Overview of change

Infrastructure is vital for modern society, the economy and human quality of life. Disruption to infrastructure can have widespread impacts on individuals and the economy.1,2 Two key factors that present threats to national infrastructure include climate change (POSTnote 621) and malicious attacks by bad actors. A full range of different risks to UK society, including infrastructure, is outlined in the Government’s National Risk Register.3

One consequence of changes to the UK’s climate is an increase in the frequency and magnitude of some extreme weather events. The 2017 Climate Change Risk Assessment reported that the main climate-related threats to UK infrastructure include: flooding, high temperatures, heavy rainfall, stronger winds and drought.4 In the past two decades there have been multiple extreme weather events, leading to significant infrastructure disruption.5,6 A recent example includes the extensive railway disruption during the summer 2019 heat wave, when high temperatures caused overhead electrical wires to expand and sag, and railway tracks to buckle.7,8 In the longer term, gradual changes in the climate can also reduce the efficiency or capacity of certain infrastructure.9 Infrastructure is also impacted by changes in natural capital, which may affect the reliability of some infrastructure services.10

Physical infrastructure may be at risk of malicious attacks. Motivations for such attacks include financial gain, espionage and terrorism. Physical infrastructure is usually underpinned by computer systems, which may provide an avenue that a malicious attacker could exploit in order to cause damage.11 For example in February 2021, a hacker gained access to the control system of a water treatment facility in a city in Florida and attempted to poison the water supply by increasing the level of one of the chemical additives.12 A 2019 survey of 701 IT security practitioners across six countries (including the UK) found that 50% of respondents said that their organisation had experienced disruption to their operational systems as a result of a cyber attack.13 In its 2020 Annual Review, the National Cyber Security Centre noted the cyber security threat to operational technology and industrial control systems, which are used to operate physical infrastructure in areas including energy and finance.14 It highlighted that strengthening the cyber resilience of such systems is a priority.

Challenges and opportunities

One of the key challenges with ensuring resilience of national infrastructure is that infrastructure sectors are often highly interdependent, meaning that an individual sector often relies on multiple others to operate and function reliably. This means that disruption or failure in one sector can spread to others (known as cascading failures).11,15,16 Understanding of the risks within different sectors has improved over recent years, however experts have highlighted that more understanding of the risks of interdependencies between sectors is needed.17–19 The 2017 CCRA noted that current infrastructure governance arrangements mean that responsibility for assessing and managing interdependency risks is unclear.4

In addition, there are concerns that, as critical infrastructure becomes more complex, it may be more difficult to centrally manage threats. For example, as energy grids become increasingly decentralised due to distributed power generation, weaknesses in the system to physical or cyber threats may proliferate.20 However, this risk may be somewhat mitigated by the fact that failure of one or a small number of these is likely to have much less of an impact on the wider system than, for example, the loss of a large power station.21 Future socioeconomic changes may also create more complex interdependencies. For example, increased uptake in electric vehicles will increase demand for electricity and reliance on the power network.

The National Infrastructure Commission has highlighted that investment in infrastructure resilience often occurs after a disruption or failure. It has suggested that infrastructure operators develop long-term infrastructure resilience strategies, which in some cases may require new investment.22 The NIC has also recommended that the UK Government publish a set of infrastructure resilience standards every 5 years, starting in 2022.

Many infrastructure sectors will undergo decarbonisation improvements over the next decade.23 Some stakeholders have highlighted that well-designed policy can align long-term carbon emission reduction with improved resilience to climate threats.24 There is potential for better data collecting and sharing. For example, capturing maintenance data about infrastructure assets can help operators make better decisions,25 and greater cross-sector and data sharing can improve providers’ understanding of risks arising from interdependencies.26,27 Some experts have highlighted that technologies, such as artificial intelligence and internet-connected sensors, are likely to play a key future role in improving understanding of the performance of infrastructure systems.28,29

Key unknowns

Climate projections and modelling are uncertain, meaning that the exact nature and magnitude of the increased risk to national infrastructure is unclear. Estimates for changes in windstorms and lightning events are particularly uncertain.9,30 Some stakeholders have highlighted that this uncertainty can make resilience planning and investment decisions challenging.31,32 However, a variety of tools have been developed to support the development of long-term resilience plans, including flexible decision-making frameworks that account for uncertainty,33,34 and adaptation options that provide benefits under a range of climate scenarios.35

A further key unknown is the type and range of tactics that malicious actors may use to carry out an attack on infrastructure. Many stakeholders have highlighted that cyber attackers are using increasingly sophisticated capabilities, including techniques that are harder to identify.36–38

Key questions for Parliament

  • What steps should the UK take to build resilience into its infrastructure?
  • What role should the Government, regulators and local authorities play in ensuring that national infrastructure is resilient to hazards and threats, including climate change and malicious attacks?
  • Where might government investment be targeted to best protect UK infrastructure, and what measures aside from investment could be explored?
  • What steps are needed to ensure better understanding of the complexity of the interactions between different infrastructure sectors, and how can these managed?
  • How can interdependency risks be better identified? Is more guidance and clarity needed on where responsibilities lie for assessing and managing interdependency risks?
  • Is more needed to incentivise infrastructure operators to invest in long-term resilience measures? And how can this be achieved?
  • Are new resilience standards needed to ensure that new and existing infrastructure assets are equipped to deal with future risks?
  • How can natural capital and ecosystems be more effectively managed to reduce the magnitude of risks to infrastructure?

Likelihood and impact

High impact and likelihood in a 5-year timescale.

Research for Parliament 2021

Experts have helped us identify 30 areas of change to help the UK Parliament prepare for the future.


  1. Cox, K. et al. (2020).  A Changing Climate: Exploring the Implications of Climate Change for UK Defence and Security.   RAND Corporation.
  2. Centre for the Protection of National Infrastructure (2021). Critical National Infrastructure.   CPNI.
  3. Cabinet Office (2020). National Risk Register 2020.   UK Government.
  4. Committee on Climate Change (2017). UK Climate Change Risk Assessment 2017: Evidence Report. 
  5. Carbon Brief (2020). Mapped: How climate change affects extreme weather around the world.   Carbon Brief.
  6. Bevis, G. (2020). Whaley Bridge dam crisis: What’s changed one year on?   BBC News.
  7. Kobie, N. (2019). Sag, buckle and curve: why your trains get cancelled in the heat.   Wired UK.
  8. Davies, R. (2019). Why the heatwave is disrupting the UK railways. 
  9. NERC (2015). Infrastructure Climate Change Impacts. 
  10. National Infrastructure Commission (2021). Natural capital and environmental net gain. 
  11. UCL and Arup (2017). Resilience of digitally connected infrastructure systems – literature review.   National Infrastructure Commission.
  12. BBC (2021). Hacker tries to poison water supply of Florida city.   BBC News.
  13. Ponemon Institute (2019). Cybersecurity In Operational Technology: 7 Insights You Need to Know. 
  14. National Cyber Security Centre (2020). Annual Review 2020. 
  15. CIRIA (2019). Interdependence analysis for systemically resilient infrastructure systems. 
  16. Dolan, T. et al. (2020). Chapter 5: Fundamental Infrastructure and Utilities.   in The Intelligent Nation. Routledge.
  17. Dawson, R. J. (2015). Handling Interdependencies in Climate Change Risk Assessment.   Climate, Vol 3, 1079–1096.
  18. Hall Jim W et al. (2014). Assessing the Long-Term Performance of Cross-Sectoral Strategies for National Infrastructure.   Journal of Infrastructure Systems, Vol 20,
  19. Arrighi, C. et al. (2020). Indirect flood impacts and cascade risk across interdependent linear infrastructures.   Nat. Hazards Earth Syst. Sci. Discuss., in review.
  20. Vaughan, A. (2017). UK energy industry cyber-attack fears are ‘off the scale’.   Guardian.
  21. Oughton, E. J. et al. (2019). Stochastic Counterfactual Risk Analysis for the Vulnerability Assessment of Cyber‐Physical Attacks on Electricity Distribution Infrastructure Networks.   Risk Analysis, Vol 39, 2012–2031.
  22. National Infrastructure Commission (2020). Anticipate React Recover. 
  23. HM Treasury (2020). National Infrastructure Strategy. 
  24. OECD (2020). Building back better: A sustainable, resilient recovery after COVID-19. 
  25. Institution of Civil Engineers (2018). In plain sight: assuring the whole-life safety of infrastructure. 
  26. Committee on Climate Change (2019). Progress in preparing for climate change: 2019 Report to Parliament.
  27. DAFNI Data & Analytics Facility for National Infrastructure. 
  28. Taylor, C. et al. (2017). Learning Frameworks for Future Infrastructure Provision.   International Symposia on Next Generation Infrastructure, 386–392.
  29. Taylor, C. A. et al. (2020). Theoretical framing of the seismic robustness and resilience of smart cities and infrastructure.   17th World Conference on Earthquake Engineering,
  30. Blewett, J. et al. (2020). Infrastructure and climate change.   POST UK Parliament.
  31. OECD (2018). Policy Perspectives: Climate-resilient Infrastructure. 
  32. Hallegatte, S. (2009). Strategies to adapt to an uncertain climate change.   Global Environmental Change, Vol 19, 240–247.
  33. Dessai, S. et al. (2007). Assessing the robustness of adaptation decisions to climate change uncertainties: A case study on water resources management in the East of England.   Global Environmental Change, Vol 17, 59–72.
  34. Dessai, S. et al. (2013). Introduction to the Special Issue on “Adaptation and Resilience of Water Systems to an Uncertain Changing Climate”.   Water Resour Manage, Vol 27, 943–948.
  35. ClimateXChange (2012). Examples of ‘no-regret’, ‘low-regret’ and ‘win-win’ adaptation actions.   ClimateXChange.
  36. Microsoft (2020). Microsoft Digital Defense Report. 
  37. ENISA Threat Landscape – 2020 (2020). ENISA Threat Landscape – 2020. 
  38. Platt, A. (2018). The increasing sophistication of cyber-attacks means stronger strategies are needed in financial organisations.   ITProPortal.

Photo by Chris Gallagher on Unsplash

Related posts