Much attention and many resources are given over to providing for the protection of critical infrastructure. To date, most efforts have been towards identifying critical infrastructures and building resilience into the organizations that run them. In Australia at least, not enough thought has been given to the interdependence of infrastructures. The ways in which infrastructures interact with and depend on each other open up and magnify vulnerabilities that sectors may not have anticipated.
Early definitions of national security typically were concerned with the ongoing survival of a country. These days, there has been a shift in thinking, and in a way the bar has been raised, with national security now referring to the maintenance of the well-being of the nation state that is supported by a dynamic and interconnected series of critical infrastructure.
The critical infrastructure sectors identified in Australia by the Attorney-General’s Department are:
- Banking and finance
- Communication (including telecommunications and broadcasters)
- Emergency services
- Energy
- Food chain
- Health
- Mass gatherings (including shopping centres and sporting grounds)
- Transport (including aviation, maritime and surface transport)
- Water services
Criticality is typically defined as a measure of the consequences associated with the loss or degradation of a particular asset, including consequences of loss (such as, economic, financial, environmental), restore times and the relative ‘attractiveness’ of the target. The assessment of criticality of assets in some Australian agencies is based on a conventional risk management approach; risk = likelihood x consequences. The level of likelihood determined is directly related to the assessed attractiveness of an asset to the threat in question. Consequences is determined via a formula containing three variables: impact on economic well-being, facility downtime, and impact on social/environmental well-being. The scoring table for economic well-being is based on generic descriptors, such as significant state or regional economic loss, and social/environmental well-being is determined by the number of customers affected.
The final result is a quantitative measure of criticality, the highest levels being marked critical infrastructure of federal and state significance, down to of low importance at an organizational level.
There are two key omissions from the various risk management frameworks for infrastructure. The first is that the risk assessment takes place on an internal level to the individual organizations. However, something identified as a critical risk in organization A may not have nearly as much impact on society as something identified as medium risk by organization B. What is lacking is an independent external measure, and the development of such a measure could quite feasibly be incorporated into the responsibilities of existing groups responsible for bringing together Australian infrastructure sectors.
The second failing is that, when analysing the fallout of damage to their infrastructure, organizations will only look at the impact on those directly reliant, and typically give only cursory attention to flow-on effects that arise from the interdependencies of infrastructure networks and that can magnify overall fallout, and may result in misallocation of risk.
A necessary step in providing adequate protection against threats to critical infrastructure is the identification of vulnerabilities, and key vulnerabilities can be found in, and magnified by, a concept known as interdependency.
An interdependency is a bidirectional relationship between two infrastructures through which the state of each infrastructure influences or is correlated to the state of the other (Laprie, Kanoun & Kaaniche, 2007). A bidirectional relationship exists where a depends on b through some links, and b on a for others. There are four principle types of interdependence (Rinaldi, Peerenboom & Kelly, 2001):
- Physical – a physical linkage between the inputs and outputs of two infrastructures
- Cyber – an infrastructure has a cyber interdependency if its operation depends on information transmitted through communications networks
- Geographical – if infrastructures can be affected by a local environmental event (for example, the Goulburn St carpark structure houses two train lines, two electricity cables, part of the Sydney CBD’s water supply and a telephone exchange)
- Logical – ‘a control schema’ that links two infrastructures without any direct physical, cyber or geographic connection. For instance, rolling blackouts could reduce confidence in a country’s economy, affecting the local finance industry, which in turn would then struggle to fund upgrades to the electricity sector.
The communications, energy, transportation, and banking and finance sectors are considered to be particularly interdependent and highly connected, whereas the water, health, food and emergency services sectors are regarded as being dependent infrastructure.
Interdependencies are one of the greatest weaknesses of modern infrastructure systems, greatly increasing the vulnerability of corresponding infrastructures as they give rise to multiple error propagation channels from one infrastructure to another, making seemingly safe sectors more prone to exposure to accidental and malicious threats.
There are three types of failures relevant when analysing interdependent infrastructures (Laprie, Kanoun & Kaaniche, 2007):
- Cascading failures
- Escalating failures
- Common cause failures
The provision of these facilities and services can no longer be referred to as public infrastructure. In New South Wales, critical infrastructure lies in the hands of both the public and private sector, with approximately 76% publicly owned and 24% privately owned. In some parts of Australia, however, up to 90% of critical infrastructure is privately owned and operated on a commercial basis.
It is not unusual to see the electricity sector sitting at the centre of diagrams demonstrating a country’s overall infrastructure interdependencies. One of the potentially most vulnerable, yet critical, parts of that sector is the transmission network.
Dependents (Samborski, 2009):
- Water (pumping stations, control systems, facilities)
- Communications (switches, exchanges, facilities)
- Emergency response (police/fire/ambulance stations, their communication networks [a cascading dependency])
- Transportation (public transport, goods delivery, signalling and switches)
- Banking and finance (consumer confidence, facilities)
Dependencies:
- Transport (component shipping, access for inspection and repair)
- Communications
- Banking and finance (financial services, investment)
Infrastructure owners historically concerned with the operation of their own, often well-defined domains must now contend with unbounded networks brought about by greater information technology connectivity and the understanding of the proximity of their asset to other infrastructure.
Cyber interdependencies are relatively new, and are the result of “pervasive computerization and automation” of infrastructure over the last few decades (Mendonca, Lee & Wallace, 2004). Every new interdependency opens the door for potential new vulnerabilities. Information technology’s capability to increase operational efficiency also made infrastructure a more attractive investment option. The move towards deregulation of some sectors, such as electricity and natural gas, resulted in the shedding of excess capacity that had previously been mandated by government. The combination of these two factors creates a modern environment where infrastructures are increasingly inter-reliant and have little redundancy in the case of failure.
In Australia, a federal agency, Geoscience Australia, undertook what was referred to as the Critical Infrastructure Analysis – Pilot NSW Critical Infrastructure Project. The pilot project highlighted a number of key features a national governing body would require to successfully evaluate and assess the protection of critical infrastructure. There is a need to:
- Gain high level government and industry backing to facilitate and promote the project because of the sensitivity of the information
- Define and develop models of impact, and tools to assess response and recovery
- Develop an understanding of the dependencies between sectors and interlinkages between business and service providers, especially electricity
- Develop models and assessment tools that link the economic effects to events and interdependencies
As of 2009, key responsibility for this area of study lies with the federal Attorney-General’s Department and their CIPMA (Critical Infrastructure Protection Modelling and Analysis) Program. Most of the emphasis is put on maintaining business continuity plans with the operators of infrastructure (Australian Government, 2007).
The operations research department at the Naval Postgraduate School in California has developed a piece of software based on an attacker/defender mathematical model they are calling VEGA (Vulnerability of Electric Grids Analyzer), designed to analyse weak points in networks and make predictions of the consequences of a failure cascading through interconnected networks. A drawback of this is that it would require gaining buy-in from the military (thus the addition of yet another stakeholder), as their expertise would be needed when searching out inputs for the attack variables.
At the moment, there is a significant likelihood that funds designated for the protection of critical infrastructure in Australia are being misallocated, or used inefficiently, due to threat-analyses with too narrow a scope being conducted. As well as wasting money, there is the possibility that significant vulnerabilities are being exposed in the interconnected networks of Australia’s infrastructures.
The best way forward is through the empowerment of a peak national body responsible for developing and coordinating a significantly more expansive risk management framework, based on expansive studies conducted on Australia’s infrastructure interdependencies.
