**4. Resilience of critical infrastructure subsystems**

The purpose of each critical infrastructure subsystem is to deliver services to recipients. It is therefore essential to ensure that each subsystem is fully functional and that appropriate steps are taken to minimize its failures and curtail the propagation of any potential impacts on society or any other dependent critical infrastructure subsystems. According to existing scientific knowledge, the best and most effective way of minimizing the impacts of critical infrastructure system failures is to reach the highest possible level of resilience with respect to all of its subsystems.

#### **4.1. Definition of resilience**

The term resilience was first defined in connection with the resistance and stability of ecological systems where two types of system behavior were identified [21]. The first type, stability, is the ability of a system to return to an equilibrium state after a temporary disturbance and the more rapidly it returns, the more stable it is. The second type of system behavior, known as resilience, is a measure of the ability of a system to absorb impacts without significant changes to the system status. Over time, this perspective was expanded to include the sphere of sociology, which then led to resilience being explored in socio-ecological systems. Based on the achieved results, the research into resilience gradually spread to other disciplines such as psychology, economy, and engineering.

European critical infrastructure risk and safety/security management comprises an important aspect of modeling the impacts of critical infrastructure failures. In adopting this approach, risks are recognized at an early stage, allowing for a timely indication of impacts on independent critical infrastructure subsystems. The following methodologies should be employed with a view to optimize the risk and safety/security management system and comply with the requirements for crisis preparedness plans applicable to critical infrastructures entities, as an

• Methodology for ensuring the protection of CIs in the production, transmission, and dis-

Implementation of a preferential critical infrastructure risk assessment provides another important basis for the modeling of impacts produced by critical infrastructure failures [20]. This allows the assessor to introduce subjective conditions into an otherwise objective process of risk assessment, providing the assessor with an option to partially influence the assessment process by preferring certain factors over others. The significance of this phase of the assessment process lies in the fact that different entities perceive certain risks from different points of view, which creates a conducive environment for discussion of all stakeholders, ensuring the most appropriate safety/security actions are taken. Moreover, a preferential critical infrastructure risk assessment also provides an important basis for the modeling of impacts of critical infrastructure failures as its results determine vulnerabilities enabling the propagation

The purpose of each critical infrastructure subsystem is to deliver services to recipients. It is therefore essential to ensure that each subsystem is fully functional and that appropriate steps are taken to minimize its failures and curtail the propagation of any potential impacts on society or any other dependent critical infrastructure subsystems. According to existing scientific knowledge, the best and most effective way of minimizing the impacts of critical infrastructure system failures is to reach the highest possible level of resilience with respect

The term resilience was first defined in connection with the resistance and stability of ecological systems where two types of system behavior were identified [21]. The first type, stability, is the ability of a system to return to an equilibrium state after a temporary disturbance and the more rapidly it returns, the more stable it is. The second type of system behavior, known as resilience, is a measure of the ability of a system to absorb impacts without significant changes to the system status. Over time, this perspective was expanded to include the sphere of sociology, which then led to resilience being explored in socio-ecological systems. Based on

• Methodology for selected CIs system resilience element evaluation [18]; and

of impacts throughout the critical infrastructure system [13].

**4. Resilience of critical infrastructure subsystems**

equivalent to the Operator Security Plan:

tribution of electricity [19].

84 System of System Failures

to all of its subsystems.

**4.1. Definition of resilience**

In 2001, Holling shed light on understanding the complexity of economic, ecological, and social systems with the publication of a definition based on two fundamental components of each system, namely hierarchy and adaptive cycles [22]. Together they form panarchy according to Holling. Panarchy can be defined as a structure in which systems of nature and humans are interlinked in never-ending adaptive cycles of growth, accumulation, restructuring, and renewal.

The research into the resilience of socio-ecological systems also sparked an interest in research focused on resilience in society. The resilience of a society is dependent on its ability to respond to a stress factor and can be defined as "*The ability of a system, community or society exposed to hazards to resist, absorb, accommodate, adapt to, transform and recover from the effects of a hazard in a timely and efficient manner, including through the preservation and restoration of its essential basic structures and functions through risk management"* [23].

Resilience gradually began to be defined in general terms for any system, including engineering. Resilience was first described in connection with a critical infrastructure in a document entitled Critical Infrastructure Resilience Final Report and Recommendations [24], where it is defined as the ability to absorb, adapt to, and/or rapidly recover from a potentially disruptive event. By contrast, the critical infrastructure resilience strategy [25] defines critical infrastructure resilience as the ability to reduce the magnitude and/or duration of a disruptive event. These definitions clearly show what constitutes resilience, or rather what characteristics enhance the resilience of a system. For example, Chandra [26], based on his study of socio-ecological systems, includes the following attributes in engineering systems resilience: redundancy, adaptability, flexibility, interoperability, and diversity.

As research into the resilience of critical infrastructures has since been pursued by numerous leading research workers and institutions, the definition of resilience has been repeated over and over again without any added value. However, the different approaches to determining their attributes/aspects/components/properties/characteristics/capacities/abilities/assets/ parameters may be worth mentioning. Below are some examples of the different approaches:


Absorption, the second phase of the resilience cycle, is initiated if a subsystem is disrupted due to an emergency and is determined by the critical infrastructure subsystem robustness. Accordingly, robustness is determined by the ability of a critical infrastructure element to absorb the effects of an emergency. In a critical infrastructure system, two types of robustness are recognized, namely structural and security robustness. Structural robustness is determined by the progress in the decline of a function and the level of redundancy, while security robustness is based on the level of protective measures, detection, and ability to respond.

Failures in a Critical Infrastructure System http://dx.doi.org/10.5772/intechopen.70446 87

The recovery phase starts after the effects of an emergency have worn off. This phase is characterized by recoverability, which is the capacity of a subsystem to recover its function to the required level of performance after the effects of an emergency no longer exist. The success of recovery is determined by the available resources and the time required to complete the

The final phase of the critical infrastructure resilience cycle is adaptation, which is essentially the ability of an organization to adapt a subsystem to subsequent effects of an emergency. It represents the dynamic long-acting ability of an organization to adapt to changes in circumstances. Adaptation is determined by the internal processes of an organization focused on the strengthening of resilience, i.e., risk management and innovation/education processes. However, strengthening of the resilience of a subsystem already occurs during the recovery

The Resilience Assessment and Evaluation of Computing Systems compilation monograph [40] was the first comprehensive overview study exploring critical infrastructure resilience assessment in the field of information and communication technology. Another important monograph, Critical Infrastructure System Security and Resiliency [41], introducing a practical methodology for the development of an efficient system of critical infrastructure

recovery process.

**Figure 6.** Cycle of critical infrastructure resilience.

phase of its performance.

**4.3. Resilience assessment in a critical infrastructure system**

Some experts consider critical infrastructure resilience to be the primary national policy framework and a vital criterion for the future sustainability of cities or infrastructures as such, and argue that, from a broader perspective, resilience is indispensable in terms of population protection and crisis management [33, 37].

#### **4.2. Concept of critical infrastructure resilience**

Based on the accepted definitions, resilience can be said to represent the level of internal preparedness of critical infrastructure subsystems for emergencies or the ability of these subsystems to perform and maintain their functions when negatively affected by internal and/ or external factors. Strengthening resilience (e.g., Action Plan for Critical Infrastructure [38] or Labaka et al. [39]) minimizes the vulnerability of subsystems, which in turn curtails the occurrence, intensity, and propagation of failures and their impacts in a critical infrastructure system and society.

Understanding and clear definition of resilience represent the cornerstone of resilience assessment and strengthen with respect to critical infrastructure subsystems. In fact, critical infrastructure system resilience must be understood as a cyclic process based on continual strengthening of resilience of individual subsystems (see **Figure 6**). The crucial phases of this process are prevention, absorption, recovery, and adaptation.

The first phase of the critical infrastructure resilience cycle is prevention. In individual critical infrastructure subsystems, this is determined by permanent preparedness and protection of each subsystem. Prevention is provided on a continuous basis until a subsystem disruption occurs, at which time it is suspended, and for the duration of the emergency, replaced by absorption.

**Figure 6.** Cycle of critical infrastructure resilience.

• Presidential Policy Directive—Critical Infrastructure Security and Resilience [31]—the abil-

• Hromada et al. [32]—preparedness and adaptability as the basis for the fulfillment of the resilience function. Key indicators: robustness, preparedness, ability to respond,

• Eid et al. [33]—the ability to anticipate, resist, absorb, respond, adapt, and rapidly recover

• Ortiz De La Torre et al. [34]—prepare, prevent, and protect (before the disruption), mitigate, absorb and adapt (during the disruption), and respond, recover and learn (after the

• Bologna et al. [35]—the overall activities of modeling, and analysis of critical infrastructure system aimed to evaluate the ability to prevent, absorb, adapt, and recover from a disrup-

• Nan and Sansavini [36]—ability of the system to withstand a change or a disruptive event by reducing the initial negative impacts (absorptive capability), by adapting itself to them

Some experts consider critical infrastructure resilience to be the primary national policy framework and a vital criterion for the future sustainability of cities or infrastructures as such, and argue that, from a broader perspective, resilience is indispensable in terms of population

Based on the accepted definitions, resilience can be said to represent the level of internal preparedness of critical infrastructure subsystems for emergencies or the ability of these subsystems to perform and maintain their functions when negatively affected by internal and/ or external factors. Strengthening resilience (e.g., Action Plan for Critical Infrastructure [38] or Labaka et al. [39]) minimizes the vulnerability of subsystems, which in turn curtails the occurrence, intensity, and propagation of failures and their impacts in a critical infrastructure

Understanding and clear definition of resilience represent the cornerstone of resilience assessment and strengthen with respect to critical infrastructure subsystems. In fact, critical infrastructure system resilience must be understood as a cyclic process based on continual strengthening of resilience of individual subsystems (see **Figure 6**). The crucial phases of this

The first phase of the critical infrastructure resilience cycle is prevention. In individual critical infrastructure subsystems, this is determined by permanent preparedness and protection of each subsystem. Prevention is provided on a continuous basis until a subsystem disruption occurs, at which time it is suspended, and for the duration of the emergency, replaced by

(adaptive capability), and by recovering from them (restorative capability).

ity to prepare, resist, and rapidly recover.

tive event, either natural or man-made.

protection and crisis management [33, 37].

**4.2. Concept of critical infrastructure resilience**

process are prevention, absorption, recovery, and adaptation.

recoverability.

86 System of System Failures

disruption).

system and society.

absorption.

from a disruption.

Absorption, the second phase of the resilience cycle, is initiated if a subsystem is disrupted due to an emergency and is determined by the critical infrastructure subsystem robustness. Accordingly, robustness is determined by the ability of a critical infrastructure element to absorb the effects of an emergency. In a critical infrastructure system, two types of robustness are recognized, namely structural and security robustness. Structural robustness is determined by the progress in the decline of a function and the level of redundancy, while security robustness is based on the level of protective measures, detection, and ability to respond.

The recovery phase starts after the effects of an emergency have worn off. This phase is characterized by recoverability, which is the capacity of a subsystem to recover its function to the required level of performance after the effects of an emergency no longer exist. The success of recovery is determined by the available resources and the time required to complete the recovery process.

The final phase of the critical infrastructure resilience cycle is adaptation, which is essentially the ability of an organization to adapt a subsystem to subsequent effects of an emergency. It represents the dynamic long-acting ability of an organization to adapt to changes in circumstances. Adaptation is determined by the internal processes of an organization focused on the strengthening of resilience, i.e., risk management and innovation/education processes. However, strengthening of the resilience of a subsystem already occurs during the recovery phase of its performance.

#### **4.3. Resilience assessment in a critical infrastructure system**

The Resilience Assessment and Evaluation of Computing Systems compilation monograph [40] was the first comprehensive overview study exploring critical infrastructure resilience assessment in the field of information and communication technology. Another important monograph, Critical Infrastructure System Security and Resiliency [41], introducing a practical methodology for the development of an efficient system of critical infrastructure protection, was published a year later. This methodology focuses both on the prevention of emergencies and the mitigation of its consequences. The same year saw the publication of the Resilience Measurement Index: An Indicator of Critical Infrastructure Resilience study [42], whose main objective is to measure the ability of a critical infrastructure to reduce the magnitude and/or duration of impacts from disruptive events.

the issues concerned. The described framework formulates the basis, approaches, and logic of a hierarchical system arrangement in connection to interdependencies and linkages between elementary elements. Infrastructure failures have been classified in terms of their sources and causes because the potential impacts of failures in selected dependent systems can have profound effects on the functioning of society as a whole. It was argued that the impacts of failures in dependent systems increase the occurrence of cascading and synergistic effects, which fundamentally affect the resilience of individual elements and the general function of the system. This led to establishing the relationship between system resilience and failures with

Failures in a Critical Infrastructure System http://dx.doi.org/10.5772/intechopen.70446 89

Based on these facts, the impacts of failures and their propagation were described in the context of the necessity to model such impacts. In this regard, the significance and applicability of top-down and bottom-up approaches in relation to the exploration of mutual linkages was further compared as one of the identifiers describing the critical infrastructure status. The significance of identifying and labeling critical infrastructure elements is, therefore, also viewed from the perspective of the need for a more objective setting of cross-cutting criteria values, equally applicable at the regional level. As already mentioned, element resilience exerts a substantial effect on the overall impacts of potential failures. That is why a resilience framework for critical infrastructure subsystems was established with a view to defining resilience, formulating a resilience concept, and setting up a resilience evaluation process in a critical infrastructure system. The presented facts are based on the Ministry of the Interior of the Czech Republic Security Research project—RESILIENCE 2015: Dynamic Resilience Evaluation of Interrelated Critical Infrastructure Subsystems and form a resilience knowledge base as the ability of a system, community, or society exposed to adverse events to resist, absorb, accommodate, adapt to, transform, and recover from the effects of a hazard in a timely and efficient manner, including through the preservation and recovery of its essential basic structures and func-

The chapter has been elaborated within the project of the Ministry of the Interior of the Czech Republic filed under VI20152019049 and entitled "Dynamic Resilience Evaluation of

respect to critical infrastructure network elements.

tions through risk management.

Interrelated Critical Infrastructure Subsystems."

and Martin Hromada<sup>2</sup>

\*Address all correspondence to: hromada@fai.utb.cz

\*

1 Faculty of Safety Engineering, VŠB - Technical University of Ostrava, Czech Republic

2 Faculty of Applied Informatics, Tomas Bata University in Zlín, Czech Republic

**Acknowledgements**

**Author details**

David Rehak<sup>1</sup>

In 2013, the European Commission published a working document on a new approach to the European Programme for Critical Infrastructure Protection: Making European Critical Infrastructures more secure [43]. This document clearly emphasized the importance of resilience and interdependencies in a critical infrastructure as well as the need to develop tools and methods for their assessment.

In addition, the issue of measuring critical infrastructure resilience has long been explored by the Swiss Federal Institute of Technology in Zurich (Eidgenössische Technische Hochschule Zürich). The institute presents the results of its risk and resilience research in the form of scientific reports, with the issue of resilience measurement addressed in detail in the SKI Focus Report 8: Measuring Resilience [44] and the SKI Focus Report 9: Measuring Critical Infrastructure Resilience [45].

There are also several major international projects dealing with critical infrastructure resilience assessment at present, including SMART RESILIENCE: Smart Resilience Indicators for Smart Critical Infrastructures, IMPROVER: Improved Risk Evaluation and Implementation of Resilience Concepts to Critical Infrastructure, RESILIENS: Realizing European Resilience for Critical Infrastructure, or RESILIENCE 2015: Dynamic Resilience Evaluation of Interrelated Critical Infrastructure Subsystems.

In 2016, a comprehensive approach based on the results of leading research projects was published in the Guidelines for Critical Infrastructures Resilience Evaluation document [35]. This approach has its basis in the evaluation of individual indicators constituting resilience, the resulting composite indicator being a function of indicators in technical (i.e., prevention, absorption, adaptation, and recovery), personal, organizational, and cooperative dimensions.

Additional significant approaches to evaluate resilience have been presented, for example, in an interim report of the project RESILIENS D2.2: Qualitative, Semi-Quantitative and Quantitative Methods and Measures for Resilience Assessment and Enhancement [34]. The second part of the document presents a critical infrastructure resilience assessment tool (CI-RAT), which has been developed as part of this project and is based on a semi-quantitative methodology for CI resilience assessment, and on a CI resilience management concept.
