Business Continuity of Critical Infrastructures for Safety and Security Incidents

Business Continuity of Critical Infrastructures for Safety and Security Incidents

Konstantinos Apostolou, Danai Kazantzidou-Firtinidou, Ilias Gkotsis, George Eftychidis
Copyright: © 2020 |Pages: 37
DOI: 10.4018/978-1-7998-3059-7.ch015
(Individual Chapters)
No Current Special Offers


The chapter is an overview of important timely concepts with a focus on the safety and security of critical infrastructures (CIs). The content is a result of triangulation of sources from the fields of academia, best practices, legislation, and scientific research. The protection of CIs has been a popular topic of discussion through recent years but also a topic for initiative towards the undisrupted function, prosperity and well-being of nations in a world of interconnections and dependencies. In respect to that, the following content offers input which will assist in the understanding of the concepts surrounding the safety and security of CIs while combining theoretical approaches with practical guidelines for the composition of a business continuity plan. The chapter also discusses the factors contributing to the criticality of technical infrastructures as part of a nation or a cross-border network, the threats to which a CI can be exposed to whether these are natural or man-made.
Chapter Preview


Critical infrastructures (CIs) are components of wide networks of technical infrastructures which support the daily activities of every nation and provide vital products and services. These services include distribution of natural gas, electricity, fuels, transportation services, water distribution and others.

CIs can be subjected to damage caused by natural hazards or man-made threats which can be amplified due to the networks that have been created between them and might result into disastrous cascading effects. Such incidents can potentially render entire cities unable to provide vital services and functions, while also threating the societal security and safety. Natural disasters such as the tsunami and earthquake which triggered the nuclear disaster in Fukushima Daiichi, the more recent wildfires in Greece 2018 and the Typhoon Jebi which hit Japan in 2018 were events of very high magnitude. Scientific research has also stressed the importance of the effects of natural hazards due to climate change with potentially devastating effects for the European CIs especially in sectors such as energy, transportation, water management (EU-CIRCLE, 2016). At the same time, the high value of CIs can attract man-made threats such as terrorism, aimed towards attracting the media, causing mass casualties and spreading fear, or antisocial behavior meant to apply political pressure.

Unfortunately, such events are difficult to predict and pinpoint and there is no solution which would create an absolute defense system against such hazards. As such, it is necessary for CI operators to establish and effective Business Continuity Plan (BCP) which will focus not on the absolute protection of an infrastructure, but on the timely response to adverse incidents or emergencies, in order to safeguard the infrastructure’s vital operations and assets from future disruptive events.

This chapter will discuss further the significance of the protection European CIs, the possible threats that they can be exposed to, and present an elaborate framework towards Business Continuity Planning based on literature, research and best practices for general application, independently of the infrastructures’ field of operations or the nature of hazards.

The objectives of this chapter are:

  • 1.

    To increase the understanding of risk management concepts around the safety and security of Critical infrastructures.

  • 2.

    To provide a comprehensive, elaborate and practical guide for Business Continuity Planning which will contribute to an effective emergency response

  • 3.

    To raise the awareness of Critical Infrastructure stakeholders in regard to natural and man-made risks to which the European Critical Infrastructures may be exposed.



The modern approach towards the protection of critical infrastructure against disasters (natural or man-made), is focused on a proactive strategic planning of an infrastructure in order to build resilience against hazards which may occur. Resilience enables an infrastructure (or organization) to respond to disruptions through its ability to absorb damage and adapt to adverse incidents, ensuring the continuation of its critical activities and the safety of its stakeholders. Resilience can be built through an elaborate Business Continuity Management approach (British Standards Institution [BSI], 2018b).

Business continuity (BC) refers to the ability of an organization to deliver goods and services at acceptable predefined levels after a disruptive incident (BSI, 2018b, p. 41). In general, disruptive threats against technical infrastructures, may include natural hazards, man-made disasters, terrorism, IT/IS incidents, disruption to supply chain, disruption to internal support services and others (Smith, 2012). Considering the above categories, a disruptive incident could be a fire outbreak which can cause physical damage to an infrastructure and threaten the safety of the personnel also affecting infrastructure’s supply chain, or it could involve a cyberattack targeting the IT systems of an organization which will cripple its operations and prevent delivery of services.

Key Terms in this Chapter

Holistic Approach: The examination of an infrastructure or a phenomenon based on its function, its activities and components as a whole.

Vulnerability: Weaknesses of an infrastructure towards security and safety threats due to lack of measures, policies or strategy.

Resilience: The ability of an infrastructure to resist, respond and overcome adverse events

Threat: A cause of an incident/event (mostly man-made) with negative impact on the activities of an infrastructure

Disaster: An irreversible adverse situation as a result of inefficient response to emergencies or crises

Crisis: An unpredictable and unstable adverse situation which threatens an organization strategic objective

Risk Management: An ongoing process of activities aimed towards safeguarding an organization from uncertainties which can negatively impact its objectives

Assets: All the components (tangible and intangible) of an infrastructure which support its operation. Some examples of tanglible assets include staff, buildings, technical equipment, vehicles. Some examples of intangible assets include digitally stored data, financial assets, company reputation, network of operations etc.

Stakeholders: All the parties (natural or legal entities) which are affected by, affect or participate in the activities of an infrastructure.

Complete Chapter List

Search this Book: