This article studies the impacts of natural disasters, and cyber-attacks on critical infrastructures, as well as the practices that are being promoted to create resilient infrastructures in the Anthropocene, a geological era in which the complex interconnections and interdependencies across space between nature, human-beings, infrastructures and digital technologies create risks to security. While interdependencies create cascades causing harms to assets and interruptions of essential flows for life, resilience uses digital interconnection and digital analyses to educate and mobilize the system through risk knowledge to reduce the impacts of future risks. Securing the flows of digital information is critical for infrastructure operation and the governance of security in the Anthropocene, but resilience needs to go beyond the digital.
Resilience; critical infrastructures; risk; natural disasters; cyber-attacks; Anthropocene
How to ensure the resilience of infrastructures against the rise of cyber and socio-ecological risks in the Anthropocene? This article originates from an interest in reflecting on the concept and practices of resilience as a way of responding to the important risks to security in the Anthropocene in which the destruction of nature by human and technological actions intersects with the recent digitalization of human activities. Resilience has been developed in different disciplines such as ecology, engineering, psychology, international relations and geography, inspired in the work of the ecologist Crawford S. Holling (1973), who defines this concept as the capacity of an ecosystem that has suffered an external and unexpected change to persist, absorb and be transformed by the change while maintaining its interactions with populations. This definition is useful to conceptualize the persistence and changes of systems confronted with unexpected hazards resulting from man's actions in the Anthropocene. Based on analysis and review of documents such as policy frameworks, reports, academic literature and journalistic research, this paper studies the impacts of cyber-attacks and natural disasters on critical infrastructures, as well as the developments to create resilient infrastructures, focusing on cases in the United-States and Canada.
In the global context of increasing environmental disasters and cyber risks which severity has harmed populations and the built environment, the United Nations promotes resilience as a goal of disaster risk reduction (DRR) to enhance the capacities of societies to withstand environmental crisis, through the adoption of the 1994 Yokohama Strategy for a Safer World (United Nations, 1994), of the 2005 Hyogo Framework for Action (United Nations, 2005), and of the 2015 Sendai Framework for Disaster Risk Reduction (United Nations, 2015). The United States and Canada are among the first countries to adopt the United Nations' frameworks on DRR and that have developed resilience strategies, being affected by weather conditions and hydrological disasters, in particular, the coastal zones of the United States. Recent natural disasters in the U.S include among others the 2018 wildfires in California, the 2017 Hurricanes Maria, Irma and Harvey, the 2016 Louisiana and West Virginia floods, the 2014 tornados, the 2012 Hurricane Sandy and the 2005 Hurricane Katrina. Canada was hit by the 2010 hurricane Igor in Newfoundland, the 2011 Prairie floods, the 2013 Toronto urban flood, the 2016 Fort McMurray wildfire, and the 2017 British Columbia flood and wildfire seasons, particularly affecting the First Nations communities (Public Safety Canada, 2011). These new harms have been being magnified by the interdependencies between natural hazards. In recent years there has been an increasing of compound events, a category of climate extremes resulting from the combination of multiple hazards or climate drivers such as the magnification of wildfires by heatwaves, the cooccurrence of sea-level rise and tropical cyclones or an earthquake that leads to a tsunami (Pescaroli and Alexander, 2018, p. 2247). Compound events are characterized by complex causal chains with unusual combinations, making them difficult to predict, being exacerbated by climate change and human activity, which requires to focus on multivariate hazards and drivers (Zscheischler et al., 2018). Compound events can create cascade risks, having social and technical implications. Environmental hazards interact with vulnerabilities at the physical, social and critical infrastructure levels that can be triggered, magnifying the consequences of events and producing disasters. Recent floods in Canada show to what point climate change is causing unexpected events. Some floods are caused by heavy and unexpected rain. On July 8, 2013, for example, Toronto received 126 millimeters of rain in a single day, creating a flood that caused power outages. Other major floods have resulted from the combination of rain and melting snow that makes rivers and lakes overflow, within a context of changing and unpredictable weather conditions. The 2011 Prairie flooding, for example, resulted from unprecedented snowmelt in Manitoba, Saskatchewan and northern Ontario, making six major rivers overflow, which in turn made increasing the levels of Lake Manitoba and Assiniboine River (Nguyen, 2011). Another example is the 2017 British Columbia severe flood, caused by a very cold and dry winter, followed by strong rains in the spring. The magnification of fires by climate change is also revealed in recent cases in the U.S. and Canada. The November 2018 Camp fire in California, for example, that lasted for 17 days, caused 85 fatalities, costed $16.5 billion in damages, resulted in 153 000 acres of land burned, as well as in the destruction of almost 19 000 structures, including 95% of the structures of the towns Paradise and Concow is a case in which the wildfire resulted from the combination of multiple technical and natural factors linked to climate change, including a faulty electric transmission line of the utility Pacific Gas and Electric (PG&E) that was at the origin of the fire, an intense drought in fall, heavy grass resulting from a wet spring, low humidity due to recent wind events, dry fuel, as well as high, dry, and hot winds (Californian Department of Forestry and Fire Protection, 2018). In the case of the 2016 Fort McMurray wildfire in Alberta that lasted from May to mid-June, being the costliest disaster in Canadian history ($37 billion), destroying 2600 structures, forcing the evacuation of 88 000 citizens and burning 1 500 000 acres of forestlands, the disaster was influenced by increasing temperatures, hot and dry air in Northern Alberta, low humidity, high winds, a dry fall, and winter, as well as a warm spring (Hayward, 2016). The 2017 wildfire season in BC lasted for 70 days and caused 65 000 evacuees, 1.2 million acres of land burned and had a cost of $568 million, affecting many First Nation communities. This case shows how cascades between fires can be produced. On July 7, 2017, more than 160 fires began. The fires resulted from dry lightning strikes. As many fires started simultaneously at different places, some fires merged as one (Government of British Columbia, 2018). Fires are expected to increase in BC, increasing risks on people because of the expansion of the wildland-urban interface, making people closer to the wildfire zone. BC has a large number of forest fuels due to years of fire suppression activities, which makes the contention of fires difficult.
Reflecting about security in the Anthropocene requires considering the interconnections and interdependencies between human beings, the material, and digital world of infrastructures and nature across space upon multiple geographical scales and its resulting cascade effects, within the globalized world in which there are an expansion and acceleration of the flows or movement and circulation of commodities, capital, money, people and information (see Brenner, 1999). The consequences of the interconnectivity and interdependency of societies are evidenced in the problem of the interdependency between the different critical infrastructure sectors that makes that the disruption of one sector creates cascades on the other sectors, harming the well-being and security of human-beings, physical infrastructure and nature. Critical infrastructures are lived, moving and changing socio-technical assemblages enabling the flows of circulation of essential elements such as water, food, electricity, information, people and goods that enable modern life (Amin, 2014; Aradau, 2010; Bridge et al., 2018). Infrastructure systems are networks that connect nodes, making possible the movement and circulation of flows. Flows are governed through socio-technical assemblages in digital societies.
Despite the importance gained by resilience as a security approach, there is little discussion on resilience within the criminological discipline in spite of the importance of risk debates in the criminological field, interested in the implications of predictive actuarial methods different from coercion and discipline in the governance and management of criminalized and non-criminalized populations (O'Malley, 1992; Simon, 1988). Criminology has paid little attention to issues that go beyond criminal justice and that represent serious risks to security, such as how the rise of natural disasters as a consequence of human activities on the planet has been being and will create millions of victims, and how to prepare societies and security professionals to be resilient to these crises. The consequences of natural disasters include the loss of 700 000 human beings lives between 2005 and 2015, 23 million homeless people, 144 million people displaced, and a cost of more than $1.3 trillion in economic losses (United Nations, 2015). Studying resilience in criminology is embedded into an approach that considers reality as the interaction, interconnection and interdependency between human-beings, nature, and objects and technologies across space, and that is interested in the risks posed to the security of humans, ecosystems and infrastructure by the complex interconnections and interdependencies between them within a context in which the effects of human actions on ecosystems and through technologies are creating harms to the wellbeing and survival of ecosystems, populations and objects, which includes a rise of environmental disasters, climate change, pollution, species extinction, natural degradation, unbearable climate conditions, infrastructures' disruptions, interdependencies, cascade effects, compound events, technology dependence, cyberattacks, cyber-spying, misuse of data, and so on (Bonneuil and Fressoz, 2013; Dupont, 2013; Klein, 2014).
This context is the Anthropocene, and the analysis of its insecurities requires new perspectives for conceptualizing security. The Anthropocene refers to a new geological era that replaces the Holocene as a result of the industrial revolution and the consequences of industrialization and of economic activities on the planet (Bonneuil and Fressoz, 2013; (Shearing, 2015). The Anthropocene puts in question the modern philosophical idea of the domination of nature by man, inviting to integrate human-beings with socio-ecological and socio-technical systems, which has implications for the reflection about security that should not only give importance to human-beings, but also to animals, plants, the air, natural resources, ecosystems, and so on in their interaction with socio-technical systems. This paper contributes to the emerging literature in criminology on the governance of security of flows (see (Amicelle et al., 2017) by studying the impacts of recent cases of cyber-attacks and natural disasters in the U.S and Canada on critical infrastructures and its cascades, as well as by analyzing the practices promoted to ensure the resilience of critical infrastructures and by examining how security professionals are adapting to these new harmscapes in which security needs to be understood as the result of non-Hobbesian ways of guaranteeing that flows keep on providing essentials services to society. Environmental crises have revealed to what point the damage to critical infrastructure, especially cascading damage, creates disasters. This is because critical infrastructures enable flows that are crucial to functioning societies. Without these flows these forms of life collapse. Disasters are disastrous because they interrupt one or more critical flows — eg drinking water, electricity, shelter, communications, road networks, etc. Cascading disasters are ones where the interruption of one set of flows, disrupts other sets of flows and/or disables flows that enable assistance to remedy the disruptions — e.g. delivery of food and water. When cascades occur the damage can be catastrophic because multiple essential flows are interrupted. Resilient infrastructures are infrastructures that enable critical flows to be maintained in the face of damage. In that context, delivering security in the Anthropocene implies a broader focus than the prevention and control of crimes, to also include the capacity to enable resilience. The resilience of critical infrastructures aims to avoid interruption and catastrophic breakdown, as well as ensuring the continuity of flows in critical situations such as environmental disasters or cyber-attacks.
Critical scholarship regards resilience as a neoliberal form of governance through the market that gives responsibility for security to the private sector and individuals (Joseph, 2017; O'Malley, 2010; Welsh, 2014). This approach, however, does not pay enough attention to the relevance of resilience practices to minimize the consequences of disasters in the Anthropocene. The interdependent and interconnected character of societies that increasingly rely on information technologies for communication makes that security governance and institutional functioning depend on information technologies for critical infrastructure operations and the communication of digital information, knowledge and coordination. Within this context, protecting the flows of circulation of digital information becomes crucial in protecting critical infrastructure. Resilience is about the utilization of digital technologies and risk knowledge to minimize the impacts of unpredictable, but possible future risks. While destruction results from interdependency and interconnection and its cascade effects, resilience uses digital interconnection and digital analyses of information to minimize the impacts of emergencies through coordination, sharing of risk knowledge, and the enhancing of communications systems. As an infrastructure system is a network that connects nodes, enabling the movement and circulation of flows through the system, infrastructure resilience is about how the system reorganizes itself to be able to resist to multiple uncertain and possible future hazards that can, however, not been predicted. New technologies, information technologies and geo-spatial technologies are very important in the dynamic and cyclical process (see (DUPONT, 2019)) of resilience because they enable the access, analysis, and communication of information, as well as the coordination through the system, which is the base of the reorganization process. Technologies also enable resilience activities by providing real-time information to managers and operators and enable an analysis of information through the visualization of the network, the identification of critical assets that are confronted to multiple hazards, enabling to assess consequences. This information is the base of planning activities and efforts of preparation for eventual hazards. It enables to guide actions, determining which assets have to be strengthened to mitigate the consequences of future hazards, and where redundancy and diversity are needed. In this sense, the idea of redundancy is part of the ecological concept of resilience because the diversity of similar functional elements that have different responses to stressors, enables to keep functionality in contexts of disturbance and in the critical infrastructure domain it is a way to avoid cascades (Simpson et al., 2020). We show, however, that the dependency on digital communication can be problematic in the context of unpredictable and severe disasters in the Anthropocene, because the magnification of disasters tends to damage communication systems, obstructing the activities of response and recovery by security professionals and because within the current context of privatization of critical infrastructure sectors, the collaboration, gathering, and sharing of information on which digital analyses depend can be challenging. The unexpected character of current disasters requires improving the capacity of improvisation of local responders, as well as flexibility of rules, roles and procedures.
In the first part of this paper we study the impacts of natural disasters on critical infrastructures, focusing on recent cases in Canada and the U.S, showing that disasters result from the interdependencies between natural hazards, physical assets, technologies and human factors, as well as of critical infrastructures sectors, creating harms to physical assets, cascades and interruption of essential flows. This is happening within a context in which new realities of hazards are occurring, such as hazards creating cascades of other hazards, urban and coastal floods, storms, and strong winds, droughts, wildfires and water scarcity. The second part of this paper studies the impacts of cyber-attacks on critical infrastructures, showing that these attacks are enabled by the vulnerabilities created by the interdependence and interconnection of the physical and digital networks of critical infrastructures. We trace the history of cyber-attacks against critical infrastructures, focusing on the case of cyber-attacks against the U.S' electricity grids. Foreign governments have penetrated the U.S' networks of critical infrastructure as part of intelligence activities that enable to extract data on operations but has not caused major damage to the network. However, the increasing penetration activities in recent years create concerns about the vulnerabilities caused by the decentralized organization of networks, as well as about the need to create more secure technologies and networks in the context of the implementation of technologies that enable remote access to the network. State-sponsored hackers have demonstrated sophisticated abilities to perpetrate attacks that have more serious impact such as the destruction of hard drives, the wiping up of data, damages to operation control systems, disruption of operations causing cascades, and affecting the activities of companies and essential services such as health services, which activities depend on the availability and circulation of flows of information. In the third section, we study the resilience and cyber-resilience of critical infrastructures. We show that resilience-building is a dynamic and cyclical process of anticipation of multiple possible but uncertain future hazards through digital technologies to minimize their future impacts. Cyber-resilience is about the resilience of the cyber-ecosystem and of infrastructure assets through the implementation of activities of preparedness, including recovery planning, exercises to test response, intrusion prevention systems, technologies of minimization of risk exposure, detection and situational awareness to reduce the impacts and to be able to respond and ensure continuity of flows of information under situations of attack. This is done through cooperation, collaboration and sharing of information across the system between public agencies and critical infrastructure sectors, enabling data collection and analysis of interdependencies and possible cascades to better planning the response and reduce the impacts. Infrastructure resilience also has to do on the one hand, with the improvement of the resilience of assets to better resist to natural hazards, as well as the redundancy or availability of multiple critical resources, and diversity or the availability of different kind of critical resources playing the same function. On the other hand, the resilience of the critical infrastructure network is built through criticality analyses to map the network to identify its most vulnerable points, as well as potential cascades in order to take actions such as redundancy and diversification to improve its resilience. We conclude by arguing that resilience should go beyond the digital.
The increase in natural disasters and its impacts on critical infrastructures creates important risks to security in the Anthropocene. 80% of disasters of the last 100 years occurred in the last 25 years affecting all countries but in particular developing countries in Africa, Asia and Latin America (Mijalković and Cvetković, 2013) that have problems of infrastructure maintenance, magnifying the consequences of disasters. The Anthropocene is creating different realities of hazards that have a differential impact on infrastructures and are causing cascades and disruptions of essential flows for life. Harms caused by disasters on critical infrastructure include the destruction of "settlements, buildings, structures and infrastructure, particularly bridges, overpasses, railways, water towers, pipelines, the facilities for the production of electricity, and destabilizes the government, economy and social structure of the country" (Mijalković and Cvetković, 2013). They also impact transportation, the health system, communications, electricity and water supply. There is a differential impact on critical infrastructures depending on the vulnerabilities of infrastructures and on the type of hazard. Winds resulting from storms disrupt the transmission and distribution of flows of electricity by flying debris or falling trees. Earthquakes, cyclones and wildfires also inflict damage to power infrastructure. Power infrastructure is increasingly affected by droughts as most of the electricity is generated by hydro and thermoelectric power located in zones of water scarcity, highly affected by droughts (Hallegate et al., 2019).
Natural disasters result from the interaction and interdependency between natural, physical, technological and human factors, harming assets, creating cascades and interrupting essential flows. 50% of disasters are meteorological, 30% are technological, 12% are geological and 8% are biological (Mijalković and Cvetković, 2013). The problem of the destruction of critical infrastructure by natural disasters concerns the cascade effects created by the interconnection and interdependency between critical infrastructure sectors that create catastrophic harms, impacting the circulation of flows of services. There are different kind of interdependencies, including physical, cyber and geographic. The increasing use of information technologies and computer systems has created complex cyber-interdependencies (Leavitt and Kiefer, 2006). Physical and geographical interdependencies are created by proximity and operational interactions. For example, if one infrastructure component is damaged, it rapidly cascades affecting other components such as electricity, telecommunications and gas. Pumping stations, storage facilities, oil and gas control and transmission are dependent on the energy provided by electricity systems, while generators and electricity depend on oil and natural gas fuels (O'Rourke, 2008).
Furthermore, the intersection between natural and technological or human triggers create cascade effects that lead to catastrophic damage, having primary and secondary effects, including fires; damages on dams; landslides, causing floods and blocking routes and waterways (Kadri et al., 2014). For example, a natural hazard such as an earthquake, one of the most destructive, a flood or a hurricane can cause an industrial accident or interrupt services such as electricity, transport and telecommunications. In the case of the 2011, 9.0 magnitude earthquake in Japan that killed 28 000 people, the earthquake was followed by aftershocks that lead to a tsunami that flood lands and destructed infrastructure such as roads, buildings, ports and railways, impeding evacuation and relief, in addition to leading to a nuclear disaster affecting power plants and the delivery of power (Kadri et al., 2014).
The 1998 North American ice storm is an emblematic case to see the effects of electricity collapse on other sectors. It resulted from the simultaneous occurrence of 5 ice storms in Ontario, Quebec, New Brunswick, Nova Scotia, Northern New York and Maine that lasted for more than 80 hours, creating a landscape of icy trees, icy cars, melted transmission towers, and fallen power lines. The damage to power lines, more than 1000 transmission towers and 35 000 wooden utility poles caused long-term power outages, leaving 4 million people without electricity for a month. As freezing rain is common in Montreal every winter, power lines are designed with tough materials and standards. This not prevented, however, the downing of powerlines. 25 people died of hypothermia. 12 people died due to the following flooding (Environment and Climate CHange Canada, 2017). Indirect deaths were caused by poisonous carbon monoxide from generators in a context of cold winter and power outages. Montreal was without electricity for weeks. Bridges and tunnels had to be closed due to the ice that made the roads impassable and transit dangerous because of the falling of ice chunks from structures. Water pumping stations were disabled due to the lack of power (The Gazette, 1998). 80% of the trees of Montreal were damaged and 5000 trees had to be cut in the Mont-Royal mountain.
Hurricane Katrina that devastated New Orleans on August 28, 2005, is also a case of parallel critical infrastructure collapse of all sectors, having cascade effects on all sectors. Strong winds and rain knocking down the trees, fast water flows flooding neighborhoods with houses flooded to the roof and traffic congested highways, trying to flee the hurricane are part of the landscape of destruction in New Orleans. 1000 drinking water and 172 sewage treatment plants systems collapsed. Levee failures disrupted electricity. Water was contaminated by sewage, chemicals, petroleum and industrial waste (Leavitt and Kiefer, 2006). The loss of electricity made that facilities had to run with generators (Miller, 2005). The SCADA systems that manage systems and infrastructures were also damaged. The Katrina case also shows to what point societies are dependent on digital information and technological communication systems, as well as the need to avoid digital dependency for managing emergencies and to improve flexibility. One of the most affected sectors by the magnitude of the storm was the communications system that was destroyed, including central offices, communication companies' facilities, radio stations, cell towers and the emergency 911. This situation did not enable the coordination of emergency response operations and demonstrates the centrality of digital information in managing emergencies. The public agencies' operations were affected by the erosion of communications, affecting communication between agencies. There was a lack of coordination information concerning incident response, including lists of information needs, making governments lose their governance capacity, being guided by rumors and speculation and eroding public confidence in public institutions. The response, situational awareness, command and control, logistics and search and rescue, which are crucial activities by first responders and government officials were degraded. The case of Katrina shows the importance of second responders, or the professionals in charge of restoring services, such as electricity and communications, as well as the need to build redundancy at critical nodes of communications networks and improving the capacities of collecting and disseminating trustful information (Miller, 2005). Response and recovery efforts were affected by a lack of appropriate understanding of infrastructure interdependencies by security professionals, and the lack of communication, cooperation and coordination, as well as of improvisation and flexibility capacity (Leavitt and Kiefer, 2006). This gives insights about the relevance of criticality analyses that help to understand interdependencies and to identify critical nodes to place redundancy, but also about the need to avoid technology dependence by improving the improvisation capacity of local actors.
The case of hurricane Maria that hit Puerto Rico in September 2017 demonstrates to what point losing electricity can be devastating, because it can disrupt the health system. The grey landscape of the storm, the massive and rapid tones of water flooding the streets and falling down the palms, moving roofs and doors, fallen powerlines and trees in the streets in the aftermath, rows of evacuated beds in shelters, neighborhoods of debris of destructed houses and objects, people walking with water to the waist in the flooded streets with the fallen houses are images of the destruction of Puerto Rico by hurricane Maria. Initially the authorities stated that 64 persons lost their lives as a direct consequence of the hurricane, which was contested. More than 8000 persons died due to power outages and its cascade effects, in particular, because of the cascades of outages on health infrastructure, interrupting dialysis, respiratory machines, ventricular assistance, as well as by the inability to store medicines and the disruption of communications and treatments (Roman et al., 2019). Catastrophic damage occurred in Puerto Rico, where flooding was intense, several landslides occurred and the power infrastructure was devastated for months. 3.4 million citizens were left without electricity (BBC News, 2017). The hurricane-impacted 95% of cell networks, with most of them completely inoperable. 85% of phone and internet cables were broken. One week after the event, only 11 of 69 hospitals had electricity, less than half of the population had water service and 95% was without mobile service (Bacon, 2017) and this situation remained for weeks.
Another critical case in what has to do with the impact of disasters on the power grid is the 2012 Hurricane Sandy that killed more than 230 people in 8 countries. Only in Jamaica, 70% of residents suffered power outages due to strong winds. 24 states were affected by Sandy in the U.S. The most affected cities were New Jersey and New York, where flooding subway rails and cars floating in purple contaminated water are part of the landscape of the superstorm. On October 29, a storm surged with strong winds and torrential rains in New York city, causing a flood of the subway, the streets and tunnels, as well as knocking down power lines, causing power outages in the city. A 14 foot surge flooded the subway and tunnels (Sheppard and DiSavino, 2012). In lower Manhattan substations were flooded, causing an explosion at a substation and widespread power outage. 350 000 power outages took place in New York city, as well as 2.8 million in the Northeast area. Only in Manhattan, 750 000 costumers were without electricity (Smith, 2012). More than 8. 1. Million homes in 7 states were left without power in the U. S. for 15 hours due to downing of power lines and flooding of electrical networks. Outages were reported from North Carolina to the Canadian border. 62% of costumers in New Jersey suffered blackouts. One of the most affected utilities was the Long Island Power Authority (LIPA), having 85% of its costumers without power. The storm also affected the telecommunication infrastructure of Verizon that provides Internet, television and phone service, which affected costumers lost all services. 200 patients of the NYU Langone Medical Center had to be evacuated. The New York’s Bellevue Hospital Center also flooded, having to run with emergency backup power. Flows of circulation of people were interrupted. The 3 main airports, John F. Kennedy, La Guardia and Newark Liberty had to be closed. Subway stations in lower Manhattan and the tunnel connecting it with Brooklyn were flooded.
Resilience building in the Anthropocene includes strengthening the physical, technical and social capabilities of the built environment and of critical infrastructures. This is in part due to the increasing damage caused by environmental disasters and cyber-attacks on infrastructures that provide essential flows of services to society. Critical infrastructures protection concerns the protection of physical and virtual networks to enable continuity of flows and survival (Aradau, 2010). Cyberattacks against critical infrastructure are regarded as a growing threat, creating physical damages and cascade effects that could harm and disrupt the delivery of essential flows of services such as energy, telecommunications, water, transportation and financial. There is also a concern about the deterioration and ageing of critical infrastructure creating system operation failures. Thus, investments by governments in infrastructure have increased.
There is increasing concern by governments about the vulnerabilities of critical infrastructure due to the increase in number and severity of natural disasters, the interdependency between critical infrastructure sectors that create cascade effects, as well as its reliance on information technologies for operations, becoming targets of cyber-attacks. Part of the problem of infrastructure interdependency and its possible impacts on continuity of service is due to the dependency of physical infrastructure on communication and information technologies (Little, 2002). Utilization of cyber-physical systems for communication and control functions expose critical infrastructures to cyber-threats and makes different sectors to be more interconnected, but also more interdependent and vulnerable to cascade effects (Kröger, 2017). Modern control systems are cyber-physical systems because they have digital components that control physical processes (Thoma et al., 2016). In this context, the operation of the electricity grid is increasingly dependent on the reliability of flows of circulation of digital information and communication. Information technologies enable operating the grid and having access and managing information about risks.
The history of the U.S. electricity grid shows that the integration of information technologies with operation technologies, as well as the utilization of new technologies such as the Internet of Things and smart grid technologies creates a complex interconnected and interdependent network of decentralized devices that can be penetrated by hackers. In this context, the security of physical infrastructure depends on the security of flows of information and its networks. Since the first years of the 20th century, there has been an increasing reliance on automation, control and protection by utilities in the U.S. to respond to the growing demand and consumption of electricity. Utility networks used to be air-gapped. Then, some operation networks of utilities were connected to private networks. Utilities have an IP address to access, as well as passwords. Every substation has a firewall and uses cryptographic technology. The electricity grid is now a very complex cyber-physical social system. IT has been used for the management and operation of the electricity grid since the 1970s, enabling the collection of data on the grid and operations. The U.S electricity system depends on a cyber-physical system that integrates computer algorithms and physical elements for the generation, movement, and distribution of flows of electricity. Industrial control systems (ICS) enable the digital control of physical operations of equipment. The manual operation has been increasingly replaced by ICS, automation and remote control (Mission Support Center, 2016).
The increasing concern by governments about the vulnerability of critical technological infrastructure is linked to the expansion of utilization of Internet of Things, the cloud and smart grid technologies that create more Internet protocol (IP) access points for hackers. Internet of things and the decentralization of energy technologies make that billions of devices into the electricity system are linked. In the U.S, operation control is operated by utilities, but not the communication networks of vendors. The problem is that an insecure single device can be a weak point for the whole system (International Energy Agency, 2017). As the electricity system is interconnected, multiple organizations depend on each other for resource supply and risk management (World Economic Forum, 2019). Digital technologies enable operators to have useful information, including data on power outages by smart meters, as well as the remote monitoring by companies of vehicles, pipelines, water and energy consumption. However, the integration by organizations of Operational Technology (OT) systems that control personnel and physical equipment with Information Technology (IT) systems that tends to replace manual operations, creates vulnerabilities (Coden and Bartol, 2017). The integration of IT and OT enables to provide real-time conditions of generation, transmission and distribution. Cyber-attacks against IT aim at the acquisition of data, while those who target Industrial Control Systems aim at destabilizing assets, but the existence of components of IT in ICS systems makes that malware against IT can have operational impacts on ICS (Mission Support Center, 2016).
These vulnerabilities have been exploited by the governments of Russia, Iran and North Korea, as well as by terrorist groups and hacktivists to penetrate critical infrastructures networks in the U.S., including the electricity grid. These intrusions have not, however, created major disruptions, but have enabled foreign governments to penetrate, map and extract information about the grid's operation as part of intelligence activities. In the last 20 years, Russia has been making intrusions into the U.S government's cyberinfrastructure and electricity infrastructure. China has been conducting economic espionage against U.S companies, using network scanners, botnets and viruses. These intrusions, however, have not resulted in major damages and outages because of the potential political consequences that this kind of attacks could have. Iran has improved its ability to collect intelligence and has perpetrated DDoS attacks against U.S banks. North Korea has conducted the Sony breach in 2014. Other attacks have been executed by terrorist groups such as ISIS, as well as by hacktivists, including Anonymous that have been doing DDoS attacks against government agencies and corporations. Power grids have become the target of a low-intensity battle between the U.S and Russia since 2010. The Russian hackers' group Dragonfly and others Russian units such as BlackEnergy, involved in the attacks in Ukraine in 2015 compromised hundreds of systems, having access to power switches of electricity and nuclear power plants in the U.S (Sanger and Perlroth, 2019). The targets include companies, electric grid operators, equipment vendors and software providers. Cyberattacks against the U.S. electricity sector show a pattern focusing on discovery, capture and exfiltration of data. This pattern does not create immediate consequences but enables access points and intrusion activity (Mission Support Center, 2016).
The increasing penetration of electricity networks in recent years creates, however, concerns about how the decentralisation of the network, insecure technologies and new technologies that enable remote access to the network generates vulnerabilities. This situation has developed awareness about the need to improve the security of technologies and to improve networks' cyber-security practices. Since 2016, there has been increasing access by independent and state-sponsored hackers to power control and operation control systems and air-gapped networks of electric utility companies in the U.S. (Bade, 2018). As utilities depend on supply chains, hackers accessed to the credentials of private vendors of critical and communications technologies through phishing, enabling to access the utility networks and to collect information on the network, the grid's operation and equipment. For example, a utility was compromised in 2014 through remote access and the software of administration of the control system was accessible via the Internet, is protected by a password that was weak. The Havex campaign used to distribute a remote access Trojan through spam email, perpetrating watering hole attacks from compromised ICS/supervisory control and data acquisition (SCADA) vendor websites (Mission Support Center, 2016). The BlackEnergy campaign uses modular malware that exploits software of human-machine interface implemented to control grids by utilities. The hackers exploit vulnerabilities related to unpatched systems or deficient security configurations. The attacks methods include phishing, infections through removable media, the exploitation of human error, diffusion of malware through networks' communications, as well as watering hole attacks.
The cyber-attacks by Iranian-sponsored hackers against Saudi Arabian oil and gas companies demonstrate the abilities of hackers to create more serious damage such as the destruction of hard drives and data, as well as the capacity of attacking physical control equipment that could create cascades, damage equipment, putting at risk the security of operators and disrupting operations. In 2010, the Iranian nuclear facilities were attacked by an inside employee that infected the network with a USB with Stunex malware, conceived by the U.S and Israel to delay the Iranian nuclear program. Then, Iran replicated the techniques of this attack, creating Shamoon, a malware that "wipe up hard drives", making data unrecoverable (Alelyani and Kumar G R, 2018). The cyber-war between Iran and Saudi Arabia started more than a decade ago. In August 2012, more than 30 000 computers of the largest producer of oil worldwide, the company Saudi Aramco lose their data. Then, in November 2016 multiple government agencies and private organizations in Saudi Arabia were attacked with Shamoon 2. The techniques of both attacks were similar. The attacks took place on the last day of the week or during holidays. After having obtained administrators' credentials, the attackers built a wipe tool to exploit the credentials to penetrate the organization's network. When the tool was activated, the computers became inoperable. The cyber-attacks against Saudi Arabia show the vulnerabilities created by the integration of the Internet of Things into Industrial Control Systems (ICS). The oil and gas companies across the gulf use the Internet of Things devices to measure data, concerning the availability of oil and to power the system, which has been exploited by government-sponsored hackers (Fazzini, 2019). An attack took place in January 2017 at Tasnee in which the computer's data was wiped clean and the hard drives were destroyed (Perlroth and Krauss, 2018). Then, a petrochemical company based in Saudi Arabia was attacked in August 2017 aiming at disrupting operations and causing an explosion that could have killed people. The controllers that were compromised are also utilized in around 18,000 nuclear, oil, gas and water facilities and plants worldwide that have critical functions such as regulating temperatures, pressure and voltage. Remote access trojans (RATs) have been being penetrating industrial control systems, including networks, devices and software that enable to manage the security of operations (Wright, 2019).
The cyber-attacks against the power grid in Ukraine by Russian hackers have revealed the high sophistication of the hackers in accessing, controlling, manipulating and damaging the operation control system. The first cyber-attack against power control electricity centers took place in Ukraine on December 23, 2015, causing blackouts from 1 to 6 hours, affecting 250 000 costumers and rendering the control centers non-operational for months. Operators were forced to switch to manual mode. The attack was attributed to the Russian government (Industrial Control Systems and Electricity Information Sharing and Analysis Center, 2016). This very well planned attack started many months before with a spear-phishing campaign that sent emails to employees of different electricity companies in the country. The emails contained BlackEnergy malware that was activated when the employees opened a Word document and agreed to activate macros, enabling a backdoor to the hackers who exploited a vulnerability in the Microsoft Word program (Zetter, 2016). Then, to gain access to the SCADA networks, the hackers have explored and mapped the network for many months and got access to credentials used by grid workers to sign in into the remote control of the SCADA network. The uninterruptible power supply (UPS) that enables to give back up power to control centers was reconfigured, in addition to writing malicious firmware on serial-to-Ethernet converters that enable to process commands sent from SCADA networks to substation control systems. The day of the attack, the hackers entered into the SCADA network, disabled the UPS systems and they flooded the call centers with thousands of calls to impede costumers to call to report the outages. They also opened up breakers and rendered the substations converters inoperable. They wiped files with KillDisk malware. The computers crashed and were unable to reboot. The Ukrainian control systems are very well secure, using like the U.S firewalls to segment control centers networks from control systems. However, the firewall enabled the hackers' remote administration. In this attack, the hackers showed having a high degree of expertise in the operation of UPS and ICS though Human Machine Interface. Some of the information about infrastructure control equipment was open source, available on online websites of vendors. The Ukrainian electricity system has also been attacked with Industroyer malware, able to control substations' switches and circuit breakers by using industrial communication protocols. These protocols are used worldwide in power supply infrastructure, in transportation control systems and in water and gas control systems. It can be used to attack any control system and hardware by using targeted communication protocols. However, the SCADA system is able to detect unusual messages and to mitigate the impacts (Raywood, 2017).
Furthermore, the attack against Linkos group, a Ukrainian small software company in spring 2017 allowed the Russian hackers to have a back door to access thousands of computers in Ukraine and the world, and then to rapidly propagate malware NotPetya. This case is important because of the scale and rapidity of its propagation, demonstrating to what point this kind of cyber-attacks make national borders obsolete and to what point these attacks can gain an international scale, disrupting the everyday activities of organizations which activities are digital. The hackers exploited EternalBlue, a leaked tool created by the National Security Agency that exploits a Windows vulnerability, enabling the hackers to run their code in an unpatched computer (Greenberg, 2018). The combination by the hackers of EternalBlue with Mimikatz that uses passwords in computer memories to hack other computers, both to infect unpatched computers, stole their passwords to then infect patched computers. NotPetya encrypted computers' master book records of several organizations around the world, including hospitals in the U.S, multinational companies such as Maersk, FedEx, Merck, Mondelēz, Saint-Gobain and Reckitt Benckiser (Greenberg, 2018). Only in Ukraine, more than 300 companies were targeted. The cyber-attack hit hospitals, airports, Chernobyl's scientists, power companies, banks and government's agencies. The case of the cyber-attack against terminals software of Maersk, the Danish biggest company offering shipping, cargo and supply chain services across the world, demonstrates the importance of the flows of digital communication in enabling activities such as bookings, the circulation of essential digital data concerning ships to operators, as well as "underpinning the circulatory system of the global economy itself" (Greenberg, 2018). Furthermore, the ransomware WannaCry hit hundreds of thousands of computers in 150 countries in May 2017, including 80 NHS health organizations in the U. K "resulting in almost 20,000 cancelled appointments, 600 GP surgeries having to return to pen and paper, and five hospitals simply diverting ambulances, unable to handle any more emergency cases" (Hern, 2017).
Resilience, as promoted by the United Nations, is a goal of Disaster Risk Reduction (DRR), an approach that can be regarded as an extension of the post-industrial world risk society (see (Beck, 2009)) in which the threats to life created by industrialization are managed through scientific knowledge and technologies. The aim of DRR is not to prevent and predict the occurrence of hazards, which are seen as unpreventable and unpredictable but to assess all the possible hazards through geo-spatial information technologies (GIT) that enable to visualize and map them to reduce their impacts. The idea is also to conduct an analysis of this information to anticipate their possible effects. DRR analyses the interaction between all the possible hazards with the specific vulnerabilities of society to minimize the effects of potential hazards. This information is useful for emergency managers not only for the development of early-warning systems but also for the implementation of the dynamic and cyclical process of resilience. DRR is about the minimization of the impacts of future risks, which includes the principles of prevention and mitigation, or the reduction of impacts of past and future risks; preparedness, or the anticipation of future events to improve the capacities of response to and recover from future events; response, or the actions taken before, during and after an event to minimize losses, as well as recovery, or the actions taken after an event to repair the damages and preventing future damages (see United Nations, 2015, 2005, 1994). Thus, DDR has to do with anticipating the possible scenarios of future hazards for better planning for a possible but uncertain future event. The cyclical process of DRR is made of a set of practices that create the resilience of societies in the face of disasters.
As cyber and physical security of the critical infrastructure is interdependent due to the integration of information technology into operation control systems, cyber-resilience has become an approach to protect critical infrastructure and address cyber-risks, including cyber-attacks. In the U.S, the National Security Strategy defined the nation's digital infrastructure a strategic national asset. Cyber-threats are regarded as one of the most serious national security challenges and the protection of digital infrastructure is considered to be a national security priority. Cyber-resilience in this context has to do, on the one hand with ensuring the resilience of the cyber-ecosystem and its infrastructure assets in a context of persistent breaches and attacks. This is done through activities of exposure reduction, planning of response and recovery, and the creation of a culture of security through sharing of responsibility and participation in situational awareness (US Department of Homeland Security, 2014).
Resilience is a dynamic process in time that includes activities of preparation to a possible and uncertain future event, the implementation of protection technologies and policies to reduce their exposure to these risks, as well as detection and response protocols. This process includes activities of minimization of the impacts during the event, as well as the adaptation of the system to the lessons learned after the event (Dupont, 2019, p. 6.). Preparedness includes the development and implementation of technologies of situational awareness to detect, analyse, adapt, respond to, remediate, reduce the impacts and defend against emerging risks, enabling to operate under attack's situations. The idea is to be able to reconstitute networks in situations of stress and to operate in degraded modes to be able to continue operating under all levels of attack. This includes the development of core capabilities such as intrusion prevention systems to reduce malicious traffic. Preparedness also concerns the replacement of ageing technologies by secure and resilient ones, as well as recovery planning. Recovery planning helps to understand system dependencies, to determine personnel's roles and responsibilities, as well as key stakeholders and channels of communication. Recovery planning is also useful to project how to react in particular situations that have already been experienced by other organizations, and to evaluate the potential impact, to define the planned response practices and the recovery process in advance. (National Academies of Sciences, Engineering, and Medicine, 2018). The problem of recovery planning is, however, that technologies and attacks’ strategies are always evolving, which shows the need of improving improvisation and flexibility capacities of security professionals.
Another important dimension of resilience building is the participation and coordination of all the actors of the system at different scales across space through risk knowledge and information technologies. As resilience is networked (DUPONT, 2019) it involves collaboration, technical assistance, coordination with first responders and information sharing between the government and the private sector about cyber-risks, best practices and exercises, enabling situational awareness, the implementation of security technologies, and coordinated incident response by security professionals and machine-to-machine coordination. Data collection and analysis are practices enabling preparedness, mitigation, response and recovery, enabling to improve cyber capabilities, which includes understanding vulnerabilities, interdependencies across infrastructure systems and the potential for cascading disruptions on critical infrastructure, following guides and standards for resilience (National Academies of Sciences, Engineering, and Medicine, 2018). The idea of collaboration and sharing of information is, however, challenged by the context of privatization of critical infrastructures that not necessarily gives incentives to private actors to cooperate, who can have different priorities and interests.
There are, however, efforts implemented to coordinate and make collaborate governments and critical infrastructure sectors, as is the case of Canada. Management for preparedness and all-hazard planning began to be implemented in the 1990s when critical infrastructure began to be understood as a system of systems of public and private actors in which state and society are dependent (Boyle, 2019). The 2009 National Strategy for Critical Infrastructure (Government of Canada, 2009) develops partnerships of federal, provincial and territorial governments with critical infrastructure sectors. An interesting aspect of the Canadian National Strategy for Critical Infrastructure protection is the establishment of sector networks at the national level for each one of the sectors through a model of partnership. This helps the sectors of governments and of critical infrastructure to develop specific risk assessments, plans, and exercises for each sector. Thus, there is a division of responsibilities between public and private actors. While governments promote a common approach to the resilience of critical infrastructures, sharing tools, lessons learned and best practices, stakeholders are made responsible for the implementation of a risk management approach. Furthermore, all levels of government conduct the exercise and assist the regional coordination of exercise planning with critical infrastructure sectors to improve plans. In the U.S., cybersecurity is also considered to be a responsibility of the whole nation, including individual computer owners, owners and operators of critical infrastructure, federal, state, local, tribal and territorial governments, the private sector and NGOs. This implies the creation of a culture of cyber-resilience in which everyone collaborates in security efforts, including vendors. This, however, creates concerns about privacy and the confidentiality of information.
In addition to cyber-resilience, building resilient infrastructures also includes locating infrastructure in non-risky areas, making assets more resilient and less vulnerable to hazards, as well as designing resilient systems to be able to function in spite of the damage of some of its components. The resilience of critical infrastructures has to do, on the one hand with the resilience of assets such as power lines, roads, bridges, buildings and cellphone towers to be able to withstand natural hazards. For example, more resistant materials for cell phone towers, pipes and cables can help them to withstand strong winds and earthquakes. Deeper foundations for water and power plants increase resilience to earthquake liquefaction, while higher dykes increase the resilience against floods (Hallegate et al., 2019).
On the other hand, infrastructure resilience has to do with the resilience of infrastructure networks to be able to ensure the continuity of infrastructure flows and services, which includes criticality analysis, diversification, redundancy and nature-based solutions. The idea is that networks keep their functionality despite the loss of assets. Criticality analysis enable to map the network, their assets and vulnerabilities, to identify the conditions of potential failure, their consequences and effects on service continuity, and on vulnerable populations. Redundancy, the replacement of materials and other processes of infrastructure resilience are very expensive, but criticality analysis help to identify the most critical parts of the network, reducing vulnerabilities by creating redundancy of critical assets. Criticality analysis also enables to map interdependencies between assets and sectors, enabling to identify possible cascade effects (Hallegate et al., 2019). An alternative to redundancy can be to create meshed networks that have multiple supply points for various nodes in the grid. Diversification concerns the availability of multiple sources of resources having different vulnerabilities. This makes that if one source of energy is disrupted, the other ones can supply the needs of energy. Diversity refers to the availability of different sources of resources or technologies (Hallegate et al., 2019).
Boin and McConnell (2007) raise an important point concerning the limits of planning within a context of disasters which outcomes are impossible to predict, which has been accelerated in recent years with climate change and its consequences on the magnification of disasters that imply a need of flexibility and improvisation by security managers. This need of flexibility was revealed in the process of response and recovery to the 2017 wildfire season in British Columbia, where the disruption of the mobile phone service due to the burn of the cell phone tower, the closing of highways and the interruption of power affected response and recovery. In this case, a need for flexibility of rules and protocols in emergencies is shown. An evacuation order could not be emitted, because this required a meeting between the council and the chief security manager, which was impossible as it was not possible to move in these conditions. As the expansion of the fire was devastating, and in the absence of a clear emergency plan, security managers had to adopt a flexible adaptation, deciding to focus on critical infrastructure protection of transmission lines and cell phone towers, because of the importance of mobile communications for responders. The priority for them was the protection of critical infrastructure (Government of British Columbia, 2018).
Another point has to do with the limits of digital analyses in predicting the weather, which has an impact on the decisions of security managers. The 2017 flooding in British Columbia was caused by a very cold and dry winter, followed by strong rains in the spring. This case is interesting to show that climate change makes this kind of events very difficult to predict, showing the limits of digital technologies and analyses to give accurate information, which in turn affects the decisions of security professionals and the communities. Fall 2016 in Okanagan (BC) was wetter than normal, while winter 2017 was drier and colder than usual, which produced more snowfall in low areas and low than normal in the upper zones that normally produce most of the spring runoff. Thus, low inflow to the lake was expected during spring. However, spring 2017 was wetter than normal with rain in low areas and snow in the upper ones with more snow than normal that melted and created the highest rates of inflows to the lakes Okanagan and Nicola. As the security professionals that manage inflows and outflows to the lakes, having to balance which quantity of water is required to impede a flood without altering the ecosystem take their decisions based on available data and digital analyses, including weather predictions and water surveys and this year a drought was predicted for spring, they decided to increase the flows, which combined with the rain and the melting snow resulted in a flow difficult to control. Thus, the authorities are improving their models to understand and predict the weather, which includes a new model based on snowmelt criteria, using improved computer power and automation (Government of British Columbia, 2018).
Another important point raised by Boin and McConnell (2007) has to do with the challenge of ensuring cooperation for resilience initiatives within a context of increasing privatization of public utilities, making that public and private actors have different priorities and motives to invest in security measures, as well as different organizational cultures and communication systems, limiting coordination and cooperation. Monstadt and Schmidt (Monstadt and Schmidt, 2019) show the challenges of cooperation in Germany, where the privatization process of utilities resulted in segmentation of local companies with their own logics and priorities that are not necessarily interrelated with the local government. This situation creates a complex and diversified network of institutions that limits the application of integrated risk management. In particular, this institutional framework challenges the exchange of information needed for resilience analyses, and other resilience practices. In the U.S the electricity sector is increasingly concerned with the need of creating a culture of cyber-security, focusing on mutual aid and cooperation between utilities and the improvement of information gathering and exchange at the utility level.
The problem of cooperation has also to do with the will by utilities to implement security measures, as well as with problems of maintenance and management of utilities. The 2018 Campfire in California, as well as the 2017 hurricane Maria show to what point these disasters are intimately related to the will of electricity utilities to address infrastructure risks. In the case of Campfire, despite the zone that burned had been previously identified by a fire map by Cal-Fire and PG&E as having an elevated risk and part of the zone had an extreme risk, the utility Pacific Gas and Electric (PG&E) did not implement mitigation measures. In this case, the cause of the fire is related to negligence by PG&E in the maintenance of the infrastructure. Sparks were detected by PG&E the day before the fire, but the damage of the transmission line was only reported 15 minutes before the fire. This same transmission line that has been already damaged in 2012. Another ignition source was a malfunctioned distribution line. This raises questions about the will of the utility to implement mitigation measures despite its knowledge of the risks, as well as about the prior opposition by the governor of California, Mr Jerry Brown to a Senate bill that aimed to reduce the risk of fires by power lines because he considered that this bill duplicated the efforts done by PG&E to map the risks (Macgill, 2018). This shows, however, the need for public enforcement to make utilities implement mitigation measures. In the case of hurricane Maria, an important aspect to understand the impacts of the hurricane on electrical infrastructure is that the Puerto Rico Electrical Power Authority (PREPA) had an old operation system, as well as poorly maintained infrastructure and security management. It was a debt institution, that suffered from budget cuts, as well as of the loss of 30% of its workforce since 2012 (Mufson, 2017).
The case of hurricane Sandy in New York shows that the vulnerability of the electricity system in New York is due to the lack of diversity and redundancy. Electricity was provided by a single supplier, Con Edison. The centralization of the electricity system makes it vulnerable to power outages. Battery storage, rooftop solar and renewables such as microgrids are seen as solutions to create a decentralised electricity system for homes and business. In addition to the implementation of mitigation measures as part of recovery such as the construction of floodwalls, and hoisting equipment to be able to withstand floods, renewable projects have been being implemented, including microgrids, as well as solar-plus-battery-storage projects in public buildings, including homeless shelters, schools and firehouses. Furthermore the Reforming the Energy Vision was launched in 2014 to promote the offer of clean energies by the business. Investments are also being done on automation and smart systems (Clouse, 2017; Lavelle, 2012).
These cases in the U.S. and Canada show that despite the focus of resilience and infrastructure resilience has been put on digital knowledge and cooperation, not only the ability of digital analysis to produce accurate knowledge is limited in the Anthropocene in which climate conditions are increasingly unpredictable, but also the production of this knowledge depends on the cooperation of the infrastructure system, a system that has been privatized, making cooperation challenging. In this context, it is not enough to predict the cascades of all the possible crisis scenarios, but what these cases show is that the ability to construct resilience depends on the flexibility of local actors to make decisions with the available resources, which requires flexible roles, rules and protocols, as well as cooperation between local actors that does not only results from contingency plans, but also from the specificity of the emergency in itself that is difficult to predict in the context of climate change in the Anthropocene. In this context, it is crucial that the state regulates and supervises the maintenance of critical infrastructures by utilities and private companies, as well as their security practices, and promotes a decentralised system of energy based on renewables to guarantee redundancy and diversity, and thus secure the availability of critical infrastructure flows. The problem of this kind of system is that it can create an unequal access to essential services such as energy or water, as is the case of the Cape Town drought in which the wealthiest were able to supply their needs of water in a context of drought and water scarcity by buying private infrastructure such as water tanks, a privilege that cannot be afforded by the poor (see Simpson et al., 2020, 2019).
The study of the impacts of natural disasters and cyber-attacks on critical infrastructures in the Anthropocene shows to what point the complexity created by the interdependency and interconnection between nature, human-beings, physical and cyber infrastructures that provide essential flows to societies in this context is creating risks to security. The analysis of cyber-attacks against critical infrastructures shows that the digitalization and decentralisation of networks of control operation, making that multiple devices linked to operation control are connected to the Internet enables the remote access and penetration of the system by hackers to extract information on operations, but also that an expert knowledge by hackers on the control of operating systems can damage computers and equipment, create cascades and disrupt operations and the generation and circulation of flows. The interruption of flows of information is critical in this context, because in the context of digital societies critical infrastructures depend on flows of digital information for their operation and daily activities that enable the flows of circulation of people, commodities, materials, information, money, and so on. As critical infrastructure sectors are interconnected and interdependent, the interruption of flows of digital information creates cascades on other sectors. The risks to security created by interdependencies and interconnectivity are also revealed in the analysis of the impacts of natural disasters on critical infrastructures. Global warming that results from human and technological actions on the earth is creating more frequent and intense meteorological phenomena in which cascades between natural hazards are produced. These hazards interact with physical, technological and human components, creating cascades across infrastructure sectors, destructing physical assets, and interrupting essential flows such as water, electricity, the circulation of people and information. These cascades can be disastrous because the impacts of natural forces on physical infrastructures can lead to industrial disasters, water can be contaminated causing diseases, destruction of roads impedes circulation, electricity is disrupted, creating cascades on the other sectors, including transportation, telecommunications and health, putting at risk the lives of patients. The interruption of flows of circulation of digital information is critical because as the activities of organizations have been digitalized, the governance of emergencies has become dependent on information technologies for accessing the information on emergency situations and for the communication between emergency agencies and with the population.
In this context of increasing complexity, resilience is a digital phenomenon in which digital technologies are used to connect the system and make it collaborating across space in the common goal of reducing the impacts of future uncertain disasters through the mobilization of risk knowledge and resilience practices that depend on everyone's participation. Resilience is built through a dynamic and cyclical process made of a set of practices of anticipation and planning for future emergencies through risk knowledge. Risk knowledge is produced through digital technologies and analyses enabling to visualize networks, to confront them to multiple possible but unpredictable hazards, and to identify the critical nodes to take actions to prevent the occurrence of cascades. Building resilient infrastructures is about making assets more resistant to disasters, and about using criticality analyses to identify which critical nodes have to be enhanced. The cases of disasters analysed in this paper show, however, the limits of the digitalization of resilience practices, as well as the need to go beyond digital analyses and digital cooperation and of focusing on other aspects such as the flexibility of local actors, and, which is crucial, the regulation and maintenance of utilities and private companies by the states and the promotion of a decentralized system of energy based on renewables having a public and community orientation.
Amicelle, A., Côté-Boucher, K., DUPONT, B., Mulone, M., Shearing, C.D., Tanner, S., 2017. Criminology in the face of flows: reflections on contemporary policing and security. Global Crime 18. https://doi.org/10.1080/17440572.2017.1350427
Alelyani, S., Kumar G R, H., 2018. Overview of Cyberattack on Saudi Organizations. Naif Arab University for Security Sciences 1, 42–50.
Amin, A., 2014. Lively Infrastructure. Theory, Culture & Society 31, 137–161.
Aradau, C., 2010. Security That Matters: Critical Infrastructure and Objects of Protection. Security Dialogue 41, 491–514.
Bade, G., 2018. Russian hackers infiltrated utility control rooms, DHS says. Utility Dive.
Beck, U., 2009. World at risk. Polity, Cambridge.
Boin, A., McConnell, A., 2007. Preparing for Critical Infrastructure Breakdowns: The Limits of Crisis Management and the Need for Resilience. Journal of Contingencies and Crisis Management 15, 50–60.
Bonneuil, C., Fressoz, J.-B., 2013. L’événement Anthropocène. La terre, l’histoire et nous. Édition du Seuil, Lonrai.
Boyle, P.J., 2019. ‘Building a safe and resilient Canada’: resilience and the mechanopolitics of critical infrastructure. Resilience International Policies, Practices and Discourses 7, 59–82.
Brenner, N., 1999. Globalization as territorialization: The Re-scaling of Urban Governance in the European Union. Urban Studies 36, 431–451.
Bridge, G., Özkaynak, B., Turhan, E., 2018. Energy infrastructure and the fate of the nation: Introduction to special issue. Energy and Social Science 41, 1–11.
Californian Department of Forestry and Fire Protection, 2018. Informational Summary Report of Serious or Near Serious CAL FIRE Injuries, Illnesses and Accidents (Summary No. 18- CA- BTU- 016737). Californian Department of Forestry and Fire Protection, California Northern Region.
Clouse, C.J., 2017. 5 Years After Superstorm Sandy, New York’s Still Vulnerable To Widespread Power Outages.
Coden, M., Bartol, N., 2017. Our critical infrastructure is more vulnerable than ever. It doesn’t have to be that way. World Economic Forum. URL https://www.weforum.org/agenda/2017/02/our-critical-infrastructure-is-more-vulnerable-than-ever-it-doesn-t-have-to-be-that-way/ (accessed 11.4.19).
Daher, B., Hannibal, B., Portney, K.E., Mohtar, R.H., 2019. Toward creating an environment of cooperation between water, energy, and food stakeholders in San Antonio. Science of the Total Environment 651, 2913–2926.
DUPONT, B., 2019. The cyber-resilience of financial institutions: significance and applicability. Journal of cybersecurity 5, 1–17.
Dupont, B., 2013. Cybersecurity Futures: How Can We Regulate Emergent Risks? Technology Innovation Management Review 6–11.
Environment and Climate CHange Canada, 2017. Ice Storm of the Century. URL http://www.ec.gc.ca/meteo-weather/default.asp?lang=En&n=3DED7A35-1#t1
Fazzini, K., 2019. The Saudi oil attacks could be a precursor to widespread cyberwarfare — with collateral damage for companies in the region. CNBC.
Gocke, A., 2019. NODAL GOVERNANCE OF THE U.S. ELECTRICITY GRID. DUKE ENVIRONMENTAL LAW & POLICY FORUM XXIX, 205–271.
Government of British Columbia, 2018. Addressing the New Normal: 21st Century Disaster Management in British Columbia. Government of British Columbia, British Columbia.
Government of Canada, 2009. National Strategy for Critical Infrastructure. Infrastructure Canada, Canada.
Greenberg, A., 2018. The Untold Story of NotPetya, the Most Devastating Cyberattack in History Crippled ports. Paralyzed corporations. Frozen government agencies. How a single piece of code crashed the world. Wired.
Hallegate, S., Rentschler, J., Rozenberg, J., 2019. Lifelines. The resilience infrastructure opportunity. World Bank Group, Washington.
Hayward, J., 2016. Fort McMurray wildfire “likely” result of human activity: RCMP. CTV News.
Hern, A., 2017. WannaCry, Petya, NotPetya: how ransomware hit the big time in 2017. The Guardian.
Holling, C.S., 1973. Resilience and Stability of Ecological Systems. Annual Review of Ecology and Systematics 4, 1–23.
Industrial Control Systems, Electricity Information Sharing and Analysis Center, 2016. Analysis of the Cyber Attack on the Ukrainian Power Grid Defense Use Case. Industrial Control Systems anf Electricity Information Sharing and Analysis Center, Washington.
International Energy Agency, 2017. Digitalization & Energy. International Energy Agency.
Joseph, J., 2017. Resilience, governmentality and neoliberalism, in: The Routledge Handbook of International Resilience. Routledge, Taylor & Francis, London, New York, pp. 159–168.
Kadri, F., Birregah, B., Eric Châtelet, 2014. The Impact of Natural Disasters on Critical Infrastructures: A Domino Effect-based Study. Homeland Security & Emergency Management 11, 217–241.
Klein, N., 2014. This changes everything : capitalism vs. the climate. First Simon & Schuster hardcover edition., New York.
Kröger, W., 2017. Securing the Operation of Socially Critical Systems from an Engineering Perspective: New Challenges, Enhanced Tools and Novel Concepts. European Journal of Security Research 1–17. https://doi.org/10.1007/s41125-017-0013-9
Lavelle, M., 2012. Can Hurricane Sandy Shed Light on Curbing Power Outages? National Geographic.
Leavitt, W.M., Kiefer, J.J., 2006. Infrastructure Interdependency and the Creation of a Normal Disaster: The Case of Hurricane Katrina and the City of New Orleans. Public Works Management & Policy 10, 306–314.
Little, R.G., 2002. Toward More Robust Infrastructure: Observations on Improving the Resilience and Reliability of Critical Systems. Computer society, Proceedings of the 36th Hawaii International Conference on System Sciences 1–9.
Mijalković, S., Cvetković, V., n.d. Vulnerability of critical infrastructure by natural disasters. The Academy of Criminalistic and Police Studies 91–102.
Miller, R., n.d. Hurricane Katrina: Communications & Infrastructure Impacts.
Ministère de la sécurité civile, 2014. POLITIQUE QUÉBÉCOISE DE SÉCURITÉ CIVILE 2014-2024. Vers une société québécoise plus résiliente aux catastrophes. Monistère de la sécurité civile, Québec.
Mission Support Center, 2016. Cyber Threat and Vulnerability Analysis of the U.S. Electric Sector. Mission Support Center Analysis Report. Mission Support Center, Idaho.
National Academies of Sciences, Engineering, and Medicine, 2018. Recoverability as a First-Class Security Objective: Proceedings of a Workshop. National Academies of Sciences, Engineering, and Medicine, Washington DC.
Nguyen, L., 2011. Historic Prairie flooding, top weather story of 2011. Postmedia News.
O’Malley, P., 2010. Resilient subjects: uncertainty, warfare and liberalism. Economy and Society 39, 488–509.
O’Malley, P., 1992. Risk, power and crime prevention. Economy and Society 21, 252–275.
O’Rourke, T.D., 2008. Critical Infrastructure, Interdependencies, and Resilience. The Bridge. Linking engineering and society 37.
Perlroth, N., Krauss, C., 2018. A Cyberattack in Saudi Arabia Had a Deadly Goal. Experts Fear Another Try. The New York Times.
Pescaroli, G., Alexander, D., 2018. Understanding Compound, Interconnected, Interacting, and Cascading Risks: A Holistic Framework. Risk Analysis 38, 2245–2257.
Raywood, D., n.d. Industroyer Malware Detected, Linked to Kiev Attack. Info Security.
Robert, B., Cloutier, I., 2012. La mobilisation lors de l’anticipation d’une situation d’urgence : le défi de la collaboration multi-organisationnelle entre systèmes essentiels. Sécurité et stratégie 3, 16–23.
Robert, B., Hémond, Y., Yan, G., 2010. L’ÉVALUATION DE LA RÉSILIENCE ORGANISATIONNELLE. Téléscope 131–153.
Robert, B., Pagé-Bélanger, R., Neault, J.-M., 2012. Résilience des systèmes essentiels Une démarche gouvernementale reconnue dans le monde. Inter Action 3, 12.
Roman, M.O., Stokes, E.C., Shrestha, R., Wang, Z., Schultz, L., Sepulveda Carlo, E.A., Sun, Q., Bell, J., Moltan, A., Kalb, V., Ji, C., Seto, K.C., McClain, S.N., Enenkel, M., 2019. Satellite-based assessment of electricity restoration efforts in Puerto Rico after Hurricane Maria. Plos One 14.
Sanger, D.E., Perlroth, N., 2019. U.S. Escalates Online Attacks on Russia’s Power Grid. The New York Time.
Simon, J., 1988. The Ideological Effects of Actuarial Practices. Law & Society Review 771, 771–800.
Shearing, C., 2015. Criminology and the Anthropocene. Criminology & Criminal Justice 15, 255–269.
Sheppard, D., DiSavino, S., 2012. Superstorm Sandy cuts power to 8.1 million homes. Reuters.
Simpson, N.P., Shearing, C.D., Dupont, B., 2020. ‘Partial functional redundancy’: An expression of household level resilience in response to climate risk. Climate Risk Management.
Smith, M., 2012. Sandy wreaks havoc across Northeast; at least 11 dead. CNN.
The Gazette, 1998. The ice storm of 98 13.
Thoma, K., Schart, B., Hiller, D., Leisman, T., 2016. Resilience Engineering as Part of Security Research: Definitions, Concepts and Science Approaches. European Journal of Security Research 1, 3–19.
United Nations, 2015. Sendai Framework for Disaster Risk Reduction 2015 - 2030. United Nations, Sendai.
United Nations, 2005. Hyogo Framework for Action 2005-2015: Building the Resilience of Nations and Communities to Disasters. United Nations. International Strategy for Disaster Reduction, Hyogo.
United Nations, 1994. Yokohama Strategy for a Safer World. Guidelines for Natural Disaster, Prevention, Preparedness and Mitigation. United Nations, Yokohama.
US Department of Homeland Security, 2014. The 2014 Quadrennial Homeland Security Review. US Department of Homeland Secuerity, United States.
Welsh, M., 2014. Resilience and responsibility: governing uncertainty in a complex world. The Geographical Journal 180, 15–26.
Woolf, N., 2016. DDoS attack that disrupted internet was largest of its kind in history, experts say. The Guardian.
World Economic Forum, 2019. Cyber Resilience in the Electricity Ecosystem: Principles and Guidance for Boards. World Economic Forum, Geneva.
Wright, B., 2019. Saudi Arabia’s cybersecurity concerns increase as threats evolve. CIO.
Zetter, K., 2016. Inside the Cunning, Unprecedented Hack of Ukraine’s Power Grid. Wired.
Zscheischler, J., Westra, S., van den Hurk, B.J.J.M., Seneviratne, S.I., Ward, P.J., Pitman, A., AghaKouchak, A., Bresch, D.N., Leonard, M., Wahl, T., Zhang, X., 2018. Future climate risk from compound events. Nature Climate Change 8, 469–477.