The most industrialized countries are equipped with increasingly extensive and sophisticated infrastructure systems, so-called critical infrastructures (CIs) such as energy distribution networks and transport infrastructures
[1]. The term critical infrastructure is defined in Section 1016(e) of the USA Patriot Act of 2001 as those “systems and goods, both physical and virtual, so vital to the nation that their malfunctioning or destruction would produce a debilitating impact on the security of citizens, on the economic security of the nation, on national public health and on any combination of the above”
[2]. Europe has also issued its own CIs protection program. In fact, in June 2004, the European Council took the initiative to call for the preparation of a strategy for the protection of CIs in the territory of the Union from possible terrorist attacks, which led the Commission to issue
Communication 702 of 2004. This activity of the Commission led in 2008 to the approval of Directive
2008/114/EC which currently forms the basis of EU legislation on CIs. A CI is defined in the directive as “an element, system or part thereof located in the Member States which is essential for the maintenance of the vital functions of society, the health, safety and economic and social well-being of citizens and whose damage or destruction would have a significant impact in a Member State due to the impossibility of maintaining those functions”
[3].
2. CLUSTER#1 “Risk Assessment”
The documents belonging to this selection are related to “Risk Assessment”.
Table 41 summarizes a classification of documents by year, type of publication and the main focus. Through detailed analysis of them in detail, it emerges that Rydén Sonesson et al.
[12][4] have proposed a risk analysis across transportation, energy and telecommunication in Sweden. The document highlights the importance of using integrated tools in order to identify risks and establish strategic priorities for managing very complex and global systems. Some authors, such as Michalis and Sentenac
[13][5], proposed very sectoral and specific studies such as, for example, an investigation of the condition of dams in Scotland using Electromagnetic (EM) sensing. It is also interesting to mention the research developed by Johnson et al.
[14][6] in which the use of probabilistic risk analysis (PRA) for critical infrastructure is proposed. Technological innovation also makes it possible to process data capable of defining resilient models of critical infrastructure as clarified by Meslem et al.
[15][7] who developed a customized framework/software based on the outcome of the risk and cost-benefit analysis relating to the liquefaction risk. Furthermore, Veeraraghavan et al.
[16][8] have developed a software to monitor CIs, in this case an open-source software for seismic risk assessment. The importance of using software tools is also demonstrated by the study proposed by Donratanapat et al.
[17][9] that develops a Python web application to assess the potential impacts of flooding on CIs. The analysis of the documents also highlights how multicriteria decision-making approaches are useful methods for managing critical infrastructures.
Table 41.
Classification of documents belonging to CLUSTER#1 “Risk Assessment”.
Authors |
Ref. |
Year |
YearType of Publication |
Main Focus |
][47] develop a method to calculate the vulnerability of a residential building using four factors (susceptibility, surrounding environment, landslide intensity and people) for the assessment. Der Sarkissian et al.
[56][48] evaluated the state of Saint-Martin’s CI before and after Hurricane Irma and, accordingly, reveal the indicators to assess during reconstruction projects.
Table 52.
Classification of documents belonging to CLUSTER#2 “Risk Environment”.
Authors |
Ref. |
Year |
Type of Publication |
Main Focus |
Type of Publication |
Main Focus |
Rydén Sonesson et al. |
[12][4] |
2021 |
Imteaj et al. |
[51][ | Theoretical |
Risks cross-sector analysis |
43 | ] |
2021 |
Le Blanc |
[72][64] |
2021 | Theoretical |
Resource-limitations |
Michalis and Sentenac |
[13][5] |
2021 |
Theoretical/Application |
Dam monitoring |
Theoretical/Application |
Risk analysis |
Depina et al. |
[52][44] |
2021 |
Khanam et al. |
[73 | Theoretical |
][65 | Performance analysis |
] |
2021 |
Case Study |
Vulnerability |
Johnson et al. |
[14][6] |
2021 |
Theoretical |
Hendricks et al. | Probabilistic Risk Analysis |
[ | 53][45] |
2021 |
Theoretical |
Silver et al. |
[74][66] | Vulnerability |
2020 |
Theoretical |
Behavioral risk |
Meslem et al. |
[15][7] |
Yuan et al. |
[54][ | 2021 |
46Software/Application |
Liquefaction hazard |
] |
Splichalova et al. |
[75][ | 2021 |
Case Study |
Internet of People (IoP) |
67] |
2020 |
Theoretical |
Decision making |
Veeraraghavan et al. |
[16][8] |
2021 |
Software/Application |
Seismic analysis |
Wahab et al. |
[55][47] |
2021 |
Theoretical/Application |
Vulnerability |
Rehak |
[76][68] |
2020 |
Theoretical |
Decision making |
Donratanapat et al. |
[17][9] |
2020 |
Software/Application |
Flood emergences/ Hurricanes |
Chou and Ongkowijoyo |
Der Sarkissian et al. |
[56][48] |
2021 |
Case Study |
Recovery |
Ghafir et al. |
[77][69] |
2018 |
Theoretical/Application |
Behavioral risk |
[18][10] |
2019 |
Theoretical |
Decision Making & Risk Management |
Thompson et al. |
[57][49] |
2021 |
Theoretical/Application |
Panda et al. | Long-term planning |
[78][70] |
2018 |
Theoretical/Application |
Behavioral risk |
Vamvakeridou et al. |
[19][11] |
][2020 |
50Case Study |
Flood emergences |
] |
2020 |
Theoretical/Application |
Petrillo et al. |
[79][71] | Decision Making & Risk Management |
2017 |
Theoretical/Application |
Human error probability |
Turskis et al. |
[20][12] |
2019 |
Theoretical |
Decision Making & Risk Management |
Rød et al. |
[ |
Panteli and Mancarella | 59][51] |
[2020 |
80Theoretical |
][72]ISO 31000 |
2017 |
Theoretical/Application |
Přibyl et al. |
[21][13] |
2018 |
Theoretical/Application |
Road tunnel |
Lo et al. |
[60][52] |
2020 |
Theoretical |
Decision Making & Risk Management |
Greiving et al. |
[22][14] |
2021 |
Case Study |
Urban regions |
Kasmi et al. |
[23][15] |
2021 |
Theoretical/Application |
Risk priority analysis |
Di Bona et al. |
[24][16] |
2020 |
Theoretical/Application |
Nuclear power plants |
Boothroyd et al. |
[25][17] |
2021 |
Theoretical/Application |
River erosion |
Fekete |
[26][18] |
2020 |
Case Study |
Flood emergences/cascading effect |
Rehak et al. |
[27][19] |
2018 |
Theoretical |
Cascading effects |
Behavioral risk |
Esposito et al. |
[28][20] |
2020 |
Theoretical/Application |
Non-nuclear infrastructures (Stress test) |
Argyroudis et al. |
[29][21] |
2020 |
Case Study |
Non-nuclear infrastructures (Stress test) |
Huff et al. |
[30][22] |
2019 |
Theoretical |
Decision Making & Risk Management |
Mokhor et al. |
[31][23] |
2019 |
Review |
Cybersecurity |
de Bruijn et al. |
[32] |
Benmokhtar et al. |
[61][53] |
2020 |
Theoretical |
Decision Making & Risk Management |
Hawchar et al. |
[62][54] |
2020 |
Theoretical |
Decision Making & Risk Management |
Gheorghe et al. |
[63][55] |
2018 |
Theoretical |
Interdependency analysis |
Serre and Heinzlef |
[64][56] |
2018 |
Theoretical |
Cascading effects |
[24] |
2019 |
Review |
Flood emergences |
Braun et al. |
[65][57] |
2018 |
Case Study |
Vulnerability |
Jaïdi et al. |
[66][58] |
2018 |
Theoretical/Application |
Decision Making & Risk Management |
Krings et al. |
[67][59] |
2018 |
Theoretical/Application |
Risk management |
Karbowski et al. |
[33][25] |
2019 |
Theoretical/Application |
Theoretical/Application |
Murdock et al. |
[34][26] |
2018 |
Theoretical |
Flood emergences |
Pearson et al. |
[35][27] |
2018 |
Review |
Flood emergences |
Tweneboah-Koduah and Buchanan |
[36][28] |
2018 |
Theoretical |
Cybersecurity |
Zimmermann et al. |
[37][29] |
2018 |
Theoretical |
Water infrastructure |
Wang et al. |
[38][30] |
2018 |
Theoretical |
SCADA systems |
Mao and Li |
[39][31] |
2018 |
Theoretical |
Interdependency analysis/Disturbance propagation |
Klügel and Stäuble-Akcay |
[40][32] |
2018 |
Theoretical |
Seismic analysis |
Thacker et al. |
[41][33] |
2018 |
Theoretical/Application |
Hydrometeorological risk |
Thacker et al. |
[42][34] |
2017 |
Theoretical/Application |
Interdependency analysis |
Bloomfield et al. |
[43][35] |
2017 |
Theoretical/Application |
Interdependency analysis |
Delvosalle et al. |
[44][36] |
2017 |
Theoretical/Application |
Interdependency analysis |
Lam et al. |
[45][37] |
2017 |
Theoretical/Application |
Coastal infrastructure/cyclone |
Gonzalez-Granadillo et al. |
[46][38] |
2017 |
Case Study |
SCADA systems |
Espada et al. |
[47][39] |
2017 |
Theoretical/Application |
Flood emergences |
Ongkowijoyo and Doloi |
[48][40] |
2017 |
Theoretical/Application |
Risk priority analysis |
Daniel and Nicolae |
[49][41] |
2017 |
Theoretical |
Power safety |
van Staalduinen et al. |
[50][42] |
2017 |
Theoretical |
Risk priority analysis |
3. CLUSTER#2 “Risk Environment”
The documents belonging to this selection are related to “Risk Environment”.
Table 52 summarizes a classification of documents by year, type of publication and main focus. Analyzing in detail each of them, it emerges that Imteaj et al.
[51][43] has proposed a distributed machine learning technique called Federated Learning (FL) to predict the probable outage and resource status of CIs. Depina et al.
[52][44] investigates the application of the Performance-Based Wind Engineering (PBWE) methodology to the risk assessment of critical telecommunication infrastructure subjected to wind hazard. An interesting concept is discussed by Hendricks et al.
[53][45] claiming that existing environmental justice and hazard vulnerability literature inadequately addresses key texts and topics related to critical physical infrastructure, including stormwater, green space, sewerage, energy, and roads, among other systems. Yuan et al.
[54][46] use an Internet of People (IoP) enabled framework to assess a road network’s performance loss during disasters, illustrating a case study of hurricane Florence in Wilmington (USA). Wahab et al.
[55
Baggott et al. |
[ |
58 |
Häyhtiö and Zaerens |
[ |
68 |
] |
[ |
60 |
] |
2017 |
Theoretical/Application |
Risk management |
Capano |
[69][61] |
2017 |
Review |
Risk management |
Wilson et al. |
[70][62] |
2017 |
Theoretical/Application |
Vulnerability (volcanic) |
Flatscher et al. |
[71][63] |
2017 |
Theoretical/Application |
Risk management |
4. CLUSTER#3 “Human Factors”
The documents belonging to this selection are related to “Human Factors”.
Table 63 summarizes a classification of documents by year, type of publication and main focus. Analyzing in detail each of them, it emerges that this cluster presents heterogeneous monoscripts since the human factor is analyzed from different points of view. For example, Le Blanc
[72][64] describes human factors challenges in developing cyber informed risk assessment for CIs. While, Khanam et al.
[73][65] have provided a framework for assessing the risk factors of our modern infrastructure located in vulnerable coastal areas. A rather different perspective is analyzed in the research developed by Silver et al.
[74][66] in which a behavioral risk factor surveillance system is discussed. Splichalova et al.
[75][67] aimed to demonstrate the importance of the decision-making process of critical infrastructures and therefore the fundamental role of the human factor in this process. Similarly, Rehak
[76][68] has argued on the importance of individual factors in organizational resilience of CIs. Ghafir et al.
[77][69] and Panda et al.
[78][70] have proposed a training framework useful for operators of CIs. Petrillo et al. have presented a hybrid model for human error probability analysis
[79][71], called Emergency Human Error Analysis (EHEA), which considers all contingency factors that influence decisions and actions of the operator. Finally, Panteli and Mancarella
[80][72] have discussed the relationship between the resilience of CIs and human response as a key dimension to monitor CIs.
Table 63.
Classification of documents belonging to # CLUSTER#3 “Human Factors”.
5. Conclusions
Both natural and man-made accidents (deliberate or accidental) can potentially damage, disable or destroy critical infrastructure. Rather than focusing on one type of threat or danger at a time, such as natural disasters or terrorist attacks, States should identify all the threats and risks that pose the greatest risks to critical infrastructure. This is the only way to think about more effective and efficient planning and allocation of resources.