The impact of disruptive and emerging technologies on critical infrastructure.

Critical infrastructures are physical or virtual systems that provide essential services to support basic social, economic, environmental and political systems within a country. In other words, they are those vital components that support the normal functioning of society and the economy. On the other hand, disruptive and emerging technologies are increasingly having a major impact on society, particularly in their interaction with critical infrastructures, a capacity for exponential impact in various directions and dimensions, which needs to be considered.

Critical infrastructures

In Spain we have standardized that, if we turn on the tap, drinking water comes out, and that we have uninterrupted electricity 24 hours a day, all year round. We also have a telephone connection, and according to data from MINECO, 81% of the Spanish population has Internet coverage at more than 100 Mbps.

Moreover, we have a multimodal transport network that allows us to travel at any time to any place in the territory in less than 24 hours. We also have a health care guarantee, as well as a large number of daily actions that are supported by a set of infrastructures that make this possible.

These infrastructures are the so-called Critical Infrastructures, which according to the European Directive 2008/114/EC of December 8, 2008 are defined as follows:

"The element, system, or part thereof, located in member states that is essential for the maintenance of vital social functions, health, physical integrity, safety, and the social and economic well-being of the population, the disruption or destruction of which would seriously affect a member state by rendering it unable to maintain those functions."

Consequently, and in order to establish a guarantee of operation of these infrastructures, in Spain there is the Critical Infrastructure Protection Law (PIC Law 8/2011), which is complemented by Royal Decree 704/2011, whose objectives are: To establish the strategies that allow directing and coordinating the actions in relation to the protection of critical infrastructures. And to regulate the obligations to be assumed by the Administrations and their operators.

This Law contemplates 12 strategic sectors to which a critical operator may belong, among which we could selectively mention:

• Space (facilities related to outer space).
• Nuclear industry (production, storage and transportation of dangerous goods, nuclear and radiological materials, etc.).
• Chemical industry (production, storage and transportation of dangerous goods, chemical materials, etc.).
• Water (reservoirs, storage, treatment and networks).
• Energy (production and distribution).
• Health (health sector and infrastructure).
• Information and Communication Technologies (ICT).
• Transportation (airports, ports, railroads and public transportation networks).

A disruption or interruption in its operation due to natural causes (e.g. an earthquake affecting the power supply or the electrical grid) or man-made causes (e.g. a terrorist attack or a cyber attack on a nuclear power plant or a major airport) could have serious consequences for the normal functioning of society, by the standards to which we are accustomed.

The exponential society

On the other hand, at the same time that disruptive and exponential technologies are created and applied in the development, maintenance and protection of critical infrastructures, the question arises as to what the impacts of these technologies may be on these infrastructures and on society.

Before continuing, let's look at a historical anecdote of how technological innovations can have a decisive influence on the environment in which they are developed:

In 1850, Isabel II ordered the construction of the fortress of La Mola in Mahón (Menorca), with the aim of protecting the island from possible attacks by the French and English. This fortress was completed in 1875 and a technological evolution of artillery on ships left it outdated before its inauguration.

In a linear era, and long before the emergence of accelerator technologies or exponential technology, we could already find cases of the power of a technological innovation, in which one of these innovations had disruptive consequences.

Today, in the 21st century, we see brands or companies such as Kodak, Nokia, Blockbuster Video or BlackBerry, which have also been surprised, surpassed, and in some cases even buried by the avalanche and confluence of accelerating technologies. Technological changes with great economic and social impact.

Technology has always had a transformative and revolutionary power. Today, this power is exponential, why is this so? Among other things, because of Moore's Law, which states that approximately every 2 years the number of transistors in a microprocessor doubles. This has allowed the parallel development of several disruptive technologies.

New Capabilities?

Due to the confluence of the latest technological advances, such as the development of renewable energy, the digitalization of organizations, the creation of an internet of things (IoT), the creation of 5G, the development of autonomous mobility, as well as artificial intelligence, has generated a transversality that has already altered influences and is balancing economic powers, while generating new Capabilities ready to be exploited.

Faced with this acceleration of innovations based on technological development, what can we do to adapt to it and take advantage of this increase in Capabilities?

• The first thing to do is to stop thinking linearly and start using the paradigm of "non-linear" or complex thinking. In this paradigm, growth and decline can be abrupt and overwhelming. Also, the consequences of certain stimuli may no longer be as intuitive as what our linear thinking brain is used to. Decision making and strategy setting must therefore be based on holistic thinking and a consequence of synthesis rather than reductionism and analysis.
• On the other hand, in those strategic sectors whose infrastructure implementation is based on networks (power grid, land or rail communications network, airport network, communications network, healthcare network, financial network and internet network), paying attention to a balance between efficiency and resilience, i.e. in the rapid and exponential development promoted by disruptive technologies, can lead to a maximized search for efficiency. This efficiency is the characteristic of a type of networks called scale-free, which in turn have a high fragility.

On the other hand, seeking a balance with another network approach, for example, distributed networks, will lead to greater resilience. In the balance of the efficiency-resilience tandem, a good system of networks crucial to the interests of society could be achieved.

Vulnerabilities and protection strategies.

The threats that could jeopardize the vital and strategic interests of Spanish society with respect to its critical infrastructures have been enhanced and have a greater capacity for impact, precisely because of the possible use of the aforementioned disruptive and exponential technologies.

Disruptive technologies, in addition to accelerating the environment, generate complexity, which in turn creates systems with greater fragility. Protecting against the fragility of the new systems created becomes a critical issue.

Consequently, it is necessary to establish mitigation measures and strategies to mitigate the perverse effects of these technologies used in the context of the following threats:

• Organized crime.
• Proliferation of weapons of mass destruction.
• Vulnerability of cyberspace.
• Vulnerability of maritime space.
• Vulnerability of airspace and outer space.
• Natural causes.

Examples of strategies and actions to be taken to protect against the vulnerabilities mentioned above include:

• Energy resilience. Generation of energy production, to a greater extent based on a horizontal system of small renewable energy plants, i.e. prioritizing a lateral generation system, as opposed to the classic vertical system of centralized generation, with a few large power plants. Distributed management is more resilient to catastrophes and attacks than hierarchical management.
• In relation to engineering-based infrastructures, classic engineering currently offers a single, clear, limited solution with a well-defined requirements specification adapted to the response or solution to be provided. However, one proposal for action is that, when it comes to engineering, a leap of abstraction should be considered for what would be an engineering of complex systems. That is to say, to work not only on a solution, but on a space of solutions, which will make it possible to deal with the growing complexity of the environment with a flexible response capacity to all possibilities, or at least to a wide range of possibilities. Providing the infrastructure with greater flexibility in its solution space in the face of non-benign external stimuli would make the infrastructure more resilient.

In conclusion, we have a wide range of sectors with critical infrastructures on which the functioning of our society as we know it rests. In turn, these infrastructures coexist with the development and implementation of a battery of technologies of great technical, economic and social impact.

It is becoming increasingly necessary to establish a strategic framework for action to take advantage of the development of disruptive and accelerating technologies to provide new Capabilities in the evolution of critical infrastructures. On the other hand, a protection and development plan for the aforementioned infrastructures should be considered, taking into account possible attacks and malicious use of these technologies against them.