Protecting Cities’ Critical Assets

By Peter Williams

Dr. Peter Williams is the Chief Technology Officer, Big Green Innovations, at IBM. His focus areas are resilience to natural disasters and chronic stresses; Smarter Cities; and cloud computing for government. He has had a major role in developing the intellectual foundation for IBM's "Smarter Planet" and "Smarter Cities" initiatives, and in identifying and integrating their technological components - both IBM-originated and from outside the company.

Aug 31, 2017 | Infrastructure | 2 comments

This article was adapted from work to create a forthcoming issue brief from the UN ARISE initiative with Ms. Yoshiko Abe, Sustainability Strategist at Kokusai Kogyo Co., Ltd. (Japan), with input from Dr. William Hynes, founder of Future Analytics Consulting, and leader of the EU’s HARMONISE and RESILENS Initiatives.  The views expressed do not necessarily represent those of my employer, IBM.

As cities grapple with urban growth and climate change placing more people and economic activity in harm’s way, the resilience of critical infrastructures, and of the assets that make up these infrastructures, is coming increasingly under the spotlight. However, this is a complex issue, and not all its dimensions are well understood.  This article attempts to explore them.

Cities can be thought of as “systems of systems”, where energy, water, communications, transportation, healthcare, law and order, data, and other physical systems (not to mention social, political and economic systems) interact. From this perspective, many issues arise.

First, each system may interact with other systems in ways that allow the possibility of cascading “failure chains”. An example of which happened with the US and Canadian energy grid in 2003; a tree branch tripped out a segment of a power line, which then cascaded to multiple further segments and in turn to 60 million people and to cell-phone, Amtrak, and water treatment systems. The failure chains may then extend to social systems too – as an extreme example, The Economist recently speculated how social breakdown could arise from the consequences of a solar magnetic storm hitting the US Energy Grid.

Some countries and cities can identify their critical systems and assets (it is, for example,  a Federal requirement for cities to do this in the US), but very few can identify how they are linked to each other. As a result, they have no way to identify and manage the associated inter-dependencies. In many cases, as with the grid failure example, the existence of these linkages may not even be fully understood by all the entities affected, and accordingly come as a highly unwelcome surprise. Achieving critical infrastructure resilience therefore requires investing time and effort to identify and maintain relevant and up-to-date data on these linkages.

Second, each critical infrastructure system in the “system of systems” – and the critical assets that make them up – may be in different ownership, either within the city government, or in some other tier of government, or in a private sector utility or other organization. Critical infrastructure resilience is inherently, therefore, a multi-organizational endeavor. In very few cities that I have seen is the necessary level of collaboration in place to enable this. Either there is generally too little information sharing, or some major infrastructure system (too often, in my observation, the telecommunications system) is excluded from the collaboration mechanisms that have been set up.

Third, the definition of “critical” in critical infrastructure resilience is not fixed in time. A road or a flood pump may become critical over a period of years, perhaps as a nearby suburb expands to accommodate people from the city; or as the road or pump becomes more endangered over time as sea levels rise or weather patterns change. On an altogether different timescale, an otherwise unremarkable access road may, if it becomes blocked by debris and impedes access to a critical asset such as the flood pump above, itself become critical in real time, and remain that way for a period of days. Critical infrastructure resilience needs to include the “may become critical” assets that can impinge on critical ones.

Fourth, risk to critical assets needs to be assessed on a very granular scale. Each asset in the same system and in the same region may have different seismic capabilities or ability to accommodate flooding. Some individual asset – perhaps an electricity substation – in a system judged to be broadly resilient may trigger some cascading failure of its own. Therefore, critical infrastructure resilience needs to be assessed bottom up, from the individual assets that make up each system, as well as top down from the system-wide view.

As well as being a “system of systems” issue, it is not always appreciated that critical infrastructure resilience is a process, rather than a series of one-time actions such as hardening some asset, or holding emergency drills, or responding to an actual disaster.  Clearly, planning for achieving resilience is a long run process, but there are other process dimensions that may be overlooked.

As noted above, the resilience goal itself needs to be continually reviewed as system risk and resilience levels change – and are recovered – over time, rather than as a one-time exercise.

Many organizations (cities, and private companies) have weak asset management processes, with erratic inspection routines, poor data collection on asset status and maintenance carried out, or weaknesses in in reserving funds for maintenance and upgrades. This means that critical assets may fail or be impaired when needed (for example, when the spillway for the Oroville Dam in California collapsed early in 2017 when used during a wet winter, necessitating evacuation of 188,000 people); or in extreme cases, they may fail randomly (again, for example, when a gas pipeline exploded in San Bruno, California in 2010 killing eight people). Critical infrastructure resilience is as much a function of organizational process discipline and stewardship of assets, as it is of hardening or relocating those assets.

Many critical assets and systems may be in areas that are known to be disaster prone but have not experienced a disaster for some years. Their owners may not have practiced disaster resilience in the period since the last real alert; or they may not have documented how they addressed the problems that arose last time – and those who had that knowledge may no longer be with the organization. In either case, with the next disaster, the infrastructure owner will be “learning all over again”. Related to the previous point, therefore, critical infrastructure resilience is, therefore, also a function of organizational readiness.


A number of tools and approaches exist that can improve critical asset management in cities.

First, more widespread use needs to be made of engineering methodologies for detecting and managing linkages between critical assets. The military has for many years used established methodologies such as Failure Modes, Effects and Criticality Analysis (FMECA) for the management of complex engineered “systems of systems” such as aircraft carriers, and there are several other options from the civil engineering world. A standard method (or set thereof) needs to be identified and promulgated for critical infrastructure.

Second, while as noted many organizations are likely to be involved in critical infrastructure management in a city, collaboration and information sharing has to be enabled between them.  One example might be a sharing a common GIS base-map with layers depicting the location of all critical assets, the linkages between them, ownership, access information and so on.  (For all its value to the city and infrastructure owners in managing disasters, the value of this information to terrorists or cyber criminals would be substantial, so access to it needs to be carefully protected.  One solution that is used in Japan is to carefully ensure consistent base maps, definitions etc, but to disable the information sharing in day to day work, only turning it on with separate security and access controls in a defined “emergency mode” – for specific exercises and for managing actual events).

Third, those who own and manage critical infrastructure systems and assets, including local governments and private companies, may prioritize investment towards resilience in their own hardware and physical readiness, over other possible actions such as building collaboration, or in ignorance of the impact on other systems. Government leadership is essential in promoting the necessary prioritization and collaboration, which may not otherwise take place.

Fourth, critical infrastructure resilience needs to be managed not in isolation from the rest of the city but in the context of a wider view of the city and how it operates. For example, building codes may need to be changed to ensure asset resilience; or neighborhoods may need to be made aware of the capabilities (or lack thereof) of storm water management systems; or investment in critical infrastructure may need to be prioritized along with other resilience investments. One instrument that allows the full context to be addressed is the UN ISDR’s City Disaster Resilience Scorecard, based on the its “Ten Essentials” of disaster resilience (see the graphic below).

Broader still is the assessment instrument used by the Rockefeller Foundation’s 100 Resilient Cities (100RC) initiative.

One key benefit of considering the wider context is the ability to spot where investments in critical infrastructure resilience might yield “dividends” in other areas, for example, where a flood zone also functions as a park when not flooded, or where investment in a neighborhood microgrid makes part of the energy supply more resilient. Conversely, investments in other areas can yield “dividends in critical infrastructure resilience, for example, where underground parking garages are designed also to function as storm-water cisterns. These dividends can help greatly with making the case for investing in critical infrastructure resilience in the first place.

Finally, critical infrastructure management processes and systems need to improve:

  • Owners and operators of critical infrastructure need to ensure that their basic asset management disciplines – budgeting, inspections, data capture and so on – are sound and reliable. Mobile data capture tools may help with aspects of this.
  • Knowledge repositories or content management tools are also essential for capturing the “institutional knowledge” of each organization involved, so helping to offset the “brain drain” as key workers or executives leave the organization or retire.
  • In particular, with the growing use of sensors on machinery and structures, and analysis of the data provided, failures of equipment or infrastructure can frequently be predicted using predictive maintenance tools. Standards for critical infrastructure resilience need to specify the use of predictive maintenance.


Leave your comment below, or reply to others.

Please note that this comment section is for thoughtful, on-topic discussions. Admin approval is required for all comments. Your comment may be edited if it contains grammatical errors. Low effort, self-promotional, or impolite comments will be deleted.


  1. For the most part utilities already plan for such resilience, recovery and resumption of service. What should be new here is the increasing demand for multi-functional and cross-functional planning. Elevation above the traditional utility landscape is increasingly important given the inter-operability of systems and their increasing reliance on energy systems.

    With increases in the numbers of smart meters, smart appliances and more and more distributed generation, the complexity of need demands greater complexity of preparedness. Its no longer just ‘lights off’ and ‘lights back on’ again!

    • Stephen – thanks for this. Yes indeed – many people know what and where their critical assets are, but they don’t know how they are linked to other assets that may be owned or controlled by other entities. So critical asset management becomes a team sport. basically…


Submit a Comment

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Read more from the Meeting of the Minds Blog

Spotlighting innovations in urban sustainability and connected technology

I Am The River, The River is Me: Prioritizing Well-being Through Water Policy

I Am The River, The River is Me: Prioritizing Well-being Through Water Policy

In New Zealand, persistent, concentrated advocacy and legal cases advanced by Māori people are inspiring biocentric policies; that is, those which recognize that people and nature, including living and non-living elements, are part of an interconnected whole. Along the way, tribal leaders and advocates are successfully making the case that nature; whole systems of rivers, lakes, forests, mountains, and more, deserves legal standing to ensure its protection. An early legislative “win” granted personhood status to the Te Urewera forest in 2014, which codified into law these moving lines:

“Te Urewera is ancient and enduring, a fortress of nature, alive with history; its scenery is abundant with mystery, adventure, and remote beauty … Te Urewera has an identity in and of itself, inspiring people to commit to its care.”

The Te Urewera Act of 2014 did more than redefine how a forest would be managed, it pushed forward the practical expression of a new policy paradigm.

Made to Move Grants are Helping Cities Redesign for Active Transit

Made to Move Grants are Helping Cities Redesign for Active Transit

Can U.S. cities transform to overcome extreme car dependency?

In summer 2019, two values driven agencies came together to see if they could incentivize change in five cities with the Made to Move Grant program. This innovative, unique, and inspirational partnership between Degree and Blue Zones is awarding $100,000 dollars to each city to redesign their neighborhoods and city-centers for active, healthy lives. The program aims to create model practices and projects that gain the attention of other cities and inspire evolutionary changes to once again focus on places for people, and design accordingly.

Equipping All Communities with Safe, Reliable Drinking Water

Equipping All Communities with Safe, Reliable Drinking Water

Nearly a million people in California receive low quality drinking water from underperforming water systems, which are challenged by drought, overdrafting, and emerging contaminants. Root causes of poor water quality can include inadequate treatment technology, operational issues, and insufficient personnel and financial capacity.
By focusing on small water systems that do have multiple violations, there is opportunity for significant positive impact. Nearly 700,000 Californians are served by small public water systems with one or more water quality violations in the last five years.
Improving water quality is more than choosing a technical solution. Community alignment and support, and political willingness are critical elements that need to be combined with technical solutions to allow systems to thrive.

Share This