Infrastructures such as telecommunications, energy and transportation are becoming increasingly dependent on each other, especially through the increased use of information and communication technology (ICT). ICT pervades rapidly into all areas of society, industry and government. It acts as a vital cross-sector dependency linkage between critical infrastructures. Therefore, the consequences of disturbances of the underlying ICT-networks may be serious, as cascading effects may occur.
Marieke Klaver and Eric Luiijf at TNO are conducting research to gain more insight into the dependencies of large-scale infrastructures. “ICT has brought major improvements to critical infrastructures,” says Klaver, “such as opportunities for scale-up. Direct human input is no longer required at every step in the process, which saves time and reduces the risk of human errors.”
“At the same time, increased ICT dependency and scale-up lead to increased vulnerability,” adds Luiijf, “albeit a different kind of vulnerability. Imagine a major power breakdown. It doesn’t only disrupt critical infrastructures themselves, but it may also prevent crisis managers from communicating with each other.”
The project examines the entire chain of responsibilities and events in case of crisis in critical infrastructures. Where do the dependencies lie, which are the vulnerabilities, and which are the factors that influence these? How can cascading effects be minimised? “This means that we are mapping critical infrastructures as a whole,” explains Luiijf. “We are collecting information on past incidents. What went wrong and why? How could these incidents have been prevented?”
One of the findings is that the organisational design of the ICT environment may be more vulnerable today than it used to be. Klaver: “In terms of ICT, the office environment used to be separated from the production environment, for instance. Today they are often integrated. If the ICT fails, it fails everywhere, which exacerbates the problem. Our analyses aim to identify how such integrated ICT departments can be protected from overall failure. Compartmentalisation may be a solution, for instance.”
Klaver and Luiijf hope that their insights and recommendations will find their way into companies and government bodies. “Changes will not occur overnight,” says Luiijf, “because they require a paradigm shift as well as significant investments. Our first challenge is to convince the major players of the importance of looking critically at their ICT dependencies.”