Towards Risk Assessment of Critical Infrastructures: Experiences Gained from Quasi Real-Time Vulnerability Assessment of the Transportation of Dangerous Substances by Road

Past and recent terrorist attacks have put into question the vulnerability of our society to the terrorist threat. The European citizen has questioned the ability of the Institutions to ensure an adequate and balanced level of security over the territory. In October 2004, the European Commission, prompted by the European Council and an increasing public concern over security, issued a communication on “Critical Infrastructure Protection in the Fight against Terrorism” to undertake a challenging European Programme to Protect Critical Infrastructures and other European key assets against the threat posed by terrorism and other negative intentional acts, in close cooperation with Member States and other stakeholders [1]. But as not all infrastructures can be protected from all threats, harmonized methods, inspired by risk management techniques, are needed to address, in a single comprehensive security management model, the existing and emerging threats to critical infrastructures, their vulnerability and criticality, and the defense layers and other cost-effective protective measures that can be implemented. This paper highlights the aspects to address in order to apply risk analysis techniques to the analysis of social vulnerability against critical infrastructure disruptions. In particular, it reports on the experience gained during the implementation of SIMAGE–Transportation Pilot system [2]. Notably, the Transport sector is one category of Critical Infrastructure that has been repeatedly the target of terrorist actions. Consequently, Transport has to guarantee an elevated level of protection and security. Moreover, it is especially important for the case of the transport of dangerous substances, where the nature of the shipment can be exploited by terrorists to disrupt or destroy other critical infrastructures. 1.0 INTRODUCTION Some infrastructures are considered critical because they are providing vital services and support to societies. Such infrastructure can be damaged, destroyed or disrupted by deliberate acts of terrorism, natural disaster, negligence, accidents or computer hacking, criminal activity and malicious behaviour. This is the incipit of the Green Paper issued by European Commission in November 2005 [1]. The scope of the Green Paper was to define the role of the Commission with respect to establishment of European Programme to Protect Critical Infrastructures. This Program aims at ensuring that there are adequate levels of protective security on critical infrastructure, minimal single points of failure and rapid, tested recovery arrangements throughout the Union. The risk analysis approach is a valuable method for supporting the analysis of critical infrastructures it is paramount that the assessment of the consequences of their failure/disruption takes into account the direct effect in the infrastructures as well as other coupled infrastructures and in the society at large. This paper aims also to show how information technology can provide the necessary data to support the protection of critical infrastructures. During the past years we have tested the capability of number of information and communication technologies (ITC) to develop monitoring system, possibly working in real time, to support risk management of dangerous goods transportation. In the first part of this paper the key elements that need to be defined in order to characterize a critical infrastructure will be illustrated. The second part of the paper will report the results of a 3-year development and testing of a pilot system that monitors in real time the transport of hazardous substance by road in Italy (SIMAGE – Transportation Project) and the experience gained in order to highlight the advantages and the bottlenecks of such an approach for the protection of critical infrastructures. The implementation and the initial results of this project have already been presented at previous VGR conferences; this paper will focus only on further potential developments [2, 3, 4, 5]. 2.0 CRITICAL INFRASTRUCTURE Critical Infrastructures are systems or networks or supply chains that support the delivery of an essential product or service [1]. Many other definitions of Critical infrastructures may be found in the literature.[e.g. 6, 7, 8, 9] Essentially an infrastructure can considered as an integrated socio-technical system. More difficult is the interpretation of the concept of criticality. [e.g. 8, 9, 10]. If, on the one hand, it is rather clear and intuitive what is an infrastructure, on the other hand, it is unclear to define why some infrastructures should be considered critical. The etymological root of “critical” is linked to the term of “crisis” referring to a “change of state of a system” which implies a time of great difficulty or danger. Most often, the definition of critical infrastructures has been elaborated in the context of critical infrastructure protection [7]. Reviewing world-wide critical infrastructure protection activities, Ritter and Weber state that “the definitions of critical infrastructures in different countries are as diverse as the concepts of infrastructure protection that have been developed in those countries” [11]. Therefore, the notion of “critical infrastructure” that emerges from a technical scientific context is coloured with socio-political attributes [8]. With this view, an infrastructure can be considered critical because it affects areas of vital sustainable social life. 2.1 The role of risk analysis on Critical Infrastructures protection Past and recent terrorist attacks have put into question the vulnerability of our society to the terrorist threat. The European citizen has questioned the ability of the Institutions to ensure an adequate and balanced level of security over the territory. Given the importance of their reliable and secure operations, understanding the behaviour of infrastructures – particularly when stressed or under attack is crucial for modern societies. According to a theoretical approach, the analysis of criticality of infrastructures can be made referring to risk analysis methodology. Kaplan and Garrick argued that when one asks: “What is the risk? One is really asking three questions [13]: • What can happen? • What is the likelihood of it happening? • If it does happen, what are the consequences? The application of this approach to infrastructures is complex, considering that the failure of these infrastructures can cause extensive consequences for populations and upon socio-economic activities. To a certain extent, the first two questions can be easily investigated even for critical infrastructures [14, 15]. Regarding the third question, it is extremely complicated to assess what can be the consequences due to the interdependent nature of these systems. Effectively, lifeline infrastructures are generally characterised by strong interrelations, which favours the propagation of vulnerabilities from one system to another through cascading effects. [16, 17, 18] Interdependency effects occur when an infrastructure disruption spreads beyond itself to cause appreciable impacts on other infrastructures, which in turn cause more effects on still other infrastructures. When an infrastructure system suffers an outage, it is often possible to estimate the impact of that outage on service delivery (direct effects). However, that outage may also diminish the ability of the infrastructure to deliver the level of services that they normally provide. Considering the multitude of effects that an infrastructure failure can generate, it becomes rather difficult to assess scenario’s using top-down conventional mathematical theories (e.g. PRA) [9, 14, 15]. This difficulty is manly due to the evaluation of the interdependency of overall infrastructures and to the assessment of impacts to societies. Therefore, it is required to consider the effects of interdependencies among networks and systems that constitute potential targets. In the literature four different types of interdependency have been suggested: • Physical interdependency – two infrastructures are interdependent because the exchange material or energy and the status of one is related to status of the other one. • Cyber interdependency – two infrastructures are interdependent because the exchange information. • Geographical interdependency – two infrastructures are interdependent because the geographical proximity. • Logical interdependency – two infrastructures are logical interdependent if the state of each infrastructure is not one of the type mentioned above. (e.g. policy and regulatory activities). The Table 1 reports some of the methodology and techniques that can be used to simulate interdependency. It could be argued that considering the different ways of propagation of impacts of an infrastructure failure, a society can be exposed to different types of impacts. For such reason the typical risk analysis methods can be adapted in order to assess the criticality of a complex system but it can not be used to quantify impacts on societies. Risk analysis methods typically measure the morbidity, but other effects such as for example economical loss or political instability can be considered more relevant to a society. Apostolakis, on the base of Multi-attribute Utility Theory, suggested evaluating the expected disutility as basis for ranking the infrastructure elements [9]. It could be argued that disutility for a civil community can be multifaceted and it must reflect the perception and preferences of stakeholders. In these terms the availability and the integration of multi-source information is a crucial issue. Decision-making processes for managing and defining policies related to the protection of infrastructure is still in early stage but becoming more and more relevant in the agenda of politicians. Raising public concerns on social infrastructure role requests public authorities to collect more accurate information. Unfortuna