Leiden Safety and Security Blog

Critical infrastructure breakdowns

Critical infrastructure breakdowns

Recently. I talked with a New York city official and asked what would constitute a real crisis in his city. He responded with his top three: first, any incident that would involve the cooperation of three or more city departments. Second, if the mayor called something a crisis. Third, if a power outage would last longer than three hours.

The third situation came to my mind on Saturday morning September 3, when the Netherlands was struck by a six hour disruption of broadband internet and tekephone services by one of its main providers, KPN. The KPN website went offline and the helpdesk was immediately overwhelmed by the number of clients that apparently managed to call. Stores and businesses could not offer card payment options, nor could they receive orders or reservations. Within an hour (between 8 and 9 am) the Amsterdam region alone produced 1,200 client reports on the disruption. In the weekend.

In a meta-analysis of 32 global risk assessments (published 2012-2016) 27 of the reports mentioned prolongued discontinuity (either caused by intentional attack or an unintended blackout) of internet services as one of today's major risks. In their discussion of the risks, the reports stressed that not so much the hazards increased, but the impact. Our society has become increasingly intolerant for this discontinuity.

Fortunately, resilience is one of the hallmarks of the internet as a 'system' - it is a network with nodes and tends to 'fail gracefully' (i.e. part by part, not totally). Yet the tight coupling of its providers and their services and complex interactions with other systems make internet disruptions the very 'normal accidents' (Perrow, 1986) to expect now and in the (near) future.

A simple internet disruption on a weekend morning - immediately making newspaper headlines and unsettling hundred thousands of households and businesses for hours. The provider could not give any estimate of the duration of the disruption during the entire morning. It also failed to offer an explanation other than that it had been a 'technically complex problem' when internet services resumed in the afternoon. The question arises whether this would have been an acceptable response during peak production hours on a week day. Internet may be relatively resilient but its users seem ill-prepared for this type of crisis.

 

For more discussion on the likelihood and impact of critical information infrastructure breakdowns.
 

1 Comment

Martijn Korpel
Posted on September 5, 2016 at 15:53 by Martijn Korpel

Hi Sanneke! Totally agree on the relevance of crisis management by and with critical infrastructure institutions and the importance of communicating about major disruptions, so members of the public can (try to) adapt. Speaking of Perrow - is it that society will accept any kind of disruption these days?

How about about replacing “if the Mayor called something a crisis” into “when a crisis is perceived by the people of the City”? Would that be a fist step into engaging public in crisis management? Is it that we tend to start telling people what tot do (and what not), in stead of what clearly happened and appealing to common sense and resilience by the public?

Would be great to hearing from you further on. All the best, Martijn

Add a Comment

Name (required)

E-mail (required)

Your own avatar? Go to www.gravatar.com

Remember me
Notify me by e-mail about comments