World Security Report2018-05-04 09:26:19

photo 1

Making Our Critical Infrastructures More Resilient: Best Practices


Today, our national critical infrastructures (CI) are more vulnerable than ever before and high-impact disruptions are no more rare or and low-probability events. In that regard, CIP (Critical Infrastructure Protection) discipline has already became one of the leading topics in the policy makers’ agenda and any threats against our CI systems, which could be considered as the “lifelines” of the nations, are perceived as ‘”threats to national security”. In that sense, with respect to evolving and sophisticating dynamics of natural and man-made threats, it is undeniable that almost every state has started to implement its national CIP policies.

Despite its criticality, the concept of “Critical Infrastructure Resilience” (CIR) had been mostly underestimated and only in the last five years it gained much more attention especially in the field of homeland security and civil protection practices. Especially as a response to the new emerging threats in the “age of uncertainty”, it is possible to observe that many national security strategies have already adopted risk based “all hazards” approach with a special focus on the concept of “resiliency”.

Nonetheless, it is possible to observe that in general infrastructure planning requirements little references to resilience was made and there is a lack of supporting guidelines which provides a holistic overview how to achieve “more resilient critical infrastructures”. Besides, governments and policy makers generally facing challenges regarding the complex bureaucratic and cross-jurisdictional processes, intensive data requirements, limited technical capacity in planning and investing to the infrastructure resiliency improvement plans.

Two Distinct Concepts: CIR and CIP
It shall be highlighted that even though both CIP and CIR policies are parts of integrated risk management approaches and strategies, these two concepts are distinct. According to the policy paper released by Italian Association of Critical Infrastructures Experts (AIIC), since there is the tendency to confuse the concepts like security, resilience or risk management, resiliency could be imagined as a “multifaceted problem”

Defining “Resilience”
Resiliency shall be firstly handled as a process not a single outcome. Additionally, since there has been no consensus how to “measure the resiliency”, the concept has also various definitions and it is generally associated with “the ability to bounce or spring back into shape after being pressed or stretched.” In other words, it refers to the ability of a system to resist, absorb, recover from a negative affect and successfully adapt to changing environment. In general, when this definition and understanding is handled with CIP policies, being resilient could be considered with “the capability to cope with severe disruptions which would have negatively impact CI that the CIR framework should operate in a multidisciplinary nature and address technical (logical and physical), organizational, social and economic dimensions of the infrastructures.”

According to the experts, similar to CIP policies, CIR policies also vary according to nations. For instance, in US, PPD-21 (Presidential Policy Directive -- Critical Infrastructure Security and Resilience) defines resiliency as “the ability to prepare for and adapt to changing conditions and withstand and recover rapidly from disruptions. Resilience includes the ability to withstand and recover from deliberate attacks, accidents, or naturally occurring threats or incident.” On the other hand, in UK’s Sector Resilience Plan for Critical Infrastructure 2010 document defines the resilience as: “the ability of a system or organization to withstand and recover from adversary.” Another point could be added that for example, while the national policies in US and Australia recognize CIP as an enabler of CIR by considering “resilience” alongside with the protection and put a special emphasis on the “voluntary” approach, European policies mostly focus on regulatory measures.

Ms.Ayhan Gücüyener is a Researcher and Regional Director of the International Association of CIP Professionals (IACIPP)

To read the full story:
Click here to download your copy of World Security Report (pdf) >>
Click here to view dynamic copy of World Security Report >>

For more information contact:


Email: By using you are agreeing to our Conditions of Use.
© KNM Media Kent Ltd 2019. All rights reserved.