Abstract
The aim of this paper is to present a problem of insufficient understanding of vulnerability of critical infrastructure. The paper looks at this issue with regard to the definition of vulnerability of critical infrastructure, its content as well as the limitations of current approaches to critical infrastructure protection. The recent events linked to the Covid-19 crisis showed the necessity to shift current approach to critical infrastructure protection from prevention-oriented to resilient-based. The implemented in this research methodology is based on a critical analysis of the existing literature.
Specifically, this paper emphasizes the need to understand the concept of vulnerability of critical infrastructure in terms of attributes of the system rather than flaws. It also highlights the marginalization of identification of vulnerability of critical infrastructure only to pre-event actions and its limited applicability solely to physical domain. Due to inability to foresee and prevent all threats from occurring, the approach to critical infrastructure protection requires adaptation of a new strategy based on identification of root causes of vulnerability related to capacity, competence and performance of critical infrastructure.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Similar content being viewed by others
References
Klaver, M., Luiijf, H., Nieuwenhuijsen, A.: RECIPE : good practices manual for Cip policies, for policy makers in Europe (2011)
Carvalhaes, T., Markolf, S., Helmrich, A., Kim, Y., Li, R., Natarajan, M., et al.: COVID-19 as a Harbinger of Transforming Infrastructure Resilience. Frontiers in Built Environ. 6(148), 1–8 (2020). https://doi.org/10.3389/fbuil.2020.00148
Theocharidou, M., Giannopoulos, G.: Risk Assessment Methodologies for Critical Infrastructure Protection. Part II: a New Approach, Joint Research Centre, European Commission, Luxembourg (2015). https://doi.org/10.2788/621843
Zio, E.: Challenges in the vulnerability and risk analysis of critical infrastructures. Reliab. Eng. Syst. Saf. 152, 137–150 (2016). https://doi.org/10.1016/j.ress.2016.02.009
Kröger, W., Zio, E.: Vulnerable Systems. Springer (2011). https://doi.org/10.1007/978-0-85729-655-9
ISO, BS: 27001: 2013. Information technology – Security techniques – Information security management systems - Requirements. BSI (2013)
Department of Homeland Security, DHS Risk Lexicon- 2010 edition, Washington, DC (2010). 21 Apr 2022 https://www.dhs.gov/xlibrary/assets/dhs-risk-lexicon-2010.pdf
Brooks, N.: Vulnerability, risk and adaptation: A conceptual framework. Tyndall Centre Working Papers, 38, (2003)
Tomalska, A.: Preparing critical infrastructure for the future: Lessons learnt from the Covid-19 pandemic. Secur. Defence Q. (2022). https://doi.org/10.35467/sdq/146603
Egan, M.: Anticipating future vulnerability: defining characteristics of increasingly critical infrastructure-like systems. J. Contingencies Crisis Manage. 15, 4–17 (2007). https://doi.org/10.1111/j.1468-5973.2007.00500.x
Ranney, M., Griffeth, V., Jha, A.: Critical Supply Shortages - The Need for Ventilators and Personal Protective Equipment during the Covid-19 Pandemic. N. Engl. J. Med. 382(18), e41 (2020). https://doi.org/10.1056/NEJMp2006141
European Commission: Proposal for a Directive of the European Parliament and of the Council on the resilience of critical entities. COM (2020) 829 final. European Commission, Brussels (2020)
Galbusera, L., Cardarilli, M., Giannopoulos, G.: The ERNCIP Survey on COVID-19: Emergency & business continuity for fostering resilience in critical infrastructures. Saf. Sci. 105161, 139 (2021). https://doi.org/10.1016/j.ssci.2021.105161
Baker, G.: A Vulnerability Assessment Methodology for Critical Infrastructure Sites. In DHS Symposium: Rand D Partnerships in Department of Homeland Security, Boston, Massachusetts (2005)
Linkov, I., Bridges, T., Creutzig, F., Decker, J., Fox-Lent, C., Kröger, W., et al.: Changing the resilience paradigm. Nat. Clim. Chang. 4(6), 407–409 (2014). https://doi.org/10.1038/nclimate2227
Mishra, P.: COVID-19, Black Swan events and the future of disaster risk management in India. Progress in Disaster Science, 8 (2020). https://doi.org/10.1016/j.pdisas.2020.100137
Longstaff, P.: Security, resilience, and communication in unpredictable environments such as terrorism, natural disasters, and complex technology. Harvard University, Cambridge, Massachusetts, Center for Information Policy Research (2005)
Schmid, B., Raju, E., Jensen, P.: COVID-19 and business continuity – Learning from the private sector and humanitarian actors in Kenya. Prog. Disaster Sci. 11, 1–8 (2021). https://doi.org/10.1016/j.pdisas.2021.100181
McGill, W., Ayyub, B.: The meaning of vulnerability in the context of critical infrastructure protection, in Critical infrastructure protection: Elements of risk, pp.25–48, George Mason University, Fairfax (2007)
Petit, F., Bassett, G., Black, R., Buehring, W., Collins, M., Dickinson, D., et al.: Resilience measurement index: An indicator of critical infrastructure resilience, Office of Scientific and Technical Information (OSTI), Argonne National Laboratory (2013)
Cardona, O., Van Aalst, M., Birkmann, J., Fordham, M., McGregor, G., Rosa, P., et al.: Determinants of risk: Exposure and vulnerability. In: Managing the Risks of Extreme Events and Disasters to Advance Climate Change Adaptation: Special Report of the Intergovernmental Panel on Climate Change. Cambridge University Press, pp. 65–108 (2012).https://doi.org/10.1017/CBO9781139177245.005
Presidential Policy Directive – PPD21: Critical Infrastructure Security and Resilience (2013). Available at: https://obamawhitehouse.archives.gov/the-press-office/2013/02/12/presidential-policy-directive-critical-infrastructure-security-and-resil, last accessed: 2022/03/24
Federal Emergency Management Agency: Business Process Analysis and Business Impact Analysis User Guide, DC: Department of Homeland Security (2019)
Cybersecurity & Infrastructure Security Agency: National Critical Functions Status Update to the Critical Infrastructure Community, U.S. Department of Homeland Security (2020)
ISO, BS: 22301: 2012. Societal security. Business continuity management systems. Requirements. BSI (2012)
Torabi, S.A., Rezaei Soufi, H., Sahebjamnia, N.: A new framework for business impact analysis in business continuity management (with a case study). Saf. Sci. 68, 309–323 (2014). https://doi.org/10.1016/j.ssci.2014.04.017
Anwar, M., Gill, A., Fitzgibbon, A., Gull, I.: PESTLE+ risk analysis model to assess pandemic preparedness of digital ecosystems. Secur. Priv. 5(1), e187 (2022). https://doi.org/10.1002/spy2.187
Bruneau, M., Chang, S., Eguchi, R., Lee, G., O’Rourke, T., Reinhorn, A., et al.: A framework to quantitatively assess and enhance seismic resilience of communities. Earthquake Spectra, (19)4, pp. 733–752, (2003). https://doi.org/10.1193/1.1623497
Fisher, M., Gamper, C.: Policy evaluation framework on the governance of critical infrastructure resilience. Inter-American Development Bank, Washington, D.C. (2017)
Monstadt, J., Schmidt, M.: Urban resilience in the making? The governance of critical infrastructures in German cities. Urban Stud. 56(11), 2353–2371 (2019). https://doi.org/10.1177/0042098018808483
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2023 The Author(s), under exclusive license to Springer Nature Switzerland AG
About this paper
Cite this paper
Tomalska, A. (2023). The Understanding of Vulnerability of Critical Infrastructure. In: Hämmerli, B., Helmbrecht, U., Hommel, W., Kunczik, L., Pickl, S. (eds) Critical Information Infrastructures Security. CRITIS 2022. Lecture Notes in Computer Science, vol 13723. Springer, Cham. https://doi.org/10.1007/978-3-031-35190-7_17
Download citation
DOI: https://doi.org/10.1007/978-3-031-35190-7_17
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-031-35189-1
Online ISBN: 978-3-031-35190-7
eBook Packages: Computer ScienceComputer Science (R0)