“Critical infrastructure interdependencies constitute a risk multiplier: they can themselves be a threat or hazard, affect the resilience and protection performance of critical infrastructure, and lead to cascading and escalating failures.”
We think that there are some good parts of the paper, especially where it highlights the problem. The paper also discusses the complexity of “systems of systems” and hints at the difficulty this poses for analysts.
This complexity does pose an interesting challenge for analysts. Focusing on it too much, though, can unintentionally convey to policy makers and others that “the results are unknowable, might not be that bad, let us study it more, and wait to take action until we get back with you.” This can give policy makers an excuse to do nothing at just the time they should be taking preventative measures to make critical infrastructure more resilient and to prevent “cascading and escalating failures.”
We know enough now to urge policy makers to action and should do so. We know well enough for example, what will happen during a major GPS/GNSS disruption from a solar storm or jamming incident. From a recent OpEd:
Every mode of transportation immediately slows down, can carry less traffic, and has more accidents. Already distracted drivers lose their turn-by-turn directions and become even more distracted. Similar problems arise in aviation and maritime. Making things worse, just when the ability to easily navigate goes away, important aviation and maritime safety systems either shut down or provide bad information. Back on the ground, first responders have a hard time finding their ways to accidents, and their communication systems are either degraded or inoperable.
This horrible situation might not get much worse for the next half hour or so. But soon, backup clocks in cell phone, computer, financial, and electrical distribution networks start to lose synchronization with each other. Systems begin to degrade and fail. And because these infrastructure networks all depend upon each other, a failure in one can easily cascade through several. The partial failure of a computer network, for example, might bring down some cell towers, ATMs and electrical systems. Once cascading failures begin, there is no telling when and where they will stop. Even if some do peter out, over time more networks de-synchronize, and more failures will spread across infrastructures, industries and the nation. At the end of a day or two, the nation could be nearly paralyzed.
Such a narrative might not have the system by system progression that engineers would like to see, but it could be enough to motivate policy makers to begin taking the most obvious and important steps to protect their systems and the nation.
We applaud the authors of the World Security Report paper for highlighting the issue. We agree that more study is needed.
But much can be done now to make our critical infrastructure safer and less susceptible to “cascading and escalating failures.” We should all make that point whenever we have the opportunity.