Six steps to improving infrastructure resilience

How do you plan for the unknown? It’s one of the toughest questions facing the infrastructure industry around the world. Yet the question must be answered say resilience specialists Ronald Hahn, Darcy Immerman and Josh Sawislak.

With exposure to an ever-increasing range of hazards, risks and threats from cyber and physical attacks to the effects of global climate change, infrastructure owners, managers and operators need to understand today’s challenges, anticipate the future, collaborate across businesses and borders, and prioritize spending to optimize the benefits.

While it’s not possible to predict or avoid all hazards or threats, they can be managed. A strong resiliency plan can reduce the risk and impact of an event and speed the recovery, which dramatically reduces the cost in terms of physical, social and economic loss. In building a plan, we suggest six steps towards improving infrastructure resilience:

Six steps to infrastructure resilience
Six steps to infrastructure resilience


There is no time like the present. Whether creating new infrastructure systems and networks or upgrading existing assets, the earlier resilience is considered, the more effective, efficient and economical the solutions will be. Ideally discussions start at concept stage, making it possible to redefine resiliency and security by design throughout the project.


An effective resiliency plan must integrate across the physical and logical (also known as digital) domains. For example, most recent cyberattacks are described as ‘blended’ attacks meaning they exploited vulnerabilities both in the physical and digital domains. The same systems approach also applies to major weather events such as hurricanes. One of the major issues in restoring power following Hurricane Sandy was the inability to connect to critical data centers necessary to restart sections of the grid.


In the same way that disaster has no respect for borders, effective resilience must cut across all silos and boundaries. From logistics departments and IT to asset and facility managers, everyone needs to participate and collaborate in finding the best and most innovative solutions.


With broad agreement that spending on resilience protection is an investment, infrastructure owners must first identify and prioritize their critical assets and essential functions. This is crucial to ensuring the limited resources are being spent to protect the highest priority assets and processes.


Like any effective business plan, goals, objectives and metrics are needed to measure effectiveness. Resilience is a relative term and to be more resilient it is important to understand what risks are faced. It is vital that any business consistently evaluates potential hazards and threats then measures and evaluates its resiliency plan, policies, and procedures to determine their effectiveness at mitigating critical hazards and threats. And the only constant is change. We know the threats are dynamic and while we may not be able to predict the nature or timing of the change, we must assume it will change and be agile and ready to adapt. This assessment is vital to evaluating the effectiveness investments made in resilience and changes that might be necessary.


Consider the resilience protection already in place; there will almost certainly be opportunities to optimize and leverage what already exists. And remember that you may be able to share the costs with others who stand to benefit from future resilience investments. Waiting is not a option – start small or start big, but start now!

GLOSSARY – your guide to resilience

  1. Adaptive capacity – The ability of an asset or system to adjust to a hazard, take advantage of new opportunities, and/or cope with change.
  2. Breach – A violation or infraction, as of a contract, law, legal obligation, or
  3. Cyberattack – an attempt to access, disrupt or destroy a computer or other electronic system or network or to use that network for malicious purposes with another connected system or asset.
  4. Cybersecurity – the state of being safe from electronic crime and the measures taken to achieve safety
  5. Disturbance – In ecological terms, disturbance is a relatively discrete event in time coming from the outside that disrupts ecosystems, communities, or populations, changes substrates and resource availability, and creates opportunities for new individuals or colonies to become established. Disturbances can be shocks (intense and short in duration) or stresses (longer duration and may be more gradual in impact).
  6. Exposure – The presence of people, assets, and ecosystems in places where they could be adversely affected by hazards.
  7. Global climate change – the changes in patterns of ocean and atmospheric temperatures over time resulting in more extreme and severe weather patterns.
  8. Hack – To gainaccess to (a computerfile or network)illegally or without
  9. Hazard – An event or condition that may cause injury, illness, or death to people or impacts to assets and systems resulting in economic loss.
  10. Impacts – Effects on natural and human systems that result from hazards. Evaluating potential impacts is a critical step in assessing vulnerability.
  11. Latitude – The maximum amount a system can be changed before losing its ability to recover (before crossing a threshold which, if breached, makes recovery difficult or impossible). One of four crucial aspects of resilience.
  12. Mitigation (climate) – Processes that can reduce the amount and speed of future climate change by reducing atmospheric emissions of heat-trapping “greenhouse” gases or capturing and storing these gases so they do not add to the “greenhouse effect.”
  13. Mitigation (risk) – Processes or actions to reduce the probability or impact of an impact of a hazard.
  14. Probability – The likelihood of hazard events occurring. Probabilities have traditionally been determined from the historic frequency of events. With changing climate and the introduction of non-climate stressors, the probability of hazard events also changes.
  15. Resilience – The capacity of a community, business, or natural environment to prevent, withstand, respond or adapt to, and recover from disruptions.
  16. Resiliency – the state of being resilient.
  17. Risk – The potential total cost if something of value is damaged or lost, considered together with the likelihood of that loss occurring. Risk is often evaluated as the probability of a hazard occurring multiplied by the consequence that would result if it did happen.
  18. Recovery – The restoration of an asset, system, or community to a normal operating state following a disaster or other disruption.
  19. Response – The immediate actions undertaken to protect of life safety and property following an impact.
  20. Vulnerability – The propensity or predisposition of assets to be adversely affected by hazards. Vulnerability encompasses exposure, sensitivity, potential impacts, and adaptive capacity.