A US and EU Comparison on Securing Critical Infrastructure / A US and EU Comparison on Securing Critical Infrastructure

McGrath, Kevin

January 2017

Kevin McGrath Abstract This thesis looks to assess the role of public-private partnerships (PPPs) in building critical energy infrastructure, and its implications for energy and national security. The clear majority of academic literature in energy security focuses exclusively on energy supply, and demand, but there is little written on the security issues facing countries when financing critical energy infrastructure projects. Through assessing the (1) recent history of privatization, (2) the development of the domestic PPP model, and (3) current relationships with PPPs in Canada, the United States, the United Kingdom, and France this thesis will look to identify the underlying domestic cultural normative debate which is driving policy making decisions. By understanding the general historical trends of privatization, and economic ideologies in governments over the past 40+ years, we can see the current and future trends in building critical energy infrastructure. By understanding the constantly evolving factors, and interdependencies at play, this thesis highlights the role of public-private partnerships in critical energy infrastructure, and energy security in general.

Horizontality and Canada's Office of Critical Infrastructure Protection and Emergency Preparedness: a case study

Rountree, Marina

08 September 2005

This thesis provides a case study of the Government of Canada's former Office of Critical Infrastructure Protection and Emergency Preparedness (OCIPEP) through the lens of horizontal management (part of New Public Management theory). This study demonstrates that the effective use of horizontal management (horizontality) may reduce fragmentation occurring when the goal of critical infrastructure protection requires organizations to work cross-jurisdictionally and in partnerships. This need to collaborate is due to the ownership problem: over 85 per cent of Canada's critical infrastructure is owned by organizations other than the federal government. Research methods include a background survey of literature on critical infrastructure protection, horizontal management and horizontality, and new public management; and interviews using a snowball sample of eight subjects who held various positions within OCIPEP to better understand what the organizational structure appeared to be from within the organization. The research concludes that OCIPEP was not given the resources necessary to successfully fulfil its mandate. Results include the need for administrative and managerial support for horizontal endeavours, to encourage a "cultural context" of horizontality, as there are many organizational barriers to successfully using horizontality and collaborative methods. There were areas of success for OCIPEP, but more areas of weakness. Recommendations include additional study of the organization, a shift into a better-supported organization (which was accomplished with OCIPEP's inclusion into Public Safety and Emergency Preparedness Canada), and clear delineation of roles between the Government of Canada and the owners of the critical infrastructure. / October 2005

critical infrastructure

horizontal management

horizontality

OCIPEP

critical infrastructure protection

Horizontality and Canada's Office of Critical Infrastructure Protection and Emergency Preparedness: a case study

Rountree, Marina

08 September 2005

This thesis provides a case study of the Government of Canada's former Office of Critical Infrastructure Protection and Emergency Preparedness (OCIPEP) through the lens of horizontal management (part of New Public Management theory). This study demonstrates that the effective use of horizontal management (horizontality) may reduce fragmentation occurring when the goal of critical infrastructure protection requires organizations to work cross-jurisdictionally and in partnerships. This need to collaborate is due to the ownership problem: over 85 per cent of Canada's critical infrastructure is owned by organizations other than the federal government. Research methods include a background survey of literature on critical infrastructure protection, horizontal management and horizontality, and new public management; and interviews using a snowball sample of eight subjects who held various positions within OCIPEP to better understand what the organizational structure appeared to be from within the organization. The research concludes that OCIPEP was not given the resources necessary to successfully fulfil its mandate. Results include the need for administrative and managerial support for horizontal endeavours, to encourage a "cultural context" of horizontality, as there are many organizational barriers to successfully using horizontality and collaborative methods. There were areas of success for OCIPEP, but more areas of weakness. Recommendations include additional study of the organization, a shift into a better-supported organization (which was accomplished with OCIPEP's inclusion into Public Safety and Emergency Preparedness Canada), and clear delineation of roles between the Government of Canada and the owners of the critical infrastructure.

critical infrastructure

horizontal management

horizontality

OCIPEP

critical infrastructure protection

Horizontality and Canada's Office of Critical Infrastructure Protection and Emergency Preparedness: a case study

Rountree, Marina

08 September 2005

This thesis provides a case study of the Government of Canada's former Office of Critical Infrastructure Protection and Emergency Preparedness (OCIPEP) through the lens of horizontal management (part of New Public Management theory). This study demonstrates that the effective use of horizontal management (horizontality) may reduce fragmentation occurring when the goal of critical infrastructure protection requires organizations to work cross-jurisdictionally and in partnerships. This need to collaborate is due to the ownership problem: over 85 per cent of Canada's critical infrastructure is owned by organizations other than the federal government. Research methods include a background survey of literature on critical infrastructure protection, horizontal management and horizontality, and new public management; and interviews using a snowball sample of eight subjects who held various positions within OCIPEP to better understand what the organizational structure appeared to be from within the organization. The research concludes that OCIPEP was not given the resources necessary to successfully fulfil its mandate. Results include the need for administrative and managerial support for horizontal endeavours, to encourage a "cultural context" of horizontality, as there are many organizational barriers to successfully using horizontality and collaborative methods. There were areas of success for OCIPEP, but more areas of weakness. Recommendations include additional study of the organization, a shift into a better-supported organization (which was accomplished with OCIPEP's inclusion into Public Safety and Emergency Preparedness Canada), and clear delineation of roles between the Government of Canada and the owners of the critical infrastructure.

critical infrastructure

horizontal management

horizontality

OCIPEP

critical infrastructure protection

Dopady výpadku elektrické energie v Pardubickém kraji / The impact of the electric power outage in the Pardubice region

KRÁLOVÁ, Kateřina

January 2015

The title of my thesis is The impact of the electric power outage in the Pardubice region. Danger, coming from prolonged power outage, as the one area of critical infrastructure, is large and has extensive implications, since electricity has been currently necessary for human civilization and its existence. In the Czech Republic, the critical infrastructure is addressed in Act no. 240/2000 Coll., on crisis management and amending certain acts, where the Council Directive 2008/114 / EC on the identification and designation of European Critical Infrastructures and the assessment of needs to improve their protection was applied to this law. I decided to write a thesis about the impact of a power outage, because I have been very interested in the issue of blackouts and I think it is a very important up-to-date topic. I chose the area of Pardubice region because I come from this region, so I am personally attached to this area. In the first part, I decided to introduce critical infrastructure, its legislative grounding and protection, there is also description of electrical energy, its production, transmission and distribution. Finally, I dealt with replacement power sources, energy security and blackout in the theoretical part. I used basic scientific procedures: analysis and synthesis or induction and deduction for the needs of my thesis. The aim of the thesis, was to use research part to map the effects of the power outage in the Pardubice region. I chose a qualitative data collection and interviews with experienced professionals in the crisis management as a method of my research. The research question was: "Which of the consequences of the power outage is essential to conversely marginal?". The evaluation of the research was done by SWOT analysis, which identifies strengths, weaknesses, opportunities and threats in the Pardubice region in the event of a power outage. The results of the thesis will be provided to the Fire Rescue Service of the Pardubice region, which can use these data in crisis planning. The thesis will also be used as study material for students of the University of South Bohemia in České Budějovice.

Posouzení možností napadení vodní kritické infrastruktury teroristy v Královéhradeckém kraji / Examination of proposal attacking on water critical infrastructure by terrorists in the region of Hradec Králové

DOLEJŠKA, Luboš

January 2012

This master thesis mentions the brief information about Hradec Králové region in the first chapter. It is focused on the characterization of water as a basic structural element of life on the Earth. The information about underground water, water sources and its distribution, drainage, water ducts and towers, water storages and the protection and the future of the water were necessary to mention in the context of this part of the master thesis. The master thesis brings the information about the way to lead water from the sources to the final consumers. It was also focused on the wide theme of terrorism, the master thesis has no sense without mentioning of these basic information. The water critical infrastructure could be damage by its usage in Hradec Králové region. The infrastructure and the critical infrastructure were compiled in detail in the last part of the contemporary state of this master thesis to make up better idea about its parts. The aim of this master thesis was to explore the possibilities of the attack of the critical water infrastructure in Hradec Králové region by the terrorists. As one of the method for the elaboration of the contemporary state was used the collection of the relevant literature in the master thesis. The subsequent background research method results from this collection of the relevant literature. The method FMEA (Failure Mode & Effects Analysis) classified as a method of the compilation risk analysis was the another method which was used for the evaluation of the outcomes from the guided interviews. With success we can tell that the critical infrastructure is sufficiently protected against the potential terroristic attacks in the specific places in Hradec Králové region.

SEISMIC PERFORMANCE AND DISASTER MANAGEMENT OF INTERDEPENDENT CRITICAL INFRASTRUCTURES / 相互依存性を有するクリティカルインフラストラクチャーの地震時性能と地震災害マネジメントに関する研究

Faraji, Mahdi

24 September 2012

Kyoto University (京都大学) / 0048 / 新制・課程博士 / 博士(工学) / 甲第17142号 / 工博第3632号 / 新制||工||1551(附属図書館) / 29881 / 京都大学大学院工学研究科都市社会工学専攻 / (主査）教授 清野 純史, 教授 小池 武, 准教授 古川 愛子 / 学位規則第4条第1項該当

Critical Infrastructure

Lifeline

Interdependency

Earthquake

Hazard Analysis

Risk Management

500

Explainable and Network-based Approaches for Decision-making in Emergency Management

Tabassum, Anika

19 October 2021

Critical Infrastructures (CIs), such as power, transportation, healthcare, etc., refer to systems, facilities, technologies, and networks vital to national security, public health, and socio-economic well-being of people. CIs play a crucial role in emergency management. For example, the recent Hurricane Ida, Texas Winter storm, colonial cyber-attack that occurred during 2021 in the US, shows the CIs are highly inter-dependent with complex interactions. Hence power system failures and shutdown of natural gas pipelines, in turn, led to debilitating impacts on communication, waste systems, public health, etc. Consider power failures during a disaster, such as a hurricane. Subject Matter Experts (SMEs) such as emergency management authorities may be interested in several decision-making tasks. Can we identify disaster phases in terms of the severity of damage from analyzing changes in power failures? Can we tell the SMEs which power grids or regions are the most affected during each disaster phase and need immediate action to recover? Answering these questions can help SMEs to respond quickly and send resources for fast recovery from damage. Can we systematically provide how the failure of different power grids may impact the whole CIs due to inter-dependencies? This can help SMEs to better prepare and mitigate the risks by improving system resiliency. In this thesis, we explore problems to efficiently operate decision-making tasks during a disaster for emergency management authorities. Our research has two primary directions, guide decision-making in resource allocation and plans to improve system resiliency. Our work is done in collaboration with the Oak Ridge National Laboratory to contribute impactful research in real-life CIs and disaster power failure data. 1. Explainable resource allocation: In contrast to the current interpretable or explainable model that provides answers to understand a model output, we view explanations as answers to guide resource allocation decision-making. In this thesis, we focus on developing a novel model and algorithm to identify disaster phases from changes in power failures. Also, pinpoint the regions which can get most affected at each disaster phase so the SMEs can send resources for fast recovery. 2. Networks for improving system resiliency: We view CIs as a large heterogeneous network with nodes as infrastructure components and dependencies as edges. Our goal is to construct a visual analytic tool and develop a domain-inspired model to identify the important components and connections to which the SMEs need to focus and better prepare to mitigate the risk of a disaster. / Doctor of Philosophy / Critical Infrastructure Systems (CIs) entitle multiple infrastructures valuable for maintaining public life and national security, e.g., power, water, transportation. US Federal Emergency Management Agency (FEMA) aims to protect the nation and citizens by mitigating all hazards during natural or man-made disasters. For this, they aim to adopt different decision-making strategies efficiently. E.g., During an ongoing disaster, when to quickly send resources, which regions to send resources first, etc. Besides, they also need to plan how to prepare for a future disaster and which CIs need maintenance to improve system resiliency. We explore several data-mining problems which can guide FEMA towards developing efficient decision-making strategies. Our thesis emphasizes explainable and network-based models and algorithms to help decision-making operations for emergency management experts by leveraging critical infrastructures data.

Critical Infrastructure

Urban analytics

Multivariate Time-series

Urban-Net

Explanations

Dominoefekty v kritické infrastruktuře / Domino effects in the critical infrastructure

KUBELKA, Václav

January 2015

The title of thesis is Domino effects in critical infrastructure and sets the objective to analyse the interaction between the representatives of individual critical infrastructure sectors. In case of failure in one sector, which would cause a domino effect and subsequently limited functionality or a failure in other sectors, the consequences for the population and the entire affected area would be enormous. This reason, as well as general topicality of this problem led me to focus my thesis on the area of critical infrastructure. Probably the most feared is power failure, which currently occurs very often and sometimes affects areas larger than cities, regions, and even states. Fortunately, all infrastructure representatives are usually best prepared for this kind of failure, and therefore its start and a short-term effect have practically no significant impact on their normal functioning. But for longer exposure exact consequences cannot be estimated because it depends on specific circumstances around individual representatives. The thesis is divided into several parts. The theoretical part, which is further subdivided, includes three chapters concerning critical infrastructure. The chapter setting the fundamental terms, which are used further in the thesis, enables to understand the inclusion of critical infrastructure. The historical development of the critical infrastructure and its position from the point of view of the European Union and also of the Czech Republic is also mentioned in the theoretical part. Finally, there are itemized and characterized individual critical infrastructure sectors. Very important questions dealing witch the protection of the critical infrastructure are discussed at the end of the theoretical part. It is important components involved in it are mentioned there, as well as various procedures supporting the effectivity, according to several publications. The practical part is also divided into chapters. The first part concerns interviews with specialists representing each sector of the critical infrastructure. Each of these representatives was asked about the effect of possible failures in other sectors that may arise in these situations. The question is whether the sectors tend to be influenced and thus to cause a domino effect, which could even result in the collapse of the companies represented by them. These interviews are then written in an adapted form. To see the interview data more easily, they are processed into tables according to the individual sectors of critical infrastructure and then commented.

Security threats to critical infrastructure: the human factor

Ghafir, Ibrahim, Saleem, J., Hammoudeh, M., Faour, H., Prenosil, V., Jaf, S., Jabbar, S., Baker, T.

24 January 2020

Yes / In the twenty-first century, globalisation made corporate boundaries invisible and difficult to manage. This new macroeconomic transformation caused by globalisation introduced new challenges for critical infrastructure management. By replacing manual tasks with automated decision making and sophisticated technology, no doubt we feel much more secure than half a century ago. As the technological advancement takes root, so does the maturity of security threats. It is common that today’s critical infrastructures are operated by non-computer experts, e.g. nurses in health care, soldiers in military or firefighters in emergency services. In such challenging applications, protecting against insider attacks is often neither feasible nor economically possible, but these threats can be managed using suitable risk management strategies. Security technologies, e.g. firewalls, help protect data assets and computer systems against unauthorised entry. However, one area which is often largely ignored is the human factor of system security. Through social engineering techniques, malicious attackers are able to breach organisational security via people interactions. This paper presents a security awareness training framework, which can be used to train operators of critical infrastructure, on various social engineering security threats such as spear phishing, baiting, pretexting, among others.

Critical infrastructure security

Security awareness

Cyber security training

Work-based security training