Analysis and lessons identified on critical infrastructures and dependencies from an empirical data set

Abstract

The disruption of a Critical Infrastructure (CI) or a Critical Information Infrastructure (CII) may have a serious impact on the society. The pervasive web of CI/CII dependencies has the potential to cause exceptional damage and societal disruption and may be hard to secure and govern. To understand the underlying threat causes of CI and CII disruptions and failures, information on CI/CII disruption incidents has been collected from public news resources for over 15 years. The database resource has been built to analyze and understand the phenomena and consequences of CI and CII disruptions and failures including dependencies, cascading effects, and good and bad practices. Another purpose of the database is to identify lessons. The information collected in the period 2004 - 2018 on CI/CII disruptions helps to understand the discrepancies between the way in which the population experiences CI/CII disruptions and cascading impact and the outcomes of theoretical dependency models. This paper therefore updates, extends, and deepens our earlier empirical findings for the period 2004 – 2010.The analysis and research results has led to a set of lessons identified and recommendations that can be applied to improve heterogenetic CI and CII dependency and cascading models, CI and CII-related emergency management, and CI/CII protection and resilience policies.