Disruption to Critical Infrastructure
Disruptions to critical infrastructure can affect the delivery of essential services. As critical infrastructures are complex interconnected systems, they are subject to a wide range of hazards and threats.
Climate change is expected to heavily affect infrastructure through heatwaves, floods and droughts (JRC Repository).
As interdependencies increase, the potential for systemic failures is increasing. With the increased interdependence of essential services, the failure of one critical infrastructure may trigger cascading effects, disrupting the operation of other key services.
The risk to critical infrastructures is increasing as new threats emerge. Critical infrastructures are complex, interconnected systems that are subject to a wide range of hazards and threats.
As a rule, it is considered among the impacts stemming from other risks: for example, power outage due to an earthquake, damage due to wildfires, or cyberattacks. However, critical infrastructure disruption, it is sometimes considered as a theme in its own right, focusing on the impacts and residual effects a failure may trigger.
Exacerbated by climate change, heatwaves, floods and droughts are expected to affect infrastructures through.
According to JRC, annual damage to Europe’s critical infrastructure could ten-fold by the end of the century under business-as-usual scenarios due to climate change alone, from the current EUR 3.4 billion to EUR 34 billion.
The industry, transport and energy sectors are expected to suffer the highest losses to climate-induced disruption to critical infrastructure.
Man-made threats also drive the risk.
These include terrorism, cyberattacks, explosions and sabotage by insider or external perpetrators. Accidental risks include technical breakdowns, air, rail or road accidents, and fire and explosions. Natural hazards such as fires, floods and space weather are also factors that can increase the risk to critical infrastructures.
Consequently, in this time of rapid climate change and intensifying disasters, infrastructure systems are under pressure to deliver resilient and reliable services.
Largely based on national disaster risk assessments for EU Member and Civil Protection Mechanism Participating States, the ‘Overview of natural and man-made disaster risks the European Union may face’ aims to foster better understanding of disaster risks facing Europe.
The disruption of critical infrastructure can affect the delivery of essential services, and the severity of the impacts depend on the duration of the disruption, the time of year, the resilience of the service and the response by authorities. The potential threats as a result of these disruptions may lead to severe social effects, negative economic consequences and even human casualties.
National reports on critical infrastructure vary from country to country. Many national submissions assess events that are not specifically labelled as critical infrastructure disruptions, but which could be discussed under this heading. For example, national reports assess the risk of transport accidents, disruptions in the supply of energy, water, food and pharmaceuticals, ICT and satellite services or financial services. Among these, a large-scale disruption to electricity supply remains a prevalent concern in national risk assessments.
The unlawful use of drones is anemerging threat, as demonstrated in different incidents of disruption to air traffic.
The increased threat of terrorism applies to the critical infrastructure environment. Perpetrators might seek to attack critical infrastructure networks as a part of a broader hybrid influencing strategy combining physical attacks and cyberattacks with disinformation campaigns.
As a result, the failure or manipulation of critical infrastructure can have far-reaching consequences.
Critical infrastructure is becoming more interlinked across sectors and beyond national borders.
The changing geopolitical scene may have consequences for the supply of fuels, and increased frequency of extreme weather events may jeopardise the supply of food and drinking water.
Technological innovations, networking and automation of processes are increasing the interconnectedness between physical and digital systems
The 2008 Directive on European Critical Infrastructures establishes a procedure for identifying and designating European Critical Infrastructures (ECI), and aims to step up the protection of critical infrastructure in the EU’S energy and transport sectors.
In 2020 the Commission presented proposal for a directive on the resilience of critical entities (COM(2020) 829) to create an all-hazards framework to support Member States in ensuring that critical entities are able to prevent, resist, absorb and recover from disruptive incidents, no matter if they are caused by natural hazards, accidents, terrorism, insider threats, or public health emergencies. The proposal covers ten sectors: energy, transport, banking, financial market infrastructures, health, drinking water, waste water, digital infrastructure, public administration and space.
The EU Adaptation Strategy calls for building stronger links between climate change adaptation and disaster risk reduction.
Among the many reports on this topic, two in particular are to be mentioned:
To reduce the vulnerabilities of critical infrastructures, the European Commission has launched the European Programme for Critical Infrastructure Protection (EPCIP). This is a package of measures aimed at improving the protection of critical infrastructure in Europe, across all EU States and in all relevant sectors of economic activity. The Horizon 2020 work programme includes a dedicated call for research on how to address combined physical and cyber threats to critical infrastructure.
The JRC coordinates the European Reference Network for Critical Infrastructure Protection (ERNCIP) which carries out different research activities such as the development of methods and tools for international cybersecurity exercises. ERNCIP looks at how to certify IT components used in industrial environments to make sure that they match certain security levels.
The Prevention, Preparedness and Consequence Management of Terrorism and other Security-related Risks programme (CIPS) is designed to protect citizens and critical infrastructures from terrorist attacks and other security incidents by fostering prevention and preparedness, namely by improving the protection of critical infrastructures and addressing crisis management.
The Critical Infrastructure Warning Information Network (CIWIN) provides an internet based multi-level system for exchanging critical infrastructure protection ideas, studies and good practices. This initiative seeks to raise awareness and contribute to the protection of critical infrastructure in Europe.