popular, since they accept the use of semi-quantitative judgments and allow sensitivity analysis in decision making. Relational database models along with the network theory allow the identification of critical nodes in the infrastructure, but their complexity exponentially increases for larger infrastructures, so the practical applicability of both models is reduced to specific cases of smaller systems.

 Significant research focuses on risk identification and risk assessment for critical electric infrastructure, where the uni- versality of methodologies that involve hazard maps and risk matrices sets them apart. Paradigms of system simulation are widely used as a support for decision making on the stages of prioritisation, implementation and monitoring of actions, in order to estimate risk mitigation strategies and policies in critical electric infrastructure.

 Infrastructure protection modelling is a relatively new area of research and analysis, but terrorist attacks and natural disasters have shown that the impact of threats on infrastructures should be thoroughly evaluated. Since a few of the referenced meth- odologies (only 25%) are available for commercial use, and that most of the research is currently carried out by a few labora- tories, a limited exchange of information has taken place.

 The effective implementation of the CIP plans depends on the degree to which government and private sector partners engage in systematic, effective, multidirectional information sharing. We therefore strongly encourage them to cooperate, possibly with the help of governmental or supranational organisations or agencies with appropriate levels of authority and responsibility. The actors taking part in a coordination agency could be: infrastructure owners and operators, indus- try association representatives, government agencies and offi- cials with responsibilities on CIP, military and civil intelligence bodies, expert advisory groups and local and regional authorities.

 Inventorying and classifying assets would be a first step toward the promotion of a culture of information sharing into a risk management framework. Real-time collaboration on risks alerts, infrastructure status, emergency responses, mem- bership conditions and expertise should also be established. In the proposed networked scheme access to information is both vertically and horizontally achieved, which implies that part- ners can share information directly among themselves.

The contributions made in this paper could guide other analysis and developments in the field of decision making, simulation systems and risk management, and could be a useful reference for practitioners and policy makers.