Show Summary Details

Page of

Printed from Oxford Research Encyclopedias, Politics. Under the terms of the licence agreement, an individual user may print out a single article for personal use (for details see Privacy Policy and Legal Notice).

date: 29 June 2022

Critical Infrastructure Disruption and Crisis Managementfree

Critical Infrastructure Disruption and Crisis Managementfree

  • Eric SternEric SternCollege of Emergency Preparedness, Homeland Security, and Cybersecurity, University at Albany
  •  and Brian NussbaumBrian NussbaumCollege of Emergency Preparedness, Homeland Security and Cybersecurity, University at Albany, State University of New York

Summary

Explicitly considering major critical infrastructure disruptions from the perspective of crisis/crisis management enables policymakers, analysts, and researchers to draw inspiration from an extensive multidisciplinary literature. Furthermore, this approach takes infrastructure failures or disruptions, and provides crucial institutional, economic and social context that is too often ignored when such challenges are treated as exclusively technical problems. The added value from this approach enables analysts and decision makers to understand the complexity of such failures and consider the many levers—technical, economic and social—that might be used to respond to them. Attempts to understand infrastructure failures as crises are not new, but the literature—like the field of practice—is to some extent underdeveloped and continuously evolving (e.g., with regard to the challenges associated with cybersecurity), generating a need for a more comprehensive approach to understanding the leadership tasks associated with the management of such crisis events in dynamic and complex organizational environments.

Subjects

  • Policy, Administration, and Bureaucracy
  • Political Institutions

Critical Infrastructure Disruption as Crisis

Among the most developed countries, there is an increasing awareness of growing dependencies on and vulnerabilities to disruptions of a number of key, interconnected infrastructure systems and their associated supply chains. Such disruptions tend to create chains of cascading consequences with profound effects on vital societal functions (Brown et al., 2004; Leavitt & Kiefer, 2006; Rinaldi et al., 2001). Whereas there are many potentially fruitful ways of approaching the challenge of identifying risks to such critical infrastructures and improving the resilience of critical infrastructure systems, one potentially fruitful avenue is to view disruptions of critical infrastructure systems as strategic and operational crises involving diverse sets of actors and stakeholders including both governmental and nongovernmental actors (Boin & McConnell, 2007; Newlove et al., 2003; cf. Organisation for Economic Cooperation and Development [OECD], 2015).

Viewing infrastructure disruptions, failures, and attacks as crises to be managed offers some important and valuable new perspectives complementing more established approaches to infrastructure risk management. Risk management approaches are a widely adopted tack to conceptualizing potential infrastructure fragility. For example, the U.S. Department of Homeland Security (DHS), through its National Infrastructure Protection Plan (NIPP), has adopted the commonly used risk model that frames risk as a function of “threat,” “vulnerability,” and “consequence.” The first of five goals listed in the 2013 NIPP update is to “assess and analyze threats to, vulnerabilities of, and consequences to critical infrastructure to inform risk management activities” (DHS, 2013). This tripartite model of risk is actually drawn from work done by Sandia National Laboratory on adversarial infrastructure risk as well as work by Mary Garcia on physical security risks (Baker et al., 2002), and it is an expansion and variation on the Kaplan and Garrick model of risk as a function of “likelihood” and “consequence” (Kaplan & Garrick, 1981). The reader should note that by incorporating more explicitly the ideas of politics, policy-making processes, and nontechnical drivers of decision-making such as public opinion and cultural values, the crisis management perspective imparts additional information about both constraints on decision makers and the opportunities they face during and after an infrastructure disruption.

Whereas models of risk management of this kind are very valuable for thinking about the management of infrastructure risks, they have limitations. The Sandia and DHS versions, at least are really tailored for thinking about adversarial risks rather than naturally or accidentally occurring ones. In addition, all three models are very useful for thinking about risk before something bad happens, but none of them puts thinking about response and reaction to infrastructure failure (or even really distinguishing between efforts before and after such events) center stage. It is not the case that these different models of risk are not compatible; in fact they are potentially complementary.

A long and growing list of major events—adding to the growing body of cases documented in the literature—clearly demonstrates the severe disruptions as well as the domestic/international policy and organizational challenges associated with critical infrastructure crises. All three of the major U.S. hurricanes of the fall 2017 season (Harvey, Irma, and Maria) involved profound and in some instances extremely prolonged disruptions of critical infrastructure systems, including electrical power and fuel distribution, mobile communications and Internet, food and water distribution systems, healthcare, and transportation.1 These cases also provide vivid examples of cascading effects producing potentially devastating and even life-threatening downstream effects of critical infrastructure disruption. For example, storm-related disruption of the power grid and both primary and secondary cooling systems at the Arkema chemical plant in Texas occurred. This created a secondary spin-off crisis when it became impossible to maintain safe temperatures for volatile chemical compounds stored at the facility, resulting in a series of uncontrolled explosions at the plant and the release of noxious and potentially toxic fumes.2 Parallel, although perhaps more subtle, deadly risks emerged in the healthcare system, as power and supply chain failures affected hospital and nursing home functionality, critical care systems (e.g., dialysis for patients with kidney failure), pharmaceutical supply chains, and so on. Many of these patterns of disruption were prominent across the myriad major disasters of 2020 and 2021 and not least in Hurricane Ida, which took lives and wrought havoc with critical infrastructure systems from the Gulf Coast to New York and New Jersey.

Furthermore, the crisis perspective is promising from a policy and preparedness enhancement perspectives for a number of reasons. Disruption of critical infrastructure systems can be considered not only a direct cause of crises. They are also a common consequence of the occurrence of many other types of natural and man-made hazards and threats such as extreme terrestrial and space weather events, terrorism, major industrial or construction accidents, cyberattacks on healthcare data systems.3 Disruption also takes place as a result of unintentional human causes such as neglect, deferred maintenance, underfunding, and workforce challenges. In addition, this perspective offers additional hitherto unidentified origins of and pathways to disruptions; they may arise from deliberate civil and system protection measures (e.g., protective shutdowns in advance of extreme weather or to minimize wildfire risk) and public reactions (crisis-related citizen usage surges that disrupt telecommunications systems, hoarding behaviors that disrupt supply chains, spontaneous or poorly planned evacuations that dangerously disrupt road transportation) as well as from the hazards themselves. Furthermore, major societal crises can be initially triggered due to processes and factors internal to critical infrastructure systems that cause them to fail, triggering a variety of secondary failures and disruptions of systems and societal functions linked to them. In fact, not only can disruption of critical infrastructure systems be either cause or consequence of a crisis, but they can also serve as crisis intensifiers that can spread a crisis to additional domains; generate additional complex problem sets characterized by tensions among core societal values; proliferate uncertainty; and increase time pressures experienced by decision makers in the public, private, and nonprofit sectors. The reader should note that these intensifiers coincide with the components of a widely used and practically relevant definition of crisis.

Explicitly considering major critical infrastructure disruptions from the perspective of crisis/crisis management enables policymakers and analysts to draw inspiration from an extensive multidisciplinary literature. Similarly, it takes infrastructure failures or disruptions and provides the institutional and social context that is too often ignored when such challenges are treated as merely technical problems, rather than situated in the sociotechnical system literature that recognizes that “infrastructures are not merely large systems, but sociotechnical institutions” (Edwards, 2003).

Thus it is important and valuable to frame critical infrastructure failure or disruption as both a cause and consequence of crises, examine how such interruptions can exacerbate the elements of a crisis and make the related decisions more complex, and finally to situate such events in the crisis studies literature. This is not the first paper to do this (cf. Boin & McConnell, 2007; Michel‐Kerjan, 2003; Roe, 2016); however, it intends to do so in a novel way, by (a) incorporating additional insights about the profound implications of cybersecurity concerns and (b) having a particular focus on leadership tasks associated with the management of such crisis events. First, the evolving nexus between the literatures on critical infrastructure disruption and crisis will be discussed. Second, the notion of viewing critical infrastructure disruptions as crises will be presented in depth and illustrated with a variety of examples. Third, five key tasks of crisis management will be explained and discussed in terms of their application to the specific realm of critical infrastructure crises (cf. Baubion, 2013; Boin et al., 2017). The concluding section of the paper summarizes the results from the literature with regard to challenges and good practices for building resilience and preparing for critical infrastructure crisis management.

The Evolving Nexus of the Literatures on Critical Infrastructure and Crisis

Examination of the literature at the intersection of critical infrastructure and crisis (or crisis management) reveals both continuities with the past and some emerging areas of focus. The continuities include an emphasis on place and context, organizational factors, sector and industry, and hazard-specific attempts to assess or manage crises. That is, geographic place, industrial sector, and hazard type remain important through lines in the study of infrastructure crises, although some of these areas are also changing and have emerging areas of activity. On the other hand, there are also areas where the literature has expanded rapidly in recent years—areas such as recognition of the importance of social media (cf. Stern, 2017b), attempts to operationalize and measure previously theoretical concepts, increasing prominence of cybersecurity, and emerging threats—that seem to be changing the nature and are the focus of much of this literature.

Place has always been key to studying infrastructure and crisis management—whether the level of analysis be the city, state, province, nation, or region. Case studies of infrastructure policy, regulation, and management (both in crises and beyond) have been a core part of this literature. Recent writing on infrastructure related crises maintains this history, with many pieces focused on incidents, responses, and management of such crises at the municipal (Millington, 2018), subnational (Zhang et al., 2020), national (Grosse & Olausson, 2019), and cross-national or regional level (Petersen et al., 2017a, 2017b; Pursiainen, 2018). In addition to place, industrial sector has also long been an organizing factor for thinking about infrastructure, and that certainly has not changed. Recent literature on infrastructure crises covers such events in sectors such as water (Breen & Markey, 2019), energy (Monaghan & Walby, 2017), transportation (Fuggini & Bolletta, 2020), information technology (Herrera & Maennel, 2019), and maritime environments (Blokus & Dziula, 2019). Finally, issues of management, decision-making, sense-making, and risk communication remain in the mainstream of recent infrastructure crisis literature. Topics such as consensus definitions (Gallais & Filiol, 2017), interorganizational coordination (Grosse & Olausson, 2019), public education and engagement (Kitagawa et al., 2017; cf. Petersen et al., 2020), and assessing interdependencies (Chou & Ongkowijoyo, 2019) are prominent.

However, there is some newer literature on or related to infrastructure crises that differs from (or more often, builds upon and extends) early research in significant ways. There are additions to the literature around place and infrastructure concerning cybersecurity and computerization, and there is a growing focus on urban infrastructure. Also, there is a growing literature designed to move from theoretical and conceptual description and assessment into operationalization, measurement, and evaluation using specific frameworks to create metrics, tools, and other systematic implementations. In addition, there is definitely an increased focus on emerging threats to infrastructure from largely naturally occuring hazards such as the COVID-19 pandemic; hybrid natural and anthropogenic hazards, including climate change; and politically and socioeconomically generated hazards, such as the inability to fund and maintain infrastructure projects.

Furthermore, there have been some interesting additions to this that have become more prominent and central in the literature in recent years. The movement of cybersecurity into the mainstream of thinking about hazards, and the increasing informatization of many aspects of life—through the Internet of Things (IoT) (Simon, 2017), cloud computing (Baker et al., 2019), “big data” (Yang et al., 2017), and others—has clearly affected the literature around infrastructure crisis management (Jennex, 2012). In addition, and related, the rapidly expanding literature around urban infrastructure and urban infrastructure crises (Liu & Song, 2020; Monstadt & Schmidt, 2019) is partially based on this informatization—in concepts such as “smart cities” (Soyata et al., 2019). It is also based on increased urbanization and recognition of infrastructure failures and threats (Andrade et al., 2020) that are uniquely challenging in denser urban environments (Fekete et al., 2017).

One way in which this literature has clearly changed is while there are still theoretical and conceptual pieces coming out in attempts to hone definitions and create agreed-upon frameworks, there has been a move toward operationalization (Rød, 2020) and implementation of analytical frameworks. Increasingly, there are attempts to measure, assess, and evaluate hazards, crises, and decisions or decision-making using a variety of frameworks and tools. Although there are still attempts to apply new theories from outside the field (Gharehyakheh et al., 2017), there are also many more attempts to distill or refine existing and applied theories into operational tools and modeling frameworks, with acronyms such as CIERA (Critical Infrastructure Element Resilience Assessment, Rehak et al., 2019) and CRISIS (Civil Restoration with Interdependent Social Infrastructure Systems, Loggins et al., 2019). This move from conceptual to operational, and in some cases from theoretical to empirical, suggests that this field not only continues to grow but is also maturing in some ways.

Finally, the field is engaging with a series of emerging and growing threats, some of which are actually novel, such as COVID-19—the most serious global pandemic in 100 years (Barabadi et al., 2020). Also, some that have played a role in discussions of infrastructure crises for some time but are becoming increasingly stark or pressing, such as climate change (Shakou et al., 2019). There are also unique challenges emerging that are not hazards in the traditional sense but organizational and sociotechnical challenges that parallel aging infrastructure and neglect of maintenance, only with new wrinkles such as austerity programs (Petrova & Prodromidou, 2019) or inability to organize jurisdictional infrastructure spending (de Gooyert, 2020; O’Brien et al., 2019).

Critical Infrastructure Disruption as a Crisis Leadership Challenge

If one is to speak meaningfully about disruptions of critical infrastructure as crises, it helpful to apply an explicit crisis definition. The casual and policy usage of the term crisis tends to vary widely across policy and academic contexts (and scholars) and can generate significant misunderstanding.

Definition of Crisis

In light of the dramatic consequences of the various forms of disruption of critical infrastructure noted above, one can safely argue that by definition, such disruption has the potential to spawn crises.4 However, there may be differences in terms of the specifics of the direct and cascading effects. In fact, the adjective critical and the noun crisis are related; one standard meaning of critical refers to being at or on the verge of crisis.5

From the perspective of policy decision-making, a crisis may be usefully defined in terms of three subjective criteria perceived by strategic leaders (as well as by those for whom they are responsible): threat, uncertainty, and urgency (cf. Hermann, 1963; Rosenthal et al., 1989; Stern, 2003).6 These criteria are not only helpful in distinguishing crises from other types of situations but also provide a means for probing and preparing to act during them. The components of crisis will be introduced from a general perspective in the paragraphs below and then applied to the domain of critical infrastructure disruption in the following section.

First, crises are associated with threats to (and often potential opportunities to promote) the core values cherished by decision makers and/or their constituencies. These include, among others, human life, public health and welfare, democracy, civil liberties and rule of law, political autonomy, economic viability, and public confidence in leaders and institutions. Leaders must also be prepared to cope with conflicts among such values (Farnham, 2000). The threat of terrorism, for example, entails potential conflicts between security considerations and civil liberties, as demonstrated by the post-9/11 debates on the Patriot Act and Guantanamo Bay, and, more recently, regarding electronic surveillance. Corresponding tensions can emerge with regard to potential public safety and health measures associated with other contingencies as well, such as quarantine restrictions in epidemics and mandatory evacuation orders in the face of hazards such as storms, wildfires, and toxic spills.

Second, crises are associated with high degrees of uncertainty regarding the nature of the threat (i.e., the known and unknown unknowns), the contours of an appropriate response, and the possible ramifications of various courses of action. For example, the causes and manner of contagion of sudden acute respiratory syndrome (SARS) were not known during the initial outbreak in 2003 (Kleinman & Watson, 2006). It was difficult for Chinese and Canadian authorities to deal with the public health challenges—and the political, social, and economic consequences—of this disease in the absence of such knowledge (Olsson et al., 2011). Some analysts distinguish between “familiar” and “novel” contingencies when it comes to crises. All else being equal, the more familiar the contingency (and the more it conforms to scenarios used prior to the crisis as a basis for planning, training, and exercising), the more likely it is that crisis managers will face moderate levels of uncertainty and be working in the domain of structured problem-solving. The more unexpected and novel the event, the greater the uncertainty and the more ill-structured the domain in which crisis managers must operate. Coping with such novel contingencies and the cascading shocks associated with them makes the already difficult challenges of crisis sense and decision-making even more demanding (cf. Baubion, 2013).

Third, crises are associated with a sense of urgency. Events are perceived as moving quickly, and there are fleeting windows of opportunity to influence their course. Effective, proactive intervention can minimize vulnerability (e.g., by getting citizens or mobile assets out of harm’s way before a storm hits) and help to prevent or mitigate the impact of a potential threat (e.g., disrupting a terror plot or isolating carriers of a highly infectious disease). Additional time pressure stems from the relentless pace of the 24-hour news cycle. Strategic decision makers and their organizations must cultivate the capacity to diagnose situations and formulate responses under severe time pressure. Thus, crises force decision makers to make some of the most consequential decisions in public life under extremely trying circumstances.

Applying the Crisis Definition to Critical Infrastructure Disruptions

The infrastructure systems of concern are labeled critical for a reason. These are systems vital to sustaining life, health, welfare, and functionality in highly developed societies, and disruptions to them tend to have a dramatic and cascading impact on core societal values. Furthermore, policy decisions regarding managing the consequences of disruption and priorities as well as resource allocations regarding system restoration involve (often competing) core values for societies and organizations. Political leaders and infrastructure operators face typical dilemmas relating to the protective shutdown of systems. Proactively shutting down systems in the face of threat or hazard warnings can help reduce exposure and avoid damage. For example, authorities shut down the U.S. civilian air transportation system completely in the wake of the 9/11 attacks (Gordon et al., 2007). Similar preventive measures—with dramatic impacts on air transportation—and indirectly ground transportation—initially reduced the risk to air traffic stemming from volcanic dust during the eruption of an Icelandic volcano in 2010 (Alexander, 2013; Brooker, 2010). However, it should be noted that such protective measures can cause severe disruption and post-decision controversy in and of themselves—especially if the potential threat triggering the measures does not materialize. Conversely, failure to take protective measures in the event of a major attack or destructive storm can expose government leaders and infrastructure operators to even more devastating liability and criticism. To take another example, for example, failure of the power grid can cause life and health-threatening consequences through impacts on food storage and preparation, hospital and critical care functionality, traffic management, temperature (heating or cooling of indoor spaces), and so on. Failure to maintain or rapidly restore service can negatively affect trust in government and in critical infrastructure operators alike (Newlove et al., 2003). To take another example, recent cyberattacks have caused severe financial and reputational damage to individuals and institutions as indicated by the cyberattacks on the 2016 U.S. election, the Equifax data breach, the NotPetya data destruction attack, and breaches targeting major retailers. Furthermore, as so-called cyberphysical systems become more common and cyberweapons become more sophisticated, cyberattacks are liable to cause material, as well less tangible, forms of damage and pose severe threats to human life as well as information security.7 The security firm Thales frames this change in the potential consequences of cyberattacks as a move from attacks on business information technology systems that result in mostly “financial and reputational risks” to attacks on industrial control systems that can also result in “safety and operational risks” (Thales, 2013). Finally, it should be noted that many disruptions also raise significant issues of justice, fairness, and liability with regard to the distribution of responsibility for costs or other negative consequences stemming from the direct and indirect impacts of critical infrastructure disruption.

Uncertainty

As in many other realms of crisis, uncertainties abound when it comes to critical infrastructure crises. These uncertainties typically stem from a number of sources. These include uncertainty about the impacts and trajectories of acute natural hazards or potential threats originating from human adversaries. For example, despite advances in hurricane modeling and healthy competition between European and North American modelers, it remains difficult to predict hurricane tracks with sufficient timeliness and accuracy to enable efficient evacuation—as the experience of Florida with Hurricane Irma clearly demonstrated. In that case, areas thought to be in danger were proactively evacuated; however, the storm did not behave as predicted, and some of the evacuated persons ended up leaving areas less affected by Irma and going to areas hit harder by the hurricane.8

Other forms of uncertainty stem from inadequate understanding of system interdependencies and vulnerabilities. These can result in unanticipated pathways to failure and consequences of disruption (Roe & Schulman, 2016). Even where pathways are reasonably well understood, interdependence and linkages can cause vulnerabilities that are understood in general terms, but very difficult to mitigate in ways that are economic or feasible. In this case, the general problem is understood, but the uncertainty is largely focused on the type and scale of the initiating event’s impact on these systems. As Paul Edwards argues:

The effects of such failures can be magnified by interdependencies among infrastructures. For example, natural cataclysms can cripple one infrastructure—such as the emergency services system—by taking out others, such as the telephone system and the roadway network. Indeed, we depend so heavily on these infrastructures that the category of “natural disaster” really refers primarily to this relationship between natural events and infrastructures.

(Edwards, 2003, pp. 193–194)

Further uncertainties stem from difficulties in predicting and coordinating responses of citizens and various nongovernmental actors to warnings, safety recommendations, and protective orders. Will the issuance of an evacuation order lead to an orderly exodus from an urban area or prolonged gridlock that will cause an additional disruption of the transportation system and increase citizen exposure to a threat or hazard? For example, Mayor Sylvester Turner of Houston chose not to emphasize proactive evacuation as a civil protection strategy for Hurricane Harvey due to concerns over these types of uncertainties.9

Similarly, another type of potential uncertainty has to do with how much cooperation and solidarity to expect from citizens, neighbors, or partners (cf. Almklov et al., 2012; cf. Grönvall, 2001)? Will a recommendation to households to make sure to have essential supplies lead to sensible preparations or exaggerated hoarding behaviors that disrupt supply chains? Will citizens respond to calls to conserve water or energy to an extent sufficient to mitigate an escalating crisis? How will neighboring jurisdictions (municipalities, provinces or states, countries) respond to calls for assistance? Will they live up to obligations to provide mutual aid, assistance, and potentially scarce critical resources if they are facing a potential or actual threat—or intense domestic political pressure—as well?

Time Pressure

Time pressure manifests in a number of ways in critical infrastructure crisis management, and it poses particular challenges with regard to warning and response. First of all, there is often a “window of opportunity” for proactive protection measures such as a grid or transportation system shutdown of the kind discussed previously. As a threat or hazard is becoming more imminent, it may be possible to reduce exposure in various ways. For example, shutting down or reducing load on a power grid or satellite-based communications or navigation systems can reduce vulnerability to damage caused by extreme solar storms (cf. Odenwald & Green, 2008). Similarly, heightening security or shutting down air or rail traffic in response in response to an acute terrorist threat (9/11 or the London Bombings of 2005) or hazard (hurricane force winds or volcanic ash) can help protect assets and/or users of the infrastructure systems in question. However, such opportunities tend to be time-sensitive and may be fleeting. Other systems (such as some pharmaceuticals production and supply chains, nuclear power, and some chemical storage sites [e.g., Arkema plant; see above]) may require continuous access to refrigeration, power, fuel, or cooling water to maintain safe operations, creating intense time pressure to restore functionality should disruptions occur. Should deviations from normal functionality take place, there may be limited time to intervene in order to prevent accidents or other forms of cascading disruptions from occurring. Similarly, there may be limited time to attempt to influence public behaviors in ways that will protect systems or prevent disruption to critical infrastructures and supply chains (cf. Holeguin-Veras et al., 2012). Efforts to get the public to conserve water (e.g., during the California droughts) or power to protect vulnerable power transmission systems (e.g., Auckland, Outer Banks) are likely to involve considerable urgency. Finally, inquiries, criticism, and pressure from media (traditional and social), advocacy groups, the opposition, and competitor groups can create additional forms of time pressure and add additional time-sensitive tasks to the burdens carried by crisis managers.

Clearly, contingencies involving critical infrastructure disruptions—whether as a triggering event or (potential) consequence of natural hazards, large-scale accidents, or deliberate attacks—meet the crisis criteria proposed previously. Readers should note that the following criteria can be easily turned into diagnostic questions that can help crisis managers make sense of events involving potential or actual critical infrastructure disruption (cf. OECD, 2015; Stern, 2009):

What values are at stake in this situation?

What are the critical uncertainties and what can be done to reduce them?

How much time is available for deliberation and decision-making?

Crisis Management Tasks and Application to Critical Infrastructure Crisis

Core Crisis Management Tasks

Several decades of intensive empirical research on crisis management shows that leaders face recurring challenges when confronted with (the prospect of) community (or organizational/national/international) crises (Boin et al., 2017).10 These are:

sense-making

decision-making

meaning-making

ending and accounting

learning and changing

These tasks are germane to leaders and other crisis managers across sectors and are central not only to effective crisis leadership in a particular incident but also to creating better preconditions for future incidents and resilient adaptation to changing environmental conditions over the longer term. Hannah et al. (2009), like Leonard and Howitt (2012), suggest that different forms of leadership may be needed in different phases of a disaster or crisis. Helsloot et al. (2012), with their focus on “mega-crises,” describe leadership challenges across crises of differing size and scope. The following conceptualization identifies crisis leadership tasks likely to arise during a variety of extreme events.

Sense-making in crisis refers to the challenging task of developing an adequate interpretation of what are often complex, dynamic, and ambiguous situations (cf. Stern, 2015; Weick, 1988, 1993). This entails developing not only a picture of what is happening but also an understanding of the implications of the situation from one’s own vantage point and that of other salient stakeholders. As Alberts and Hayes (2003) put it: “Sense-making is much more than sharing information and identifying patterns. It goes beyond what is happening and what may happen to what can be done about it” (p. 102).

Making sense of critical infrastructure crises is a challenging task. As this discussion has shown, uncertainties, ambiguities regarding threats, hazards, latent vulnerabilities as well as complex interdependencies within and among critical infrastructure systems make sense-making extremely difficult. Even when warnings are forthcoming—for example, with regard to natural disasters such as hurricanes and flooding where monitoring and detection systems have improved significantly in recent years in many parts of the world—it is often very difficult to predict with confidence how particular critical infrastructures will be affected or what the cascading effects of disruptions might be. This task is even more difficult with relation to novel, relatively unanticipated crises in which information and data-sharing networks and expert communities of practice may be underdeveloped and much of the sense-making work must take place on a relatively improvised basis. This was the case, for example, to a considerable extent during the volcanic ash cloud crisis sparked by volcanic activity in Iceland in 2010 bringing commercial air traffic to a halt over much of Europe (Parker, 2014). In such cases, difficult scientific and technical assessments with regard to “exotic” issues must be produced and communicated to governmental and other key decision-makers under crisis conditions. In many countries this still occurs largely on an ad hoc basis, although others such as the United Kingdom have developed (or are in the process of developing) Scientific Advisory Groups for Emergencies [SAGE].11

A first step in making sense of a critical infrastructure crises is to identify key public, private, and nonprofit actors and stakeholders and gather information via various forms of (social and technical) networks associated with or connecting across critical infrastructure sectors. Many highly developed countries have or are in the process of developing strategies and collaborative fora to improve critical infrastructure protection and resilience. Such efforts, hopefully undertaken well before the onset of a crisis can improve the flow of information, contribute to improved situational awareness, and facilitate “heedful interrelating” and other forms of crisis management cooperation among diverse sets of actors involved in governing, operating, or using critical infrastructures.12 Making sense of critical infrastructure crises is, of course, facilitated by deeper and more dynamic understanding of systems and cross-system interdependencies. As a result, efforts to improve technologies for mapping, modeling, simulation, and visualization of such systems can contribute not only to system design improvements to improve resilience and reliability but also to capacity for crisis management and rapid restoration.13 This issue will be discussed further in the final section of this paper, Preparing for Critical Infrastructure Crisis Management.

Another promising development—to the extent that communications and mobile data networks remain available—for improving situational awareness in critical infrastructure crisis is citizen crowdsourcing. Armed with smartphones and web and geographic information system (GIS)-based platforms for aggregating, analyzing, integrating and transposing data, citizens as well as various forms of organized official or unofficial responders can act as sensors (Akhgar et al., 2017; Stern, 2017b).

Decision-making refers to the fact that crises tend to be experienced by leaders (and those who follow them) as a series of “what do we do now” problems triggered by the flow of events. These decision occasions emerge simultaneously or in succession over the course of the crisis (Newlove et al., 2003; Stern, 1999; Stern et al., 2014). Coping with critical infrastructure disruptions and managing the restoration process tends to require an interdependent series of crucial decisions and to be taken in a timely fashion under very difficult conditions by a variety of public, private, and nonprofit sector actors and stakeholders. Of note, governance arrangements may vary significantly among highly developed countries regarding the extent of public control, regulation, and ownership of critical infrastructures.

It is important to keep in mind that decisions in critical infrastructure crises will, by definition, be taken under highly stressful conditions of considerably uncertainty, time pressure, and threat to core societal and organizational values, as noted above. Furthermore, conflicts among values are to be expected, contributing further to the decisional stress load facing decision-makers (cf. Lebow & Stein, 2019).

It may be helpful to consider typical examples of the kinds of decisions that are likely to arise in the context of a critical infrastructure crisis. Taking a threat/disruption to electric power infrastructure as an example, the following are just some of the very difficult crisis decisions that may be required (Newlove et al., 2003; Nye, 2010; Parker et al., 2009):

Decisions to issue warnings regarding threats, hazards, and possible power grid disruptions and/or their consequences

Decisions to order protective shutdowns to protect system components (e.g., power generation or transmission) or prevent unsafe or unduly risky operations under conditions of acute threat or mounting natural hazards

Decisions to request or order mandatory power conservation to prevent further degradation of the power system

Decisions regarding how to allocate drastically reduced supplies of power and scarce repair capabilities and resources

Decisions regarding requesting, providing or accepting mutual aid (e.g., in the form of components or repair crews from other regions of the country and/or from other countries)

Decisions regarding provision of financial resources for response and recovery, and/or accepting financial or moral responsibility for the direct and indirect costs and consequences associated with outages and restoration

Decisions regarding public health and safety measures (e.g., food safety and pharmaceuticals interventions for compromised refrigeration, decisions regarding hospital continuity of service) necessitated by power outages

Decisions regarding civil protection measures—such as evacuation orders or instruction to shelter-in-place, curfews—for populations potentially endangered by consequences of power outages and supply chain disruptions and/or the hazards and threats that triggered them

Decisions regarding measures for restoration and recovery, some of which may conflict with normal rules, practices and procedures for building planning and permission, environmental protection, and so on

Thus, decision-making in critical infrastructure crises, as in other types of crisis events, is extremely complex, difficult and demanding.

Meaning-making (and crisis communication) refers to the fact that leaders—from public, private, and nonprofit sectors alike—must attend not only to the operational crisis communications challenges associated with a contingency, but also to the ways in which various stakeholders and constituencies perceive and understand them. Because of the emotional charge associated with disruptive events, followers look to leaders to help them to understand the meaning of what has happened and place it a broader perspective. By their words and deeds, leaders can convey images of competence, control, stability, sincerity, decisiveness, and vision—or their polar opposites.

Critical infrastructure crises can pose unique challenges with regard to crisis communication in general and meaning-making in particular. First of all, information and communications technology—and critical infrastructures which support them—may be directly affected by the impact of accidents, natural hazards or attacks associated with the crisis. Extreme earth (windstorms, floods) and space weather (e.g., solar storms) events as well as physical and cyberattacks can disrupt the capacity to communicate via both wired and wireless communications networks for shorter or longer periods. In addition, many types of events (again including both deliberate attacks, major accidents, and natural hazard–based events) may be associated with increased citizen and responder communications traffic to the extent that vulnerable communications networks may fail or have severe degradations regarding access, reliability, or quality of communications. As a result, crisis managers may have difficulty in sending and receiving messages and sharing data when ability to do so matters most.

For example, during the prolonged summertime power outage in Auckland, New Zealand in 1998, the normal press briefing facilities (among other key functions and coordination centers for city government) were unuseable because of high temperatures and lack of functioning elevators. As a result, Mayor Les Mills ended up conducting much of his business and media interviews from his car and mobile phone from various locations around the city, which complicated the coordination of operations and messaging. The power company, Mercury Energy, which was responsible for the outage, was kind enough to offer the mayor the use of their press briefing facilities, which had functioning power and communications. Unfortunately for the mayor, this also entailed giving his briefings from a podium boldly displaying the logo of what was at the time a very unpopular critical infrastructure operator. This served to symbolically associate the mayor with the power company at a time when a degree of critical distance would have served him better politically. It should be noted that he lost the next election, in part due to what some regarded as a subpar performance in critical infrastructure crisis management (Newlove et al., 2003).

Hurricane Maria in Puerto Rico in the fall of 2017 is another excellent example. Vulnerable communications and electrical power networks, already battered by Hurricane Irma, were devastated by Hurricane Maria. As a result, much of the response and early recovery effort took place under particularly challenging conditions and large portions of the stricken island remained without power and electricity as not only days but weeks and months passed. Modular cellular technologies (so-called cells on wheels, or COWS) were helpful in restoring communications in certain urban or other particularly sensitive areas but were insufficient to restore communications capacity for the bulk of the island.14 Degraded communications capacity can limit the ability of communities to self-organize and coordinate citizen-based efforts to respond to and recover from disasters using social media and smart communications technologies—an increasingly important dimension of resilience in large-scale events (Akhgar et al., 2017; Stern, 2017b; Stern, 2017a).

Hurricane Maria also contains good examples of the ways that leaders at various levels of government engage in competitive attempts to demonstrate empathy and engagement as well as endeavoring to shape the narratives and public perceptions of the event. While President Trump and acting Secretary of Homeland Security Elaine Dukes suggested that the response to Maria in Puerto Rico was effective and a “good news story,” Carmen Yulin Cruz, the Mayor of San Juan, appeared on CNN wearing a black T-shirt with the text “We are dying,” creating vivid images that went viral via social and traditional media far beyond the island. Similarly, the tone set by President Trump’s combative approach to crisis communication—which included sharp criticism via Twitter of the leadership of Mayor Cruz and allegations that the Puerto Rican locals were not doing their part with regard to response and recovery—proved highly controversial.15

Ending and Accounting refers to the nontrivial task of finding the appropriate timing and means to end the crisis, manage accountability processes, and return to normalcy. Furthermore, attempting to end a crisis prematurely can endanger or alienate constituencies who may still be in harm’s way, traumatized, or otherwise continue to be politically or emotionally invested in the crisis. Crises may be particularly difficult to terminate if the operational challenges lead to a so-called crisis after the crisis in which serious recriminations—resulting in losses of trust and legitimacy—are launched against those who failed to prevent, respond to, or recover effectively from a negative event.

Critical infrastructure crises, like other forms of crisis, may have different trajectories and different combinations of operational and legitimacy dimensions. Some are “sudden onset” in which a dramatic event such as an earthquake or hurricane causes dramatic damage. Others may demonstrate a “creeping” quality whereby a threat slowly manifests or the functionality of a critical infrastructure slowly degrades for a prolonged period before attracting notice. The water crises that have affected many cities around the world—from places as diverse as Mexico City; Flint, Michigan; and Hoosick Falls (New York)—are good examples of vulnerabilities mounting as a result of environmental change; rapid population growth and development; industrial pollution; or unsafe properties of aging infrastructure installations (use of lead pipe in water distribution systems); and so on.16

Similarly, some critical infrastructure crises demonstrate rapid and effective restoration of the pre-crisis status quo, whereas others may exhibit prolonged disruptions of functionality. This issue of differing time frames and trajectories is even more troubling when combined with the fact that infrastructure risk experts claim that “Many security risk decisions do not account for the life cycle of a system or an infrastructure” Assante, 2009:4), That is, there is a disconnect between short-term decision making—and the incentives surrounding it—and the very long terms for which many infrastructures are expected to remain operational. Logically, this could both make crises more likely but also suggests that crisis decision-making might be likely to be short-sighted. Even in shorter, more clear-cut cases of infrastructure crisis, public evaluation of leadership and authorities can be mixed or contradictory (Helsloot & Beerens, 2009), in long-term and complex situations such as these, the effect is likely to be similar.

Tied to the trajectories, some disruptions and their responses may morph into legitimacy crises after the initial infrastructure crisis (cf. Boin et al., 2017; Fischbacher-Smith, 2006). When it comes to critical infrastructure crises, such legitimacy crises may focus on questions such as:

Why were vulnerable and/or potentially dangerous critical infrastructure systems or components allowed to be used or to remain in service?

Why were safety margins and measures not more robust?

Why were safer and/or more reliable alternatives to the failed or vulnerable technologies not used?

Why were “known” risks and vulnerabilities not addressed more proactively and promptly before and/or during the crisis?

Why were leaders not more focused on the crisis issue and why did they not provide stronger, more empathetic, and/or more effective leadership?

Why was the response not better coordinated, better resourced, more proactive, more effective, more fair, and so on?

Why was the restoration and early recovery not faster, cheaper, more effective, and more complete?

Why were some groups in society advantaged or disadvantaged (prioritized or neglected) in terms of response and recovery efforts?

The reader should note that these issues are likely to arise in multiple accountability fora: parliamentary bodies, professional or industry associations or governance bodies, regulatory agencies, courts, and the media. Furthermore, crisis experiences and their associated accountability processes may profoundly challenge and in some instances destabilize established practices and patterns of governance (including regulation and divisions of authority and responsibility across sectors and levels of government) with regard to managing critical infrastructure sectors. When critical infrastructure operators and industries are perceived to have been—or determined in a court of law to have been—negligent, strong pressures for change and significant legal and financial liability for operators and other private sector actors may emerge. This can take the form of proposals for increased regulation, incentivizing safety and resilience, heightened operator responsibility for damages, or even withdrawal of the “permissive consensus” that allows potentially hazardous activities such as nuclear power or process industries involving potentially dangerous chemicals to continue. The Fukushima nuclear accident stemming from the great Tohuko earthquake and tsunami is a good example, with profound repercussions for the nuclear power industry even in countries on the other side of the world such as Germany (Bernardi et al., 2018).

The highly complex systems of critical infrastructure governance entailing various forms and degrees of regulation and legislation, diverse patterns of ownership, different varieties of public-private partnership in place in many countries have profound implications for accountability with regard to critical infrastructure disruption/restoration and crisis management (cf. Dunn-Cavelty & Suter, 2009). Awareness of and outcomes from previous accountability processes should inform preparedness, response, recovery, and postcrisis efforts toward learning and reform (which will be discussed next).

Learning and changing requires an active, critical and reflective process that recreates, analyzes, and evaluates key processes, tactics, techniques, and procedures in order to enhance performance, safety, capability, and so on. The learning process has just begun when a so-called lessons learned document has been produced. To bring the learning process to fruition, change in management/implementation must take place in a fashion that leaves the organization with improved prospects for future success (Boin et al., 2017; Deverell & Olsson, 2009; Stern, 2015; Stern et al., 2014). Note that political and organizational cultural obstacles and various forms of disincentives often prevent effective learning and change from taking place (Stern, 1997).

Critical infrastructure disruptions—like other forms of crisis—provide unique chances for learning and opportunities for change. Latent or unrecognized vulnerabilities and interdependencies manifest themselves in dramatic fashion, providing opportunities for redesign and reform of technical systems, institutional frameworks, tactics, techniques, procedures, and so on. The abrupt manifestation of urgent and difficult problems can stimulate creative improvisation as well as new forms and constellations of collaboration and innovation. However, taking advantage of these opportunities requires reflection, inquiry, leadership, and resources to identify adaptive lessons (cf. Heifetz & Laurie, 2001) and translate them into more resilient, reliable effective and legitimately functioning systems for critical infrastructure and crisis management.

Hurricane Sandy serves as a vivid example. The second-largest Atlantic storm on record, Sandy affected the East Coast of the United States from Florida to Maine, as well as states as far inland as West Virginia, Ohio, and Indiana. The storm made landfall in southern New Jersey on October 29, 2012, battering the densely populated New York and New Jersey region with heavy rains, strong winds, and record storm surges. The storm’s effects were extensive, leaving more than 8.5 million customers without power, causing widespread flooding throughout the region, and contributing to acute fuel shortages in parts of New York and New Jersey. In the United Statesl the storm damaged or destroyed hundreds of thousands of homes, caused tens of billions of dollars in damages, and killed at least 162 people.17

In addition, Hurricane Sandy caused severe damage and disruption to multiple critical infrastructure systems in New York and New Jersey, including transportation,18 energy (electric power and fuel distribution), water provision,19 and healthcare (e.g. hospitals and nursing homes). Numerous points of vulnerability and challenging problems emerged ranging from the vulnerability of the subway system and the cable installations servicing it to flood damage, cascading interdependencies between electric power and various nodes in the fuel distribution network, and fragility of hospital power backup systems in the face of massive storm surge and flooding (e.g., the evacuation of N.Y.U. Langone Medical Cente).20 Following Hurricane Sandy, there have been a large number of after-action reports, inquiries, and research studies about various aspects of the crisis, response, and recovery associated with it. Many of these efforts have focused on or significantly involved critical infrastructure functions and actors, and a variety of important lessons have been learned and changes made.21

The experience of the Atlantic hurricanes of 2017 has begun to be systematically processed via a postcrisis multidimensional after action and research effort of the kind that took place for Hurricane Sandy and some previous major Atlantic storms (e.g., Katrina). There are significant indications that important lessons were learned from Sandy and previous cases that informed the proactive crisis management by many governmental actors and critical infrastructure operators regarding response and restoration efforts tied to Hurricanes Harvey and Irma (Federal Emergency Management Agency [FEMA], 2018). However, the much more problematic response and delayed restoration of critical infrastructure services (e.g., power, fuel, telecommunications, water) to Hurricane Maria in the U.S. territory of Puerto Rico is both instructive and troubling. Clearly, resilience and preparedness for critical infrastructure crisis management can develop in an uneven fashion even in highly developed countries, leaving pockets of particular resilience and particular vulnerability. Contextual factors such as geographic centrality/remoteness, regional economic strength, and robustness or fragility of particular infrastructures, functionality of local governance, coincidence with other simultaneous or near simultaneous events, and not least political will can all affect response and recovery. The increased frequency and severity of events not only poses challenges to societal and organizational resilience but also to the ability of organizations to focus on and extract the lessons from individual events. Shifting to “seasonal” rather than individual event-based after-action reviews (as FEMA did regarding the eventful 2017 hurricane season) is understandable but can result in missed learning opportunities associated with particular events (FEMA, 2018).

Although effective production and adaptive implementation of “lessons learned” is very challenging and requires significant investment of time and resources, failure to learn from experience is a recipe for stagnation and perpetuation of vulnerability. This may be extremely costly in humanitarian, political, and financial terms for the key actors involved in the governance and operation of critical infrastructure systems (Boin & McConnell, 2007; Boin et al., 2017).

Cybersecurity as a Driver of Infrastructure Risk and a Complicating Factor in Infrastructure Crisis Management

Many of the components of crisis management are exacerbated by the move toward infrastructure that is informatized and automated. Sense-making and decision-making are both made more difficult, because they require the incorporation of new sets of experts and technical advisors. This is true because computers and related technologies are—despite their ubiquity— are still seen as “exotic” by some decision makers. Technical advisors will almost never eliminate uncertainty, one of the defining characteristics of crises; rather, the goal is to have such specialists help limit, reduce, or manage uncertainty—and thus improve decision-making and outcomes.

Another challenge to sense-making is not merely that vulnerabilities are latent, but that each technical upgrade potentially introduces new vulnerabilities, although they often remove old vulnerabilities as well. This changing landscape of technical vulnerability shifts much more rapidly than the vulnerability landscape of large physical infrastructures that were manually controlled. This problem, long struggled with in cybersecurity, is a result of increased complexity and processes that have tended to prize novelty or convenience over security. As Assante notes “incorporating new technology can introduce vulnerabilities” (Assante, 2009:4). However, maintaining the ability to manually control such infrastructure can play a major role in being able to mitigate the novel infrastructure crisis. This was discovered by Ukrainian power workers coping with several cyberattack-induced blackouts that would have been far worse without the ability to manually restart power systems without the computerized controls (Greenberg, 2017).

Meaning-making becomes more complicated as complex information—from digital forensics to the impacts of data breaches—must be communicated to communities and stakeholders who lack the technical background to evaluate the evidence. From breaches such as those at Equifax and the Office of Personnel Management (OPM), as well as Russian attempts at interference in the 2016 U. S. election, increasingly crisis managers must discuss complex technical matters (as well as the complex sociopolitical matters that have always defined crises) in ways that risk oversimplifying or misleading.

A particularly dangerous version of this challenge comes when this meaning-making and risk communication is undermined or countered by those deemed credible. Following the Sony Pictures Entertainment hack, which the United States subsequently attributed to North Korea, there was a broad dispute in the media in which cybersecurity professionals argued that the U.S. government had not released sufficient evidence to justify their assertions about attribution. Similar debates followed public assertions attributing election interference to Russia. Moving forward, this expectation that crisis leaders will conduct—and perhaps even demonstrate or share—highly technical analysis related to forensics and attribution may well constrain crisis decision-making and messaging.

The escalation of the consequences of cyberattacks from “financial and reputational risks” to “safety and operational risks” (Thales, 2013) described earlier will only grow more serious with the IoT, smart cities, and the growing ubiquity of embedded computing in cyberphysical systems ranging from pacemakers to automobiles to traffic lights. These vulnerabilties will spawn novel forms of infrastructure crises moving forward. Some have already occurred, such as ransomware attacks on transportation infrastructure and hospitals. Others may eventually take place, such as ransomware attacks on prosthetic limbs and pacemakers or attacks on supply chains to manipulate financial markets. Furthermore, the increasing consequences of cybersecurity lapses will not only create novel crises but will also influence existing elements of crisis management. How easy is the “accounting” part of “ending and accounting” or the “learning” component of “learning and changing” when the malware that resulted in the incident erases logs and evidence of what happened and hinders documentation of crisis response efforts? How much public pressure—productive or counterproductive—will follow the first documented cyberhijacking of an automated driverless vehicle that results in the death of a passenger? Understanding the future of infrastructure risk, and the future of infrastructure crises, will increasingly require understanding cybersecurity. Both infrastructure managers and crisis managers will increasingly be expected to operate knowledgably and effectively in this environment.

Preparing for Critical Infrastructure Crisis Management

Having explored the five crisis management tasks discussed in the previous section, it is important to note that a key additional imperative for leaders is the broader task of preparing for crisis management (Boin et al., 2017, chapter 7; Stern, 2013).

Preparing refers to the task of creating preconditions and dispositions that facilitate collaborative effort as well as effective and legitimate intervention when crises occur as well as during their aftermath. Elements of preparing include activities such as organizing, networking, planning, training, and exercising. This generally entails attempting to identify key players and roles likely to be required for effective societal, community, or organizational response and making sure that each role-player is capable of enacting that role skillfully and in a fashion conducive to not just particularistic but also collective success. Leadership with regard to this task has a key motivational component—preparedness requires investments in time and resources that compete with other priorities in times of “peace.” Ironically, when a crisis is imminent, such as when meteorological experts predict that a hurricane is on its way, motivation tends to be high. However, in such acute preparedness efforts in the face of an escalating event, although the will to prepare may be high, difficult dispositions must be made under crisis-like conditions of uncertainty, time pressure, and resource scarcity.

On the basis of the literature reviewed previously, it is possible to identify a number of target areas for improvement and good practices with regard to improving preparedness and capacity for critical infrastructure crisis management and rapid restoration in the wake of critical infrastructure disruptions in highly developed countries. These include:

Improving international cooperation and joint management of critical infrastructure systems

Building trust and relationships in support of crisis management across the public-private-nonprofit sector divide, and among disconnected organizations in each sector

Understanding, improving, and planning relationships with internal and external sources of technical “reach-back” and expertise

Improving knowledge and understanding of critical infrastructure systems through mapping, modeling, and simulation

Reinvigorating critical incident response and recovery planning

Training and exercises involving key public, private, and nonprofit actors at both strategic and operational levels

Improving accountability and facilitating organizational and interorganizational learning, to foster more effective investment in infrastructure planning and maintenance

Improving International Cooperation and Collaborative Response and Recovery of Critical Infrastructure Systems

As seen previously, contemporary critical infrastructure systems transcend national boundaries in various ways. Disruptions may originate in physical events occurring in or cyberattacks launched from on one or more countries but end up affecting many others. Many natural hazard scenarios—such as extreme terrestrial and space weather events—can have an impact on critical infrastructures across national boundaries and influence global supply chains. Preventing attacks and limiting the damage of disruptions stemming from natural, man-made, or mixed events often requires rapid, even real-time, exchange of intelligence and system status information as well as expert knowledge. In addition, effective coordination of protective, response, and recovery measures is essential to prevent further cascades of disruption and damage and facilitate rapid restoration (e.g., via effective use of scarce repair capabilities and component resources across countries). This is true not only of power and other energy systems, but also of transportation, and telecommunications.

Building Trust and Relationships in Support of Crisis Management Across the Public and Private Nonprofit Divide

A broad set of public, private, and nonprofit players share authority, responsibility, capabilities, information, knowledge, and resources needed to cope with severe critical infrastructure disruptions and their cascading effects. Although these actors are diverse in many respects, they have significant common interests in mitigating disruptions and promoting rapid restoration of critical infrastructures. Whole society/community approaches increasingly in emergency management and resilience-building are highly relevant to improving capacity to cope with critical infrastructure failure as well. Creating opportunities, incentives, and fora for these individuals and organizations to familiarize themselves and cooperate with each other—before, during, and after crisis events—is extremely valuable. Governments are actively supporting this process in many of the most developed countries (e.g., United States, United Kingdom, Sweden, Switzerland22) via resilience fora, critical infrastructure sector groupings, and other equivalent efforts, although much more can be done.

Understanding, Improving, and Planning Relationships with Internal and External Sources of Technical “Reachback” and Expertise

Although the critical importance of access to technical expertise is perhaps most obvious in the relatively arcane cybersecurity field, parallel needs for technical expertise arise in many other types of infrastructure-related crises. During the Deepwater Horizon spill, there were significant challenges of accessing, coordinating, and integrating different types of expertise into the crisis management effort. (Birkland & DeYoung, 2011; cf. Koraeus & Stern, 2013). Public and private sector crisis managers were dependent upon a small community of experts in offshore drilling and underwater geology from many organizations and sectors (Busch & Givens, 2012). This is, of course, just one among many other types of expertise urgently needed to deal with the cascading environmental, social, and economic consequences of the oil spill.

Similar mobilization of expertise is necessary in many types of infrastructure crises. In cyberattacks or large-scale cyberdisruptions, owners and operators of infrastructure need to be able to assemble rapidly highly qualified teams of cybersecurity, digital forensics, or industrial control system experts. This expertise need not be resident in the owners’ or operators’ company or agency. There certainly could be internal resources such as the personnel at the Security Operations Center (SOC) or incident response team, but would also include contractors and security vendors, industry or sectorwide resources such as Information Sharing and Analysis Organizations (ISAOs) and Information Sharing and Analysis Centers (ISACs), and even regulators and law enforcement. Building the “right” team at the right time is key to sense-making, decision-making, and meaning-making in critical infrastructure crises.

Improving Knowledge and Understanding of Critical Infrastructure Systems Through Mapping, Modeling, and Simulation

As demonstrated in the preceding sections, critical infrastructure systems are highly complex and dynamic. Such systems and the environments in which they operate evolve and change on an ongoing basis. Human ability to understand and predict outcomes with regard to disruptions and protective interventions with regard to such systems is limited (cf. Perrow, 1984; Roe & Schulman, 2016) and must be leveraged by investments in efforts to map, monitor, and develop deeper understanding of them. Significant advancements of methodology and technology may be harnessed to improve mapping (both geographic and functional) to identify pathways to and from failure and toward rapid restoration. Empirically based modeling, simulation, and visualization tools can be used to improve reliability and resilience more generally as well as to facilitate effective response and rapid restoration to critical infrastructure disruptions.23

Reinvigorating Critical Incident Response and Recovery Planning

Emergency planning in many countries has been criticized for a tendency toward unrealistic planning assumptions regarding environmental and system vulnerabilities, magnitude and duration of disruptions, and availability of capabilities and resources (Clarke, 1999; Eriksson & McConnell, 2011) as well as for neglecting key actors, stakeholders, and particularly vulnerable populations. Conversely, improved planning for critical infrastructure disruptions will:

involve a broader set of public, private, and nonprofit actors and stakeholders.

build on state-of-the-art knowledge of systems, hazards, and interventions informed by mapping, historical experience base with regard to critical infrastructure crises, and empirically informed and rigorous modeling and simulation methods and technology.

include explicit decision criteria and intervention protocols for proactive system protective measures and planning for the operational and political consequences associated with such measures.

consider the impact of interdependencies among critical infrastructure systems (Roe &Schulman, 2016), cascading consequences, and capability degradation stemming from the event itself or protective shutdown measures with regard to one or more critical infrastructure systems.

Think bigger and emphase “bad” or “worst” case scenarios—the so-called maximum of maximums as it has been labeled in U.S. FEMA doctrine—in order to reveal limitations and lay a foundation for adaptive behavior in the face of catastrophic events.

Depart from conservative assumptions regarding available resources for response and recovery efforts.

Plan explicitly and seek to secure preferential access to resources and capabilities in support of rapid restoration of service.

Training and Exercises Involving Key Actors—at Both Strategic and Operational Levels—From Government, Critical Infrastructure Operators, and Other Key Private and Nonprofit Sector Stakeholders

Government and critical infrastructure operator leaders should take steps to make sure that they and their team members, other key subordinates, and counterparts from essential partners are educated, trained, and exercised in preparation for critical infrastructure crisis management.24 When facing major crises, partnership between strategic leaders and “professionals” inside and outside of government is essential. This means that political leaders who are not “professionals” must be educated as to the nature of critical infrastructure crisis management, informed of what is required of them in scenarios and contingencies involving (the risk of) significant disruption to critical infrastructure systems, familiarized with relevant crisis planning and organization, and equipped to engage effectively in meaningful communicative interaction with others inside and outside of their organizations. Individual and collective crisis management skills are best acquired and honed through hands-on practice in simulated as well as real-world incidents and crises. There are a wide variety of powerful instructional designs and techniques (both traditional and technology enhanced) suitable for critical infrastructure crisis management training and exercises.25 Instructional designs and techniques should be consciously chosen and explicitly adapted to the goals and purposes of a given training or exercise for maximum positive impact.

Improving Accountability and Enabling Organizational and Interorganizational Learning

Critical infrastructure failures raise significant issues of political, legal, and financial accountability. Regulatory regimes, divisions of labor, and responsibility continue to vary greatly across countries and sectors and ambiguities and gaps persist, contributing to suboptimal resilience and suboptimal preparedness for response and rapid restoration. As noted previously, public, private, and nonprofit sector actors participating in the governance and operation of critical infrastructure systems are subject to multiple forms of accountability and must be prepared to answer questions not only in Congress (or Parliament), but also literally in court and in the metaphorical “courts” of (social) media and public opinion.

Disruption of critical infrastructure systems, by definition, may be costly in lives and treasure, as well as in organizational (and in many cases personal) trust and legitimacy. As a result, it is imperative to learn the lessons of experience. Doing so effectively requires fostering a culture of safety and resilience in which information is shared and performance before, during, and after crises that are subjected to benchmarking and critical scrutiny. Experts should resist temptations to withhold “embarrassing” information and whitewash subpar performances in favor of systematic and methodologically informed inquiry and vigorous and forward-looking implementation of measures to address preparedness gaps and shortcomings.

There is good reason to believe that managing infrastructure crises effectively could be improved by a better integration of the scholarship and practice of crisis management and the parallel scholarship and practice of infrastructure management. Achieving this integration will require several things. First and foremost, it requires viewing critical infrastructure disruptions—whether resulting from natural disaster, industrial accident, or adversarial action—as crises that threaten core values and entail decision-making and management under conditions of uncertainty and urgency. If critical infrastructure disruptions can be fruitfully viewed as crises—then good practices from the crisis management literature with regard to sense-making, decision-making, meaning-making, ending and accounting, and learning and changing (Boin et al., 2017; Stern, 2013) promise to be helpful in improving organizational and societal critical infrastructure resilience as well. Finally, if infrastructure disruptions are indeed understood as crises, and models as well as experience-based lessons from crisis management are brought to bear in seeking to understand better and meet such challenges, then both practitioners and scholars of crisis management and infrastructure management will be better equipped to learn from each other (Trainor et al., 2018).

References

  • Akhgar, B., Staniforth, A., & Waddington, D. (Eds.). (2017). Application of social media in crisis management. Springer.
  • Alberts, D. S., & Hayes, R. E. (2003). Power to the edge. Command and Control Research Program.
  • Alexander, D. (2013). Volcanic ash in the atmosphere and risks for civil aviation: A study in European crisis management. International Journal of Disaster Risk Science, 4(1), 9–19.
  • Almklov, P., Antonsen, S., & Fenstad, J. (2012). Organizational challenges regarding risk management in critical infrastructures. In P. Hokstad, I. B. Utne, & J. Vatn (Eds.), Risk and interdependencies in critical infrastructures: A guideline for analysis (pp. 211–225). Springer London.
  • Andrade, E. R., Reis, A. L. Q., Alves, D. F., Alves, I. S., Andrade, E. V. S., Stenders, R. M.,Federico, C., & Silva, A. X. (2020). Urban critical infrastructure disruption after a radiological dispersive device event. Journal of Environmental Radioactivity, 222, 106358.
  • Assante, M. J. (2009, January). Infrastructure protection in the ancient world. In System Sciences, 2009. HICSS’09. 42nd Hawaii International Conference on (pp. 1–10). IEEE.
  • Baker, A. B., Eagan, R. J., Falcone, P. K., Harris, J. M., Herrera, G. V., Hines, W. C., Hutchinson, R., Moonka, A., Swinson, M., Webb, E., Woodall, T. D., & Wyss, G. (2002). A scalable systems approach for critical infrastructure security. Sandia National Laboratories.
  • Baker, C., Fratto, D., & Reiners, L. (2019). Banking on the Cloud. Tennessee Journal of Business Law, 21, 381.
  • Barabadi, A., Ghiasi, M. H., Qarahasanlou, A. N., & Mottahedi, A. (2020). A holistic view of health infrastructure resilience before and after COVID-19. Archives of Bone and Joint Surgery, 8(Suppl 1), 262.
  • Baubion, C. (2013). OECD risk management: Strategic crisis management (OECD Working Papers on Public Governance 23). Organization for Economic Cooperation and Development.
  • Bernardi, L., Morales, L., Lühiste, M., & Bischof, D. (2018). The effects of the Fukushima disaster on nuclear energy debates and policies: A two-step comparative examination. Environmental Politics, 27(1), 42–68.
  • Birkland, T. A., & DeYoung, S. E. (2011). Emergency response, doctrinal confusion, and federalism in the Deepwater Horizon oil spill. Publius: The Journal of Federalism, 41(3), 471–493.
  • Blokus, A., & Dziula, P. (2019). Safety analysis of interdependent critical infrastructure networks. TransNav, International Journal on Marine Navigation and Safety of Sea Transportation, 13(4), 781–787.
  • Boin, A., & McConnell, A. (2007). Preparing for critical infrastructure breakdowns. Journal of Contingencies and Crisis Management, 15(1), 50–59.
  • Boin, A., ‘t Hart, P., Stern, E., & Sundelius, B. (2017). The politics of crisis management: Public leadership under pressure (2nd ed.). Cambridge University Press.
  • Breen, S. P., & Markey, S. (2019). Half empty? Drinking water systems and regional resilience in rural Canada. Planning Practice & Research, 34(2), 168–183.
  • Brooker, P. (2010). Fear in a handful of dust: Aviation and the Icelandic volcano. Significance, 7(3), 112–115.
  • Brown, T., Beyeler, W., & Barton, D. (2004). Assessing infrastructure interdependencies: The challenge of risk analysis for complex adaptive systems. International Journal of Critical Infrastructures, 1(1), 108–117.
  • Busch, N. E., & Givens, A. D. (2012, October). Public-private partnerships in homeland security: Opportunities and challenges. Homeland Security Affairs, 8, Article 18.
  • Chou, J. S., & Ongkowijoyo, C. S. (2019). Hybrid decision-making method for assessing interdependency and priority of critical infrastructure. International Journal of Disaster Risk Reduction, 39, 101134.
  • Clarke, L. (1999). Mission improbable: Using fantasy documents to tame disasters. University of Chicago Press.
  • Department of Homeland Security. (2013). NIPP. Partnering for Critical Infrastructure Security and Resilience. Homeland Security.
  • Deverell, E., & Olsson, E. K. (2009). Learning from crisis: A framework of management, learning and implementation in response to crises. Journal of Homeland Security and Emergency Management, 6(1), 1–20.
  • Dunn-Cavelty, M., & Suter, M. (2009). Public-private partnerships are no silver bullet: An expanded governance model for critical infrastructure protection. International Journal of Critical Infrastructure Protection, 2(4), 179–187.
  • Edwards, P. N. (2003). Infrastructure and modernity: Force, time, and social organization in the history of sociotechnical systems. In T. J. Misa, P. Brey, & A. Feenberg (Eds.), Modernity and technology (pp. 185–226). The MIT Press.
  • Eriksson, K., & McConnell, A. (2011). Contingency planning for crisis management: Recipe for success or political fantasy? Policy and Society, 30(2), 89–99.
  • Farnham, B. R. (2000). Roosevelt and the Munich crisis: A study of political decision-making. Princeton University Press.
  • Federal Emergency Management Agency (2018). 2017 hurricane season after action report.
  • Fekete, A., Tzavella, K., & Baumhauer, R. (2017). Spatial exposure aspects contributing to vulnerability and resilience assessments of urban critical infrastructure in a flood and blackout context. Natural Hazards, 86(1), 151–176.
  • Fischbacher-Smith, D. (2006). The crisis of management: Managing ahead of the curve. In D. Smith & D. Elliott (Eds.), Key readings in crisis management: Systems and structures for prevention and recovery (pp. 301–317). Routledge.
  • Fuggini, C., & Bolletta, F. (2020). Identification of indicators, metrics and level of service for the resilience of transport critical infrastructure. International Journal of Sustainable Materials and Structural Systems, 4(2–4), 330–346.
  • Gallais, C., & Filiol, E. (2017). Critical infrastructure: Where do we stand today? A comprehensive and comparative study of the definitions of a critical infrastructure. Journal of Information Warfare, 16(1), 64–87.
  • Gordon, P., Moore, J. E., Park, J. Y., & Richardson, H. W. (2007). The economic impacts of a terrorist attack on the US commercial aviation system. Risk Analysis: An International Journal, 27(3), 505–512.
  • Grönvall, J. (2001). Mad cow disease: The role of experts and European crisis management. In U. Rosenthal, A. Boin, & L. Comfort (Eds.), Managing crises: Threats, dilemmas, opportunities (pp. 155–174). Charles C. Thomas.
  • Grosse, C., & Olausson, P. M. (2019). Blind spots in interaction between actors in Swedish planning for critical infrastructure protection. Safety Science, 118, 424–434.
  • Hannah, S. T., Uhl-Bien, M., Avolio, B. J., & Cavarretta, F. L. (2009). A framework for examining leadership in extreme contexts. The Leadership Quarterly, 20(6), 897-919.
  • Heifetz, R. A., & Laurie, D. L. (2001). The work of leadership. Harvard Business Review, 79(11), 5–14.
  • Helsloot, I., & Beerens, R. (2009). Citizens’ response to a large electrical power outage in the Netherlands in 2007. Journal of Contingencies and Crisis Management, 17(1), 64–68.
  • Helsloot, I., Boin, A., Jacobs, B., & Comfort, L. K. (2012). Mega-crises: Understanding the prospects, nature, characteristics, and the effects of cataclysmic events. Charles C Thomas.
  • Hermann, C. F. (1963). Some consequences of crisis which limit the viability of organizations. Administrative Science Quarterly, 8(1), 61–82.
  • Hermann, M. G., & Dayton, B. W. (2009). Transboundary crises through the eyes of policymakers: Sense making and crisis management. Journal of Contingencies and Crisis Management, 17(4), 233–241.
  • Herrera, L. C., & Maennel, O. (2019). A comprehensive instrument for identifying critical information infrastructure services. International Journal of Critical Infrastructure Protection, 25, 50–61.
  • Holeguin-Veras, J., Jaller, M., Van Wassenhove, L., Perez, N., & Wachtendorf, T. (2012). On the unique features of humanitarian logistics. Journal of Operational Research, 30(7–8), 494–506.
  • Jennex, M. ed. (2012). Managing crises and disasters with emerging technologies: Advancements. IGI Global.
  • Kaplan, S., & Garrick, B. J. (1981). On the quantitative definition of risk. Risk Analysis, 1(1), 11–27.
  • Kitagawa, K., Preston, J., & Chadderton, C. (2017). Preparing for disaster: A comparative analysis of education for critical infrastructure collapse. Journal of Risk Research, 20(11), 1450–1465.
  • Kleinman, A., & Watson, J. L. (2006). SARS in China: prelude to pandemic? Stanford University Press.
  • Koraeus, M., & Stern, E. (2013). Exploring the crisis management/knowledge management nexus. In B. Akghar & S. Yates (Eds.), Strategic intelligence management (pp. 134–149). Butterworth-Heinemann.
  • Leavitt, W. M., & Kiefer, J. J. (2006). Infrastructure interdependency and the creation of a normal disaster: The case of Hurricane Katrina and the City of New Orleans. Public Works Management Policy, 10(4), 306–314.
  • Lebow, R. N., & Stein, J. G. (2019). Afghanistan, Carter, and foreign policy change: The limits of cognitive models. In D. Caldwell (Ed.), Diplomacy, force, and leadership (pp. 95–127). Routledge.
  • Leonard, H. B., & Howitt, A. M. (2012). Leading in crisis: Observations on the political and decision-making dimensions of response. In I. Helsloot, B. Jacobs, & A. Boin (Eds.), Mega-crises. Understanding the prospects, nature, characteristics and the effects of the cataclysmic events (pp. 25–34). Charles C. Thomas.
  • Liu, W., & Song, Z. (2020). Review of studies on the resilience of urban critical infrastructure networks. Reliability Engineering & System Safety, 193, 106617.
  • Loggins, R., Little, R. G., Mitchell, J., Sharkey, T., & Wallace, W. A. (2019). CRISIS: Modeling the restoration of interdependent civil and social infrastructure systems following an extreme event. Natural Hazards Review, 20(3), 04019004.
  • Michel‐Kerjan, E. (2003). New challenges in critical infrastructures: A US perspective. Journal of Contingencies and Crisis Management, 11(3), 132–141.
  • Millington, N. (2018). Producing water scarcity in São Paulo, Brazil: The 2014–2015 water crisis and the binding politics of infrastructure. Political Geography, 65, 26–34.
  • Monaghan, J., & Walby, K. (2017). Surveillance of environmental movements in Canada: Critical infrastructure protection and the petro-security apparatus. Contemporary Justice Review, 20(1), 51–70.
  • Monstadt, J., & Schmidt, M. (2019). Urban resilience in the making? The governance of critical infrastructures in German cities. Urban Studies, 56(11), 2353–2371.
  • Newlove, L., Stern, E., & Svedin, L. (2003). Auckland unplugged: Coping with critical infrastructure failure. Lexington.
  • Nye, D. (2010). When the lights went out: A history of blackouts in America. MIT Press.
  • O’Brien, P., Pike, A., & Tomaney, J. (2019). Governing the “ungovernable”? Financialisation and the governance of transport infrastructure in the London “global city-region.” Progress in Planning, 132, 100422.
  • Odenwald, S. F., & Green, J. L. (2008). Bracing for a solar superstorm. Scientific American, 299(2), 80–87.
  • Organisation for Economic Cooperation and Development. (2015). The changing face of strategic crisis management. OECD Press.
  • Olsson, E. K., Stern, E. K., & Xue, L. (2011). SARS: Meeting an epidemic head-on. In E. K. Olsson & Lan Xue (Eds.), SARS from East to West (pp. 1–16). Lexington Books.
  • Parker, A. M., Nelson, C., Shelton, S. R., Dausey, D. J., Lewis, M. W., Pomeroy, A., & Leuschner, K. J. (2009). Measuring crisis decision making for public health emergencies. RAND Corporation, TR-712-DHHS.
  • Parker, C. F. (2014). Complex negative events and the diffusion of crisis: Lessons from the 2010 and 2011 Icelandic volcanic ash cloud events. Geografiska Annaler: Series A, Physical Geography, 97(1), 97–108.
  • Perrow, C. (1984). Normal accidents: Living with high-risk technologies. Basic Press.
  • Petersen, L., Fallou, L., Reilly, P., & Serafinelli, E. (2017a). European expectations of disaster information provided by critical infrastructure operators: Lessons from Portugal, France, Norway and Sweden. International Journal of Information Systems for Crisis Response and Management (IJISCRAM), 9(4), 23–48.
  • Petersen, L., Fallou, L., Reilly, P., & Serafinelli, E. (2017b, December). Should CI operators use social media to communicate with the public during crisis situations?: Lessons learned from a pilot study in Oslo Harbour. In 2017 4th International Conference on Information and Communication Technologies for Disaster Management (ICT-DM) (pp. 1–6). IEEE.
  • Petersen, L., Fallou, L., Reilly, P., & Serafinelli, E. (2020). Public expectations of critical infrastructure operators in times of crisis. Sustainable and Resilient Infrastructure, 5(1–2), 62–77.
  • Petrova, S., & Prodromidou, A. (2019). Everyday politics of austerity: Infrastructure and vulnerability in times of crisis. Environment and Planning C: Politics and Space, 37(8), 1380–1399.
  • Pursiainen, C. (2018). Critical infrastructure resilience: A Nordic model in the making? International Journal of Disaster Risk Reduction, 27, 632–641.
  • Rehak, D., Senovsky, P., Hromada, M., & Lovecek, T. (2019). Complex approach to assessing resilience of critical infrastructure elements. International Journal of Critical Infrastructure Protection, 25, 125–138.
  • Riedman, D. (2016, May). Questioning the criticality of critical infrastructure: A case study analysis. Homeland Security Affairs, 12(3).
  • Rinaldi, S. M., Peerenboom, J. P., & Kelly, T. K. (2001). Identifying, understanding, and analyzing critical infrastructure interdependencies. Control Systems Magazine, IEEE, 21(6), 11–25.
  • Rød, B. (2020). Operationalising critical infrastructure resilience. From assessment to management [Dissertation]. UiT The Arctic University of Norway.
  • Roe, E. (2016). Critical infrastructures, high reliability and their enemy, economism. Journal of Contingencies and Crisis Management, 24(3), 191–196.
  • Roe, E., & Schulman, P. (2016). Reliability and risk: The challenge of managing interconnected infrastructures. Stanford Business Books.
  • Rosenthal, U., Charles, M. T., & Hart, P. T. (1989). Coping with crises: The management of disasters, riots, and terrorism. Charles C. Thomas.
  • Shakou, L. M., Wybo, J. L., Reniers, G., & Boustras, G. (2019). Developing an innovative framework for enhancing the resilience of critical infrastructure to climate change. Safety Science, 118, 364–378.
  • Simon, T. (2017). Chapter seven: Critical infrastructure and the internet of things. In Cyber security in a volatile world (Research Volume 5 of the Global Commission on Internet Governance) (pp. 93–104). Chatham House.
  • Soyata, T., Habibzadeh, H., Ekenna, C., Nussbaum, B., & Lozano, J. (2019). Smart city in crisis: Technology and policy concerns. Sustainable Cities and Society, 50, 101566.
  • Stern, E. (1997). Crisis and learning: A conceptual balance sheet. Journal of Contingencies and Crisis Management, 5(2), 69–86.
  • Stern, E. (1999) Crisis Decisionmaking: A cognitive institutional approach [Dissertation]. Stockholm University Department of Political Science.
  • Stern, E. (2009). Crisis navigation: Lessons from history for the crisis manager in chief. Governance, 22(2), 189–202.
  • Stern, E. (2003). Crisis studies and foreign policy analysis: Insights, synergies, and challenges. International Studies Review, 5 (2), 183–202.
  • Stern, E. (2013). Preparing: The sixth task of crisis leadership. Journal of Leadership Studies, 7(3), 51–57.
  • Stern, E. (2015). Understanding and identifying crises through early warning and sensemaking. In The changing face of strategic crisis management, pp.41-74. OECD.
  • Stern, E. (2017a). Crisis management, social media, and smart devices. In B. Akghar, A. Staniforth, & D. Waddington (Eds.), Applications of social media in crisis management (pp. 21–33). Springer.
  • Stern, E., Deverell, E., Fors, F., & Newlove Ericsson, L. (2014). Post-mortem crisis analysis: Dissecting the London bombings of July 2005. Journal of Organizational Effectiveness, 1(4), 402–422.
  • Thales UK Ltd. (2013). Cyber security for SCADA systems [White Paper]. Accessed May 2017.
  • Trainor, J. E., Stern, E. K., & Subbio, T. (2018). On bridging research and practice in disaster science and management: Unified system or impossible mission? In H. Rodriguez, W. Donner, & Trainor, J. (Eds.), Handbook of disaster research (pp. 161–178). Springer.
  • Weick, K. E. (1988). Enacted sensemaking in crisis situations. Journal of Management Studies, 25, 305–317.
  • Weick, K. E. (1993). The collapse of sensemaking in organizations: The Mann Gulch disaster. Administrative Science Quarterly, 38(4), 628–652.
  • Yang, C., Su, G., & Chen, J. (2017, March). Using big data to enhance crisis response and disaster resilience for a smart city. In 2017 IEEE 2nd International Conference on Big Data Analysis (ICBDA) (pp. 504–507). IEEE.
  • Zhang, B., Li, J., Tian, W., Chen, H., Kong, X., Chen, W., Zhao, M., & Xia, X. (2020). Spatio-temporal variances and risk evaluation of land finance in China at the provincial level from 1998 to 2017. Land Use Policy, 99, 104804.

Notes