Center for Infrastructure Protection & Homeland Security

Four Key Imperatives to Building Effective Transportation Infrastructure Resilience

Andrea Stone, InfraGardNCR

What actually happens if our transportation infrastructure is not resilient? Can you envision having no access to any mode of transportation for an extended period of time? Can you imagine the impact of a sudden loss of services that are vital to the public’s well-being and safe living environment?

As we deal with the aftermath of winter storm Jonas, those events have become a reality in the DC metro area and across the region. Jonas, with its 30 inches of snow and high blizzard winds, grounded the DC metro population for more than four days. The potential economic impact of the standstill could be as high as $1 billion in lost revenue and wages for many local business, industries, and sectors, including the federal government.

There are different views about who or what is responsible for ensuring that our transportation infrastructure can withstand such events. Many think that the government (federal, state, and local) is mostly responsible for resilience in our transportation system. In reality, while our government has a prominent role as an infrastructure owner, we must keep in mind that private industry ultimately owns and operates approximately 80 to 85 percent of our transportation key infrastructure and assets.

Without a doubt our governments, both state and federal, have an important role in setting goals and issuing guidance and policy. However, much of the planning and implementation expertise required to reduce the vulnerability of infrastructure assets lies outside of the federal government.

The Difference Between Protection and Resilience

It’s common sense management to protect investments in existing and new infrastructure. Infrastructure protection simply means reducing the effect of a disruptive event. Real progress would be to concentrate on building infrastructure resilience. But to plan and build a resilient transportation system requires more time and effort. The benefit of such an effort would be a system with the ability to absorb, adapt, and rapidly recover from a potentially disruptive event.

Dynamic System Failure

The complexity of the situation is mainly driven by the dynamic nature of sources of disruption, the complex interdependencies of the sectors, and the condition of the infrastructure. We live in a world where as citizens we don’t know which scenario is scarier: cyber attacks, climate changes, natural disasters, or terrorist attacks. The challenge in the transportation sector lies in its sheer size and complexity. According to the national atlas, the transportation system in the U.S. is comprised of more than 3.9 million miles of public roads, 120,000 miles of major railroads, 25,000 miles of commercially navigable waterways, 5,000 public-use airports, 500 major urban public transit operations, and more than 300 coastal and inland waterways ports. A disruption of one component has the potential to have a dynamic effect on the entire system.

For example, passengers rely on trains to get them to a given destination, but those trains rely on pipelines of fuel and the electrical grid to operate. In addition, passengers rely on highways, planes, and connecting rail systems to get them to a given train. If any of those components fail, the entire system is affected. The increasing interdependence of economic, technological, and social processes creates aggregate vulnerabilities that can cause catastrophic system failure.

Much progress has been achieved in the past 10 years through efforts led by the U.S. Department of Homeland Security, U.S. Department of Transportation, interagency organizations, and industry organizations; however, as a nation we still don’t have answers for the complex issues we must face to make our transportation infrastructure resilient.

Given the high degree of complexity in transportation, there are four key imperatives for integrating current efforts to achieve a faster return on investment.

Integrating Efforts

1. Create a common vision for system resilience

A vision for transportation infrastructure resilience requires discipline and cross-functional collaboration. We must think about it as if we were creating a transportation master plan, with a time horizon that spans the next 20 to 30 years. This vision must articulate involvement of individuals, organizations, private-public partnerships, nonprofits, private-sector commercial organizations, and all layers of government. Since individuals are users of transportation systems, they also have a role in increasing resilience through participating in reporting systems (For example, the DHS ‘If You See Something, Say Something’ campaign) and recovery efforts. The vision can impact how investment decisions are conducted and how common standards for conducting vulnerability assessments are defined and followed. The vision can also guide policy decisions including mitigation, preparedness, response, and recovery. The vision must recognize competing interests of each stakeholder and ultimately can balance sources of investment and the degree of collaboration.

2. Adopt a group decision-making model

In its transportation systems sector-specific plan published in 2010, DHS formulated a well thought-out methodology to reduce risks to critical transportation infrastructure while continuing to engage the private sector. Superstorm Sandy provided painful evidence that despite clear policy and guidance, DOT and DHS did not have specific guidelines to monitor, evaluate, and report the results of collaborative efforts. More than three years after Sandy many organizations are still recovering from this event.

Different risk management frameworks are often required to cover the wide spectrum of risks and classes of assets, as well as the knowledge maturity of people and organizations regarding resilience. A flexible model that could be adapted to the specific situation will produce a higher payoff. This system also requires adaptability in the way we assess and monitor increases in resilience.

The ability to synthesize quantitative and qualitative data is another hard issue to resolve. Traditional risk management tools have become increasingly sophisticated but they remain inadequate in coping with synthesis. There seems to be a tendency to favor the collection of qualitative data over quantitative. This creates an issue because prioritization relies on the ability to analyze and score every dimension. Quantitative data is a must and some methodologies allow for easy conversion of qualitative to quantitative data by using corresponding numerical and verbal scales.

The question of decision-making is critical because it ultimately guides resource allocation. At the end of the day, achieving resilience is a matter of prioritizing the highest areas of risk, the highest vulnerabilities, and allocating resources to prevent, mitigate or recover from catastrophic events. Without the ability to allocate resources the best plan is not operational.

Priorities defined in a decision-making model should be used to derive metrics. Decision-making is an iterative process, and it can only be improved with the use of performance metrics. Beauty is in the eye of the beholder, and the same applies to metrics. What matters in a federal environment may not matter as much in a private environment. There is an urgent need to tie metrics to an adaptable decision-making framework that is geared for continuous improvement, iterations, and multi-year scenarios.

3. Use a common risk and data management framework

Parameters for risk data seem to be tailored to infrastructure type, location, and ownership, but data requirements and sources still need to be better defined. No risk management system will be effective without reliable data. Data availability is an issue especially for events where access to data is limited. For example, security threats are a moving target and therefore, there is less data documented vis-à-vis other events such as natural disasters that are recurrent and therefore are better documented.

Data collection can be a difficult endeavor because it requires the formulation of clear standards and quality control procedures. DHS has made progress towards defining a consistent set of data collection standards through its critical infrastructure sectors partnership and by establishing its infrastructure data warehouse.

Data collection protocols established through routine processes such as data calls, site visits, security audits, and compliance inspections can be mature and produce reliable information. However, data collection accomplished through non-official or non-routine challenges can be more difficult, especially when it involves self-reporting of incidents and data sharing. Incentives for self-reporting data can continue to evolve to produce more data points. Since disruptions are local and most individuals use mobile devices, we could think of improving data collection mechanisms that involve citizens. The open government initiative has sparked a new interest in information exchanges between the federal government, local government, private sector, and citizens. This could provide access to a rich pool of data, but it would require resources to validate accuracy and timeliness.

4. Create a culture of resilience

Achieving resilience is a long-term commitment that requires a change in our way of thinking and behaving. There are some transportation modes that operate in dynamic environments with continuous communication between the government and the private sector. Those modes have established incentives to collaborate and common goals to accomplish jointly. Aviation is an example of such a mode. For decades, the National Airspace System has been comprised of, and operated by, both public and private sector entities where collaboration is less a luxury than a need. To this end, an information network has been established that includes both protected, voluntary self-reporting by airlines, and government-generated safety data. Clearly, this closed system has contributed to create and encourage a strong safety culture with behaviors embedded in day-to-day operations. Other modes need to build this unity of effort, and this requires creating an environment of support and motivation. Creating such an environment requires leaders to display resilience in their words and actions—a sort of behavior that permeates through the structures all the way to the front line. To create this culture involves motivating people through a clear vision and active optimism, with the belief that there is a difficult but not impossible task at hand. A single vision for a resilient system is critical in building a culture of resilience. The ability to make joint decisions in difficult times—rather than succumb to analysis paralysis—can make the difference between recovering and building resilience from an adverse event or not.

To sum up, in this article we have covered four foundational elements for integrating current efforts and making progress towards achieving transportation system resilience.

  1. A common vision that integrates the perspective of different modes and users can unify the efforts of multiple organizations and emphasize system resilience as the ultimate goal.
  2. Decision-making and performance management are iterative processes and through a consistent framework, decisions and resource allocation can be optimized over time.
  3. The data management governance model can be established and over time, can use additional datasets of government and privately owned information.
  4. All of these elements together provide fertile ground for managing change and adopting a culture of resilience; a culture of sharing information and bringing public awareness to the importance of having a resilient transportation system.

This system would have the capability of adapting to change, improving its performance over time, reducing vulnerabilities, and having the ability of recovering faster as a result of adverse events.

The New Front Line of Resilience

The new front line of defense and national resilience for America’s critical infrastructure has become a coalition of the private sector, communities, nonprofits, and individuals that use that infrastructure.

Some organizations, such as InfraGard, provide approaches tailored to each sector and support through engagement and information sharing between the public and private sector to encourage resilience incentives for private investment and efforts such as consistency in insurance solutions.

In November 2016, the InfraGard National Capital Region chapter is bringing together critical structure sector leaders, organization, and government partners to discus, educate, and reinforce the partnership and education necessary to support a vigilant infrastructure resilience community. Stay tuned for the national critical infrastructure security & resilience month. For more details go to www.InfraGardNCR.org

About InfraGard

The InfraGard National Capital Region Members Alliance (INCRMA) is an alliance with the FBI’s Washington Field Office and individuals committed to protecting the nation’s critical infrastructure. Our chapter has the same footprint as the FBI field office with which we are aligned – Washington, DC and northern Virginia.  It is our mission to improve and extend information sharing between critical infrastructure stakeholders, in both the private and public sectors, with the government, particularly the FBI, to protect those infrastructure assets from physical and/or cyber attack.  As a result of this exchange, timely information and intelligence is delivered, investigations are initiated and/or enhanced, vital economic and national security assets are protected, and lasting relationships are formed between law enforcement and infrastructure owners/operators.

About Andrea Stone

Andrea Stone is co-chief of InfraGardNCR Transportation sector. She is the CEO of Dynamic Pro Inc., a management consulting and technology firm providing collaborative consulting services in both the public and private sector. She is an expert in performance management, team decision support, and collaborative change management. Ms. Stone has consulted extensively and has led projects related to large-scale technology implementation, strategic planning, change management, knowledge management, and technology acquisition. Andrea has twenty plus years of experience in the private and public sectors including Booz Allen, FedEx Ground, DHL and Deutsche Post in the Netherlands, and information technology companies in France and Germany.

She is a founding member of the Government Technology and Services Coalition and has served as president of the Washington DC chapter of Women in Transportation. She is a member of Women in Homeland Security (WHS), the Armed Forces Communications and Electronics Organization (AFCEA), and the National Defense Industrial Association (NDIA). She received a Masters in Business Administration from the University of Pittsburgh.