<p>Most well-managed governments and businesses have resilience strategies to navigate through non-traditional security threats like natural disasters, technological failures, and other disruptions. However, planning for a pandemic, especially one that threatens to stretch indefinitely, requires a different set of skills as well as certain continuity assumptions.</p>.<p>Unlike natural disasters that are often confined to certain spatial areas and are potent for finite periods, a pandemic might diffuse geographically and could appear in a flutter that can persist for several months. Due to the limitless nature of a pandemic, resources cannot easily be deployed geologically to help an area in need, as would be feasible in other crises. </p>.<p>It is important for critical sectors and governments to work seamlessly to ensure that they can deliver essential goods and services while responding to a pandemic. Critical infrastructure such as healthcare, supply chains for food and medicines, communications, water power and other utilities will bear the additional onus to assist in containing a contagion.</p>.<p>Critical infrastructure entities would themselves be impacted by the pandemic, much like any other business. It is estimated that up to 40% of a company's employees could be absent sick, quarantined, or might stay home to care for ailing family members. Vendors and suppliers that critical infrastructure companies rely upon, could experience similar personnel shortages and disruptions.</p>.<p>Given the protracted impact of a pandemic, it would be difficult for organisations to depend on mutual assistance programmes that normally help restore service after natural disasters.</p>.<p>The ongoing Covid-19 pandemic shares many characteristics with the deadly 1918 influenza that infected over 500 million worldwide, claiming over 50 million victims. </p>.<p>While the fundamental traits of the Spanish Influenza and Covid-19 are different, the best-available index on the proclivity of the virus to infect, referred to as the reproduction number (R0) is comparable to that of the 1918 influenza.</p>.<p>The impact of the Covid-19 pandemic on critical infrastructures (CI) will depend predominantly on the extent of absenteeism, the degree of know-how required to maintain utilities and the extent that a society can be trained and mobilised as required. The Canadian Labour Force estimated that absenteeism rates were at 12% for seasonal influenza between 1997-98 to 2008-09 and 13% for the two H1N1 pandemic waves. It is now predicted that the corresponding rate for Covid-19 could be as high as 20-50% as both morbidity and fatality rates for the virus are much higher.</p>.<p> In the past 100 years, there have been significant advances in the complexity, architecture, ownership and the interdependency of our critical utilities. CIs are fully intertwined today as never before, and there are major cross-sector interdependencies. National power grids are highly unified and operate at a single frequency, and are largely controlled through sophisticated computer systems. Water utilities are dependent on their chemical sector (for requisite materials to treat water) and the transportation sector to deliver critical supplies from the chemical sector.</p>.<p>Many infrastructure sectors today require a high level of competency in areas such as information technology, machine learning, robotics, communication skills, pharmaceutical specialisation, additive manufacturing, etc. The dilemma is that there is relatively a small population that has acquired these skills through on-the-job training needed to perform the task securely. Therefore, if there is going to be high absenteeism, it will be extremely difficult to find replacement personnel in a short time. This makes effective advance planning critical for a unified public-private sector response as in its absence, the joint response will be arduous, if not futile.</p>.<p>In a pandemic situation, governments need to be extremely watchful about digital threats to critical infrastructure. Terrorists and hostile nations are already looking to take advantage of more than one attack vector at a time. A cyber-attack during disasters becomes far more debilitating and exponentially increases the impact than any single event. If an adversary were to target the electricity network of a sovereign state during a pandemic, the emergency response would be inhibited to the extent of damaging the overall efficacy of the counter-strategy. This is a stimulus for a perfect storm. With an outdated infrastructure, the enemy will find a more compliant surface area for a cyber-attack. An attack on the electricity supply of any major electric grid for 48 hours can cause inconsistencies in the supply of potable water in any major city in the subcontinent.</p>.<p>Dr. Reddy’s Laboratories Ltd. in Hyderabad reported a cyberattack last Thursday, after which it isolated its entire data centre services as a preventive measure. Its plants in the United States, United Kingdom, Brazil, and Russia were also impacted. This came just a few days after the company had signed a partnership to run clinical trials of Russia's Sputnik-V Covid-19 vaccine in India. Such an attack has the potential to inflict severe damage.</p>.<p>Critical infrastructure protection encompasses the prevention, mitigation, preparedness, response and recovery, which is primarily aimed at augmenting resilience of people, systems and physical infrastructure.</p>.<p><span class="italic"><em>(The writer is founder and president of Synergia Foundation, a strategic think tank based in Bengaluru) </em></span></p>
<p>Most well-managed governments and businesses have resilience strategies to navigate through non-traditional security threats like natural disasters, technological failures, and other disruptions. However, planning for a pandemic, especially one that threatens to stretch indefinitely, requires a different set of skills as well as certain continuity assumptions.</p>.<p>Unlike natural disasters that are often confined to certain spatial areas and are potent for finite periods, a pandemic might diffuse geographically and could appear in a flutter that can persist for several months. Due to the limitless nature of a pandemic, resources cannot easily be deployed geologically to help an area in need, as would be feasible in other crises. </p>.<p>It is important for critical sectors and governments to work seamlessly to ensure that they can deliver essential goods and services while responding to a pandemic. Critical infrastructure such as healthcare, supply chains for food and medicines, communications, water power and other utilities will bear the additional onus to assist in containing a contagion.</p>.<p>Critical infrastructure entities would themselves be impacted by the pandemic, much like any other business. It is estimated that up to 40% of a company's employees could be absent sick, quarantined, or might stay home to care for ailing family members. Vendors and suppliers that critical infrastructure companies rely upon, could experience similar personnel shortages and disruptions.</p>.<p>Given the protracted impact of a pandemic, it would be difficult for organisations to depend on mutual assistance programmes that normally help restore service after natural disasters.</p>.<p>The ongoing Covid-19 pandemic shares many characteristics with the deadly 1918 influenza that infected over 500 million worldwide, claiming over 50 million victims. </p>.<p>While the fundamental traits of the Spanish Influenza and Covid-19 are different, the best-available index on the proclivity of the virus to infect, referred to as the reproduction number (R0) is comparable to that of the 1918 influenza.</p>.<p>The impact of the Covid-19 pandemic on critical infrastructures (CI) will depend predominantly on the extent of absenteeism, the degree of know-how required to maintain utilities and the extent that a society can be trained and mobilised as required. The Canadian Labour Force estimated that absenteeism rates were at 12% for seasonal influenza between 1997-98 to 2008-09 and 13% for the two H1N1 pandemic waves. It is now predicted that the corresponding rate for Covid-19 could be as high as 20-50% as both morbidity and fatality rates for the virus are much higher.</p>.<p> In the past 100 years, there have been significant advances in the complexity, architecture, ownership and the interdependency of our critical utilities. CIs are fully intertwined today as never before, and there are major cross-sector interdependencies. National power grids are highly unified and operate at a single frequency, and are largely controlled through sophisticated computer systems. Water utilities are dependent on their chemical sector (for requisite materials to treat water) and the transportation sector to deliver critical supplies from the chemical sector.</p>.<p>Many infrastructure sectors today require a high level of competency in areas such as information technology, machine learning, robotics, communication skills, pharmaceutical specialisation, additive manufacturing, etc. The dilemma is that there is relatively a small population that has acquired these skills through on-the-job training needed to perform the task securely. Therefore, if there is going to be high absenteeism, it will be extremely difficult to find replacement personnel in a short time. This makes effective advance planning critical for a unified public-private sector response as in its absence, the joint response will be arduous, if not futile.</p>.<p>In a pandemic situation, governments need to be extremely watchful about digital threats to critical infrastructure. Terrorists and hostile nations are already looking to take advantage of more than one attack vector at a time. A cyber-attack during disasters becomes far more debilitating and exponentially increases the impact than any single event. If an adversary were to target the electricity network of a sovereign state during a pandemic, the emergency response would be inhibited to the extent of damaging the overall efficacy of the counter-strategy. This is a stimulus for a perfect storm. With an outdated infrastructure, the enemy will find a more compliant surface area for a cyber-attack. An attack on the electricity supply of any major electric grid for 48 hours can cause inconsistencies in the supply of potable water in any major city in the subcontinent.</p>.<p>Dr. Reddy’s Laboratories Ltd. in Hyderabad reported a cyberattack last Thursday, after which it isolated its entire data centre services as a preventive measure. Its plants in the United States, United Kingdom, Brazil, and Russia were also impacted. This came just a few days after the company had signed a partnership to run clinical trials of Russia's Sputnik-V Covid-19 vaccine in India. Such an attack has the potential to inflict severe damage.</p>.<p>Critical infrastructure protection encompasses the prevention, mitigation, preparedness, response and recovery, which is primarily aimed at augmenting resilience of people, systems and physical infrastructure.</p>.<p><span class="italic"><em>(The writer is founder and president of Synergia Foundation, a strategic think tank based in Bengaluru) </em></span></p>