ArticlePDF Available

Critical Infrastructure Risks


Abstract and Figures

Critical infrastructure can be taken as a phenomenon of recent time. Not only theory but also practice has shown that solving problems of the protection of critical infrastructure, especially ensuring its functionality, is a necessary precondition for the operation of public authorities, services, the viability of a region, area or country. The first step to protect the critical Infrastructure must be the Identification of risks endangering the security of single systems or elements. The contribution deals with the problems of searching for and denoting these risks and by looking for their interrelations.
Content may be subject to copyright.
1. Introduction
The priority of critical infrastructure protection is given by
efforts to preserve the functionality of public authorities. If the
functionality of public authorities is preserved, then an assump-
tion exists that also the population has a real chance of surviving
a crisis state or situation without serious health damage. The com-
plexity of ensuring the protection of critical infrastructure is given
not only by the fact that it is a case of areas of decisive importance
to the operation and functioning of the state, but also by the fact
that many elements may significantly influence their surround-
ings, and cause thus a certain “domino” effect.
Then, the cardinal issue is a question of knowledge of indi-
vidual limits of the system of critical infrastructure, and thus the
determination of adequate protection.
What are the objectives of critical infrastructure protection?
As a simple answer we could use, e.g.: “When taking into
account all threats and risks, the objective of critical infrastructure
protection is to ensure the functioning of critical infrastructure
objects, their interrelations and thus the creation of a basic pre-
condition for the functioning of the state”.
This general definition can be specified, for instance, as follows:
A need to select critical infrastructure objects on individual
management levels:
The preservation of basic functions of a territory (municipality,
region, state).
The preservation of basic functions of the state.
The preservation of functionality of objects necessary for dealing
with incidents.
The protection of potentially threatened objects.
Establishing communication between the public authorities and
entities of critical infrastructure.
The basic question of critical infrastructure protection is then
the finding of interrelations between individual systems of critical
infrastructure. By finding these interrelations we are able to assess
or evaluate much better their vulnerabilities and consequences on
the other systems of critical infrastructure. A result of critical infra-
structure protection should be the minimization of consequences
of infrastructure destruction so that damage to the functions of
public authorities or services may be:
controllable (also temporarily)
limited in area.
To meet these preconditions, at first we must find risks, denote
them, be aware of their interrelations across the systems of criti-
cal infrastructure, and accept adequate measures to eliminate the
risks found. Countries can have various priorities and also different
conceptions concerning which countries or elements of critical
infrastructure should be included into the critical infrastructure.
The Security Council of the Czech Republic Table 1
has determined the basic areas of critical
infrastructure as follows:
Michail Senovsky – Pavel Senovsky *
Critical infrastructure can be taken as a phenomenon of recent time. Not only theory but also practice has shown that solving prob-
lems of the protection o f critical infrastructure, especially ensuring its functionality, is a necessary precondition for the operation of
public authorities, services, the v iability o f a region, area or c ountry. The first step to protect the c ritical infrastructure must be the iden-
tification of risks endangering the security of single systems or elements. The contribution deals with the problems of searching for and
denoting these risks and by looking for their interrelations.
Key words : Critical in f rast ruc tu re, an aly si s, ri sk, as se ssm en t.
*Michail Senovsky, Pavel Senovsky
Faculty of Safety Engineering, VSB – Technical University Ostrava, Czech Republic, E-mail:
Thermal energy
Oil and oil products
Water supply
Water security and management
Wastewater system
Food production
Food safety
Agricultural production
With regard to the fact that in the framework of EU any
unambiguous method for the search for individual critical points
of systems and their interrelations is not determined, the follow-
ing part presents the opinion of authors about one of possible
solutions for the analysis of critical infrastructure elements.
2. Network Analysis
For easy understanding, a network is necessary to be conceived
as a large pattern with a large number of nodes and links. It is
important to realise that we do not only search for individual ele-
ments that may endanger their surroundings, but that we search
also for their interrelations by which a failure can spread. Some
segments of critical infrastructure are of network character (road
network, energy supply network); the other segments depend directly
on these networks.
We are looking for a network model. We can say that individual
objects can form network nodes. Pathways within the CI system
then can be links between the nodes. However, we can see this
problem also from the point of view of e.g. electricity distribution.
Somewhere the transformer station will be located, from which
electricity will be delivered to individual objects. Here, a system of
distribution substations or switchboards will be implemented and
electricity will be distributed to the last machine, to the last office.
If we search further, it will be surely possible to map, describe and
plot these networks.
2.1 Risk Concentration.
Risks endangering a network infrastructure are usually distrib-
uted non-uniformly in the network, concentrated into a relatively
small number of “critic al” nodes. These nodes are easy-to-identify
by the number of links to other nodes and the capacity of them
(according to the segment considered).
A difference between the uniform and the real distribution of
nodes in the network is clear from Fig. 1.
Graphs in Fig. 1 were constructed by using the Scale-free Sim-
ulace program [1, 2].
HEALTH CARE Pre-hospital urgent care
Hospital care
Public health protection
Production, storage and distribution of
pharmaceutics and medical means
Inland water
State authorities and local authorities
Social protection and employment
Execution of justice and prison service
Fire and Rescue Service and Fire Brigades
Police of the Czech Republic
Army of the Czech Republic
Monitoring services of radiation, chemical and
biological protection
Prognoses, alert, warning service
– Finance
Capital market
Fixed net services
Mobile net services
Radio communication and navigation
Satellite communication
Radio and television broadcasting
Postal and courier services
Access to the Internet and data services
Fig. 1 Random frequency distribution in the network versus real node distribution in the network
The problem of network infrastructure protection often con-
sists in the fact that we cannot afford to realise protection always
on the same level for the whole network, and thus it is necessary
to search for critical points – their putting out of action will bring
the greatest damage. It is effective to protect just these points.
2.2 Networks, Cascades.
A sector failure is often caused by a cascade failure in the
network. A relatively small fault in one node spreads through the
network to other nodes, e.g. by a series of errors, the propagated
error thus may lead to a collapse of the whole network. It is a veloc-
ity at which the fault spreads and the velocity at which individual
nodes are repaired that will decide whether the damaged infra-
structure will be finally restored or will collapse.
2.3 Simulation – an A pproach to Searching
for a Solution.
In studying networks, modelling as well as simulation is today
implemented by special software. Simulations are usually based
on the repeated application of simple principles in the universe of
simulation, by which the gradual organisation of universum uni-
verse by an emergence effect will be achieved.
An example of result of such a simulation is presented in Fig. 2.
3. Vulnerability Analysis
To be able to assess quantitatively the vulnerability of a sector,
we can use the vulnerability analysis that represents a model of
vulnerability of critical nodes. The analysis consists of network
analysis; for the determination of reliability of the whole system,
engineering tools are used. These tools provide a complete system
for the identification of system weaknesses and vulnerability esti-
mation, and on the basis of this information we can determine
steps leading to an increase in security. If we are able to find thus
weak points of the system, in the following step it will be possible
to madke the analysis of these critical points focused on searching
for a possibility of synergetic effects of expected incident.
(start of the simulation) (end of the simulation)
Fig. 2 Application of shortest path principle to arandomly generated network
3.1 A Model Based on the Vulnerability Analysis.
The basic model of vulnerability analysis is a comprehensive
analysis method that puts the network, faults (events) and relia-
bility analysis together into one method for the quantitative sector
analysis of a branched network. In the analysis, network branch-
ing is evident. We analyse the vulnerability of branching by using
a fault tree; all possible actions are organised as an event tree.
Network analysis. The first step to make the vulnerability
analysis is the mapping (identification) of a system being assessed.
This step will also help us to search for individual nodal points
and their interactions.
3.2 Fault Tree Analysis.
A fault tree contains vulnerabilities, and it is possible to model
how single elements interact and create an error or fault. The root
of the tree is there at the top of the tree and represents the whole
zone or its main part, and the “leaves” of the tree represent partial
threats endangering the zone. In the course of solving the fault
tree we use logic and probability to estimate the occurrence (origin)
of faults in the system. The outcome of fault tree analysis is a list
of element vulnerabilities with the expression of probability of
origin. In the following figure, an example of fault tree analysis is
3.3 Event Tree Analysis
We shall use the outcomes of fault tree analysis as input infor-
mation for an event tree analysis. The tree of events is a list of all
possible events and their combinations leading to faults. Event
trees are binary trees, we consider yes/no. Each error may occur
only once. The “root” of the event tree is there at the top of the
tree and “leaves” are there in the lower part of the tree. The leaves
represent all possible actions that may occur, including faults. The
Fig. 3 A n examp l e o f fault tre e analysis
Fig. 4 An example of event tree analysis
Fig. 5 V ulne rabi li ty analys is p ro c ess
outcome of the event tree is a list of errors (vulnerability) and the
probability of their occurrences expressed as the probability of
error in a histogram. In the following figure an example of event
tree is illustrated.
3.4 Matrix Analysis
The number of events listed in the event tree will become the
number of potential errors. A matrix analysis can also work on the
binary level or, in a more modern conception, each event can be
described by more parameters, and thus we shall obtain a rather
strong tool with which we are able, among other matters, to deter-
mine the severity of faults.
Diagrammatically the described system of analyses can be
illustrated as shown e.g. in a figure given below.
4. Conclusion
Searching for an approach to the assessment of risks of criti-
cal infrastructure elements is at its very beginning. At present, we
do not know any method being used by anybody with satisfactory
results. The approach described in this contribution is a possible
approach, but certainly not a single existing approach. We suppose
that the final result of our research and search for a suitable model
could be a knowledge-based system that would furnish the user with
required information on critical infrastructure security require-
This article was written for the project no. VD20062008A04
[1] SENOVSKY, P.: Scale-Free Simulace v1.1 [on-line], WWW <URL: >
[cit. 2007-10-3].
[2] SENOVSKY, P.: Usage of Emergence Effect for Simulation of Network Based Critical Infrastructure, Proc. of conference
Nebezpecni latky, SPBI: Ostrava 2006, 168 - 172, ISBN: 80-86634-91-4.
[3] SENOVSKY, M.; ADAMEC, V.: Crisis Management Basics (in Czech), SPBI Ostrava, 2005, vol. 2, ISBN: 80-86111-95-4.
[4] URBANEK, J.F.: A Prognosis for the Vulneranility o f Cybernetic Items of C ritic al Infrastructure (in C zec h), Proc. of 9. conference
Soucasnost a budoucnost krizoveho rizeni, Praha, 2006, ISBN 80-239-7296-0, 06K-BE-12, pp. 5.
[5] VALASEK, J.: Common Steps in the Risk Analysis (in Czech), Proc. of 11. conference Riesenie krizovych situacii v specifickom
prostredi, Zilinska univerzita, Zilina, 2006, ISBN 80-8070-565-8.
... Největší vyhledavač Google využívá algoritmus PageRank [3,4] pro hodnocení umístnění stránek ve výsledcích vyhledávání. PageRank se spočítá následovně viz. ...
... např. [4], tedy sítě, které jsou kontinentálního nebo dokonce celosvětového charakteru. Scale-free sítě je pro takový typ analýzy možné rozčlenit do podoby většího množství menších sítí typu "small-world". ...
Full-text available
Určení kritičnosti prvků kritické infrastruktury je problematické, protože je nutné najít objektivní metodiku, která přinese srovnatelné výsledky použitelné pro srovnání napříč celým sektorem kritické infrastruktury (KI). Jednou z metod je analýza relevance uzlů. Tento článek se zabývá problematikou nasazování těchto metod do sítí kritické infrastruktury. Citace: Šenovský, P.: Využití moderních nástrojů analýzy významnosti pro určení kritičnosti prvků kritické infrastruktury. SPEKTRUM, SPBI: Ostrava 2009, roč. 9, č. 1, str. 15-17, ISSN: 1211-6920
... Disturbances and subsequent failures of the critical infrastructure can be connected with physical and chemical processes (corrosion, wear) but also with inappropriate management and projects [18]. Even if the disturbances are natural, more modern technologies are developed and they are more complicated and are typical in a network structure which increases the risk of a failure. ...
Full-text available
This article deals with critical infrastructure and its influence on enterprise economic security. In the introduction, the sectors of critical infrastructure from the point of view of the European Union, Czech Republic and Slovak Republic are characterized. Attention is paid to individual links between the elements of critical infrastructure and the enterprise. Subsequently, enterprise economic security, fundamental factors participating in its creation, and threats disturbing it with emphasis on critical infrastructure failure are discussed. The final part of this article presents possible impacts of critical infrastructure failure on the enterprise economic security.
Full-text available
The purpose of this article is to identify differences in the perception of the US foreign and security policy by the first and the second Bush presidency. Due to the fact that both presidencies of George W. Bush were strongly influenced by neoconservative view on the US role in the World, the first chapter is dedicated to the impact of neoconservativism on foreign and security policy of President George W. Bush. Finally, it introduces reader to basic principles of President's Bush foreign and security policy implemented after September 11 terrorist attacks. The second chapter is the core chapter. It compares two major documents of Bush Administrations, which materialized his foreign and security policies. These are National Security Strategy 2002 and National Security Strategy 2006.
Full-text available
Bitcoin, digital money got into focus after the Mt Gox crash. It uses P2P interaction where an owner transfers the electronic coin to the next owner signing and adding a hash of the previous transaction and the public key of the next owner. Payment verification is accomplished by notifying the entire network about the transaction. This prevents double-spending and generation of non-existent money. Among the users, there is uncertainty about the safety on the theft and fraud. Among the authorities, there are dilemmas about present and future risks related to the Bitcoin implementation. The article deals with the benefits and risks of Bitcoin use.
Modern autonomous systems (AUS) correspond to the current global technical standards and European principles of prevention of industrial accidents. Their construction requires a purposeful and systematic approach of investors. The paper presents an elaborated standard project of an autonomous system with ammonia as a kind of refrigerant for an ice rink. The implementation of the proposed project can make the process of warning and alerting the population in danger more effective.
Full-text available
The paper deals with the spatial development environmental security assessment employing the Spatial Development Impact Assessment tool and the geographical information systems. The first part includes a more detailed description of the Spatial Development Impact Assessment tool and ESRI - Arclnfo, which were the basis for elaborating the case study. The case study is presented in the second part of the paper, which includes the spatial development environmental security assessment for a fictitious hazardous waste incineration plant located in the zone of Moravian-Silesian region of the Czech Republic. The acquired outcomes are presented in the final part of the paper together with the proposed measures to be taken in order to reduce the potential risk of intended spatial development.
Conference Paper
Full-text available
Failure of network based critical infrastructure as result of accident during transport of dangerous materials or as result of the terrorist attack is a serious problem we will have to deal with rather sooner then later. This contribution deals with the possibility to model such networks for purposes of further examination of their properties.
Crisis Management Basics
SENOVSKY, M.; ADAMEC, V.: Crisis Management Basics (in Czech), SPBI Ostrava, 2005, vol. 2, ISBN: 80-86111-95-4.
A Prognosis for the Vulneranility of Cybernetic Items of Critical Infrastructure
  • J F Urbanek
URBANEK, J.F.: A Prognosis for the Vulneranility of Cybernetic Items of Critical Infrastructure (in Czech), Proc. of 9. conference Soucasnost a budoucnost krizoveho rizeni, Praha, 2006, ISBN 80-239-7296-0, 06K-BE-12, pp. 5.
Common Steps in the Risk A nalysis
VALASEK, J.: Common Steps in the Risk A nalysis (in Czech), Proc. of 11. conference Riesenie krizovych situacii v specifickom prostredi, Zilinska univerzita, Zilina, 2006, ISBN 80-8070-565-8.