| Summary: | Over recent decades, it has been evident that society relies heavily on critical infrastructures (CIs) to provide and maintain vital societal functions, such as water, electricity and transportation. Traditionally, in order to ensure the delivery of such functions, the focus has been on protecting the infrastructures’ systems from adverse and extreme events. However, large-scale events, such as hurricanes, floods, cyberattacks and the ongoing coronavirus pandemic, illustrate that is not always feasible to protect infrastructures from all types of threats; it can be technologically impossible and extremely costly. Hence, the concept of critical infrastructure resilience (CIR) has been introduced, in order to enable CIs and their surrounding organisations to bounce back and cope with surprises and high-consequence events. CIR has been the subject of vibrant scholarly discussion for over a decade. Yet there is no consensus on some fundamental questions, most importantly on how CIR could be measured, analysed, evaluated, and enhanced. In other words, a proper approach to CIR management is missing. The aim of this thesis is to solve this challenge. From a theoretical and practical perspective, I review current literature and practices, to explore and justify the need and objectives for operationalising CIR and, thus, improve the understanding of the application and interaction of different resilience concepts. Moreover, methodologically, I review scientific literature, constituting state of the art in real-life application to CIs. I further proceed, through demonstration, evaluation and implementation in a real-life environment, to develop new methods and techniques for CIR assessments. Finally, to facilitate the operationalisation of CIR, based on the feedback from operators through the implementation and demonstration, I develop an overall CIR management framework that is compatible with a variety of CIR assessment techniques, which can be integrated into existing risk management practices. The results of this study show that the CIR concept goes beyond traditional risk management and covers more than pre-event capabilities, acknowledging that protection of CIs can never be guaranteed. Based on the results from the demonstration, evaluation, and implementation of resilience assessment techniques and methods, I defend the plurality of techniques and methods, emphasising the need for measurability and comparability. Currently, there is no single approach, method or technique that would provide all the answers for all sectors, conditions, situations, needs or resources for a CI risk and resilience assessment. In addition, the latter part of a CI resilience assessment – namely, how to evaluate the results and compare them against public tolerance levels – seems to be largely underdeveloped. The study shows that research regarding CI resilience of real-life infrastructures, and especially towards how to enhance CI resilience, is still in its infancy, where substantial efforts are needed towards drawing informed conclusions with respect to their level of resilience and the effect of interdependencies. The structures and processes of the proposed CIR management framework are proved to effectively facilitate the plurality of assessment techniques and methods, helping to conceptualise, operationalise and methodologically enhance CIR. The framework utilises the often-used practices of risk management, thus modifying the current international management standard towards that of CIR management. To this end, I present a framework that closely follows the standard risk management typology, but adapted to CIR. For successful CIR management, I conclude with five maxims: no duplicate practices; tailorability and plurality of assessment techniques and methods; measurability; and relative ease of use. Keywords: critical infrastructure; resilience; real-life; case studies; organizational resilience; technological resilience; risk management; ISO 31000; resilience management; resilience assessment; recoverability; operationalisation.
|
|---|