Protecting Cities’ Critical Assets
This article was adapted from work to create a forthcoming issue brief from the UN ARISE initiative with Ms. Yoshiko Abe, Sustainability Strategist at Kokusai Kogyo Co., Ltd. (Japan), with input from Dr. William Hynes, founder of Future Analytics Consulting, and leader of the EU’s HARMONISE and RESILENS Initiatives. The views expressed do not necessarily represent those of my employer, IBM.
As cities grapple with urban growth and climate change placing more people and economic activity in harm’s way, the resilience of critical infrastructures, and of the assets that make up these infrastructures, is coming increasingly under the spotlight. However, this is a complex issue, and not all its dimensions are well understood. This article attempts to explore them.
Cities can be thought of as “systems of systems”, where energy, water, communications, transportation, healthcare, law and order, data, and other physical systems (not to mention social, political and economic systems) interact. From this perspective, many issues arise.
First, each system may interact with other systems in ways that allow the possibility of cascading “failure chains”. An example of which happened with the US and Canadian energy grid in 2003; a tree branch tripped out a segment of a power line, which then cascaded to multiple further segments and in turn to 60 million people and to cell-phone, Amtrak, and water treatment systems. The failure chains may then extend to social systems too – as an extreme example, The Economist recently speculated how social breakdown could arise from the consequences of a solar magnetic storm hitting the US Energy Grid.
Some countries and cities can identify their critical systems and assets (it is, for example, a Federal requirement for cities to do this in the US), but very few can identify how they are linked to each other. As a result, they have no way to identify and manage the associated inter-dependencies. In many cases, as with the grid failure example, the existence of these linkages may not even be fully understood by all the entities affected, and accordingly come as a highly unwelcome surprise. Achieving critical infrastructure resilience therefore requires investing time and effort to identify and maintain relevant and up-to-date data on these linkages.
Second, each critical infrastructure system in the “system of systems” – and the critical assets that make them up - may be in different ownership, either within the city government, or in some other tier of government, or in a private sector utility or other organization. Critical infrastructure resilience is inherently, therefore, a multi-organizational endeavor. In very few cities that I have seen is the necessary level of collaboration in place to enable this. Either there is generally too little information sharing, or some major infrastructure system (too often, in my observation, the telecommunications system) is excluded from the collaboration mechanisms that have been set up.
Third, the definition of “critical” in critical infrastructure resilience is not fixed in time. A road or a flood pump may become critical over a period of years, perhaps as a nearby suburb expands to accommodate people from the city; or as the road or pump becomes more endangered over time as sea levels rise or weather patterns change. On an altogether different timescale, an otherwise unremarkable access road may, if it becomes blocked by debris and impedes access to a critical asset such as the flood pump above, itself become critical in real time, and remain that way for a period of days. Critical infrastructure resilience needs to include the “may become critical” assets that can impinge on critical ones.
Fourth, risk to critical assets needs to be assessed on a very granular scale. Each asset in the same system and in the same region may have different seismic capabilities or ability to accommodate flooding. Some individual asset – perhaps an electricity substation - in a system judged to be broadly resilient may trigger some cascading failure of its own. Therefore, critical infrastructure resilience needs to be assessed bottom up, from the individual assets that make up each system, as well as top down from the system-wide view.
As well as being a “system of systems” issue, it is not always appreciated that critical infrastructure resilience is a process, rather than a series of one-time actions such as hardening some asset, or holding emergency drills, or responding to an actual disaster. Clearly, planning for achieving resilience is a long run process, but there are other process dimensions that may be overlooked.
As noted above, the resilience goal itself needs to be continually reviewed as system risk and resilience levels change – and are recovered – over time, rather than as a one-time exercise.
Many organizations (cities, and private companies) have weak asset management processes, with erratic inspection routines, poor data collection on asset status and maintenance carried out, or weaknesses in in reserving funds for maintenance and upgrades. This means that critical assets may fail or be impaired when needed (for example, when the spillway for the Oroville Dam in California collapsed early in 2017 when used during a wet winter, necessitating evacuation of 188,000 people); or in extreme cases, they may fail randomly (again, for example, when a gas pipeline exploded in San Bruno, California in 2010 killing eight people). Critical infrastructure resilience is as much a function of organizational process discipline and stewardship of assets, as it is of hardening or relocating those assets.
Many critical assets and systems may be in areas that are known to be disaster prone but have not experienced a disaster for some years. Their owners may not have practiced disaster resilience in the period since the last real alert; or they may not have documented how they addressed the problems that arose last time - and those who had that knowledge may no longer be with the organization. In either case, with the next disaster, the infrastructure owner will be “learning all over again”. Related to the previous point, therefore, critical infrastructure resilience is, therefore, also a function of organizational readiness.
A number of tools and approaches exist that can improve critical asset management in cities.
First, more widespread use needs to be made of engineering methodologies for detecting and managing linkages between critical assets. The military has for many years used established methodologies such as Failure Modes, Effects and Criticality Analysis (FMECA) for the management of complex engineered “systems of systems” such as aircraft carriers, and there are several other options from the civil engineering world. A standard method (or set thereof) needs to be identified and promulgated for critical infrastructure.
Second, while as noted many organizations are likely to be involved in critical infrastructure management in a city, collaboration and information sharing has to be enabled between them. One example might be a sharing a common GIS base-map with layers depicting the location of all critical assets, the linkages between them, ownership, access information and so on. (For all its value to the city and infrastructure owners in managing disasters, the value of this information to terrorists or cyber criminals would be substantial, so access to it needs to be carefully protected. One solution that is used in Japan is to carefully ensure consistent base maps, definitions etc, but to disable the information sharing in day to day work, only turning it on with separate security and access controls in a defined “emergency mode” - for specific exercises and for managing actual events).
Third, those who own and manage critical infrastructure systems and assets, including local governments and private companies, may prioritize investment towards resilience in their own hardware and physical readiness, over other possible actions such as building collaboration, or in ignorance of the impact on other systems. Government leadership is essential in promoting the necessary prioritization and collaboration, which may not otherwise take place.
Fourth, critical infrastructure resilience needs to be managed not in isolation from the rest of the city but in the context of a wider view of the city and how it operates. For example, building codes may need to be changed to ensure asset resilience; or neighborhoods may need to be made aware of the capabilities (or lack thereof) of storm water management systems; or investment in critical infrastructure may need to be prioritized along with other resilience investments. One instrument that allows the full context to be addressed is the UN ISDR’s City Disaster Resilience Scorecard, based on the its “Ten Essentials” of disaster resilience (see the graphic below).
Broader still is the assessment instrument used by the Rockefeller Foundation’s 100 Resilient Cities (100RC) initiative.
One key benefit of considering the wider context is the ability to spot where investments in critical infrastructure resilience might yield “dividends” in other areas, for example, where a flood zone also functions as a park when not flooded, or where investment in a neighborhood microgrid makes part of the energy supply more resilient. Conversely, investments in other areas can yield “dividends” in critical infrastructure resilience, for example, where underground parking garages are designed also to function as storm-water cisterns. These dividends can help greatly with making the case for investing in critical infrastructure resilience in the first place.
Finally, critical infrastructure management processes and systems need to improve:
- Owners and operators of critical infrastructure need to ensure that their basic asset management disciplines – budgeting, inspections, data capture and so on – are sound and reliable. Mobile data capture tools may help with aspects of this.
- Knowledge repositories or content management tools are also essential for capturing the “institutional knowledge” of each organization involved, so helping to offset the “brain drain” as key workers or executives leave the organization or retire.
- In particular, with the growing use of sensors on machinery and structures, and analysis of the data provided, failures of equipment or infrastructure can frequently be predicted using predictive maintenance tools. Standards for critical infrastructure resilience need to specify the use of predictive maintenance.
Leave your comment below, or reply to others.
Read more from the Meeting of the Minds Blog
Spotlighting innovations in urban sustainability and connected technology
The key to the Access Pass success was to make sure from the beginning that it was as easy to sign up for as possible. Eligible residents only need to input their Access Pass number into Indego’s website to make use of the discounted option. While BTS figured out the technical side of setting up the Access Pass, the Coalition has been vital to getting the word out about this alternative, and encouraging individuals to enroll.
Progress needs to be made in the evaluation of approaches to developing resilient communities. The evidence base for the effectiveness of these approaches is currently lagging behind practice. Funding for evaluation is generally too short-term to offer scope for capturing the developmental nature of community resilience related activity and evaluations on wider outcomes are lacking.
Disaster resilience is frequently pursued separately by the public and private sectors in the US. Federal, state, and local governments take it as their role to execute disaster preparedness and emergency response for their populations; however, economic recovery is often not addressed. The public sector does not necessarily engage businesses, nor does it seem to plan for the economic “reboot” required after a disaster, resulting in business disruption continuing for much longer.