Preface

Critical infrastructure (CI) provides, better than any other metaphor, the representation of a large "System of Systems" providing primary functions and vital services for societal life. They support citizens' activities and constitute a necessary component for all industrial and economical value chains. Their protection and the enhancement of systemic resilience must be thus a primary concern of modern countries. CI, together with technological functions and essential services, carries on a strong social value as it transports psychological side images related to the perception of public security, social cohesion, and technological efficiency, in a way that the safeguard and optimal management are elemental in contributing to the citizens' trust in public institutions.

Such multiple relevances are, however, accompanied by a number of issues that make CI management and protection difficult, leaving them prone to their intrinsic and extrinsic vulnerabilities of natural and anthropic events that continuously threaten their integrity; for example, voluntary attacks to the physical and the cyber scale are threats. This further increases their complexity leading to the need for identifying new strategies to overcome limitations and achieve their "smart management."

The major issues enhancing complexity and vulnerability in the CI domain are related on the one hand to their mutual interdependencies and, on the other hand, to the current *linearization* of their management. Dependencies and inter-dependencies are due to the intense exchange of services among CI with the consequent emergence of dangerous perturbations that can propagate from one system to other connected systems. Perturbations might expand instabilities, reduce functionality in time and space, and consequently transform a local impact into consequences that might extend on larger scales and last for longer periods of time.

Management *linearization* results from the current ownership fragmentation of CI: different operators own and manage their CI independently from the others (even from those that provide services to them) as if the bundle of CI was only weakly interacting. Only in this case would *linearized* management be effective; however, this is not the case and the strong coupling between CI operators makes the *linearized* management strategy much less effective and unable to produce optimal results, particularly in the case of strong perturbations occurring in extended crises.

In order to overcome the negative effects produced by these issues, technology must provide new tools and new ideas for smarter management of CI that, although accounting for the unavoidable constraints (i.e., ownership fragmentation, industrial competitions among players insisting on the same CI, etc.), can improve the current management efficacy and enhance the resilience at the "systemic" scale. Resilience, by far, is the more important endpoint of all efforts: after having abandoned the unrealistic claim of enduring complete invulnerability to the assets, resilience offers a smart, adaptive property that allows a system to regain its equilibrium configuration, rapidly and effectively, after a reduction (or even the loss of it) due to some perturbations.

Although providing direct services on their own (electricity and other energy products, telecommunication for voice and data, water, and distribution of other products, etc.), specific added-value combinations of CI do allow to realize and dispatch a number of other services (logistics, financial and public health services, etc.); these services, on the one hand, increase the CI relevance as they essentially embrace all domains of a citizen's life but, on the other hand, increases their "attack surface" (i.e., the functions and the points from where they can be hit and receive perturbations).

This volume spans over several areas and highlights a number of different issues related to the management and the protection of CI.

As resilience is the most relevant property, it is described as being enhanced by improving capabilities in the modeling and simulation approach (Foglietta and Panzieri), by improving risk analysis in infrastructure projects (Tepeli), by introducing a criticality index to estimate the economic damage associated to all the hazards (Gerboni et al.), by improving situational awareness (Jovanovic et al.), and by stressing the importance of integrating dependency mechanisms linking different infrastructures in a unique system of systems (Rosato et al). All efforts should be addressed to improve the survivability of critical elements (Oliva et al.); this book describes the attempts of simulating networks, such as gas pipelines, at the specific infrastructure scales (Rehak et al.), and also their subsea installation (Lepikhim et al.). Several contributions deal with the different classes of hazards that menace the physical and control integrity of the assets: the case of threats coming from the cyber domain (Klaver and Luiijf) and other cases coming from flooding and similar natural events that could either intensify damage due to climatic changes or hit underdeveloped countries (Nkwunonwo). Critical infrastructure might impact tourism (Mazurekova) and other activities, as it occurred in 2020, the year of the worldwide pandemic (its report in Italy has been described by Inzerilli et al.).

A major outcome of the last ten years' activities in the research domain of critical infrastructure protection is the understanding of the need for a coherent action at the level of large, international communities, for instance at the level of the European Union (EU), to elaborate a homogeneous level of protection to the most critical infrastructure. The system of critical infrastructure has assumed a transnational identity and cannot be treated anymore as if it were composed of separate entities with local (i.e., at the level of a single country) dimension. To this end, the EU is preparing a new directive (which will be issued in late 2021/early 2022) with the aim of supporting member states to more proactive management of their strategic assets and to a more homogeneous protection level (particularly against the cyber risk and toward new threats that are going to arise due to climatic change).

This new EU initiative calls, with renewed strength, to the establishment of some EU-wide initiative allowing to cope with such new ambitious, albeit unavoidable, goals. A relevant and appropriate suggestion has been proposed, in a far-sighted way, by EU FP7 Project CIPRnet in 2014 (ciprnet.eu): the establishment of a constellation of National Competence Centers devoted to the support of CI operators and public authorities dealing with critical infrastructure protection. The initiative called the European Infrastructure Simulation and Analysis Centre (EISAC) has been boosted by advanced technological systems enabling EISAC centers to provide the needed support: the overviewing of the system of interconnected critical infrastructure through continuous monitoring and 24/7 risk analysis, providing a shareable systemic awareness to all operators to be used to manage them in ordinary times and to recover their functions after a crisis by allowing the establishment of a global optimum

**V**

configuration rather than of a sequence of local optima. The establishment of the first node of the constellation, EISAC.it (the Italian node), is underway. This will also nucleate and support the birth of new EISAC centers in the other EU member states in

These types of initiatives have a two-fold beneficial impact: on the one hand, they can gather new technological platforms and instruments from the R&D domains and provide them an operational endpoint that could effectively provide a significant benefit to citizens. On the other hand, they carry on the idea of better collaboration and cooperation among the different CI owners by adopting a systemic perspective for the protection of critical assets. We must all collaborate on the well-being and the progress of societies. There should be no further return to a "divide and rule" strategy. It should no longer be allowed and must be replaced by a new cooperative model. This is the only appropriate management strategy to manage strategic assets within

> **Vittorio Rosato and Antonio Di Pietro** ENEA Casaccia Research Centre,

> > Rome, Italy

Department of Energy Technologies and Renewable Sources,

the coming years.

modern, entangled structures.

configuration rather than of a sequence of local optima. The establishment of the first node of the constellation, EISAC.it (the Italian node), is underway. This will also nucleate and support the birth of new EISAC centers in the other EU member states in the coming years.

These types of initiatives have a two-fold beneficial impact: on the one hand, they can gather new technological platforms and instruments from the R&D domains and provide them an operational endpoint that could effectively provide a significant benefit to citizens. On the other hand, they carry on the idea of better collaboration and cooperation among the different CI owners by adopting a systemic perspective for the protection of critical assets. We must all collaborate on the well-being and the progress of societies. There should be no further return to a "divide and rule" strategy. It should no longer be allowed and must be replaced by a new cooperative model. This is the only appropriate management strategy to manage strategic assets within modern, entangled structures.

> **Vittorio Rosato and Antonio Di Pietro** ENEA Casaccia Research Centre, Department of Energy Technologies and Renewable Sources, Rome, Italy

Section 1

Resilience as a Key Property

of Critical Infrastructure

**1**

Section 1
