Preparing for more extreme climate impacts and disasters
Climate change is expected to worsen the frequency, intensity and impacts of some extreme weather events requiring investment in disaster risk reduction and early warning systems.
Climate change and decarbonisation efforts are impacting infrastructure. How might these changes intersect with protections against malicious attacks?
Infrastructure is vital for modern society, the economy and human quality of life. Disruption to infrastructure can have widespread impacts on individuals and the economy.1,2 Two key factors that present threats to national infrastructure include climate change (POSTnote 621) and malicious attacks by bad actors. A full range of different risks to UK society, including infrastructure, is outlined in the Government’s National Risk Register.3
One consequence of changes to the UK’s climate is an increase in the frequency and magnitude of some extreme weather events. The 2017 Climate Change Risk Assessment reported that the main climate-related threats to UK infrastructure include: flooding, high temperatures, heavy rainfall, stronger winds and drought.4 In the past two decades there have been multiple extreme weather events, leading to significant infrastructure disruption.5,6 A recent example includes the extensive railway disruption during the summer 2019 heat wave, when high temperatures caused overhead electrical wires to expand and sag, and railway tracks to buckle.7,8 In the longer term, gradual changes in the climate can also reduce the efficiency or capacity of certain infrastructure.9 Infrastructure is also impacted by changes in natural capital, which may affect the reliability of some infrastructure services.10
Physical infrastructure may be at risk of malicious attacks. Motivations for such attacks include financial gain, espionage and terrorism. Physical infrastructure is usually underpinned by computer systems, which may provide an avenue that a malicious attacker could exploit in order to cause damage.11 For example in February 2021, a hacker gained access to the control system of a water treatment facility in a city in Florida and attempted to poison the water supply by increasing the level of one of the chemical additives.12 A 2019 survey of 701 IT security practitioners across six countries (including the UK) found that 50% of respondents said that their organisation had experienced disruption to their operational systems as a result of a cyber attack.13 In its 2020 Annual Review, the National Cyber Security Centre noted the cyber security threat to operational technology and industrial control systems, which are used to operate physical infrastructure in areas including energy and finance.14 It highlighted that strengthening the cyber resilience of such systems is a priority.
One of the key challenges with ensuring resilience of national infrastructure is that infrastructure sectors are often highly interdependent, meaning that an individual sector often relies on multiple others to operate and function reliably. This means that disruption or failure in one sector can spread to others (known as cascading failures).11,15,16 Understanding of the risks within different sectors has improved over recent years, however experts have highlighted that more understanding of the risks of interdependencies between sectors is needed.17–19 The 2017 CCRA noted that current infrastructure governance arrangements mean that responsibility for assessing and managing interdependency risks is unclear.4
In addition, there are concerns that, as critical infrastructure becomes more complex, it may be more difficult to centrally manage threats. For example, as energy grids become increasingly decentralised due to distributed power generation, weaknesses in the system to physical or cyber threats may proliferate.20 However, this risk may be somewhat mitigated by the fact that failure of one or a small number of these is likely to have much less of an impact on the wider system than, for example, the loss of a large power station.21 Future socioeconomic changes may also create more complex interdependencies. For example, increased uptake in electric vehicles will increase demand for electricity and reliance on the power network.
The National Infrastructure Commission has highlighted that investment in infrastructure resilience often occurs after a disruption or failure. It has suggested that infrastructure operators develop long-term infrastructure resilience strategies, which in some cases may require new investment.22 The NIC has also recommended that the UK Government publish a set of infrastructure resilience standards every 5 years, starting in 2022.
Many infrastructure sectors will undergo decarbonisation improvements over the next decade.23 Some stakeholders have highlighted that well-designed policy can align long-term carbon emission reduction with improved resilience to climate threats.24 There is potential for better data collecting and sharing. For example, capturing maintenance data about infrastructure assets can help operators make better decisions,25 and greater cross-sector and data sharing can improve providers’ understanding of risks arising from interdependencies.26,27 Some experts have highlighted that technologies, such as artificial intelligence and internet-connected sensors, are likely to play a key future role in improving understanding of the performance of infrastructure systems.28,29
Climate projections and modelling are uncertain, meaning that the exact nature and magnitude of the increased risk to national infrastructure is unclear. Estimates for changes in windstorms and lightning events are particularly uncertain.9,30 Some stakeholders have highlighted that this uncertainty can make resilience planning and investment decisions challenging.31,32 However, a variety of tools have been developed to support the development of long-term resilience plans, including flexible decision-making frameworks that account for uncertainty,33,34 and adaptation options that provide benefits under a range of climate scenarios.35
A further key unknown is the type and range of tactics that malicious actors may use to carry out an attack on infrastructure. Many stakeholders have highlighted that cyber attackers are using increasingly sophisticated capabilities, including techniques that are harder to identify.36–38
High impact and likelihood in a 5-year timescale.
Photo by Chris Gallagher on Unsplash
Climate change is expected to worsen the frequency, intensity and impacts of some extreme weather events requiring investment in disaster risk reduction and early warning systems.
Biodiversity is critical for maintaining current and future ecosystem service supply and continued loss increases risks of collapses in capacity as stresses such as climate change build.
Biological organisms may begin to provide new and better solutions to environmental problems, but wider use of bioengineering may raise ethical concerns with public perceptions unclear.