The most industrialized countries are equipped with increasingly extensive and sophisticated infrastructure systems, so-called critical infrastructures (CIs) such as energy distribution networks and transport infrastructures [1]. The term critical infrastructure is defined in Section 1016(e) of the USA Patriot Act of 2001 as those “systems and goods, both physical and virtual, so vital to the nation that their malfunctioning or destruction would produce a debilitating impact on the security of citizens, on the economic security of the nation, on national public health and on any combination of the above” [2]. Europe has also issued its own CIs protection program. In fact, in June 2004, the European Council took the initiative to call for the preparation of a strategy for the protection of CIs in the territory of the Union from possible terrorist attacks, which led the Commission to issue Communication 702 of 2004. This activity of the Commission led in 2008 to the approval of Directive 2008/114/EC which currently forms the basis of EU legislation on CIs. A CI is defined in the directive as “an element, system or part thereof located in the Member States which is essential for the maintenance of the vital functions of society, the health, safety and economic and social well-being of citizens and whose damage or destruction would have a significant impact in a Member State due to the impossibility of maintaining those functions” [3].

2. CLUSTER#1 “Risk Assessment” 

The documents belonging to this selection are related to “Risk Assessment”. Table 14 summarizes a classification of documents by year, type of publication and the main focus. Through detailed analysis of them in detail, it emerges that Rydén Sonesson et al. ^[4][12] have proposed a risk analysis across transportation, energy and telecommunication in Sweden. The document highlights the importance of using integrated tools in order to identify risks and establish strategic priorities for managing very complex and global systems. Some authors, such as Michalis and Sentenac ^[5][13], proposed very sectoral and specific studies such as, for example, an investigation of the condition of dams in Scotland using Electromagnetic (EM) sensing. It is also interesting to mention the research developed by Johnson et al. ^[6][14] in which the use of probabilistic risk analysis (PRA) for critical infrastructure is proposed. Technological innovation also makes it possible to process data capable of defining resilient models of critical infrastructure as clarified by Meslem et al. ^[7][15] who developed a customized framework/software based on the outcome of the risk and cost-benefit analysis relating to the liquefaction risk. Furthermore, Veeraraghavan et al. ^[8][16] have developed a software to monitor CIs, in this case an open-source software for seismic risk assessment. The importance of using software tools is also demonstrated by the study proposed by Donratanapat et al. ^[9][17] that develops a Python web application to assess the potential impacts of flooding on CIs. The analysis of the documents also highlights how multicriteria decision-making approaches are useful methods for managing critical infrastructures.

Authors	Ref.	Year	YearType of Publication	Main Focus

^][55] develop a method to calculate the vulnerability of a residential building using four factors (susceptibility, surrounding environment, landslide intensity and people) for the assessment. Der Sarkissian et al. ^[48][56] evaluated the state of Saint-Martin’s CI before and after Hurricane Irma and, accordingly, reveal the indicators to assess during reconstruction projects. 

Authors	Ref.	Year	Type of Publication	Main Focus
Type of Publication	Main Focus
Rydén Sonesson et al.	[4][12]	2021
Imteaj et al.	[43][	Theoretical	Risks cross-sector analysis
51	]	2021
Le Blanc	[64][72]	2021	Theoretical	Resource-limitations
Michalis and Sentenac	[5][13]	2021	Theoretical/Application	Dam monitoring
Theoretical/Application	Risk analysis	Depina et al.	[44][52]	2021
Khanam et al.	[65	Theoretical	][73	Performance analysis	]	2021	Case Study	Vulnerability	Johnson et al.	[6][14]	2021	Theoretical
Hendricks et al.	Probabilistic Risk Analysis
[	45][53]	2021	Theoretical
Silver et al.	[66][74]	Vulnerability	2020	Theoretical	Behavioral risk	Meslem et al.	[7][15]
Yuan et al.	[46][	2021	54Software/Application	Liquefaction hazard
]
Splichalova et al.	[67][	2021	Case Study	Internet of People (IoP)	75]	2020	Theoretical	Decision making	Veeraraghavan et al.	[8][16]	2021	Software/Application	Seismic analysis
Wahab et al.	[47][55]	2021	Theoretical/Application	Vulnerability
Rehak	[68][76]	2020	Theoretical	Decision making	Donratanapat et al.	[9][17]	2020	Software/Application	Flood emergences/ Hurricanes
Chou and Ongkowijoyo
Der Sarkissian et al.	[48][56]	2021	Case Study	Recovery
Ghafir et al.	[69][77]	2018	Theoretical/Application	Behavioral risk	[10][18]	2019	Theoretical	Decision Making & Risk Management
Thompson et al.	[49][57]	2021	Theoretical/Application
Panda et al.	Long-term planning	[70][78]	2018	Theoretical/Application	Behavioral risk	Vamvakeridou et al.	[11][19]	][2020	58Case Study	Flood emergences
]	2020	Theoretical/Application
Petrillo et al.	[71][79]	Decision Making & Risk Management	2017	Theoretical/Application	Human error probability	Turskis et al.	[12][20]	2019	Theoretical	Decision Making & Risk Management
Rød et al.	[
Panteli and Mancarella	51][59]	[2020	72Theoretical	][80]ISO 31000	2017	Theoretical/Application	Přibyl et al.	[13][21]	2018	Theoretical/Application	Road tunnel
Lo et al.	[52][60]	2020	Theoretical	Decision Making & Risk Management	Greiving et al.	[14][22]	2021	Case Study	Urban regions
Kasmi et al.	[15][23]	2021	Theoretical/Application	Risk priority analysis
Di Bona et al.	[16][24]	2020	Theoretical/Application	Nuclear power plants
Boothroyd et al.	[17][25]	2021	Theoretical/Application	River erosion
Fekete	[18][26]	2020	Case Study	Flood emergences/cascading effect
Rehak et al.	[19][27]	2018	Theoretical	Cascading effects
Behavioral risk	Esposito et al.	[20][28]	2020	Theoretical/Application	Non-nuclear infrastructures (Stress test)
Argyroudis et al.	[21][29]	2020	Case Study	Non-nuclear infrastructures (Stress test)
Huff et al.	[22][30]	2019	Theoretical	Decision Making & Risk Management
Mokhor et al.	[23][31]	2019	Review	Cybersecurity
de Bruijn et al.	[24]
Benmokhtar et al.	[53][61]	2020	Theoretical	Decision Making & Risk Management
Hawchar et al.	[54][62]	2020	Theoretical	Decision Making & Risk Management
Gheorghe et al.	[55][63]	2018	Theoretical	Interdependency analysis
Serre and Heinzlef	[56][64]	2018	Theoretical	Cascading effects	[32]	2019	Review	Flood emergences
Braun et al.	[57][65]	2018	Case Study	Vulnerability
Jaïdi et al.	[58][66]	2018	Theoretical/Application	Decision Making & Risk Management
Krings et al.	[59][67]	2018	Theoretical/Application	Risk management	Karbowski et al.	[25][33]	2019	Theoretical/Application	Theoretical/Application
Murdock et al.	[26][34]	2018	Theoretical	Flood emergences
Pearson et al.	[27][35]	2018	Review	Flood emergences
Tweneboah-Koduah and Buchanan	[28][36]	2018	Theoretical	Cybersecurity
Zimmermann et al.	[29][37]	2018	Theoretical	Water infrastructure
Wang et al.	[30][38]	2018	Theoretical	SCADA systems
Mao and Li	[31][39]	2018	Theoretical	Interdependency analysis/Disturbance propagation
Klügel and Stäuble-Akcay	[32][40]	2018	Theoretical	Seismic analysis
Thacker et al.	[33][41]	2018	Theoretical/Application	Hydrometeorological risk
Thacker et al.	[34][42]	2017	Theoretical/Application	Interdependency analysis
Bloomfield et al.	[35][43]	2017	Theoretical/Application	Interdependency analysis
Delvosalle et al.	[36][44]	2017	Theoretical/Application	Interdependency analysis
Lam et al.	[37][45]	2017	Theoretical/Application	Coastal infrastructure/cyclone
Gonzalez-Granadillo et al.	[38][46]	2017	Case Study	SCADA systems
Espada et al.	[39][47]	2017	Theoretical/Application	Flood emergences
Ongkowijoyo and Doloi	[40][48]	2017	Theoretical/Application	Risk priority analysis
Daniel and Nicolae	[41][49]	2017	Theoretical	Power safety
van Staalduinen et al.	[42][50]	2017	Theoretical	Risk priority analysis

3. CLUSTER#2 “Risk Environment”

The documents belonging to this selection are related to “Risk Environment”. Table 25 summarizes a classification of documents by year, type of publication and main focus. Analyzing in detail each of them, it emerges that Imteaj et al. ^[43][51] has proposed a distributed machine learning technique called Federated Learning (FL) to predict the probable outage and resource status of CIs. Depina et al. ^[44][52] investigates the application of the Performance-Based Wind Engineering (PBWE) methodology to the risk assessment of critical telecommunication infrastructure subjected to wind hazard. An interesting concept is discussed by Hendricks et al. ^[45][53] claiming that existing environmental justice and hazard vulnerability literature inadequately addresses key texts and topics related to critical physical infrastructure, including stormwater, green space, sewerage, energy, and roads, among other systems. Yuan et al. ^[46][54] use an Internet of People (IoP) enabled framework to assess a road network’s performance loss during disasters, illustrating a case study of hurricane Florence in Wilmington (USA). Wahab et al. ^[47

Baggott et al.
[
50
Häyhtiö and Zaerens
[
60
]
[
68
]
2017
Theoretical/Application	Risk management
Capano	[61][69]	2017	Review	Risk management
Wilson et al.	[62][70]	2017	Theoretical/Application	Vulnerability (volcanic)
Flatscher et al.	[63][71]	2017	Theoretical/Application	Risk management

4. CLUSTER#3 “Human Factors” 

The documents belonging to this selection are related to “Human Factors”. Table 36 summarizes a classification of documents by year, type of publication and main focus. Analyzing in detail each of them, it emerges that this cluster presents heterogeneous monoscripts since the human factor is analyzed from different points of view. For example, Le Blanc ^[64][72] describes human factors challenges in developing cyber informed risk assessment for CIs. While, Khanam et al. ^[65][73] have provided a framework for assessing the risk factors of our modern infrastructure located in vulnerable coastal areas. A rather different perspective is analyzed in the research developed by Silver et al. ^[66][74] in which a behavioral risk factor surveillance system is discussed. Splichalova et al. ^[67][75] aimed to demonstrate the importance of the decision-making process of critical infrastructures and therefore the fundamental role of the human factor in this process. Similarly, Rehak ^[68][76] has argued on the importance of individual factors in organizational resilience of CIs. Ghafir et al. ^[69][77] and Panda et al. ^[70][78] have proposed a training framework useful for operators of CIs. Petrillo et al. have presented a hybrid model for human error probability analysis ^[71][79], called Emergency Human Error Analysis (EHEA), which considers all contingency factors that influence decisions and actions of the operator. Finally, Panteli and Mancarella ^[72][80] have discussed the relationship between the resilience of CIs and human response as a key dimension to monitor CIs. 

Authors	Ref.

5. Conclusions

Both natural and man-made accidents (deliberate or accidental) can potentially damage, disable or destroy critical infrastructure. Rather than focusing on one type of threat or danger at a time, such as natural disasters or terrorist attacks, States should identify all the threats and risks that pose the greatest risks to critical infrastructure. This is the only way to think about more effective and efficient planning and allocation of resources.