2.1 Introduction

The global human population had reached eight billion by the end of 2022. And the number is projected to escalate steadily to 8.5 billion in 2030, 9.7 billion in 2050, and 11.2 billion in 2100. India is expected to outnumber China four to six years from now (United Nations 2015, 2017). Cities have been the centers of human culture and economic activity for centuries, attracting skilled workers and productive businesses worldwide. In the upcoming years, most major cities’ populations will continually increase (Rockefeller Foundation 2014). Many more people from remote and rural areas will flow into the cities to seek opportunities for a better lifestyle and quality of life.

Regarding this information, Dobbs et al. (2012) projected that between 2010 and 2025, an estimated 600 million inhabitants would populate only around 440 cities, which are expected to generate roughly half of global GDP growth. These people are drawn to cities by job opportunities, economic activities, and modern productivity. Moreover, more than half of the projected increase in global population up to 2050 will be concentrated in just eight countries: the Democratic Republic of the Congo, Egypt, Ethiopia, India, Nigeria, Pakistan, the Philippines, and the United Republic of Tanzania. Disparate growth rates among the world’s largest countries will reorder their ranking by size (United Nations 2022). In Africa, the extreme population growth is driven by East Africa, Middle Africa, and West Africa, in which regions are projected to more than quintuple their populations over the twenty-first century. The most extreme of these is Middle Africa, with an estimated population increase of 681%, from less than 100 million in 2000 to more than 750 million in 2100 (almost half of this figure is driven by the Democratic Republic of the Congo, projected to increase from 47 million in 2000 to 362 million in 2100 (UN 2022)). For this reason, infrastructure systems will play primary roles in city system mechanisms to support and ease human well-being.

As the twenty-first century unfolds, the occurrences of catastrophic and unforeseen events, such as climate change, disease pandemics, economic fluctuations, and terrorist attacks, have played out on a global scale. Moreover, the International Council of Local Environmental Initiatives (Mitroliou and Kavanaugh 2015) suggests that urban risk and vulnerability levels tend to keep increasing due to the number of people living in the cities. They are also exceedingly unpredictable due to the complexity of city systems, exacerbated by the uncertainty of external variables (Rockefeller Foundation 2014). Resilience is a significant component of the cities’ long-term planning and sustainable development (Mitroliou and Kavanaugh 2015). As cities all over the world are facing numerous risks and vulnerabilities posed in particular by climate change, natural disasters, and economic recession, the terms “resilient city” and “city resilience” have emerged over recent years in response to the need for more security and protection (ARUP 2012). These terms refer to cities that can withstand and recover from any disturbance or disruption of unexpected events while maintaining their essential functions, structures, and identity.

However, the current efforts on the subject are more likely to be practical or feasible in the short term, as they only seek to improve existing technological and infrastructural systems by evidence from past experiences (Yanez and Kernaghan 2014). In other words, climate change, disease pandemics, economic fluctuations, and terrorist attacks are not a set of threatening events in which simplistic implementation or remediation plans can provide the city with sustainable and resilient solutions. And yet ARUP (2012) suggest that applying the concept of resilience to cities requires different sets of professional and practical entry points, especially different scales of multiple collaborations. These approaches would create a severe challenge in clearly defining city resilience in a way that can be succinctly communicated and cautiously implemented.

Under these circumstances, the analysis and assessment of risks and vulnerabilities will continue to play essential roles in planning and developing existing and next-generation critical infrastructure (CI) systems. Additionally, stakeholders, including governments, donors, investors, and policy-makers, must also ensure that their investments, strategies, regulation, and decisions will reduce or even eliminate the potential risks and vulnerabilities and enhance the city’s resilience. Thus, it is a crucial moment that a concept of resilience is not only needed to enlighten the development direction of cities, but a resilience-based action is also required to ensure the performability and capability of city systems in the future (Yanez and Kernaghan 2014).

2.2 Critical Infrastructures at Risk

CIs represent systems and services, whether physical or virtual, so vital and ubiquitous to the nation that their destruction or incapacitation would cause a debilitating effect on national security, economy, safety, healthcare, or any combination of those matters (US Department of Homeland Security 2013). The high level of development and functionality in human society assumes a longer list of CI systems and a more severe dependence on them and interdependence among them. According to the US Department of Homeland Security (US Department of Homeland Security 2009, 2013), the most notable CI systems include chemicals, commercial facilities, communications, critical manufacturing, dams, defense industrial bases, emergency services, energy, financial services, food and agriculture, government facilities, healthcare and public health, information technology, nuclear reactors – materials – waste, transportation systems, and water supply and wastewater systems.

Over the last decades, the advancements in CI systems, such as current information, cloud technology, clean energy, intelligent transportation systems, and better healthcare systems, have significantly changed human and societal well-being (Moteff 2005). Many new inventions and technologies have aided the world with comfort and convenience available daily; society has become dependent upon them to survive. CI systems, however, can have service interruptions for many reasons. A service interruption to any infrastructure system would have a more or less negative impact on the typical functionality of society. The Internet, for instance, is now an integral part of human life and business activities. An unexpected interruption with its service would result in disruption to everyday routines or operations. CI systems in the digital era are indispensable. They support various national activities, from food and agricultural production to electricity and power generation. Table 2.1 provides a collection of more or less formal definitions for CIs.

CIs are essential to modern society and provide goods and services that enable the maintenance and sustainment of public well-being, including public safety, economic vitality, and security. Discussions concerning the deterioration of public works have always dominated infrastructure. Additionally, Vaughan and Pollard (1984) postulated that public well-being depended on services provided by roads, bridges, water and sewer systems, airports, ports, public buildings, schools, health facilities, jails, recreation facilities, electric power production, fire safety, solid waste disposal, and telecommunications infrastructures. However, the increasing occurrences of man-made events (e.g. acts of terrorism) have resulted in widening concerns in the infrastructure field.

The increasing focus on natural events (i.e. hurricanes, floods, tornados, earthquakes, heat waves, and pandemics), as well as man-made events (i.e. theft and vandalism, acts of terrorism, and sabotage), has led to multiple legislative actions (e.g. President’s Commision of Critical Infrastructure Protection (PCCIP) of 1996, Presidential Decision Directive No. 63 of 1998, and the European Programme for Critical Infrastructure Protection of 2004). These legislative actions have protected CIs and the beneficiaries of their continued operation, including owners, operators, and consumers. At the most fundamental level, an effective paradigm for infrastructures must establish the conceptual underpinnings and provide the foundation for the future coherent development of the field. In effect, this foundation must offer a reference base from which coherence and identity for the field can reside. However, we presently question whether this foundation can be definitively identified for the CI field. This suggestion stems from our analysis of the current state of the CI field, summarized with the following assertions:

• CIs encompass physical (hard) systems such as roads and highways, hospitals, electrical systems, and water systems (Moteff et al. 2003; The White House 2003) and soft systems such as supervisory control and data acquisition (SCADA) and information and telecommunication systems (GAO 2004; Masera et al. 2006).
• Threats to the sustained performance of CIs stem from natural events such as earthquakes, hurricanes, and heat waves, as well as man-made acts such as human error, accidents, terrorism, and sabotage (Kröger and Zio 2011).
• CIs operate primarily in the open and therefore are exposed in ways that make them vulnerable and susceptible to attacks (Wolf et al. 2011).
• Ubiquitous computing and the increasing use of information technologies create interdependencies among infrastructures (Anderson 2002; Katina et al. 2014; Kröger and Zio 2011). These interdependencies increase the probability that the seemingly isolated and inane events can cause cascading failures away from the point of origin (Calida and Katina 2012).
• As modern society evolves, creating new social changes (e.g. demand for quality products, goods, and services, globalization, and private–public governance policies), traditional concepts of protection, management, and controlling of infrastructures are also evolving (Klaver et al. 2008; Masera et al. 2006).
• Infrastructure systems are critical because daily societal activities revolve around their continued operations. The distinction between critical and non-critical infrastructures can be difficult to pinpoint, especially since the goods and services they provide are always restored as quickly as possible to support public well-being (Macaulay 2009).

However, societal changes continue to shape the field and the meaning of the term CIs. For example, infrastructures identified as critical in the 1996 PCCIP include “telecommunications, electrical power systems, gas and oil storage and transportation, banking and finance, transportation, water supply systems, emergency services (including medical, police, fire, and rescue), and continuity of government” (Clinton 1996, p. 37347). Subsequently, the Homeland Security Presidential Directive (HSPD-7), which was issued in 2003, identified terrorism as its area of focus and introduced the notions of key resources, public morale, and confidence as significant elements that can have a debilitating impact on society’s well-being (The White House 2003). Moreover, previously unidentified elements (sectors) such as chemical and hazardous, and postal and shipping industries are now characterized as critical (The White House 2003). These shifts are not surprising considering the still early stages of an emerging CI field.

Most recently, national monuments, icons, dams, and critical manufacturing have been identified as critical under an annex to the National Infrastructure Protection Plan (Obama 2013; Thorsen and Keil 2013). The broadening of the term CIs is also evident in the Patriot Act of 2001 when compared to the 1996 PCCIP. The Patriot Act is concerned with “security, national economic security, national public health or safety, or any combination of those matters” (US Congress 2001, p. 115 Stat. 401), although conversely, PCCIP was mainly concerned with “defense or economic security” (Clinton 1996, p. 37347) of the United States. Again, the palpable shifting landscape of CI can be seen through the expanding boundaries of evolving perspectives as well as legislative actions.

Furthermore, the CI field encompasses the notion of soft targets within infrastructures brought about by computing and information technologies. Ubiquitous computing and omnipresent information technologies connect infrastructures and transform them into interdependent systems (Cavelty 2007a, 2007b; Rinaldi et al. 2001). This has created a new landscape for cyber-battles with potentially faceless agents and organizations seeking to exploit vulnerabilities in susceptible cyber and physical infrastructures. Access to cheap computing power, use of software-based control systems, and applying commercial off-the-shelf technologies are essential in maintaining and serving CIs. However, Cavelty (2007b) suggests that this also represents a source of threat to the availability of goods and services of infrastructures due to lack of security. A challenge for modern society is ensuring that computing and information systems such as SCADA do not become an Achilles’ heel as exploiting vulnerabilities in information systems continues to become a preferred mode of attack against well-fortified CIs. The expansion of CI to include information represents another major evolution of the field, further expanding both the boundaries and interconnectedness of the CI field.

In the abovementioned discussion, we introduced situation-based CIs. Situation-based CIs encompass taken-for-granted systems that become critical due to increased need after an adverse event (e.g. a pandemic) – planned or otherwise. An example is technology platforms such as Zoom. That was demonstrated dramatically on Monday, August 24, 2020, when a widespread outage blocked many users from accessing Zoom. Just before 6 a.m. Pacific time, the company acknowledged the problem in a statement: “We are currently investigating and will provide updates as we have them.” An hour later, Zoom said that it had “identified the issue” and was “working on a fix.” Finally, over three hours after it first acknowledged the problem, Zoom announced, “We have resolved the issue.” A single California-based company, Zoom, is now the foundation for education access from elementary school to graduate school. It has also become a critical tool for many businesses. When Zoom goes down, teachers can’t teach, students can’t learn, and business meetings, conferences, and webinars grind to a halt (Villasenor 2020).

Zoom, one of many social platforms, is not unique in being classified within the situation-based CIs – this conclusion is supported by other recent events as well as their implications on public well-being, including public safety, economic vitality, and security (Clancy and Frye 2020). Consider the Twitter hacks of July 15, 2020, targeting accounts of well-known national figures, including Joe Biden, Elon Musk, and leaders at Twitter, Uber, Apple, and other companies are simply part of a long history of security breaches and scandals targeting social media platforms. With millions of people being forced to stay home to help stop the spread of COVID-19, many have found creative ways to keep social through happy hours virtually, trivia nights, and birthday parties. And Zoom, one of the dozens of video conferencing services, has risen to the top, thanks to extreme separation measures and a profound resonance within this new social distancing culture.

Daily downloads of the Zoom app have increased by thirty times year-over-year, and the app has been the top free app for iPhones in the United States since March 18, 2020 according to Bernstein Research and Apptopia. Zoom said daily users spiked to 200 million in March 2020, up from 10 million in December of the previous year. But it hasn’t been without scrutiny. Privacy concerns have been rising around Zoom, including “Zoombombing,” where a malicious user will join a Zoom meeting and show explicit or disturbing images. CEO Eric Yuan apologized for the security lapses and outlined what the company is doing to fix those problems. From the inception of the CI field, we can draw three essential points:

• The boundaries of what is considered to be CI will continue to evolve, encompassing an ever-increasing array of elements, actors, and events.
• The interconnectedness of different elements, actors, and events continues to escalate in importance.
• The incompleteness of singular perspectives (e.g. legislative) for framing and responding to CI issues might continue to limit the development of the field.

Therefore, where the inception of the CI field provides a vital grounding insight into the context from which the field’s current state has evolved, there remains a need for continued research into methods, tools, and approaches for assessing, evaluating, protecting, and mitigating consequences in this evolving domain.

Moreover, the interconnection and interdependence between CI systems allow participants greater control, faster response times, and more information access than traditional (simple) system models. However, with such a high level of interconnection and interdependence, it is hard to determine where exactly one system ends and another begins (Gheorghe et al. 2006). The overlapping characterizations of CIs have developed to the level of risk and vulnerability inherent in any system, which requires a comprehensive and elaborate study on the subject to determine their long-term ramifications. Every possible risk and vulnerability to CI systems needs to be individually considered, measured, and addressed to prepare the implementation plan (Gheorghe 2005). The complexity of CI systems means that complete analysis and assessment for their typical operating scenarios is required, for example, how they are supposed to function daily and especially how they are expected to perform in specific circumstances or events. Systems are also needed for extensive evaluation on how vulnerable they are to interruption due to failure from risk or perhaps due to malice from terrorists or those with malicious intent (Gheorghe et al. 2006).

Currently, CI systems are exposed to multiple threats or catastrophic events, including climate change, natural disasters, institutional or regulatory changes, and terrorist attacks, which pose risks and vulnerabilities. They are highly interconnected, interdependent, and embedded in a socio-technical system of systems; therefore, it is even more challenging to predict how a crisis might evolve or what systems would be affected (Gheorghe et al. 2006). As Rinaldi (2004) stated that “CIs have become increasingly interdependent,” in the meantime, human life quality and economic prosperity have also become more dependent on their functioning (Gheorghe 2005; Moteff 2005). Indeed, their reliability and safety level should come as the top priority. Table 2.2 is adapted from Katina et al. (2014) and summarizes infrastructure interdependencies describing system relationships.

Safeguards against single-point failures generally depend on the proper functioning of the rest of the national infrastructure, a plausible assumption for high-reliability infrastructure systems when they experience random, uncorrelated single-point failures (Georgescu et al. 2019). Single-point losses can be anticipated in the design of infrastructure systems. The planning for multiple failures, particularly when they are closely correlated in time, is much less common, yet this is where CI systems operate – a scenario with the loss of hundreds or even thousands of nodes across all the critical national infrastructures, all simultaneously. Particularly difficult to anticipate are situations in which simultaneous failures can bring dormant and previously hidden interaction pathways, in which a destructively synergistic amplification of failure, normally locally contained, may be propagated through the network at large (Foster et al. 2008). In particular, Charles Perrow has drawn attention to these types of failures, which he has termed normal accidents, and which are posited as an inherent property of any tightly coupled system once a threshold of complexity has been passed (Perrow 1999).

The multitude and variety of nodes and links in these networks, the operations and services deployed, and the hosts of owners, operators, suppliers, and users involved have created enormously convoluted constructs. The intricacy of infrastructures limits understanding of their behavior and, consequently, the options to control and steer the processes involved effectively. There is an urgent need to generate more systematic knowledge of these complex systems if one is to handle the many threats and vulnerabilities adequately. In this case, one might argue in support of Arbesman (Arbesman 2016, p. 2):

Our technologies – from websites and trading systems to urban infrastructures, scientific models, and even the supply chains and logistics that power large businesses – have become hopelessly interconnected and overcomplicated, such that in many cases even those who build and maintain then [sic] on a daily basis can’t fully understand them any longer.

The aforementioned statement should not come as a surprise, given the increasing number of failures associated with such systems. Critical infrastructure protection (CIP) has emerged as a means to provide a comprehensive framework for managing such systems. CIP needs to involve stakeholder models, agent-principal models, decision-making models, public-private partnerships with attendant legislation, lines of communication and feedback, security standards, technical systems, security culture, modeling, and simulation capabilities. It is thus, not a surprise that CI work with several closed-related concepts, the most important of which are (Georgescu et al. 2019; Hokstad et al. 2012; Johnson and Gheorghe 2013; Katina and Hester 2013):

• Antifragility: a system’s ability to withstand stressors is, to a certain degree, a function of previous exposures to manageable stresses. A clear example can be found in the area of terrestrial and space infrastructure systems, where the various damages caused by recurring high levels of “space weather” activity have served to highlight the need for robustness and redundancy. The incremental improvement in their systemic resilience will be invaluable in the face of expected peak events that would otherwise be guaranteed to have devastating consequences.
• Fragility: fragility and vulnerability are similar but have critical differences, the first being endogenous and the second exogenous. Vulnerable systems fail because of their degree of exposure to the stress of a specific nature, while fragile systems fail because they are easily broken regardless of the nature of stress they are exposed to.
• Rapidity: another closely linked concept to resilience, it is a system’s ability to recover from an undesired event as measured by the speed of recovery.
• Reliability: reliability points to a system or a component’s ability to perform the predefined required functions. Reliability is measured in terms of the probability that a system or a component is able to perform its required function at a given point in time or over a given period of time for a given set of conditions which may be at the extreme end of specified limits.
• Resilience: the ability of a system to react and recover from unanticipated disturbances and events. The concept has gained in popularity in recent years and is now viewed as the ultimate goal of CIP processes, implying the minimization of damages and the rapid restoration of normal functions.
• Risk analysis: a process of identifying potential hazards based on the severity of consequence and likelihood of occurrence. The intent is to sort potential hazards and prioritize them for action based on objective criteria. One method is to grade likelihood and consequence on various scales.
• Robustness: closely linked to resilience, it is a system’s ability to withstand a certain amount of stress with respect to the loss of function of the system.
• Vulnerability: a vulnerable system is open to losing its design functions. Vulnerability can then be taken as the degree to which a system, subsystem, or component is in situations where it is exposed to those specific hazards that would be harmful or damaging to the system. The focus in a vulnerability analysis moves away from the possibility that adverse events occur to system properties determining how easy it is to eliminate major system functions.
• Governance: there is not just one definition of “governance.” Many of the various perspectives are driven by the nature of the systems and interest and system operations, or rather in-operability in such systems. Following Calida (2013) and the subsequent works (Calida and Keating 2014; Keating et al. 2014), Table 2.3 depicts the multitude of perspectives on governance; showing that there is a large spectrum of views on this topic. For CI, governance implies direction, oversight, and accountability (Katina and Keating 2015).

Any of the above can (and should) generate a robust discussion in the context of CI systems. The present volume, however, emphasizes the development of resilient cities through gamification.

2.3 Critical Infrastructure Resiliency

Again, CI systems are networks of complex systems that provide essential services to a population or nation. The systems are complex by nature because they are widely distributed across large geographical regions and are becoming increasingly interconnected and interdependent as they evolve, boosting the potential for risk and vulnerability. And yet, there is a scarcity of practical approaches to quantify vulnerability in CIs. In previous research (see Gheorghe et al. 2018), the proposed model offered: (i) a two-parameter description of the vulnerability and the respective equation of the state of the system: “operable” and “inoperable;” (ii) a division of the two-parameter phase space of the system into “vulnerability basins;” and (iii) a scale of 0–100 “vulnerability” and the means to measure the respective “vulnerability index.” In essence, the proposed method can offer the ability to diagnose current system vulnerability. The technique uses an extensive set of indicators involving internal and external elements with the capability to monitor the time-evolvement of the vulnerability as change occurs dynamically.

Risks and vulnerability may seem separate, but they are fundamentally interrelated concepts that have broad implications for CI systems. Risk, technically, refers to a measure of the probability and severity of undesirable outcomes (adverse effects) resulting from a threat, incident, event, or occurrence to the system. More specifically, it is a combination of the likelihood of an event occurring and the consequences of the event. Probability is a measure of the uncertainty of occurrence of the event or scenario that initiates the event, while a consequence is represented as levels of severity (Aven 2010). Risk quantification in this manner is intentionally used both as an analysis and design tool. For an analysis tool, risk assessment can begin with presumed scenarios that are considered threats against continued operation or system performance to discover the system’s weaknesses. As a design tool, reliability values can be applied to system functions based on their malfunctioning or failure state where misleading data is generated from the system’s purposes without detection (Gheorghe and Yuchnovicz 2015). So much so that by developing risk analysis to set reliability design goals, the attempts would deliberately lead to better design of resilient systems, which respectively make CI systems less susceptible to threats.

On the other hand, vulnerability is “a fault or weakness that reduces or limits a system’s ability to withstand a threat or to resume a new stable condition” (Aven 2007). Based on this definition, a threat is an event or scenario with an associated uncertainty (probability of occurrence) and corresponding consequence (level of severity). CI systems are becoming so complex that they can be vulnerable to various events based on their system characteristics and intended functions. Vulnerability analysis and assessment can unveil the events that can be harmful to a system, and must be conducted in all phases of operation and system configurations. Risk analysis and assessment of these events will allow further quantification of the events regarding uncertainty and the consequence of occurrence regarding severity. Overall knowledge of risk and vulnerability assessments will help to prioritize risk mitigation efforts.

For more than a decade, CI systems protection and resilience have received serious attention from public and private sectors, including government, academic institutions, and profit and non-profit research foundations. It has also become a national top priority mission in most developed countries (US Department of Homeland Security 2013). Nevertheless, the sheer complexity of CI systems has shifted the degree of investigation to a level where much more comprehensive research on the subject is significantly imperative. The basic study of essential systems of infrastructure resilience framework is now moving toward the discipline of modeling and simulation to determine system sustainment and future development direction. For instance, Kröger (2008) strongly asserts that to successfully develop the vulnerability reduction model for CI systems, the risk management, and risk governance strategies must be clearly defined. Second, advanced object-oriented programming and simulation tools are needed to analyze and assess.

2.4 Concluding Remarks

Decision-making is a fundamental part of human life. Decisions can be made quickly and efficiently when the objectives are clear, the information necessary to evaluate alternatives is available, and the outcomes of decisions can be accurately predicted. However, as the complexity of the decision increases, the decision-making process becomes more difficult because of the number of factors that must be considered for the analysis. In other words, the decision is directly related to the value assigned to its consequences or results, especially when it involves large-scale complex systems and can significantly impact the population or a nation. In this case, Risk-Informed Decision-Making Process (RIDMP) is a method that was designed to fulfill this gap. This technique intends that whenever there is a significant decision between design alternatives, the process can inform decision-makers about the risk involved in each alternative (Zio and Pedroni 2012).

According to the National Aeronautics and Space Administration (NASA, 2010), RIDMP is a fundamentally deliberative process that uses diverse performance measures and other considerations to inform decision-making. This approach combines the input of stakeholders as well as cost and feasibility and then focuses on informing the decision makers (NASA 2010; Zio and Pedroni 2012). With this applicability, a decision can be made with considerations beyond just technical information. Unfortunately, one issue with RIDMP is that it is impossible to include or evaluate every risk for each alternative in all decision-making situations. There are insufficient resources to assess all risks, especially for decisions involving complexly interconnected and interdependent systems. Also, even if enough resources were available, there would always be unforeseen or unknown risks constantly emerging due to the operation and evolution of the systems and their environment. In recent years, resilient governance has rapidly received more attention and popularity in academic and industrial societies. This paradigm is now shifting from the risk and vulnerability perspective to the view of resilience (Mitchell 2013). For this reason, resilience should also be included as part of the decision-making process in what would be called the “Resilience-Informed Decision-Making Process (ReIDMP).”

ReIDMP could simply be taken as an extended version of RIDMP. However, the concept of resilience is considered instead of looking at risk. This idea seems partially correct because, in reality, there are apparent differences. To be more specific, RIDMP focuses on identifying and understanding every risk and vulnerability in all possible aspects and then selecting the best alternative to prevent those potential risks and vulnerabilities. ReIDMP should focus on a comprehensive study of the effectiveness of selected alternatives based on the ability to recover. So much so that an informed decision can be made concerning striving for a resilient solution. A step further would be to analyze and assess the ability of the system to anticipate, absorb, restore, and adapt to the effects of catastrophic and threatening events in a timely and efficient manner (Mitchell and Harris 2012). ReIDMP has required a completed analysis of all the alternatives evaluated during the decision-making process.

We suggest that when policy-makers are armed with resilience-based action approaches, they can select the most effective and viable solution to resilient issues. Meantime, the ReIDMP may also provide other benefits since it can enhance the analysis and deliberation results of alternatives. For instance, there may be some situations where an option can be selected if additional required actions are done to improve infrastructure resilience. Furthermore, as the population of the world continues to grow, the demand for essential services and facilities will continue to increase. It’s no surprise that the trend is expected to be on sustainable and resilient development to address present issues without compromising the need of the next generations. CI systems are at the heart of this discussion. To enable making decisions on how to increase the resilience of CI systems and drive down risk and vulnerability, an in-depth analysis needs to be performed to define the primary areas of investment. The essential resources are limited; therefore, the selection of knowledge to focus on should be carefully made to prevent expending the resources in a way that minimizes CIs. In particular, education and experience are keys to ensuring CI systems resilience. The true meaning of resilience is that engineering managers and systems engineers are correctly educated about the risks, vulnerabilities, and hazards that essential systems of infrastructure may face and what to do in catastrophic events. CI systems that are better prepared to deal with events like natural disasters and terrorist attacks will have a better chance of quicker recovery. The remainder of this book expounds on the means to develop a resilience quantification platform based on an informed decision-making process resulting in better understanding and guidance on sustainable and resilient development of CI systems. Simultaneously, gamification, as part of “serious gaming,” and “SimCity (2013)^®” are introduced as means for teaching and learning concepts of risks and vulnerability.

2.5 Exercises

1 Discuss the relevance of CI systems.

2 Discuss emerging risks and their possible impacts on the functionality of CI systems.

3 Why is resilience a relevant aspect of managing infrastructure systems?

4 Discuss the critical attributes of resilience in CI systems.

5 How can governance be related to risk and vulnerability in infrastructure systems?

References

1. Anderson, P.S. (2002). Critical infrastructure protection in the information age. In : Networking Knowledge for Information Societies: Institutions & Intervention (ed. R. Mansell, R. Samarajiva, and A. Mahan), pp. 188–194. DUP Science, Delft University Press.
2. Ansell, C. and Gash, A. (2008). Collaborative governance in theory and practice. Journal of Public Administration Research and Theory 18(4): 543–571. https://doi.org/10.1093/jopart/mum032.
3. Arbesman, S. (2016). Overcomplicated: Technology at the Limits of Comprehension. Current.
4. ARUP. (2012). Visions of a Resilient City. Engineers Without Borders-UK. https://www.arup.com/en/perspectives/publications/research/section/visions-of-a-resilient-city.
5. Aven, T. (2007). A unified framework for risk and vulnerability analysis covering both safety and security. Reliability Engineering and System Safety 92(6): 745–754.
6. Aven, T. (2010). On how to define, understand and describe risk. Reliability Engineering & System Safety 95(6): 623–631. https://doi.org/10.1016/j.ress.2010.01.011.
7. Biermann, F., Betsill, M.M., Gupta, J. et al. (2009). Earth System Governance: People, Places and the Planet. Science and Implementation Plan of the Earth System Governance Project (Earth system governance report 1, IHDP report 20). IHDP: The Earth System Governance Project. http://www.earthsystemgovernance.org/sites/default/files/publications/files/Earth-System-Governance_Science-Plan.pdf.
8. Bovaird, T. (2005). Public governance: Balancing stakeholder power in a network society. International Review of Administrative Sciences 71(2): 217–228. https://doi.org/10.1177/0020852305053881.
9. Calida, B.Y. (2013). System Governance Analysis of Complex Systems PhD., Old Dominion University. http://search.proquest.com.proxy.lib.odu.edu/pqdtlocal1005724/docview/1508276628/abstract/FDE683C1495948B1PQ/1?accountid=12967.
10. Calida, B.Y. and Katina, P.F. (2012). Regional industries as critical infrastructures: A tale of two modern cities. International Journal of Critical Infrastructures 8(1): 74–90. https://doi.org/10.1504/IJCIS.2012.046555.
11. Calida, B.Y. and Keating, C.B. (2014). System governance: Emergence of practical perspectives across the disciplines. In: Infranomics (ed. A.V. Gheorghe, M. Masera, and P.F. Katina.), pp. 269–296. Springer International Publishing. http://link.springer.com/chapter/10.1007/978-3-319-02493-6_18.
12. Cavelty, M. (2007a). Cyber-security and Threat Politics: US Efforts to Secure the Information Age. Routledge. http://www.loc.gov/catdir/toc/ecip0719/2007022679.html.
13. Cavelty, M.D. (2007b). Critical information infrastructure: Vulnerabilities, threats and responses. In: Disarmament Forum (ed. K. Vignard), Vol. 3, pp. 15–22. United Nations Institute for Disarmament Research.
14. Clancy, C. and Frye, E. (27 July 2020). Is it time to designate social media as “critical infrastructure”? [Text]. The Hill. Nexstar Media Inc. https://thehill.com/opinion/cybersecurity/509154-is-it-time-to-designate-social-media-as-critical-infrastructure.
15. Clinton, W.J. (1996). Executive order 13010: Critical infrastructure protection. Federal Register 61(138): 37345–37350.
16. European Council. (2004). Communication from the commission to the council and the European parliament: Critical infrastructure protection in the fight against terrorism. (pp. 1–11). Commission of the European Communities. EUR-Lex - 52004DC0702 - EN - EUR-Lex (europa.eu).
17. DiSera, D. and Brooks, T. (2009). The geospatial dimensions of critical infrastructure and emergency response. Pipeline and Gas Journal 236(9): 1–4. https://pgjonline.com/magazine/2009/september-2009-vol-236-no-9/features/the-geospatial-dimensions-of-critical-infrastructure-and-emergency-response.
18. Dobbs, R., Remes, J., Manyika, J. et al., (2012). Urban world: Cities and the rise of the consuming class. McKinsey and Company. https://www.mckinsey.com/featured-insights/urbanization/urban-world-cities-and-the-rise-of-the-consuming-class.
19. Dudenhoeffer, D., Permann, M.R., and Manic, M. (2006). CIMS: A framework for infrastructure interdependency modeling and analysis. In: Proceedings of the 38th Conference on Winter Simulation, 478–485. IEEE. https://doi.org/10.1109/WSC.2006.323119.
20. Dunsire, A. (1990). Holistic governance. Public Policy and Administration 5(1): 4–19. https://doi.org/10.1177/095207679000500102.
21. Foster, J.S., Gjelde, E., Graham, W.R. et al. (2008). Report of the commission to assess the threat to the United States from electromagnetic pulse (EMP) attack (No. A2473-EMP). EMP Commission. http://www.empcommission.org/docs/A2473-EMP_Commission-7MB.pdf.
22. FRG. (2009). National strategy for critical infrastructure protection (pp. 1–18). Federal Ministry of the Interior. http://www.bmi.bund.de/cae/servlet/contentblob/598732/publicationFile/34423/kritis_englisch.pdf.
23. GAO. (2004). Critical infrastructure protection: Challenges and efforts to secure control systems. (pp. 1–47). US Government Accountability Office.
24. Georgescu, A., Gheorghe, A.V., Piso, M.-I. et al. (2019). Critical Space Infrastructures: Risk, Resilience and Complexity. Springer International Publishing. https://www.springer.com/us/book/9783030126032.
25. Gheorghe, A., Vamanu, D.V., Katina, P. et al. (2018). Critical Infrastructures, Key Resources, Key Assets: Risk, Vulnerability, Resilience, Fragility, and Perception Governance (Vol. 34). Springer International Publishing. https://www.springer.com/us/book/9783319692234.
26. Gheorghe, A.V. (ed.). (2005). Integrated Risk and Vulnerability Management Assisted by Decision Support Systems: Relevance and Impact on Governance (Vol. 8). Springer.
27. Gheorghe, A.V. and Katina, P.F. (2014). Editorial: Resiliency and engineering systems – research trends and challenges. International Journal of Critical Infrastructures 10(3/4): 193–199.
28. Gheorghe, A.V., Masera, M., Weijnen, M.P.C. et al. (eds.). (2006). Critical Infrastructures at Risk: Securing the European Electric Power System (Vol. 9). Springer.
29. Gheorghe, A.V. and Yuchnovicz, D. (2015). The space infrastructure vulnerability cadastre: Orbital debris critical loads. International Journal of Disaster Risk Science 6(4): 359–371. https://doi.org/10.1007/s13753-015-0073-2.
30. Hokstad, P., Utne, I.B., and Vatn, J. (eds.). (2012). Risk and Interdependencies in Critical Infrastructures: A Guideline for Analysis. Springer-Verlag.
31. Jessop, B. (2003). Governance and metagovernance: On reflexivity, requisite variety, and requisite irony. In: Governance, as Social and Political Communication (ed. H.P. Bange), pp. 142–172. Manchester University Press.
32. Johnson, J. and Gheorghe, A.V. (2013). Antifragility analysis and measurement framework for systems of systems. International Journal of Disaster Risk Science 4(4): 159–168. https://doi.org/10.1007/s13753-013-0017-7.
33. Katina, P.F. and Hester, P.T. (2013). Systemic determination of infrastructure criticality. International Journal of Critical Infrastructures 9(3): 211–225. https://doi.org/10.1504/IJCIS.2013.054980.
34. Katina, P.F. and Keating, C.B. (2015). Critical infrastructures: A perspective from systems of systems. International Journal of Critical Infrastructures 11(4): 316–344. https://doi.org/10.1504/IJCIS.2015.073840.
35. Katina, P.F., Keating, C.B., Zio, E. et al. (2016). A criticality-based approach for the analysis of smart grids. Technology and Economics of Smart Grids and Sustainable Energy 1(1): 14. https://doi.org/10.1007/s40866-016-0013-2.
36. Katina, P.F., Pinto, C.A., Bradley, J.M. et al. (2014). Interdependency-induced risk with applications to healthcare. International Journal of Critical Infrastructure Protection 7(1): 12–26. https://doi.org/10.1016/j.ijcip.2014.01.005.
37. Keating, C.B., Katina, P.F., and Bradley, J.M. (2014). Complex system governance: Concept, challenges, and emerging research. International Journal of System of Systems Engineering 5(3): 263–288. https://doi.org/10.1504/IJSSE.2014.065756.
38. Keohane, R.O. and Nye, J.S. (1977). Power and Interdependence: World Politics in Transition (1977 ed.). TBS The Book Service Ltd.
39. Klaver, M.H.A., Luiijf, H.A.M., Nieuwenhuijs, A.H. et al. (2008). European risk assessment methodology for critical infrastructures. 2008 First International Conference on Infrastructure Systems and Services: Building Networks for a Brighter Future (INFRA), 1–5. IEEE. https://doi.org/10.1109/INFRA.2008.5439614.
40. Kooiman, J. (2000). Societal governance: Levels, models and orders of social-political interaction. In: Debating Governance (ed. J. Pierre), pp. 138–166. Oxford University Press.
41. Kooiman, J. (2003). Governing as Governance. SAGE Publications Ltd. https://doi.org/10.4135/9781446215012.
42. Krahmann, E. (2003). Conceptualizing security governance. Cooperation and Conflict 38(1): 5–26. https://doi.org/10.1177/0010836703038001001.
43. Kröger, W. (2008). Critical infrastructures at risk: A need for a new conceptual approach and extended analytical tools. Reliability Engineering & System Safety 93(12): 1781–1787.
44. Kröger, W. and Zio, E. (2011). Vulnerable Systems. Springer-Verlag.
45. Lynn, L.E., Heinrich, C.J., and Hill, C.J. (2000). Studying governance and public management: Challenges and prospects. Journal of Public Administration Research and Theory 10(2): 233–262. https://doi.org/10.1093/oxfordjournals.jpart.a024269.
46. Macaulay, T. (2009). Critical Infrastructure: Understanding its Component Parts, Vulnerabilities, Operating Risks, and Interdependencies. CRC Press.
47. Masera, M., Stefanini, A., and Dondossola, G. (2006). The security information and communication systems and the E+I paradigm. In: Critical Infrastructures at Risk: Securing the European Electric Power System (ed. A.V. Gheorghe, M. Masera, M.P.C. Weijnen et al.), pp. 85–116. Springer.
48. Mendonca, D. and Wallace, W.A. (2006). Impacts of the 2001 World Trade Center attack on New York city critical infrastructures. Journal of Infrastructure Systems 12(4): 260–270. https://doi.org/10.1061/(ASCE)1076-0342(2006)12:4(260).
49. Mitchell, A. (2013). Risk and resilience: From good idea to good practice. In OECD Development Co-operation Working Papers (No. 13; OECD Development Co-Operation Working Papers). OECD Publishing. https://ideas.repec.org/p/oec/dcdaaa/13-en.html.
50. Mitchell, T. and Harris, K. (2012). Resilience: A Risk Management Approach – Background Note. Overseas Development Institute.
51. Mitroliou, E. and Kavanaugh, L. (2015). Resilient cities report 2015: Global developments in urban adaptation and resilience. Resilient Cities. //efaidnbmnnnibpcajpcglclefindmkaj/https://www.cakex.org/sites/default/files/documents/RC2015__Congress_Report__Final.pdf.
52. Moteff, J. (2005). Risk Management and Critical Infrastructure Protection: Assessing, Integrating, and Managing Threats, Vulnerabilities and Consequences. (pp. 1–28). Congressional Research Service . CRS.
53. Moteff, J.D., Copeland, C., and Fischer, J. (2003). Critical Infrastructures: What Makes an Infrastructure Critical? (pp. 1–17). The Library of Congress.
54. NASA. (2010). Risk-informed Decision-making Handbook. NASA Headquarters. https://ntrs.nasa.gov/archive/nasa/casi.ntrs.nasa.gov/20100021361.pdf.
55. Nye, J.S.J., Nye, J.S., and Donahue, J. D. (2000). Governance in a Globalizing World (1st ed.). Brookings Institution Press.
56. Obama, B.H. (2013). Critical Infrastructure Security and Resilience. The White House. http://www.fas.org/irp/offdocs/ppd/ppd-21.pdf.
57. Perrow, C. (1999). Normal Accidents: Living with High Risk Technologies. Princeton University Press.
58. Rhodes, R.A.W. (2007). Understanding governance: Ten years on. Organization Studies 28(8): 1243–1264. https://doi.org/10.1177/0170840607076586.
59. Rinaldi, S.M. (2004). Modeling and simulating critical infrastructures and their interdependencies. In: Proceedings of The 37th Annual Hawaii International Conference on System Sciences, 2004, 1–8. IEEE. https://doi.org/10.1109/HICSS.2004.1265180.
60. Rinaldi, S.M., Peerenboom, J., and Kelly, T.K. (2001). Identifying, understanding, and analyzing critical infrastructure interdependencies. IEEE Control Systems 21(6): 11–25. https://doi.org/10.1109/37.969131.
61. Rockefeller Foundation. (2014). City Resilience Framework. Rockefeller Foundation/ARUP. https://www.rockefellerfoundation.org/wp-content/uploads/City-Resilience-Framework-2015.pdf.
62. Solomon, J. and Brennan, N.M. (2008). Corporate governance, accountability and mechanisms of accountability: An overview. Accounting, Auditing & Accountability Journal 21(7): 885–906. https://doi.org/10.1108/09513570810907401.
63. Thorsen, K.A. and Keil, T.M. (2013). National Monuments and Icons Sector-specific Plan: An Annex to the National Infrastructure Protection Plan. The White House. http://www.dhs.gov/xlibrary/assets/nipp-ssp-national-monuments-icons.pdf.
64. US Department of Homeland Security. (2013). NIPP 2013: Partnering for Critical Infrastructure Security and Resilience. US Department of Homeland Security. https://www.dhs.gov/publication/nipp-2013-partnering-critical-infrastructure-security-and-resilience?topics=all.
65. United Nations. (2015). The world population prospects: 2015 revision [report]. UN Department of Economic and Social Affairs. https://www.un.org/en/development/desa/publications/world-population-prospects-2015-revision.html.
66. United Nations. (2017). The world population prospects: The 2017 revision, key findings and advance tables [report]. UN Department of Economic and Social Affairs. https://www.un.org/development/desa/publications/world-population-prospects-the-2017-revision.html.
67. United Nations. (2022). The world population prospects 2022: Summary of results (UN DESA/POP/2021/TR/NO. 3). UN Department of Economic and Social Affairs.
68. US Congress. (2001). Uniting and strengthening America by providing appropriate tools required to intercept and obstruct terrorism (USA PATRIOT ACT) Act of 2001 (No. 147; p. 115 Stat. 271–402). 107th Congress. http://www.gpo.gov/fdsys/pkg/PLAW-107publ56/content-detail.html.
69. US Department of Homeland Security. (2009). NIPP 2009: Partnering for critical infrastructure security and resilience. Retrieved from https://www.cisa.gov/publication/nipp-2009-partnering-enhance-protection-resiliency?topics=all.
70. Vaughan, R. and Pollard, R. (1984). Rebuilding America’s Infrastructure: An Agenda for the 1980s (Vol. 1). Council of State Planning Agencies.
71. Villasenor, J. (27 August 2020). Zoom is now critical infrastructure. That’s a concern. Brookings. https://www.brookings.edu/blog/techtank/2020/08/27/zoom-is-now-critical-infrastructure-thats-a-concern.
72. The White House. (2003). The National Strategy for the Physical Protection of Critical Infrastructures and Key Assets. The White House. https://www.dhs.gov/xlibrary/assets/Physical_Strategy.pdf.
73. Willke, H. (2007). Smart Governance: Governing the Global Knowledge Society. Campus Verlag GmbH.
74. Wolf, T., Tessier, R., and Prabhu, G. (2011). Securing the data path of next-generation router systems. Computer Communications 34(4): 598–606. http://dx.doi.org/10.1016/j.comcom.2010.03.019.
75. The World Bank. (2017). World Development Report 2017: Governance and the Law. https://doi.org/10.1596/978-1-4648-0950-7.
76. Yanez, K. and Kernaghan, S. (2014). Briefing: Visions of a resilient city. In: Proceedings of the Institution of Civil Engineers – Urban Design and Planning 167(3): 95–101. Institution of Civil Engineers. https://doi.org/10.1680/udap.13.00013.
77. Zio, E. (2016). Critical infrastructures vulnerability and risk analysis. European Journal for Security Research 1(2): 97–114. https://doi.org/10.1007/s41125-016-0004-2.
78. Zio, E. and Pedroni, N. (2012). Overview of Risk-informed Decision-making Processes. Foundation for an Industrial Safety Culture. https://www.foncsi.org/en/publications/collections/industrial-safety-cahiers/risk-informed-decision-making-processes/CSI-RIDM.pdf.