Infrastructure, Innovation, Technology

Next-generation infrastructure will be smarter and more efficient, but with this high performance also comes greater vulnerability. Infrastructure resilience experts Ron Hahn and Josh Sawislak say future-proofing civil infrastructure projects is one of the biggest challenges facing the industry.

Safe, secure and resilient infrastructure is a lifeline to our future. It’s the differentiator between successful and struggling economies and societies. Thus, it’s not surprising that so much hope and expectation rest on a new era of infrastructure development.

To be durable and future proof, our infrastructure must cope with, and adapt to, a complex and evolving mix of hazards, risks and threats. As a result, resilience must be an essential component of every project across its entire life cycle — integrated from the planning and design phase — and not just added as a last-minute feature.

While there’s agreement that embracing innovation and digital tools will be invaluable, our growing digital dependency has led to fears about the impact of hackers disrupting critical infrastructure. What’s more, civil infrastructure must also withstand the escalating physical threats of terrorism and climate change.


Today, the two classes of threat — digital and physical — are rapidly converging.

In the era of smart cities, wide-scale adoption of the internet of things (IoT) and cloud technology offer significant advantages across the built environment, from increasing communicability and maintenance monitoring to reducing traffic congestion. Yet this increased digital access also makes infrastructure assets more vulnerable.

Conversely, physical threats, such as those resulting from climate change, also pave the way for digital disruption. Buildings and structures become more vulnerable to cyber or kinetic attacks during natural disasters, and critical infrastructure — such as power, water, wastewater and communications — rely on our digital network to function.


This changing infrastructure landscape has created the need for holistic, industry-wide solutions for identifying and managing risks. Resilience is not a one-dimensional or static issue, and successful attacks find and exploit vulnerability. In response, AECOM has developed an approach called Converged Resilience™, which acknowledges the interdependency of the physical and digital worlds — and uses this understanding to build lasting, integrated strategies for infrastructure resilience.

Risk cannot be eliminated altogether; however, infrastructure owners and service providers can become better at planning for and mitigating threats, including those as yet unknown. While each organization and situation is different, it’s possible to apply a common framework to the problem. The goal is to simplify the risk-management process while allowing the flexibility to cope with a broad range of scenarios across both the digital and physical environments. Here’s how:


For maximum impact, a resiliency strategy must be introduced early in the lifespan of an asset. The industry has often viewed resilience as an add-on to the core design-build process, and that’s too late. For infrastructure owners, the goal must be to build in resilience planning as early as possible — the sooner a protection framework is implemented, the more cost efficient and effective it becomes.


Having early-stage conversations about risk management makes it easier for an organization to customize a resilience strategy. This means knowing which assets it wants to protect, as well as, understanding the function of those assets and the potential cost of losing or devolving that function. Beyond simple replacement cost, what’s the business case for determining which assets to protect and how?

Through efforts such as 100 Resilient Cities (100RC), pioneered by the Rockefeller Foundation, municipalities are taking a strategic approach to understanding not only the risks, but also the interaction of the risks and different urban systems and goals.


It’s impossible to eliminate risk completely. If assets are aging, an infrastructure owner will need to select where it wants to focus its resiliency investment — where most effort and resources need to be focused.

In addition to functionality, the service life of an asset and the feasibility of replacing it must come into consideration. For example, a manufacturing plant for airplane parts may have a 40-year service life. The time and cost of replacing such a facility is tremendous, so the owner will want to make a significant investment in keeping it running throughout its design life. By contrast, a data center with hardware assets that are replaced every two years will have less at risk, as its long-term asset is only the building that houses the equipment.


With new vulnerabilities constantly evolving, infrastructure owners must decide how to manage the many risks they face.

The first option is to accept the risk and manage it internally with the resources available. A second option is mitigating risk as new threats emerge by adapting or retrofitting an asset. The goal is to restore functionality, either fully or partially, in the fastest time.

The third approach is to transfer the risk; for example, by creating a back-up facility that can quickly take on the functionality of the original asset. When this is not feasible, a company or municipality may look to transfer a much larger proportion of risk to the insurance market. It’s important to understand, however, where that risk is transferred in order to ensure its managed effectively.


Building infrastructure resilience cannot be a one-time investment. Just as being healthy requires a certain lifestyle, resilience demands a new way of operating.

Having put a strategy in place, it’s essential that the protection plan is revisited and updated regularly. Continuous risk mitigation must be the goal. As threats are constantly evolving, so are business and industry, government, the environment, compliance and technology — it’s crucial to stay engaged and agile.


Investing in infrastructure resilience can be an expensive and time-intensive process, but it’s a necessary one. Early planning not only mitigates the impacts of disruption, it also creates net benefits. Organizations of all shapes and sizes should take heed. Risk affects every one of us. The public and private sectors have a responsibility — whether it’s to their shareholders or constituents — to balance the books and generate growth. Building resilience is a critical part of this business case.

This blog post is part of a series covering critical infrastructure-related topics in the lead up to and during Infrastructure Week and this year’s theme #TimeToBuild.

*Note: Adapted from AECOM’s Future of Infrastructure report, you can find the full article and source material at:

Originally published May 17, 2018

Authors: Josh Sawislak , Ron Hahn