Protecting Cities’ Critical Assets

By Peter Williams

Dr. Peter Williams is the Chief Technology Officer, Big Green Innovations, at IBM. His focus areas are resilience to natural disasters and chronic stresses; Smarter Cities; and cloud computing for government. He has had a major role in developing the intellectual foundation for IBM's "Smarter Planet" and "Smarter Cities" initiatives, and in identifying and integrating their technological components - both IBM-originated and from outside the company.

Aug 31, 2017 | Infrastructure | 2 comments

This article was adapted from work to create a forthcoming issue brief from the UN ARISE initiative with Ms. Yoshiko Abe, Sustainability Strategist at Kokusai Kogyo Co., Ltd. (Japan), with input from Dr. William Hynes, founder of Future Analytics Consulting, and leader of the EU’s HARMONISE and RESILENS Initiatives.  The views expressed do not necessarily represent those of my employer, IBM.

As cities grapple with urban growth and climate change placing more people and economic activity in harm’s way, the resilience of critical infrastructures, and of the assets that make up these infrastructures, is coming increasingly under the spotlight. However, this is a complex issue, and not all its dimensions are well understood.  This article attempts to explore them.

Cities can be thought of as “systems of systems”, where energy, water, communications, transportation, healthcare, law and order, data, and other physical systems (not to mention social, political and economic systems) interact. From this perspective, many issues arise.

First, each system may interact with other systems in ways that allow the possibility of cascading “failure chains”. An example of which happened with the US and Canadian energy grid in 2003; a tree branch tripped out a segment of a power line, which then cascaded to multiple further segments and in turn to 60 million people and to cell-phone, Amtrak, and water treatment systems. The failure chains may then extend to social systems too – as an extreme example, The Economist recently speculated how social breakdown could arise from the consequences of a solar magnetic storm hitting the US Energy Grid.

Some countries and cities can identify their critical systems and assets (it is, for example,  a Federal requirement for cities to do this in the US), but very few can identify how they are linked to each other. As a result, they have no way to identify and manage the associated inter-dependencies. In many cases, as with the grid failure example, the existence of these linkages may not even be fully understood by all the entities affected, and accordingly come as a highly unwelcome surprise. Achieving critical infrastructure resilience therefore requires investing time and effort to identify and maintain relevant and up-to-date data on these linkages.

Second, each critical infrastructure system in the “system of systems” – and the critical assets that make them up – may be in different ownership, either within the city government, or in some other tier of government, or in a private sector utility or other organization. Critical infrastructure resilience is inherently, therefore, a multi-organizational endeavor. In very few cities that I have seen is the necessary level of collaboration in place to enable this. Either there is generally too little information sharing, or some major infrastructure system (too often, in my observation, the telecommunications system) is excluded from the collaboration mechanisms that have been set up.

Third, the definition of “critical” in critical infrastructure resilience is not fixed in time. A road or a flood pump may become critical over a period of years, perhaps as a nearby suburb expands to accommodate people from the city; or as the road or pump becomes more endangered over time as sea levels rise or weather patterns change. On an altogether different timescale, an otherwise unremarkable access road may, if it becomes blocked by debris and impedes access to a critical asset such as the flood pump above, itself become critical in real time, and remain that way for a period of days. Critical infrastructure resilience needs to include the “may become critical” assets that can impinge on critical ones.

Fourth, risk to critical assets needs to be assessed on a very granular scale. Each asset in the same system and in the same region may have different seismic capabilities or ability to accommodate flooding. Some individual asset – perhaps an electricity substation – in a system judged to be broadly resilient may trigger some cascading failure of its own. Therefore, critical infrastructure resilience needs to be assessed bottom up, from the individual assets that make up each system, as well as top down from the system-wide view.

As well as being a “system of systems” issue, it is not always appreciated that critical infrastructure resilience is a process, rather than a series of one-time actions such as hardening some asset, or holding emergency drills, or responding to an actual disaster.  Clearly, planning for achieving resilience is a long run process, but there are other process dimensions that may be overlooked.

As noted above, the resilience goal itself needs to be continually reviewed as system risk and resilience levels change – and are recovered – over time, rather than as a one-time exercise.

Many organizations (cities, and private companies) have weak asset management processes, with erratic inspection routines, poor data collection on asset status and maintenance carried out, or weaknesses in in reserving funds for maintenance and upgrades. This means that critical assets may fail or be impaired when needed (for example, when the spillway for the Oroville Dam in California collapsed early in 2017 when used during a wet winter, necessitating evacuation of 188,000 people); or in extreme cases, they may fail randomly (again, for example, when a gas pipeline exploded in San Bruno, California in 2010 killing eight people). Critical infrastructure resilience is as much a function of organizational process discipline and stewardship of assets, as it is of hardening or relocating those assets.

Many critical assets and systems may be in areas that are known to be disaster prone but have not experienced a disaster for some years. Their owners may not have practiced disaster resilience in the period since the last real alert; or they may not have documented how they addressed the problems that arose last time – and those who had that knowledge may no longer be with the organization. In either case, with the next disaster, the infrastructure owner will be “learning all over again”. Related to the previous point, therefore, critical infrastructure resilience is, therefore, also a function of organizational readiness.


A number of tools and approaches exist that can improve critical asset management in cities.

First, more widespread use needs to be made of engineering methodologies for detecting and managing linkages between critical assets. The military has for many years used established methodologies such as Failure Modes, Effects and Criticality Analysis (FMECA) for the management of complex engineered “systems of systems” such as aircraft carriers, and there are several other options from the civil engineering world. A standard method (or set thereof) needs to be identified and promulgated for critical infrastructure.

Second, while as noted many organizations are likely to be involved in critical infrastructure management in a city, collaboration and information sharing has to be enabled between them.  One example might be a sharing a common GIS base-map with layers depicting the location of all critical assets, the linkages between them, ownership, access information and so on.  (For all its value to the city and infrastructure owners in managing disasters, the value of this information to terrorists or cyber criminals would be substantial, so access to it needs to be carefully protected.  One solution that is used in Japan is to carefully ensure consistent base maps, definitions etc, but to disable the information sharing in day to day work, only turning it on with separate security and access controls in a defined “emergency mode” – for specific exercises and for managing actual events).

Third, those who own and manage critical infrastructure systems and assets, including local governments and private companies, may prioritize investment towards resilience in their own hardware and physical readiness, over other possible actions such as building collaboration, or in ignorance of the impact on other systems. Government leadership is essential in promoting the necessary prioritization and collaboration, which may not otherwise take place.

Fourth, critical infrastructure resilience needs to be managed not in isolation from the rest of the city but in the context of a wider view of the city and how it operates. For example, building codes may need to be changed to ensure asset resilience; or neighborhoods may need to be made aware of the capabilities (or lack thereof) of storm water management systems; or investment in critical infrastructure may need to be prioritized along with other resilience investments. One instrument that allows the full context to be addressed is the UN ISDR’s City Disaster Resilience Scorecard, based on the its “Ten Essentials” of disaster resilience (see the graphic below).

Broader still is the assessment instrument used by the Rockefeller Foundation’s 100 Resilient Cities (100RC) initiative.

One key benefit of considering the wider context is the ability to spot where investments in critical infrastructure resilience might yield “dividends” in other areas, for example, where a flood zone also functions as a park when not flooded, or where investment in a neighborhood microgrid makes part of the energy supply more resilient. Conversely, investments in other areas can yield “dividends in critical infrastructure resilience, for example, where underground parking garages are designed also to function as storm-water cisterns. These dividends can help greatly with making the case for investing in critical infrastructure resilience in the first place.

Finally, critical infrastructure management processes and systems need to improve:

  • Owners and operators of critical infrastructure need to ensure that their basic asset management disciplines – budgeting, inspections, data capture and so on – are sound and reliable. Mobile data capture tools may help with aspects of this.
  • Knowledge repositories or content management tools are also essential for capturing the “institutional knowledge” of each organization involved, so helping to offset the “brain drain” as key workers or executives leave the organization or retire.
  • In particular, with the growing use of sensors on machinery and structures, and analysis of the data provided, failures of equipment or infrastructure can frequently be predicted using predictive maintenance tools. Standards for critical infrastructure resilience need to specify the use of predictive maintenance.


Leave your comment below, or reply to others.


  1. Stephen Morrison

    For the most part utilities already plan for such resilience, recovery and resumption of service. What should be new here is the increasing demand for multi-functional and cross-functional planning. Elevation above the traditional utility landscape is increasingly important given the inter-operability of systems and their increasing reliance on energy systems.

    With increases in the numbers of smart meters, smart appliances and more and more distributed generation, the complexity of need demands greater complexity of preparedness. Its no longer just ‘lights off’ and ‘lights back on’ again!

    • Peter Williams

      Stephen – thanks for this. Yes indeed – many people know what and where their critical assets are, but they don’t know how they are linked to other assets that may be owned or controlled by other entities. So critical asset management becomes a team sport. basically…


Submit a Comment

Your email address will not be published. Required fields are marked *

Read more from the Meeting of the Minds Blog

Spotlighting innovations in urban sustainability and connected technology

Where Smart Cities and Utilities Overlap

The concept of Smart Cities offers the promise of urban hubs leveraging connected technologies to become increasingly prosperous, safe, healthy, resilient, and clean. What may not be obvious in achieving these objectives is that many already-existing utility assets can serve as the foundation for a Smart City transition. The following is a broad discussion on the areas of overlap between utilities and smart cities, highlighting working knowledge from experience at PG&E.

The Limits of Data

When the idea of smart cities was born, some ten to fifteen years ago, engineers, including me, saw it primarily as a control system problem with the goal of improving efficiency, specifically the sustainability of the city. Indeed, the source of much of the early technology was the process industry, which was a pioneer in applying intelligent control to chemical plants, oil refineries, and power stations. Such plants superficially resemble cities: spatial scales from meters to kilometers, temporal scales from seconds to days, similar scales of energy and material inputs, and thousands of sensing and control points.

So it seemed quite natural to extend such sophisticated control systems to the management of cities. The ability to collect vast amounts of data – even in those pre-smart phone days – about what goes on in cities and to apply analytics to past, present, and future states of the city seemed to offer significant opportunities for improving efficiency and resilience. Moreover, unlike tightly-integrated process plants, cities seemed to decompose naturally into relatively independent sub-systems: transportation, building management, water supply, electricity supply, waste management, and so forth. Smart meters for electricity, gas, and water were being installed. GPS devices were being imbedded in vehicles and mobile telephones. Building controls were gaining intelligence. Cities were a major source for Big Data. With all this information available, what could go wrong?

How Health Care Supports Sustainable Communities

If you want a healthier community, you don’t just treat illness. You prevent it. And you don’t prevent it by telling people to quit smoking, eat right and exercise. You help them find jobs and places to live and engaging schools so they can pass all that good on, so they can build solid futures and healthy neighborhoods and communities filled with hope.

Meeting of the Minds is made possible by the generous support of these organizations.