Disruptions of critical infrastructure

Written by Manu Steens in Risk Management Published 25 January 2025Last Updated 25 January 2025
Disruptions of critical infrastructure
Critical Infrastructure Disruptions is defined as the overloading or incapacitation of physical and digital infrastructure (including satellites) or services supporting critical systems, including the internet, telecommunications, utilities, financial systems, or energy. Resulting from, but not limited to: cyberattacks; intentional or unintentional physical damage; extreme weather events; and natural disasters.
The question in this article is what risks do disruptions of critical infrastructure entail. What keeps those responsible in governments and operators of critical infrastructure awake at night? To this end, I examine this phenomenon from a social, technical and political perspective. The question thus becomes: ‘What are the social, technical and political implications of disruptions of critical infrastructure for the West and what are the global implications?’. In other words, why is critical infrastructure critical?		In this text I write in my own capacity, not that of any organization. The 2024 Global Risk Report – WEF gives this definition

Author: Manu Steens

Contents

What is critical infrastructure according to European law?

The European Commission wrote: “The protection of critical infrastructure and the resilience of critical entities operating it are vital for modern societies. Without reliable energy supplies, transport, banking, financial market infrastructure, healthcare, drinking water, wastewater, digital infrastructure, public administration, space and food production, processing and distribution, our way of life would not be possible. For this reason, the European Commission has long supported the protection of critical infrastructure and the resilience of critical entities against natural and man-made risks. …

…The Directive aims to strengthen the resilience of critical entities against a range of threats, including natural disasters, terrorist attacks, insider threats or sabotage, as well as public health emergencies.”

I will present here a number of social, societal, technical and political risks for each of the sectors mentioned. This can of course never be exhaustive.

Social and societal risks in the event of disruption of critical infrastructure

I first systematically analyze the social-societal risks for each of these sectors of critical infrastructure. However, there is quite a lot of overlap in the issues. These disruptions can reinforce each other. The actual impact depends, among other things, on the duration of the disruption.

Energy: electricity and fuels.

If the energy supply (electricity) fails, heating, lighting, cooling will fail, making living conditions difficult. Due to a failure of fuels and electricity, production processes and transport will also be hindered, which will also cause economic damage, loss of production , etc. and a form of technical unemployment. Hospitals, which normally have an emergency power generator, will be dependent on the supply of fuels that can still be supplied, for electricity. This is a danger to patient safety .

Payments such as in retail and wholesale will only be possible to the extent that people still have cash, because the money terminals work on electricity. And having cash is not always the guaranteed solution in a crisis.

Vulnerable groups in society can become seriously isolated due to a failing energy supply.

Transport:

The main transports concern patient , food and medicine transport and supplies , and emergency services . But also labor mobility and public transport come to a standstill. People in remote and rural areas can become isolated when transport fails.

Banking & Financial Markets:

If the banking system and the financial markets are shut down, whether by a shortage of energy, a cyber attack or a physical destruction of the necessary infrastructure , savings and means of payment will become inaccessible. This means the inability to pay wages, pay bills, monitor the stock markets… More information can be found on the WEF.

A chain reaction of social problems can result, such as a ‘run on the bank’ with a breach of trust on top of that.

Health:

There will be a restriction of access to acute and regular care. Initially, generalists will be able to continue their work as long as it does not involve too many home visits. Specialists, on the other hand, who are more dependent on more specialized instrumentation, are more vulnerable in terms of being able to continue to provide medical care. The impact therefore occurs not only for patients, but also for care providers. A number of processes that may be affected are:

  • Access and edit the electronic medical record
  • Order lab tests and view results
  • Order imaging studies and view results
  • Order medications and view patient medication profiles
  • Record and track patient status and location
  • Scheduling patients and resources such as operating rooms
  • Processing claims for reimbursement
  • Patient care systems that rely on IT services

Disruption of drug supply and production also occurs when energy supplies are depleted, but can be disrupted immediately in the event of a potential cyber attack. In addition to an economic impact, this also means an impact on patient care with a very small delay.

People in need of urgent care are overloading the available medical capacity, causing the available capacity to collapse.

Drinking water & Waste water:

One of the main consequences here are diseases due to lack of clean drinking water and sanitary problems due to failure of wastewater treatment.

Due to the survival instinct of many people, there will be much social unrest in the event of prolonged water shortages. This is also because alternative water distribution is made impossible in an inherent way.

Digital infrastructure:

Communication between emergency services is highly dependent on digital technologies. If these are disrupted, communication , including for help, becomes impossible.

But also working from home is becoming impossible. This points to the importance of protection against cybercrime. Disruption of logistical planning and inventory management in companies is also jeopardized by this, with all the dangers of non-delivery to the shops, and therefore to the consumer. This can lead to shortages of essential products in cities.

Government Administration:

Disruption of crucial government services can lead to an impossibility of efficient response to and coordination of emergencies. With the far-reaching digitalisation of governments, there is also a risk of loss of personal documents. But also the emergency planning for major emergencies can fail.

In addition, account must be taken of disruptions to official operational processes such as the implementation of justice (such as the failure to check convicts with an ankle bracelet), subsidies (with a deadline, such as European subsidies for agriculture and livestock farming) and other e-services, which are highly dependent on ICT.

Space:

The satellites in orbit around the earth are also a possible subject for disruption. Either by destruction by other space objects, such as voluntary destruction in space by explosion or collision, or by a technical failure such as provoked by a cyber-attack, or debris from previous failures. A very frequently used service that can fail in this way is the GPS operation, with influence on transport and logistics, and thus with an immediate impact on the consumer. But due to the dependence of car drivers on the GPS services, this will also affect private traffic.

But satellites are also used for weather and climate monitoring, which makes weather forecasting impossible. As well as a lot of scientific work on the climate. And therefore also counteracting measures in that area.

In addition, satellites are extremely important for communications, precision agriculture and time synchronization.

Food production & distribution:

Disruption of food supply and distribution also has a direct impact on consumers in urban areas due to food shortages. If logistics are affected, spoilage of refrigerated products occurs. This and other supply chain disruptions then lead to price increases and possible hoarding behavior.

The most important social impact of any failure of these critical infrastructure sectors will however be the psychological suffering. This is because people’s physiological and safety needs are compromised. Also prior to the failure, when people realise the risks they are exposed to and where they, as a small person in a larger economic whole, can do little to help.

Technical risks in case of disruption of critical infrastructure

I will give some technical risks for each of these critical infrastructure sectors:

Energy:

Problems of the electricity grid can occur due to limitations of capacity, voltage and frequency. This can be caused by cyber-attacks, including malfunctions in SCADA systems or others. But the physical integrity can also be affected by weapons, such as a major terrorist attack or war. This can cause damage to transformers. Back-up systems will have to carry the energy supply, but can fail due to prolonged overload.

A particular risk in the event of a failure of an energy network is the occurrence of chain reactions in interconnected energy networks. As a result, the failure of a network’s energy supply could theoretically drag down the whole of Western Europe.

Transport:

Chaos and traffic jams will quickly arise when the control by traffic management systems and signaling fails due to, for example, a lack of energy. But this can also be caused by a cyber attack on the traffic centers and on the control of the traffic lights, barriers, etc.

If the satellites are disrupted, there is a chance that the GPS-controlled systems will no longer function. A look into the future tells us that self-driving transport that will depend on a current GPS system will go wrong.

But automated goods handling will no longer be possible either.

Defects in technical infrastructure, such as tunnel ventilation, will no longer be detected, with all the consequences that this entails for people driving through tunnels.

Banking & Financial Markets:

Orders to the bank for the payment of wages can be compromised. Failure of transaction processing systems causes a lot of automated stock exchange processes to stop functioning. With financial losses for the stakeholders involved.

There is a risk of corruption of financial databases through cybercrime, be it ransomware, wiping or other techniques.

Disruption of interbank communication networks threatens international but also national payments. In case of physical destruction of server rooms, the intention is that back-up systems provide sufficient guarantees to guarantee operation, thanks to BCM operation of banks. However, if there is also an energy shortage, banks will only be able to keep this up as long as there is also a back-up for their energy supply. A loss of data (integrity) in trading platforms and other businesses is also one of the risks.

Health:

Power fluctuations can quickly cause malfunctions in medical equipment , with risks for the continuity of monitoring or treatment of patients in hospitals or at home. Patient files, which have to be consulted online by the treating physicians or nursing staff, are also vulnerable.

One of the consequences of an energy failure is the failure of sterilization equipment . In addition, there is also a possible disruption of laboratory equipment and systems, which makes diagnosis difficult.

Drinking water & Waste water:

Disruptions here mainly occur in the area of equipment, both small and large: the failure of water purification plants, pumping stations and distribution systems and water quality monitoring with possible defects in measuring equipment and sensors.

Every automatic process in the processing of wastewater into drinking water is therefore vulnerable , not only to cyber-attacks , but also to physical attacks in the event of terrorism or during war.

Industrial processes requiring water will need to be shut down in a timely manner, regardless of the nature of the original attack.

A ‘cross-pollination’ with the failure of transport is that in the event of a failed transport, maintenance personnel are hindered in getting to the site.

Digital infrastructure:

All classically known Cybercrime risks apply here. Such as failure of DNS systems, all types of disruptions of data centers, failing redundant systems, circumvention, or failure of security infrastructure… However, fluctuating energy systems can also cause overload of the voltage of network nodes. To the extent that there is a good power supply, the internet in some network nodes may be overloaded in terms of processing data.

Government Administration:

Because governments today are very dependent on digital systems for their processes and communication, they too are at risk of failure due to failure of secure data systems

As a result, they can no longer guarantee their daily operations due to loss of access to crucial databases, with a direct impact on systems in the private sectors that depend on them, such as the banking system that is used for paying out subsidies, for example.

Failure of authentication systems and weak encryption also reduce national security.

Space:

Technical disruptions related to space can occur, among other things, due to disruptions in the operation of satellites (such as for communications), failure of ground stations, and disruptions in tracking and control systems.

One of the biggest threats to the safety of drones  is GNSS interference.

Food production & distribution:

In food production, a large number of systems have been automated , such as milking cows, automated sorting systems, climate control for storage, monitoring of agriculture in hydroponics… There is therefore a large-scale failure of automated production systems possible.

Due to an additional failure of transport, government inspections have also been hampered.

The complexity and ubiquitous connections via the internet make it very easy for technical failures to spread and amplify. Furthermore, technical problems in one sector will lead to problems in other sectors, intentionally or unintentionally. Safety risks in e.g. scada systems can affect multiple sectors.

Political risks in case of disruption of critical infrastructure

I will give some political risks for each of these critical infrastructure sectors:

Energy:

Loss of political legitimacy in case of prolonged power outages is not certain (Zelensky has been in the saddle for a long time, also after attacks on electricity installations in Ukraine) but it can weaken it. In this case much depends on patriotism and hatred of the population towards the enemy.

However, diplomatic tensions over energy dependencies can arise. But energy dependencies can also undergo diplomatic tensions . For example, E3G writes : “The EU supports the development of gas exploration and import infrastructure in the Eastern Mediterranean through its PCI process, which is entangled in geopolitical tensions”. More generally, a change in geopolitical tensions around energy resources can occur as countries such as Australia change their approach to energy policy, with consequences in other sectors.

Transport:

Political responsibility for disrupted mobility is probably unforgivable if one fails to guarantee essential transport of food , medicine , patients , etc. But there are also political risks due to the disruption of the international supply chain. From the social aspect, political pressure will arise for more regional cooperation and coordination.

Banking & Financial Markets:

Political pressure arises from dissatisfied citizens and companies that are no longer paid, can no longer withdraw money, can no longer pay in shops, can no longer buy anything online, can no longer pay bills, can no longer repay loans…

There will be political pressure for intervention in markets. If multiple banks are ‘out of action’, international tensions and associated debates about financial stability will arise.

People will quickly approach a psychological tipping point once society moves from “it’s going well, but hard” to “every man for himself and survival.” It was for reasons such as these that the Federal Deposit Insurance Corporation (FDIC) was created in the USA in 1933 to supervise banks and provide federal insurance for money in bank accounts.

Health:

There will always be political accountability for disrupted care from a humanitarian perspective. (The WHO writes : ‘The paper highlights the importance of state action to advancing health equity by showing how states can act on their Sustainable Development Goals (SDGs) political commitment to “leave no one behind” by actively engaging with the potential of the diverse accountability mechanisms and processes described.’) Especially if this becomes increasingly important. In addition, tensions can arise between national and regional and local authorities depending on the division of powers.

A debate on privatisation versus public control is then not far away, with the possibility of sharing the risk towards insurance as an important option.

Due to the global operation of international politics, international tensions can arise over medical resources. This is also because countries will try to preserve their resources for when they themselves need them.

Drinking water & Waste water:

Firstly, there is both a large private and political responsibility for basic services such as water pipes, sewers, water treatment plants , pumping stations and the like. In addition, there are possible tensions over water rights and distribution between communities, and in case of scarcity, the possibility that waterways will be closed, causing some areas in neighbouring countries to become deserts . This will put pressure on international cooperation.

Debates about infrastructure investments will flare up, and people will be looking for blame for infrastructure failures, rightly or wrongly.

In addition to the shortage of water for people, there will also be a political impact due to water shortages for fauna and flora, due to the threat of desertification.

Digital infrastructure:

Recently, the NIS2 legislation came into force in Europe. In addition to looking at what can be done about network security for citizens in Europe, more international debates about cyber security will arise. In addition, there will be more and more debate about privacy versus security, but also more and more far-reaching requirements for risk management, such as now with the Fundamental Rights Impact Assessment ( FRIA ) from the emergence and rapid development and growing use of AI (artificial intelligence).

This may well lead to debates about control of digital infrastructure, as was already the case with legislation on data storage in the cloud .

Responsibility for digital resilience therefore remains not only a point of discussion for the end user, but also for ‘politics’. Although, as already known, the chain remains only as strong as its weakest link. This can be a person.

Government Administration:

Loss of administrative continuity is a government risk that results from, among other things, the failure of the digital infrastructure as a risk with far-reaching digitalization. In addition, risks for politics are not imaginary because the executive power is at a standstill. BCM within the resilience work for government administrations is therefore an absolute must.

One aspect that one must take into account in one of the worst case scenarios is a ripple effect to local governments. Certainly, because there must be seamless cooperation during a crisis, where one cannot simply rely on pure improvisation.

This in itself can put pressure on democratic processes, such as the inability to organize elections during a war.

Space:

International tensions over space infrastructure already exist due to the fact that the USA , Russia and China are working on a militarization of space. One of their goals may be to undermine the political power of the opponent. For example, by military intervention against his satellites.

Political responsibility for satellite failure then becomes self-evident when the important GPS systems no longer function.

Such scenarios create political pressure on international agreements and space treaties.

Food production & distribution:

Political tensions over food safety will come in two ways: the security of food supply and the safety of consuming food . Both are already being worked on extensively, in the sense that there is knowledge of the path that food has taken from production to the consumer’s plate.

However, in the event of war or other cause of critical infrastructure shutdown, there is a high likelihood of international tensions over food trade restrictions .

Political pressure over food shortages will quickly arise as cities become unable to be supplied, and people take to the streets in protest against failing services.

One of the major risks is also that fluctuating income growth that lags behind food inflation will have an impact on food security. This may create the need for distribution of free food rations to bridge the period of poverty and maintain a minimum level of subsistence. All these risks threaten the existing political relationships, locally, regionally, nationally and internationally. The actual impact depends on the preparedness of crisis management and communication by all levels of government.

Manu Steens

Manu works at the Flemish Government in risk management and Business Continuity Management. On this website, he shares his own opinions regarding these and related fields.

Leave a Reply

Your email address will not be published. Required fields are marked *

Recent Posts