Skip to main content

Resilient Essential Services

Scottish Government's Strategic Framework 2020-2023

Guide 3: Dependencies and Interdependencies

Guide 3: Dependencies and Interdependencies

Overview

 

What

The guide seeks to:

  • Outline practical approaches that can be used to assess dependencies and interdependencies at site specific, regional and sector level.

Who

This guide is aimed at:

  • Government - CI Resilience Policy leads in Scottish Government
  • Critical Infrastructure (CI) Operators - Strategic Management,
  • Resilience and Business Continuity Management (BCM) leads
  • Responder Communities – Resilience Partnerships (RPs),
  • Resilience and BCM leads

Why

The benefits of identifying dependencies and interdependencies include:

  • A better understanding of vulnerabilities, impacts on other
  • infrastructure and consequences when things do go wrong
  • Enabling effective and proportionate mitigation action to be taken
  • Enabling a more effective multi-agency response to disruptive events

How

Examining Dependencies and Interdependencies should:

  • Be a fundamental aspect of good business continuity management
  • Inform specific local planning assumptions for RPs
  • Inform contingency planning and mitigation measures for CI owners and operators

Available tools include:

  • Resilience Direct
  • Information Sharing Protocols (ISPs) – Guide 1 Annex A
  • Data Sharing Agreements (DSAs) – Guide 1 Annex B

Case Study

Identifying Dependency/Interdependency Relationships

 

Asset

The Police in the west of Scotland conducted research into the identification of dependency/interdependency relationships at a key emergency services sector asset.

The process adopted the following stages:

  • Examination of the asset to identify key dependency relationships within the sector and with other critical infrastructure sectors
  • Identification of critical processes within the asset, and the services and providers which facilitated these processes
  • Establishing the impact of disruption through loss of the dependencies
  • Liaison with the service providers to ensure that delivery processes for the services were robust and resilient
  • Develop information sharing protocols and non-disclosure agreements for the protection of commercially sensitive information and to facilitate partnership working and information sharing. (See Guide 1 - Collaborative Working for further detail)
  • Use GIS mapping to plot supply routes for the critical services into the asset
  • Use the mapping to identify any critical points where service routes overlapped and presented an additional vulnerability or single points of failure for critical processes within the asset
  • Conduct a table-top exercise involving a number of potential disruptive scenarios, in order to test the asset’s resilience

The Asset owner was then able to use the findings of this work and resulting recommendations as the basis for improving the resilience of the site.

 

Sector

The Health Sector Resilience Group undertook work to “Assess and catalogue the strategic geographical and physical dependencies of critical infrastructure”, in order to get a comprehensive understanding of the health sector dependencies and connections with the other critical infrastructure sectors.

Key staff within each NHS board in Scotland were tasked with completing a dependencies matrix to catalogue the strategic dependencies of the critical infrastructure relative to their board area (including critical services/systems common to more than one board). The dependencies matrix is reproduced at Annex A.

The outcome of this work was then taken to a sector workshop where the risks, vulnerabilities, mitigation measures and capability gaps of the dependencies were assessed. This work enabled the Health Sector Critical Infrastructure Resilience Group to identify a programme of measures to raise the resilience of the sector.

 

Community

The North’s Resilience Partnership Critical Infrastructure Sub Group undertook to develop a methodology to understand significant infrastructure at a local level.

Using 3 diverse local authority areas as a pilot, work was carried out with Angus Council, (Rural) Aberdeen City Council (City) and Orkney Council (Island).

The group worked with the government to understand the types of assets/sites which could be considered significant at a local level.

Each organisation developed lists of infrastructure which they considered important at the local level. These lists were then combined along with information from Police and government to form a master list outlining a rich picture of infrastructure in these areas.

The group then worked with the local electricity distribution network operator and BT to map a selection of sector sites against their network infrastructure. This highlighted the main electricity substations and telephone exchange supporting these infrastructure clusters.

This work will enable the North’s Resilience Partnership Critical Infrastructure Sub Group to ensure that significant local infrastructure (SLI) are fully considered in wider resilience programmes within the region.

 


 

Background

Scotland’s critical infrastructure is a complex interconnected number of assets, systems and networks, providing essential services to the People of Scotland. This Guide has therefore been developed to support infrastructure owners and operators, emergency responders, industry groups, regulators, and government departments to work together to improve the resilience of critical infrastructure and essential services.

We believe that this can be best achieved through a Team Scotland approach that seeks to Keep Scotland Running and Keep Scotland Informed before, during and after CIR related emergencies.

To achieve successful long term enhancement of CIR, it is crucial that dependencies and interdependencies are known and understood.

Events such as the Buncefield explosion in December 2005 or the January 2012 storms which affected Argyll and Bute vividly demonstrate how a single event can have far-reaching implications as a result of knock-on consequences passed through the dependencies chain of critical infrastructure, sometimes over a wide geographical area. Recent cyber-attacks have also highlighted the importance of understanding supply chains and ensuring that the vendors used by our critical infrastructure are also secure and resilient. These relationships between infrastructure networks need to be understood to establish reasonable local planning assumptions for civil emergency planning.

Physical dependencies are not always obvious and as such can represent a significant and hidden risk to networks and systems. Without a sufficient understanding of physical dependencies, the loss of a key element of the infrastructure network (such as a major installation) could lead to cascade failures where further disruption is caused beyond the point of failure.

 

Guidance

General – All Stakeholders

Dependencies can be categorised in numerous different ways, including physical (direct links – e.g. power supply line into asset) and geographical(due to location – e.g. local access road infrastructure) and may be ‘Upstream’ or ‘Downstream’.

Geographical dependencies often highlight clusters of infrastructure and local single points of failure which more than one CI site may depend e.g. two adjacent chemical processing plants which both depend on a local electricity substation, telephone exchange or access road.

Upstream Dependencies: Where infrastructure assets are dependent upon other services to continue functioning, e.g. water treatment works may have an upstream dependence on the power network.

Downstream Dependencies: Where infrastructure assets are reliant on supplying services to other infrastructure in order to be able to continue to function (e.g. a refinery may have a downstream dependence on the airports and export jetties to offload aviation fuel produced, windfarm has a downstream dependence on consumer electricity demand, etc).

Interdependencies: Where dependencies between two assets exist in both directions (e.g. telecoms infrastructure dependent on the power network which is in turn dependent on the telecoms network to monitor and control the system.)

Examples of the various types of dependencies and interdependencies are included in the Guide 3 Annexes below.

  • Annex B – wide spread dependencies from the 2012 Argyll and Bute Storms
  • Annex C – physical dependencies
  • Annex D – complex interdependencies

Three distinct approaches have been applied in Scotland: They are Sector, Asset and Community.

These approaches also include analysis of risk and mitigation – see Guide 2. The approaches are outlined in more detail in the guidance for Government, Industry and Responder Community sections below.

 

Government (Lead Government Departments)

The Sector based approach is generally best led by the Lead Government Departments (LGD) to identify the dependencies of the sector’s critical infrastructure assets both within the sector and with other critical infrastructure sectors. The sector approach usually follows the process below:-

  • Focus on one sector
  • Identify direct dependencies and interdependencies of key assets/networks/systems with other sectors
  • Extrapolate vulnerabilities and identify capability gaps
  • Test sector resilience to disruptive events through exercising and identify risks, vulnerabilities, capability gaps and mitigation measures to improve resilience
Industry (Critical Infrastructure Operators/Owners)

The Asset based approach is generally led by the asset operator and includes identifying geographic and physical dependencies with other assets from within the same sector as well as assets from the other critical infrastructure sectors.

The assessment of dependencies is a fundamental aspect of good business continuity management. It is therefore good business practice for owners/operators of critical infrastructure to, as a minimum, identify their immediate dependencies.

It is often complex and prohibitively time consuming to map in depth dependencies associated with advanced supply networks where contingency measures can reroute supplies to minimise impacts of disruption. Complex network infrastructure such as power, communications and water networks are often able to be reconfigured to maintain supplies in the event of disruption to individual sites or infrastructure.

Understanding dependencies and interdependencies should enable operators to inform their strategic planning and capital investment decisions to improve the long- term resilience to threats and hazards.

The asset approach usually follows the process below:-

  • Focus on one asset
  • Identify dependencies and the services and providers required
  • Establish the impact of disruption through loss of dependencies
  • Develop information sharing protocols and non-disclosure agreements for protection of commercially sensitive information and to facilitate partnership working
  • Work with service providers to ensure delivery processes are robust and resilient
  • Map supply routes for critical services
  • Use mapping to identify critical points where service routes overlap (single points of failure)
  • Test asset resilience to disruptive events through exercising and identify risks, vulnerabilities, capability gaps and mitigation measures to improve resilience
Responder Communities (Resilience Partnerships (RPs) and Regional CI Groups)

The Community based approach is generally led by Responder Communities and involves looking at the major communities (centres of population) in a geographical area and determining the networks and critical infrastructure which provides essential services to those communities.

A key element of the Community based approach is that local emergency responders and infrastructure owners must work together to ensure a sufficient understanding of infrastructure networks and dependencies across sectors.

Information is available to the responder community19 to identify infrastructure assets that are located in the same geographical area, which could potentially be affected by a single incident. For example – the area surrounding an industrial plant can be analysed for other critical infrastructure that could be affected by an explosion from the site, or a geographical area can be analysed for infrastructure that could be affected by a flood. The knowledge of critical infrastructure and potential risks to disruption of services should be used to develop specific local planning assumptions for the resilience partnerships.

The community approach usually follows the process below:

  • Responder community group focuses on a specific community (Town/city/district/region/zone)
  • Members individually identify potential significant local infrastructure (own organisations infrastructure as well as using local knowledge)
  • Wider significant infrastructure identified with emergency services and government
  • Significant local infrastructure lists combined into a master list for the community
  • Work with key service providers and utilities to identify further infrastructure which supports the SLI and may also need to be considered
  • Establish the consequences to the community of failure of the significant local infrastructure
  • Test community resilience to disruptive events through exercising and identify risks, vulnerabilities, capability gaps and mitigation measures to improve resilience

19 See Keeping Scotland Running – Guide 2 – Significant Local Infrastructure


 

Delivery

Critical Infrastructure resilience in Scotland is primarily delivered at three levels – organisational, resilience partnership and the Scotland wide Critical Infrastructure Resilience partnership, all working together to complement the wider UK guidance and work streams.

The Critical Infrastructure Resilience Partnership provides the overarching strategic direction for the advancement of Critical Infrastructure Resilience in Scotland. By working with the Lead Government Departments for reserved sectors at UK level and the Scottish Government for devolved sectors, the sector approach can be applied to enhance the understanding of the resilience of the critical infrastructure sectors as a whole.

The Resilience Partnership Critical Infrastructure Resilience Groups bring together the key CI owner/operators and resilience community to consider resilience at a regional and local level. These groups are ideally placed to use the Community approach to determine and map the networks and critical infrastructure which provides the essential services across the resilience partnership area. The groups may then advance the process and produce a dependency map for the area to be used as an information and challenge document during risk assessment, pre-event planning and exercising to ensure visibility of key dependencies during an emergency.

The CI owners/operators will have robust contingency planning processes in place, in some sectors this will be mandated through regulation and legislation, in others the driver will be reputational as a business prepared to cope with disruption is more likely to survive in the longer term. Examination of dependencies and interdependencies using an Asset based approach allows the business to identify capability gaps and potentially mitigate against disruption to operations.

 

Annex A: Matrix for Health Sector Dependencies with Water, Food, Communications and Finance Sectors

(Replicate matrix for dependencies with other Critical Infrastructure sectors)

 

Asset No.

NHS BOARD

ASSETS

DEPENDENCIES

SECTORS

  • Insert details of geographical and/or physical dependencies
  • If there is no dependency with a specific sector then please enter‘NIL’ in the box.

 

 

 

Geographical

Yes / No

Physical

Yes / No

Water

Food

Communications

Finance

EXAMPLE

No 1: NHS Alton

Hospital

Yes

Yes

Physical – Single source of water supply to asset from ‘Alton Water Treatment Works’.

 

Geographical – NHS IT systems hosted by ‘Alton IT systems Ltd’ in building adjacent to asset.

 

                 
                 
                 
                 
                 

 

Annex B: Example Of Cascading Dependencies Across A Wide Geographical Area

During January 2012, a severe storm affected large parts of Scotland. Storm force winds across the West of Scotland caused widespread loss of electrical power to approximately 190,000 premises.

In Argyll and Bute the power outage resulted in a cascade of consequences for critical infrastructure due to the significant dependencies and interdependencies. There included:-

  • Outline practical approaches that can be used to assess dependencies and interdependencies at site specific, regional and sector level.
    • Government - CI Resilience Policy leads in Scottish Government
    • Critical Infrastructure (CI) Operators - Strategic Management, Resilience and Business Continuity Management (BCM) leads
    • Responder Communities – Resilience Partnerships (RPs), Resilience and BCM leads
    • A better understanding of vulnerabilities, impacts on other infrastructure and consequences when things do go wrong
    • Enabling effective and proportionate mitigation action to be taken
    • Enabling a more effective multi-agency response to disruptive events
    • Be a fundamental aspect of good business continuity management
    • Inform specific local planning assumptions for RPs
    • Inform contingency planning and mitigation measures for CI owners and operators
    • Examination of the asset to identify key dependency relationships within the sector and with other critical infrastructure sectors
    • Identification of critical processes within the asset, and the services and providers which facilitated these processes
    • Establishing the impact of disruption through loss of the dependencies
    • Liaison with the service providers to ensure that delivery processes for the services were robust and resilient
    • Develop information sharing protocols and non-disclosure agreements for the protection of commercially sensitive information and to facilitate partnership working and information sharing. (See Guide 1 – Collaborative Working for further detail)
    • Use GIS mapping to plot supply routes for the critical services into the asset.
    • Use the mapping to identify any critical points where service routes overlapped and presented an additional vulnerability or single points of failure for critical processes within the asset
    • Conduct a table-top exercise involving a number of potential disruptive scenarios, in order to test the asset’s resilience
    • Annex B – wide spread dependencies from the 2012 Argyll and Bute Storms
    • Annex C – physical dependencies
    • Annex D – complex interdependencies
    • Focus on one sector
    • Identify direct dependencies and interdependencies of key assets/networks/systems with other sectors
    • Extrapolate vulnerabilities and identify capability gaps
    • Test sector resilience to disruptive events through exercising and identify risks, vulnerabilities, capability gaps and mitigation measures to improve resilience
    • Focus on one asset
    • Identify dependencies and the services and providers required
    • Establish the impact of disruption through loss of dependencies
    • Develop information sharing protocols and non-disclosure agreements for protection of commercially sensitive information and to facilitate partnership working
    • Work with service providers to ensure delivery processes are robust and resilient
    • Map supply routes for critical services
    • Use mapping to identify critical points where service routes overlap (single points of failure)
    • Test asset resilience to disruptive events through exercising and identify risks, vulnerabilities, capability gaps and mitigation measures to improve resilience
    • Responder community group focuses on a specific community (Town/city/district/region/zone)
    • Members individually identify potential significant local infrastructure (own organisations infrastructure as well as using local knowledge)
    • Wider significant infrastructure identified with emergency services and government
    • Significant local infrastructure lists combined into a master list for the community
    • Work with key service providers and utilities to identify further infrastructure which supports the SLI and may also need to be considered
    • Establish the consequences to the community of failure of the significant local infrastructure
    • Test community resilience to disruptive events through exercising and identify risks, vulnerabilities, capability gaps and mitigation measures to improve resilience
    • The loss of all mobile phones within approximately an hour as mast sites were dependent on power supplies, batteries or generators (which were dependent on fuel supplies)
    • Loss of landline telephones and exchanges which were dependent on power when back-up generation failed or ran out of fuel
    • Loss of water when water treatment works which were dependent on power and back-up generation failed or ran out of fuel
    • Roads blocked by fallen trees, which delayed repair efforts for telecoms and power engineers who depended on them to access damaged infrastructure
    • Severe difficulty in contacting local communities as responders were dependent on telephone lines, exchanges and mobile masts which were no longer functioning due to storm damage and/or power loss. This heightened concerns for vulnerable people
    • Loss of electronic finance systems, including cash dispensers and electronic card readers due to their dependence on power and telecoms
    • Filling stations unable to dispense fuel due to their dependence on power to pump fuels

 

Annex C: Example of Physical Dependencies

Image
Example of Physical Dependencies

 

Annex D: Example of Complex Interdependencies

Image
Example of Complex Interdependencies

 

Stay Informed

Ready Scotland regularly publishes alerts on both Twitter and Facebook. Follow and like our pages to keep up to date wherever you are.