Chapter 6
Critical Infrastructure Protection by Harnessing Big Data
Laurence Marzell
Abstract
Big Data is an essential tool in the armory of those who protect us from natural, man-made, or malicious harm. Its application into areas that support our everyday existence, such as the critical infrastructure (CI), is an example of where meaningful benefits can accrue from its use for the CI itself; for the citizens who depend on it; and, for the communities it affects. Organizations that protect us, the CI, and our communities must come together to plan, prepare, and respond to such harmful events. However, they need to do so in a way that is as joined together as the interconnected systems, networks, and communities they protect. In not doing so, the resulting gaps, disparities, and overlaps between them pose additional, preventable risks on top of those inherent within the interdependencies of the CI and communities. Big Data can support a more cohesive and coherent view and approach by those organizations to enable their coming together in this task.
Keywords
Community; Critical infrastructure; Framework; Planning; StrategicIntroduction
This chapter looks at the relevance, benefits, and application of Big Data for enhancing the protection and resilience of critical infrastructure (CI). CI is an integral part of an interconnected “system of systems” that affects the health, wealth, and well-being of the communities it touches and in which we all live, also affecting the resilience of the wider society, which depends on it for its essential needs such as transport, food, utilities, and finance.
What Is a CI System?
CI is often described as a “system of systems” that functions with the support of large, complex, widely distributed, and mutually supportive supply chains and networks. Such systems are intimately linked with the economic and social well-being and security of the communities they serve. They include not just infrastructure, but also networks and supply chains that support the delivery of an essential product or service.
A “system of systems” is most commonly described at national level, but it also operates locally. For example, the interdependencies of an oil refinery extend equally to the services that support the well-being and social cohesion of its local workforce, such as health, education, and transport, which in turn employ local people, as they do at the shipping lanes that bring in the crude oil, the roads that take the fuel away, and the telecommunications that link all of these elements together. They are not bound by the immediate geography of the refinery itself or necessarily linked directly to its operational role.
As a complex, interdependent “system of systems,” the challenges faced by CI, whether from natural or man-made hazards, are shared across the entire system, and its organizational structure and cannot be viewed in isolation.
To understand the relevance of Big Data and its application to the security and resilience of CI, related communities, and wider society, one must also understand the underlying structural makeup of this complex, interconnected system of systems in which all moving parts and stakeholders—CI operators, citizens, business, emergency services, essential service providers, municipal authorities, etc.—are intrinsically linked through a myriad of often hidden and unseen dependencies and interdependencies. Within this system of systems, local communities are not one single homogeneous entity, but take on the shape and characteristics of dynamic ecosystems through their diverse, multilayered human and societal makeup and needs.
The relevance, application, and benefit of Big Data to the security and resilience needs of both the CI and related communities can therefore only be understood within the context of these system of systems and the community ecosystems in which it must be applied, and to which end users of Big Data must operate in their capacity for “protecting citizens from harm and for promoting their well-being.”
In acknowledging this system-wide interconnectivity and the interdependencies and dependencies throughout the system, and that risks and harm do not respect man-made borders and boundaries, this chapter also proposes that Big Data should not be considered separate from the rest of the system. Instead, it should be considered part of an integrated supply chain that needs to coexist alongside and interact with all of the other supply chains in the system, whether physical or virtual.
In doing so, Big Data can provide far-reaching benefits to the safety, security, and resilience of the CI-related communities and society, if viewed and considered as part of one unified framework: supporting a top-down–bottom-up and holistic view of the system and of all of its moving parts, players, and needs.
Understanding the Strategic Landscape into which Big Data Must Be Applied
Emergencies and threats are continually evolving, leaving CI and communities vulnerable to attacks, hazards, and threats that can disrupt critical systems. More than ever, our CI and communities depend on technologies and information exchange across both physical and virtual supply chains. These are rapidly changing, borderless, and often unpredictable.
All aspects of our CI and of the communities in which we live are affected by continuously shifting environments; the security and resilience of our CI and communities require the development of more efficient and effective mechanisms, processes, and guidelines that mirror and counter these changes in the strategic landscape, to protect and make more resilient those things on which we depend and the way of life to which our communities and society have become accustomed.
CI functions with the support of large, complex, widely distributed, and mutually supportive supply chains and networks. Such systems are intimately linked to the economic and social well-being and security of the communities in which they are located and whom they serve, and with the wider societal reliance for such essential services as food, utilities, transport, and finance.
They include not only infrastructure but also networks and supply chains, both physical and virtual, that support the delivery of an essential product or service.
Future threats and hazards, particularly those caused by the impacts of climate change, have the potential to disable CI sites to the same if not greater degree as a terrorist attack or insider threat. The impact of severe weather such as flooding or heavy snow may disrupt the operation of sites directly or indirectly through supply chain and transport disruption. In addition, the tendency to elevate terrorism as the main threat rather than to consider the full range of hazards from which modern society is at risk results in site-specific plans that assume damage will be the result of acts targeted directly at the critical facility—either a physical attack or an insider threat—rather than a side effect of a wider natural hazard or other non-terrorism–related event affecting either the geographical location in which the CI is located or the interconnected supply chains on which it depends.
The individual assets, services, and supply chains that make up the CI will, in their various forms, sit either directly within a community or straddle and impact multiple communities depending on the sector or the services provided.
As with the CI and its interdependent supply chains, where once geographic boundaries were the only means of describing a community, in our modern interconnected world, a community may and indeed often does extend beyond recognized boundaries, embracing those of like-minded interests or dispositions through shared values and concerns wherever they may be, locally, regionally, nationally, or internationally.
These communities are not static, homogeneous entities, easily described with their entire essential needs catered for by those responsible and then set in stone and left. A community is fluid and constantly changes, as do its needs, across and between the many different layers from which the whole is made. A community has discrete communities within it and further ones within those. A community and its behavior and interactions both within itself and with other communities, and with its dependent relationship with the CI, can more easily be described as an ecosystem.
The following Wikipedia definition of an ecosystem (Wikipedia, 2014) is useful to allow us to picture and compare the value of using such a description:
An ecosystem is a community of living organisms (plants, animals and microbes – read people) in conjunction with the non-living components of their environment (things like air, water and mineral soil—read CI and essential services), interacting as a system). These components are regarded as linked together through nutrient cycles and energy flows. As ecosystems are defined by the network of interactions among organisms, and between organisms and their environment, they can be of any size but usually encompass specific, limited spaces although some scientists say that the entire planet is an ecosystem. (For the CI, communities and the essential services and supply chain upon which they rely, these nutrient cycles, energy flows and network of interactions represent our modern interconnected and interdependent world).
Ecosystems are controlled both by external and internal factors. External factors such as climate, the parent material which forms the soil and topography, control the overall structure of an ecosystem and the way things work within it, but are not themselves influenced by the ecosystem. Ecosystems are dynamic entities—invariably, they are subject to periodic disturbances and are in the process of recovering from some past disturbance. (For the CI and communities, read man made, natural or malicious events).
As our reliance on the networked world increases unabated, modern society will become ever more complex, ever more interconnected, and ever more dependent on essential technology and services. We are no longer aware of the origin of these critical dependencies; nor do we exert any control or influence over them. In the developed world, there is an ever-downward pressure on cost and need for efficiency in both the public and private sectors. This is making supply chains more complex, increasing their fragmentation and interdependency and making those who depend on them, citizens and their community ecosystems, more fragile and less resilient to shock.
The security and resilience of the CI and of communities are key challenges for nations and those responsible. A collaborative and shared approach among all affected stakeholders, whether public, private, community, or voluntary sector and across artificial and man-made borders and boundaries, is now recognized as the most effective means by which to enhance security and resilience to counter this complexity. The application of Big Data to improve the security and resilience of the CI and related communities could provide a step change in helping to achieve this. However, this can happen only if those responsible for our protection from harm and promotion of well-being become, along with the application of the Big Data itself, as interconnected and interoperable as the CI system of systems and the community ecosystems are themselves.
Alongside the need to understand the structure and makeup of the CI system of systems and community ecosystems before Big Data can be meaningfully applied, it is equally critical to understand the issues and challenges facing those responsible for security and resilience planning, preparedness, response, and recovery: the resilience practitioners, emergency responders, CI operators, and policy makers. Their issues and challenges are intrinsically linked to the ability to enhance the security and resilience of the CI and communities.
It is accepted thinking that the ability of nation states, and indeed of broader institutions such as the European Union, to increase resilience to crisis and disasters cannot be achieved in isolation; it requires all stakeholders, including emergency responders, government, communities, regulators, infrastructure operators, media, and business, to work together. CI and security sectors need to understand the context and relationship of their roles and responsibilities within this interconnected system. This complex “system” of stakeholders and sectors can result in duplication of effort, missed opportunities, and security and resilience gaps, especially where each stakeholder organization has a starting point of viewing risk through its own individual perspective. When greater collaboration and a more collective effort are required, this tends to drive an insular approach when actually it is the opposite that is required.
Where they do consider this “wider system,” and the nuclear industry is particularly good in this respect, other factors such as a lack of internal or regulatory integration or a holistic approach to understanding the human elements as they relate to governance, shared risks, and threats and policy undermine this wider view.
An example is recent events in Japan after the devastating earthquake and tsunami that damaged the nuclear power plant at Fukushima Dai-ichi. The natural disaster damaged not only the reactors, but also the primary and secondary power supplies meant to prevent contamination, and the road network, which prevented timely support from reaching the site quickly.
In this instance, safety and security in the nuclear industry have traditionally been regulated and managed in isolation. Safety management has been the responsibility of operators, engineers, safety managers, and scientists, whereas security tends to be the responsibility of a separate function frequently led by ex-military and police personnel with different professional backgrounds and competencies. Similarly, regulators for safety and security are traditionally separate organizations.
The complex, interconnected nature of safety, security, and emergency management requires convergence; without it, serious gaps in capability and response will persist. Although this approach would not have prevented the devastation at Fukushima, had the regulators of safety and security been integrated into mainstream organizational management and development, because it is neither efficient nor effective to consider nuclear safety cases, security vulnerability assessments, and financial and reputational risk separately, certainly some of the consequences at Fukushima could have been mitigated, as the work of the World Institute of Nuclear Security clearly articulates in their International Best Practice Guides.1
Much of the debate on CI security and resilience centers on the critical national infrastructure, i.e., the people, assets, and infrastructure essential to a country’s stability and prosperity. However, what seems evident is that much of what is critical to a nation sits within local communities, often with a strong influence over their economic and social well-being. Disruption to that infrastructure, whether man-made or natural, not only has an impact across a country, but can seriously undermine communities, some of which may already be fragile economically or socially.
CI operators and those in authority charged with keeping the community safe recognize the integral role that CI and its operators have in the local communities upon which they have an effect. In this respect, the term “critical local infrastructure” might be more meaningful because it highlights the importance of involving local people in aspects of emergency preparedness planning and training regarding elements of the CI based in their communities.
A more collective approach and ownership of large-scale, collective risk is essential to meet twenty first–century challenges. The challenges facing a fragmented community not only affect operational effectiveness—in the worst case putting lives at risk—they also result in inefficiencies and duplications that are hard to identify and hard to improve or remove. Natural disasters, industrial accidents, and deliberate attacks do not recognize geographic or organizational borders and the weakness at these interchanges might themselves present weaknesses and vulnerabilities that can be exploited. Risks that appear to be nobody’s responsibility have the potential to affect everyone.
Therefore, it should also be clear that the requirement to make appropriate risk assessments needs to be a coherent and integrated process involving all sectors, agencies, and organizations, and which includes the ability to prioritize the risks identified. Such an approach would, for example, enable a collective assessment to be made not only of which risks are greatest, but which risks might be acceptable and which are not, with procurement within and between organizations made, or at least discussed on this basis.
The need for a collective effort to achieve the combined effect between all of the stakeholders in a community, both the consumers and providers (i.e., citizens, CI, and responders), across the spectrum of “harm and well-being”, has never been more apparent. Achieving a common scalable and transferable means to better understand, plan for, and counter these complex interdependencies and their inherent vulnerabilities to the consequences of cascading effects, whatever their origin or cause, has never been more critical.
Despite their varying social, cultural, geographic, and ethnic differences citizens and their communities have shared needs in their desire for safety, security, and well-being. The CI, too, despite its operational, geographic, and networked diversity, has a shared need across its different sectors and supply chains for a greater, more enhanced view of the risks and threats it faces, especially from the hidden, unseen interdependencies, and how these can be managed in a more coherent, cohesive, effective, and efficient way.
This shared means, whatever the size, makeup, and location of a community, and from whichever touch point a citizen has engagement, can be described as its strategic community requirement (SCR). Without such a means to achieve this combined effect, our modern society and the millions of individual communities from which it is made can only become less resilient to shocks, whether man-made, natural, or malicious; less cohesive to increasing social tensions; and increasingly unable to provide the quality of life expectations of citizens that our politicians so espouse.
Despite the structural complexity of both community ecosystems and CI system of systems, with the inherent difficulty of understanding how they coexist and interact, with their shared needs for safety, security, resilience, and well-being, this SCR provides commonality and overarching consistency; giving an opportunity to support greater visibility and enhanced cohesion and coherence to improve resilience across the many different moving parts and players.
Use of an overarching architecture to achieve this would enable a single, unified view of the world from which a shared, collective approach to enhancing the security and resilience of the CI and communities can be carried out under a common SCR framework. Within this framework, the application of Big Data by end users can be meaningfully undertaken to maximize and achieve the benefits sought.
What Is Meant by an Overarching Architecture?
The architecture is an enabling tool to support the CI, community, and responder organizations in understanding and managing the complexity of the systems in which they operate and are tasked to protect us. It can be used to represent an integrated model of the system, or the community, from the operational and business aspects to the technologies and systems that provide capability. By covering both the operational and technical aspects across such a system, the architecture enables all communities of interest to gain the essential common understanding needed to deliver benefits that are required from the application of Big Data.
One of the main focuses of the architecture in this effort is to present a clear vision of the system in all of its dimensions and complexity in terms of its existing state and its desired or future state(s). The result can support all aspects of the requirement for the use of Big Data including:
• Governance and policy
• Strategic planning
• Tactical planning and operations (front line and logistics)
• Automation of processes
• Capability/requirements capture
The SCR
Two concepts underpin the SCR, each mutually supporting the other for maximum effect. These concepts are protection from harm and promotion of well-being and combined effect.
Protection from Harm and Promotion of Well Being
Those things that can harm us, or which we perceive to cause us harm, either as individuals or as part of the community in which we live, can be described in high-level terms as:
• Terrorism
• Civil emergency—natural
• Civil emergency—man-made
• Organized crime
• Public order
• Cyber
Aspects that touch our everyday journey as citizens, that can either positively or adversely affect our well-being and quality of life, will to varying degrees sit within the following categories:
• Political
• Cultural
• Economic
• Social
As citizens, we expect those responsible in authority to be able to keep us from harm from any of these threats. We also expect those responsible to broadly promote policies that support our well-being across the categories shown.
However, in the complex, interconnected ecosystems in which we reside, and the far wider system of systems in which our CI and communities exist, harm and well-being are intrinsically linked by the myriad of hidden and unseen interdependencies previously described. These might, for example, encompass physical or virtual supply chains of information, essential services, or other critical dependencies. For those in authority, these interdependencies drive unseen gaps, overlaps, and disparities in how they understand, plan for, and provide for our harm and well-being needs. These interdependent, interconnected risks are in turn compounded by the single view of the world approach to risk adopted by the many individual organizations and agencies upon which we rely to keep us safe and provide for our essential needs and life support systems.
As individual citizens coexisting within these complex community ecosystems, we are all consumers of harm and well-being needs: even those in authority charged with providing them. As society gets ever more reliant upon complex, interconnected, unseen, and increasingly stretched dependencies, the need for a collective citizen- and community-centric approach to understand, plan, and manage the shared outcomes and effects we seek has never been greater. The ability for all community stakeholders, wherever they sit on the supply or demand side of harm and well-being, to join together to meet these challenges in a cohesive and coherent way and deliver these shared outcomes through the combined effect of their collective efforts is paramount.
Combined Effect
Within the common framework of shared harm and well-being that straddles both CI and communities, however they are described, their varied, dynamic, and multilayered nature will, of course, dictate locally specific priorities. Four core themes within the SCR framework that will accommodate these and facilitate the collective effort of stakeholders to achieve such a combined effect are:
• Collective view of risks
• Interconnected journey touch points and interfaces
• Shared ownership
• Capability and capacity negotiation
Through these themes, stakeholders charged with meeting our harm and well-being needs can come together and use the SCR architecture framework (SCAF) to deliver the combined effect of their collective effort to understand, plan, and manage the issues and challenges to the CI and communities in a joined up, coherent, and cohesive way. This would include a greater focus on the viewpoint of the citizen, one that understands how citizens interface with these harm and well-being needs in their daily lives and how they expect them to be provided in a seamless manner.
This Combined Effect approach was set out in the joint RUSI/Serco White Paper ‘Combined Effect: A New Approach to Resilience’ (Cole and Marzell, 2010), published in late 2010, which encouraged a more holistic, collaborative approach to resilience planning. Its aim is to help to bring together public and private sector resilience stakeholders officially designated Category 1 and 2 responders under the Civil Contingencies Act 2004, the private sector suppliers, operators and contractors, as well as the volunteer organizations and community groups that support them. Importantly, the methodology seeks to identify where gaps in current knowledge, understanding and capability exist so that they can be more easily addressed.
This approach also supports the essential dialogue across and among all relevant and interested community stakeholders wishing to become involved and support the enhanced security and resilience of their communities in a more meaningful way; part of a wider community engagement throughout the ecosystem that is deemed essential by governments in informing and countering many of the societal challenges of policing ethnically and culturally diverse communities.
The overarching SCAF enables the Combined Effect approach to span the spectrum of harm and well-being, whether this is planning and preparing for terrorism, flood or youth offending or providing appropriate access to health care, education, and employment opportunities to those most in need. Often, these involve similar issues and organizations, seeking similar outcomes. Previously, there has been neither the shared visibility nor the collective means to have meaningful discussions on a shared risk, ownership, and outcome approach: an experience that citizens and their communities both expect and seek across the touch points they encounter daily.
A Combined Effect approach provides the wherewithal, the concepts and doctrine to identify, understand, and mitigate the impacts from the system of systems interdependencies, with supporting tools, techniques, and information to mitigate the often hidden or unseen vulnerabilities, threats, risks, and harm they foster. Combined Effect would use intelligence provided by Big Data through the SCAF to inform and improve the collective effort of stakeholders for the security and resilience of the CI and communities.
The diagram in Figure 6.1 illustrates the spectrum of harm and well-being in relation to other elements of the SCR.
Underpinning the SCR
The challenges these different organizations face in coming together to achieve such a collective effort, let alone the need to embrace citizens more completely in the process, can be achieved through a more informed understanding of the capabilities within the four key capability areas that underpin all aspects of an individual organization’s service delivery. Under the SCR framework, these same capabilities would also underpin a collective, Combined Effect approach: governance, people, processes, and systems (technology).
Adoption of such a shared risk approach would enable the gaps, disparities, overlaps, and duplication that exist among different organizations when they come together to be identified, planned for, and managed. Once in place, this would underpin meaningful, evidence-based negotiations among stakeholders regarding how such a Combined Effect undertaking can be achieved. Achieving Combined Effect does not preclude individual organizations from planning for and managing their own individually identified risks, which, when done under the umbrella of the SCR framework to enhance collective security and resilience through a shared risk approach, will provide more effective and efficient benefits across the system and for all as a result.
The diagram in Figure 6.2 outlines these key capability areas and how they fit together to underpin the SCR, relevant stakeholders, and shared risk and outcomes approach.
Strategic Community Architecture Framework
The SCAF will give relevant community stakeholders, such as the police, other emergency responders, and municipal authorities, a shared framework of governance, a concept of operations, and the enabling tools and technology to support closer collaboration for greater, more effective, and efficient community-based security and resilience that is Combined Effect.
The SCAF will enable users at varying levels—strategy and policy, command layers, and operational delivery on the ground—to have a community-wide, holistic understanding and view of the risks, threats, and hazards that they collectively face. The SCAF will support understanding, collation, and coordination of the collective capabilities and capacities that all members of the community—public and private, voluntary and citizens—can bring to bear in support of their collective effort, safety, security, and well-being.
The SCAF will support an informatics capability to ensure that the myriad of informal, formal, and social information and communications channels that now reside within and across communities is fully understood, embedded, and exploited. Visualization and associated modeling and gaming techniques will allow for the dynamic testing and exercising of concepts; drive an iterative process of feedback into CI and community end users; and then continue onward for scalable and transferable exploitation elsewhere.
The SCAF will provide the wherewithal and means to understand where and how the application of Big Data in the security and resilience of the CI and communities can be best achieved, supporting the greater collective effort of stakeholders and end users responsible in a joined and coherent fashion.
For example, Big Data can be used to support the security and resilience of the CI and of communities in the following ways:
• Build trust and common purpose among individual citizens, communities, the police, responder and authority groups, and the CI to plan for, prepare for, respond to, and recover from threats, risks, vulnerabilities, and hazards that can harm them and affect their well-being (see Figure 6.3).
• Enable empirical and intelligence-led discussions within and across the community and its stakeholders, as well as regionally or nationally, regarding the benefits and value of shared resources, greater cooperation, and joint working/interoperability to meet identified shared risks and threats through the greater cohesion and coherence of a Combined Effect approach (see Figure 6.4).
• Support iterative processes to feed into local (and, where appropriate, national) policy and strategy planning to inform the creation of a new, dynamic, best-practice, collectively shared safety, security, and resilience plan (see Figures 6.5 and 6.6).
Conclusions
Big Data brings enormous benefits to society through its ability to amalgamate and aggregate the myriad datasets and sources for meaningful application. In this instance, protection of our CI, citizens and communities has been discussed.
Similar to Big Data (see Chapters 1 and 10), the CI system of systems and the community ecosystems are complex and have a myriad dependencies and interdependencies that make up the whole. Unlike Big Data, however, these are not clearly understood; no mechanisms currently make sense of the whole in a coherent and cohesive way and too many individual, fragmented and different organizations are involved, which essentially makes it a largely ungoverned space from a governance perspective. It would be difficult to apply Big Data to such an incoherent space in any meaningful way to make a real difference.
Big Data itself is part of the solution to creating a shared, unified view of the CI system of systems and community ecosystem where all moving parts—the dependencies, interdependencies, and organizational borders and boundaries and stakeholder capabilities—all can be seen within the one architecture framework (SCAF). In creating such a view for the SCR, Big Data may used in a meaningful way to provide real value and benefits to stakeholders charged with keeping us, the CI, and our communities safe, secure, and more resilient through the combined effect of their collective effort.
..................Content has been hidden....................
You can't read the all page of ebook, please click here login for view all page.