How to Take a Punch
In the world of critical infrastructure protection, “resilience” is the word of the day. Its leading proponent, homeland security scholar Stephen Flynn, president of the Washington, D.C.-based Center for National Policy (CNP), is fond of urging both policymakers and the private sector to ensure that society “cannot only deliver a punch but that it can take a punch.” The advice has taken root, and infrastructure resilience is now a primary policy goal emphasized in both the revised National Infrastructure Protection Plan and the National Security Strategy released by the White House in 2010.
For infrastructure sectors that are networked, like information technology and shipping, achieving resilience is a challenging task, but one that is relatively intuitive—systems can adapt to disruptions so that data and materials are rerouted to reach their destinations. Adapting the concept to “brick and mortar” infrastructure like roads and commercial facilities is more challenging.
To make these assets more resilient requires a two-pronged approach, one aimed at the existing infrastructure and the other at ensuring the resilience of future systems and structures.
The first step in enhancing the resilience of legacy systems is directing attention to fundamentals like maintenance, planning, risk assessment, mitigation, partnerships, and testing.
Maintenance. Infrastructure protection experts agree that diligent monitoring and maintenance of infrastructure is the cornerstone of resilience. Examples of maintenance deferment that either caused or exacerbated crises and disasters include the Northeast blackout in 2003, the New Orleans levee failures in 2005, and the I-35W bridge collapse two years later in Minneapolis.
Properly maintained infrastructure components may still fail, but when they do—whether due to an internal problem or outside forces—they are likely to be restored more quickly, a critical factor since recovery time is key in resilience.
As proof of that, Robert Prieto, former chairman of infrastructure firm Parsons Brinckerhoff, noted that the better maintained subway lines running near and under the World Trade Center “suffered less collateral effects when a portion of the system was stressed to failure” and “fared better in both the response and recovery phases.”
He made those observations in a paper for London’s Royal Academy of Engineering. The lesson, wrote Prieto, is that “deferred maintenance represents a real cost and a real risk.” The cost of failure far outweighs the cost of prevention, not only for society but for owner-operators.
Assessment. Risk assessments should be conducted with an eye toward boosting resilience; that means going beyond the traditional security concerns of life safety and protection from malicious acts to consider how the infrastructure can withstand or recover from all hazards, whether internal or external, natural or man-made.
Those carrying out the assessment must define what constitutes core functions and the internal personnel required to maintain those functions. Based on those determinations, they can assess core dependencies.
The most critical functions are often the easiest to overlook. Water, wastewater removal, and electricity are among the fundamental issues cited by experts with the Department of Homeland Security’s (DHS) Office of Infrastructure Protection (OIP), and by the Defense Critical Infrastructure Program (DCIP), a Pentagon office that serves the military and the defense industrial sector.
Managers must also identify the sources of materials and services that are critical to core functions. In each case, they must then identify potential single points of failure. These might include single vendors an operation relies on for a critical commodity or service. In the case of dependence on traditional infrastructures like utilities and transportation for shipments, potential single points of failure are often physical: a single pipeline bringing in water or natural gas, for example. Important to consider is the “tight coupling” of many critical infrastructure components, like rail and utility lines carried across the same bridge.
Mitigation. Owner-operators must then determine how to mitigate the risks and provide alternatives to potential single points of failure. Fundamental mitigation measures suggested in DCIP’s Infrastructure Resiliency Guide include ensuring that wastewater systems are not housed in close proximity to any water supplies and ensuring that critical electronics and computer systems are not housed in areas relying on water-based sprinkler systems for fire suppression.
In some cases, single points of failure can be mitigated with redundancy. One example would be establishing enough backup power generation capability to support core functions for some designated period of time, such as a week, to ride out any disruption until power has been restored.
Providers. In the case of sole-source vendors, managers must identify alternative providers who can step in if a primary vendor’s service is disrupted. In drawing up contingency contracts with vendors, management should seek priority service clauses that give the operator priority in an emergency, according to the DCIP.
Owner-operators should also reach out to entities that provide vital resources or services, educate them about matters of continuity and resilience, and urge them to implement their own continuity plans, assessments, and policies. Many experts advise making continuity programs a prerequisite for doing business with vendors.
Physical security. Traditional, risk-based physical and IT security are obvious requirements for a resilient enterprise. In that context, DCIP notes the importance of fundamental measures in security systems, like dedicated access controls for critical IT and supervisory control and data acquisition (SCADA) systems, which are used to control industrial processes.
Experts note that not all high-risk interdependencies can be eliminated. One example is tightly coupled infrastructure systems, like power and other utility lines that share the same rights of way to a site. This, according to DCIP, is a case where heightened protection of those physical areas is likely the best way to cut risk.
Federal help. The private sector owns and operates much of the nation’s critical infrastructure, but it does not have to address risk and resilience assessment and mitigation on its own. OIP works to increase resilience nationally through its Protective Security Advisor (PSA) program. PSAs assigned at the state and regional level conduct site assistance visits (SAVs) to help owner-operators of critical infrastructure identify vulnerabilities and interdependencies.
When conducting the more involved Enhanced Critical Infrastructure Protection (ECIP) security assessments, PSAs survey the full breadth of a site’s security and risk management programs, delivering to management numerical scores on both security and resilience. A Web-based ECIP dashboard allows managers to input different mitigation options to see how much each measure would reduce risk.
The independent U.S. Government Accountability Office (GAO) recently reviewed OIP’s efforts to boost resilience. The study found that the program did some things well but recommended enhancements. For example, the office should start to track and quantify efforts to improve resilience after SAVs, and the office should formalize guidance for resilience education during the visits, the GAO report said.
OIP urges owner-operators across the 18 DHS-designated critical infrastructure sectors that have not had SAVs or ECIP assessments to request one by contacting the office, either via DHS or through their jurisdictions’ state or regional intelligence fusion centers.
Partnerships. In addition to third-party contract considerations, infrastructure owner-operators can maximize resilience by partnering with government and interdependent stakeholders via mutual- assistance agreements.
In addition, companies should engage local first-response and regulatory agencies long before any incident or crisis arises. Organizations can educate first-response agencies about their facilities, risks, and possible needs in a crisis. At the same time, owner-operators can learn what government agencies do and do not offer. Probably most important, the two sides will forge the relationships that grease the skids of response and recovery when emergencies occur.
Exercises. As with any plan, resilience plans must be tested. Experts recommend that organizations run annual exercises to train employees, to evaluate contingency procedures, and to identify potential gaps.
Exercises should involve multiple stakeholders, including relevant regulatory and first-response agencies. By engaging these government partners, owner-operators may gain opportunities to participate in larger government-run exercises involving an even broader range of resources.
As new projects replace existing infrastructure, government agencies and owner-operators have the opportunity to improve resilience from the ground up.
The simplest means of achieving resilience is redundancy. Mathew Francis, chair of the American Society of Civil Engineers’ (ASCE) Committee on Critical Infrastructure, tells Security Management that many physical infrastructure projects incorporate redundancies, such as twin pipeline river crossings, dual-use airport taxiways for emergency landing strips, secondary tank or reservoir spill containments, and auxiliary cooling towers.
“The more critical an asset, the easier [it is] to justify such redundancies with a blend of resilience measures, both operational and physical,” Francis says.
Redundancy, however, is prohibitively expensive in most infrastructure projects. And the broader end-game of resilience, from the national down to the community level, requires more, according to expert guidance like the National Research Council’s (NRC) Sustainable Critical Infrastructure Systems: A Framework for Meeting 21st Century Imperatives.
Planning for resilience should be approached regionally, with emphasis on the interdependence of various infrastructure nodes and systems. For example, even if a jurisdiction could afford two bridges in and out of town, planners would be wise to look at the broader regional context and plan for a suite of transportation options to establish resilience: a bridge, improved road infrastructure, ferries, and a multi-bore tunnel to serve cars and other means of transportation, like passenger rail.
More important, according to the NRC report and ASCE’s Guiding Principles for the Nation’s Critical Infrastructure, planning must be based on an assessment of likely service needs of the area. Since infrastructure systems can and often do serve populations for decades if not centuries, that process must consider potential development and population changes, as well as natural phenomena.
One jurisdiction at the vanguard of the infrastructure issue, as it has been for centuries, is the New York City region. New York City and the Port Authority of New York and New Jersey have undertaken a multipronged effort to prepare for the likely events of the coming century—such as the risk of sea-level rise.
Najib Abboud, a principal at the New York-based engineering firm of Weidlander Associates Inc. and a veteran of port authority projects, addressed the issue at a recent CNP panel discussion. He noted that potential single points of failure—the electrical transformers at the city’s waterfront airports—were being elevated at least six feet off the ground.
Other measures may not be practical. “Even if we had the money, we couldn’t put another meter of bridge around New York. We have no outlet for it. We couldn’t build the ramps….” Abboud said.
The port authority recently launched its Applied Center of Excellence for Infrastructure Resilience in conjunction with CNP to study emerging concepts in infrastructure resilience. The goal is to marry cutting-edge research in security and resilience with ongoing port authority projects, like construction at the World Trade Center site in Manhattan, David Tweedy, the port authority’s chief of capital planning, told attendees at a recent Washington, D.C., resilience conference sponsored by McGraw Hill Construction publishing. “We’re working with Dr. Flynn to be in a position where the port authority acts as a laboratory,” Tweedy said.
Acknowledging the importance of maintenance in sustainability and resilience, ASCE recommends that life-cycle costs—not just construction—be considered when planning projects that will mitigate risk and stand the test of time.
ASCE further recommends that governing bodies responsible for critical infrastructure—often quasi-governmental or multi-jurisdictional authorities—establish governance protocols for change management, adjusting to expected and unforeseen circumstances and risks.
Another stakeholder group, the Industry Council for the Built Environment (ICBE), recommends creation of industry-accepted metrics for infrastructure resilience. Establishment and wide acceptance of such metrics is a ways off, Tweedy tells Security Management. Francis, of ASCE, meanwhile says that the engineering and related communities are working together internationally to establish a common framework for the issue.
ICBE also recommends incentives for building resilience into plans. Incentives could include tax breaks or fast-tracking to government approval. Another suggestion is to require resilience measures for government-funded projects.
Leadership must come from the top, stakeholders say. The NRC’s report urged establishment of a national vision, like presidents Eisenhower and Kennedy articulated for the interstate highway system and the space program, respectively.
Along with the White House and DHS, trade organizations like ASCE, the American Planning Association, and the American Institute of Architects are pushing the resilience concept at the state and local levels, hoping it will find a place alongside concerns like sustainability and “green” engineering. “The conversation is beginning to happen,” says Sean Burke, vice president and senior fellow at CNP, “but it’s not very far along.”