For critical and ageing infrastructures, buildings, cities and communities, resilience is becoming an increasingly vital concept. It is an area that is gaining momentum as organisations look to minimize risks to their operations and control the level of impact of a major event. The problem is that there are no current standards to define the boundaries and approach to resilience engineering. This is an area that requires work to increase understanding of cause, impact and recovery of systems after an event to ensure steps and practices are in place that will increase resilience, and to lay down validated indicators and metrics that are both adequate to measure individual system qualities and generalizable to complex systems. Finally, new standards will certainly help in better framing the concept and will boost the application.
Natural events, man-made threats, climate change and cyber-attacks are all phenomena that can put businesses, governments and the general public at peril. Resilience engineering requires a systematic, measured and structured approach to give better understanding of the performance and behaviours of a systems during and after the occurrence of disturbances and identification of measures to be put in place to reduce impact and speed up recovery of normal operation.
Resilience engineering seeks to work on an all-hazards approach, (UNISDR), including emerging threats, that are increasingly causing severe effects, in some cases exacerbated by climatic changes. As such, this requires deep understanding of all cyber-physical risks and expertise in areas such as climate adaptation and mitigation, earthquake, geotechnical and structural engineering, risk analysis, asset management and health monitoring. With a multi-disciplinary approach and the correct tools; risks, associated contingencies, improvements and countermeasures can all be assessed.
One of the biggest challenges in providing effective resilience engineering is that it is a global issue. Natural and man-made events are not local or specific to a single country or area and the approach to resilience must allow for this.
We live in a world where data is everywhere and, to optimize resilience we need to make best use of the data available to us. This requires ready access to crucial information, requiring efficient digitalization and data processing of metrics.
Moreover, in the area of Resilience Engineering, the digitalization process can support the transition towards more robust and resilience tools, enabling high simulation capacity; robust integration of heterogeneous in-field information; multi-variable analysis, and multi-criteria decision support systems.
There are four key stages to improving resilience, each of which should consider physical, data, cognitive and social aspects. Firstly, planning and preparation requires proper analysis of assets, networks and personnel; analysis and preparation of data available; understanding of system design and operation with anticipation of adverse of events, as well as review of areas such as the associated social network, cultural norms and training.
Once an event occurs, the next stage is the emergency response to the event where the impact is absorbed. From a physical standpoint the event needs to be recognised and system designed to maintain its function. Data in this stage becomes vital with real-time assessment of functionality. The ready availability of data means cascading losses and closures can be anticipated and decisions to reduce impact made more quickly. Cognitive aspects of this stage mean contingency protocols and proactive event management are in place. Finally, this stage also relies on the resourcefulness and availability of personnel and support services such as emergency response teams.
After the event has passed, comes a third stage of recovery. Physical systems need to be changed or repaired to recover previous functionality. Data can be used to track recovery progress and anticipate further recovery scenarios. This stage also requires proactive recovery decision making and communication with teamwork and knowledge sharing.
The fourth and final stage is adaptation. After an event has occurred, the knowledge about the impact and potential scenarios increase. Changes can then be made to physical structures and systems to increase their resilience for the future. Protocols can be improved based on the data gained and configurations, objectives and decision criteria updated to reflect lessons learned. Finally, from a social standpoint, institutions, policies, training programs and even cultures can be adjusted to better deal with a future event.
Effective resilience engineering will reduce the impact of an event and the time to recovery to normal operation but requires a structured framework and systematic approach as detailed above. Such a service could include everything from advice on risk reduction and decision support tools, through simulations and early warning systems, to inspection and testing, strategy, policy implementation and domain expert analysis. Services need to include training, certification and digitalization to optimize effectiveness. Ultimately the measure of resilience, as shown in Figure 1, is a combination of the level of impact of an event and the time it takes for a system, structure or community to recover after the event.
There are many examples of resilience engineering in research & innovation settings covering a wide range of requirements. Work RINA has done includes the following projects:
Two projects for the Directorate-General Home Affairs European Commission covered identification of ICT critical infrastructure interdependencies, contingency plans and common taxonomy and threat identification and protection of smart grids from cyber-attacks. Both included simulations to improve reactive measures the event of physical or man-made threats to these infrastructures.
When it comes to transport infrastructure, a holistic approach to entire lifecycle management was implemented through the development of a software platform, with open data models that provided scalable user interface to deliver different information to different users within the EU funded RAGTIME project. This project is an excellent example of the use of digitalization to increase sharing of context-relevant information, fully integrate risk-based approaches and improve resilience.
Other areas of experience include improving resilience and protection for the European Critical Infrastructure. In one case, the INFRASTRESS project, the focus is on sensitive industrial plants and sites that are exposed to large scale, combined, cyber-physical threats and hazards. In a second case, the SecureGas project, the focus is on the protection and resilience of the European Gas Network and installations against cyber-physical threats. The project outcomes will be tools, solutions and guidelines supporting a new vision on how to plan, design, built, operate and maintain gas critical infrastructure to be secure and resilient against current and emerging risks. In both examples, only a fully integrated and multi-discipline approach can cover all technical, human and organizational factors and truly minimize the cascade effects of an event on the infrastructure, surrounding communities and environment.
Other areas where resilience engineering is a vital aspect include hospital and health infrastructures. In this area protection and privacy of data and security of systems is vital to both the economy and society. RINA is working in the PANACEA project to provide to the European Commission cyber-security tools, security-by-design solutions, training and certification of health care systems.
In the finance sector, cyber threats and fraud are an increasing challenge which are escalating costs of financial procedures across retail banking, insurance and investment banking. To support the need to tackle illicit transactions, in the Critical Chains project RINA is analysing how software platforms can be integrated with consultancy services such as Security Risk Assessment, Audit and Compliance in accordance with NIS and GDPR directives.
Understanding resilience to climate change is another area of increasing concern across many interconnected infrastructures. The EU-CIRCLE project requires complex modelling and analysis covering, among others, assets in the chemical and oil and gas sectors exposed to extreme climatic conditions.
For the chemical industry, seismic risks present a huge potential health threat. The PEC project covered the seismic risk assessment of pressure vessels, identification of anthropogenic hazards and the development of multi-hazard risk maps covering earthquakes, floods and anthropogenic hazards.
As can be seen in the project examples above, the areas of expertise and complexity of resilience engineering solutions can be wide ranging. It requires consideration for multiple physical and cultural factors and changing impact of climate and risks on existing structures, assets and systems. Resilience engineering is part of a continuous evolution to mitigate risks and reduce impact of major global events. It requires identification, development and promotion of best-practices and solutions and is vital for the protection of critical and aging infrastructures, buildings and cities. Its application is a global one, covering wide-ranging market sectors, that requires an integrated and systematic approach. The analysis of multiple risks and threats require multidisciplinary skills and support across all phases of an infrastructure’s lifecycle.