SECURITY
Create successful ePaper yourself
Turn your PDF publications into a flip-book with our unique Google optimized e-Paper software.
Critical Infrastructure<br />
Risks for modern<br />
infrastructure<br />
The hazards which operators<br />
of critical infrastructure face<br />
can be categorised as (1) hazards<br />
related to natural<br />
events, (2) hazards from human<br />
error or technical failures<br />
and (3) hazards related to terrorism<br />
and criminal activity.<br />
Some events can also draw in neighbouring<br />
or linked installations and property.<br />
A domino effect resulting for example<br />
from fire spreading from neighbouring<br />
establishments, or from flying debris following<br />
an explosion or even from the failure<br />
of utilities after disasters, can mean<br />
the surrounding area may be damaged<br />
or destroyed too.Multiple events which<br />
take place in a short time frame such as<br />
a second, delayed separate explosion or<br />
several almost simultaneous breakdowns<br />
at different places can under certain circumstances<br />
cause an exponential effect<br />
in which rescue or recovery measures are<br />
prevented or resources are assembled in<br />
the wrong place (diversionary measures).<br />
Risk factors<br />
The following risk factors can cause<br />
disruption of critical infrastructure<br />
Risk factor: human<br />
• lack of security awareness<br />
• insufficient qualified staff<br />
• human error<br />
• criminal behaviour (sabotage, terror<br />
attacks)<br />
Risk factor: organisation<br />
• concentration of vital resources<br />
• outsourcing of infrastructures critical<br />
to the enterprise<br />
Risk factor: nature/environment<br />
• Natural disasters (extreme weather,<br />
earthquakes, wild fires, mass social<br />
movements)<br />
• epidemics<br />
The assumptions applied within a particular<br />
hazard type are based on empirical<br />
knowledge of criminality, but may not<br />
apply absolutely in every case.The question<br />
of who are the likely culprits and<br />
their modus operandi cannot of course<br />
be answered with certainty.Based on experience<br />
of securing operations though<br />
it is possible to produce a rough classification<br />
with perpetrators or groups whose<br />
typical motives and possible behaviour<br />
patterns can be categorised according to<br />
level of danger.Negligent actions are not<br />
considered here, these are registered under<br />
hazards from events resulting from<br />
human error and technical failures.<br />
How far potential culprits can actually<br />
generate serious damage and at what<br />
point it is possible and likely has to be<br />
the subject of a risk assessment in which<br />
the hazards in the locality of the company<br />
are identified (risk management). The types<br />
of hazard contain a series of assumptions<br />
which it should be possible to assign<br />
to the investigated hazard situation.<br />
Essentially these assumptions include:<br />
• possible circumstances of the act,<br />
• possible motives and typical behaviour/procedure,<br />
• probable resources used and<br />
• criminal force to be expected.<br />
Deliberate incorrect operation<br />
This refers to all deliberate acts in which a<br />
disturbance can be generated using one’s<br />
hands and without any further resources.This<br />
kind of act could for example include the<br />
switching on and off of facilities, the opening<br />
or closing of pipe controls (sliders), the turning<br />
of hand wheels and the operation of<br />
levers as part of a process sequence.Deliberate<br />
incorrect operation can be carried out<br />
both by an organisation’s own employees<br />
and by third parties.<br />
Potential impacts<br />
Manipulation means the deliberate changing<br />
or moving of system parts with the<br />
aim of precipitating a critical situation.<br />
Examples of this are:programming controls<br />
wrongly, tampering with measuring<br />
systems, suppressing process, error or<br />
alarm reporting systems or even switching<br />
off of protection systems. Here it is primarily<br />
insiders with precise knowledge<br />
of the installation who come into question<br />
as culprits.<br />
Threats from actions<br />
with criminal intent<br />
For security professionals the following<br />
types of attack on structures are special<br />
risks as they can result in extensive damage.<br />
EURO <strong>SECURITY</strong> / MES Critical Infrastructure II/14 61