Definition of important concepts in integral security

A summary of knowledge and references related to the terms used and their definitions, applied to the topic of integral safety.

2.1.1 Assets

An asset refers to a physical, logical, or cyber entity that determines the structure and behavior of the observed system [6]. The results of studies[1,4] provide lists of identified assets for a model metro station and the control system of the Prague metro (e.g., people, property including technologies, energy, information, and material flows), primarily based on analyses of metro documentation[1,4,10,11]. Considering it is an open system of systems, it is essential to account for additional aspects beyond technical components, such as organizational, financial, functional, logical connections, and more, as discussed in [1,4]. For further analyses, the following asset groups are considered: constructions, technology, personnel, locations, functions, connections and flows, organization, and economy.

2.1.2 Disasters

The causes of risks are disasters of all kinds, referred to as the All-Hazard Approach[12], and in the case of technological systems, risks also arise from fault states caused by random or systematic system errors[4,13]. It is evident from the above that the occurrence of a single extreme disaster can trigger a chain of additional disasters, i.e., secondary impacts, or even an entire cascade of effects. Secondary, tertiary, and further impacts are referred to as indirect impacts. The indirect impacts of extreme disasters are illustrated in Figure 1. Figure 1 shows the interconnectedness of the impacts of an extreme disaster with various protected assets, leading to additional impacts on other assets, i.e., indirect impacts, which take the form of cascades (i.e., the cascading effect).

Effects of extreme disasters on public assets [14].

Based on the magnitude of damages and losses to public assets and the probability of occurrence—i.e., through analysis and risk assessment using the risk matrix method as per [13]—disasters in safety management can be categorized into three categories:

  1. Critical disasters: may trigger a critical situation in the monitored area or its parts, during which, according to current Czech legislation, a state of emergency may be declared, requiring the restoration of property following the emergency. From a safety management perspective, preventive and mitigating measures must be implemented in urban planning, design, construction, and operation of civil and technological facilities as well as infrastructure.
  2. Specific disasters: can trigger emergency situations, and therefore, response and preparedness (mitigation measures) must be accounted for. From a safety management perspective, preventive measures must be taken in land planning, design, construction, and operation of civil and technological buildings as well as infrastructure, and mitigating measures must be implemented as part of response preparedness.

Relevant disasters: all other disasters that may affect the entity and are neither critical nor specific. They should be managed with standard means, i.e., prevention carried out in practice. From a safety management perspective, the measures already implemented in land planning,

  1. design, construction, and operation of civil and technological buildings as well as infrastructure are sufficient, and therefore, only regular checks of their effectiveness are necessary.

For the purposes of the presented dissertation, the following disasters were used, identified in the work [4] by analyzing archival documents of the City of Prague [15]:

Results of processes occurring inside and outside the Earth: flood, storm, earthquake, liquefaction of the substrate, gas eruption to the Earth’s surface.

Results of processes in the human body, human behavior, and processes in human society: epidemic, pandemic, breakdown of societal stability, attack, terrorist attack, attack using chemical, nuclear, radiological, and biological (CBRNE) weapons, armed conflict, war.

Results of processes and activities installed by humans: industrial accident, accident during the transport or storage of hazardous substances, transportation accident, disaster in the area of critical infrastructure, disaster in the economy, disaster in territorial infrastructure, disaster in cyber infrastructure, disaster in service infrastructure, supply and communication, technology failure, loss of serviceability.

Interaction of the planet Earth and the environment on human activities: disruption of substrate stability due to vibrations, air contamination, water contamination, rapid climate variations, migration of large groups of people.

Internal dependencies in the human system, natural or human-made: organizational failure, disruption in the flow of raw materials and products, disruption in the flow of energy, disruption in the flow of information.

Table 1 contains the classification of disasters relevant to the City of Prague into categories, details are provided in the work [4]. That is, it considers the All-Hazard-Approach [12,13] and data [15]; details are in the works [12,13,16].

Table 1 Distribution of disasters – relevant, specific, critical.

Relevant Specific Critical
Results of processes occurring inside and outside the Earth
Flood yes yes yes
Storm yes yes
Earthquake yes
Liquefaction of the substrate yes yes yes
Gas eruption to the Earth’s surface yes
Results of processes in the human body, human behavior, and processes in human society
Epidemic yes yes yes
Pandemic yes yes yes
Breakdown of societal stability yes yes
Criminality yes yes
Attack yes yes
Terrorist attack yes yes yes
Attack using chemical, nuclear, radiological, and biological (CNRB) weapons yes yes yes
Armed conflict yes yes yes
War yes yes yes
Results of processes and activities installed by humans
Industrial accident yes
Accident during transport or storage of hazardous substances yes
Accident during transportation yes yes yes
Disaster in the area of critical infrastructure yes yes
Disaster in the economy yes
Disaster in territorial infrastructure yes
Disaster in cyber infrastructure yes yes
Disaster in service, supply, and communication infrastructure yes
Technology failure yes yes yes
Loss of serviceability yes
Interaction of the planet Earth and the environment on human activities
Violation of substrate stability due to vibrations yes yes yes
Air contamination yes yes
Water contamination yes yes
Rapid climate variations yes
Migration of large groups of people yes
Internal dependencies in the human system, natural or human-made
Organizational failure yes yes yes
Failure in the flow of raw materials and products yes
Failure in the flow of energy yes yes yes
Failure in the flow of information yes yes yes

2.1.3 Risk and Criticality

The term risk has different and inconsistent interpretations in many areas; some definitions of risk are based on probability, while others focus on expected value or uncertainty [17]. In project management and management systems, risk is generally defined as “the effect of uncertainty” [18]. The effect of uncertainty, if it materializes, can have both negative and positive characteristics (i.e., opportunities) [18].

Risk in engineering fields such as system risk management, reliability management, and safety risk management expresses the probable magnitude of unacceptable (i.e., undesirable) consequences (losses, damages, and harm) of a disaster of a certain threat level (i.e., the normative potential of the disaster) on protected interests (assets) within a specified time interval in a given location [17].

The sources of these risks are the disasters mentioned in the previous paragraph. These risks are for people, their property, the environment, critical infrastructure, and, last but not least, for the state. Risks can be classified according to the chosen protected assets and whether a single protected asset (i.e., partial risk) or a set of protected assets (integrated risk) or a set of protected assets and the connections and flows between them (complex risk / integral risk) is considered.

Furthermore, risks are divided based on which disasters or sources of disasters are considered (only certain disasters, some of their scenarios, or all relevant disasters, etc.).

In common practice, and particularly in transportation systems, partial and integrated risks are typically considered, which are expressed as the product of the probability of occurrence of a disaster (or incident or failure) or frequency of occurrence and the magnitude of their consequences (losses, damages, harm) on the monitored entity or selected set of entities. There are many possible variables for calculating risk depending on the area being considered, but they usually involve the product of the two mentioned. In more detailed studies, the degree of vulnerability is considered, and sometimes the degree of controllability of harmful events; for example, in the automotive industry [19].

Thus, in the understanding of risk (R), we observe many differences, with the only common factor being that risk arises from concerns about an uncertain future [5,17]:

R = frequency ∙ consequences;

R = severity ∙ probability of occurrence;

R = threat ∙ vulnerability;

R = threat ∙ vulnerability ∙ impacts;

R = threat ∙ vulnerability / capacities;

R = (threat ∙ vulnerability) / countermeasures ∙ impacts;

R = f (threat ∙ vulnerability / capacities);

R = f (assets (protected interest) ∙ threat ∙ vulnerability);

R = frequency ∙ population ∙ vulnerability.

To ensure the safety of an area, or larger technological units or facilities, it is necessary to account for complex risk, i.e., integral risk based on a systemic approach to reality [2]. Integral risk involves multiple protected assets, including life, health, and safety of people, property, public welfare, the environment, technologies, and infrastructure, and also includes the influence of interconnections between these protected assets (in English, interdependences) [4,17].

The integral risk, denoted as R, is for all disasters in the area given by the relation [17]:

 

4230c498 image

                                                                                                  (1)

Rk expresses the risk for the k-th disaster:

 

c4ffb65d image

                                                                      (2)

Pk denotes the probability of occurrence of the k-th disaster, and Di,k denotes the impact of the k-th disaster on the i-th protected interest. Similar relationships apply to integrated risk, but with the difference that for integral risk, the impacts Di,k also include not only direct impacts DDi,k but also indirect (secondary, tertiary, and more) impacts DIi,k, whose relationships, according to the source [19], are as follows:

                                                           (3)

Vi is the value of the protected interest, S is the monitored area or object, Zi,k is the vulnerability of the i-th protected interest during the k-th disaster, Ii,k is the function of mutual dependencies (interdependences). The mutual dependencies depend on the specific structure of protected interests in the area and specific connections between protected interests and the disaster, i.e., according to [17]:

5bcec034 image

                                                                                      (4)

VDk is the characteristic of the degree of the k-th disaster, which affects the impacts on protected assets. VPi,k is the characteristic of the degree of mutual connectivity of protected interests in the given area. The determination of VPi,k is the subject of detailed research based on Boolean logic or, in the case of more complex dependencies, operational analysis methods [17,19,20].

For technical systems [21] the relation applies:

0bade4ef image

                    (5)

where H is the threat associated with the given disaster at the object location; Ai  are the values of monitored assets for i = 1,2,…, n; Zi are the vulnerabilities of the assets for i = 1,2,…, n; F is the loss function; Pi are the probabilities of asset damage occurrence for i = 1,2,…, n – these are conditional probabilities; O is the vulnerability of protective measures; S is the size of the monitored object;  t is the time measured from the occurrence of the harmful event; T is the time during which losses occur; and t is the period of recurrence of the disaster. Since the loss function is typically not known, failure scenarios are created and multicriteria methods are used to assess the risk; typically, decision support systems [22].

From the above knowledge and given the complexity of the systems, it is clear that integral security can only be increased by considering and managing integral risks, which do not only consider the sum of partial risks but also account for dependencies and flows between assets [13].

For safety management purposes, the criticality of an asset (K) is understood as the function of the importance and vulnerability of the monitored asset or even the entire entity, expressed as the product of [13,17]:

K = importance ∙ vulnerability                                                                         (6)

Criticality with regard to a certain disaster can be expressed by the relation

C = S ∙ O ∙ B                                                                                                  (7)

where S is the severity of the largest impact of the disaster (harmful event), O is the probability of the disaster occurrence, and B is the conditional probability that the most severe impact will occur [13,23]].

Risk, as mentioned in the introduction of this section, refers to the effect of uncertainty, i.e., how frequently (or probably) extensive losses will occur. By reducing risk, we reduce the frequency of unfavorable events (if it is within our power) or their impacts. Risk thus relates to safety but is not defined by safety. Criticality refers to the threshold value between two states, in the area of safety it is the undesirable (danger) and desirable (safety). By reducing criticality, i.e., the threshold between danger and safety, we increase the state space of the system in the safe area, i.e., we increase safety. Therefore, criticality is a complementary variable to safety, even though it is a result of risk factors and may have the same input parameters as risk (e.g., vulnerability) [27].

2.1.4 Security

In current practice, the term “safety” has several different meanings. In transportation systems, the term is associated with: the protection of people without considering the system’s interdependencies; the system’s resilience against disruption from an adverse event (disaster); or against internal errors. In connection with protective or security systems, safety is understood as so-called functional safety, i.e., the realization of a safe function or process in the case of anticipated situations [24]. In reality, these meanings have the same goal: to protect human health and life and to ensure the development of human society. In other words, all these meanings are part of integral safety, which brings them all together.

System safety in the context of integral safety means that the system is protected against both internal and external disasters, including human factors. That is, the system has sufficient resilience and adaptability to expected conditions. Additionally, a safe system must not endanger its surroundings even under critical conditions [20,25,26,27], Figure 2 according to [20].

The potential impacts of system failures, as shown in Figure 2, will manifest in other systems as a disaster in their vicinity, creating a chain of disasters, i.e., a cascading effect.

The relationship between security and system security [20].

The term “safety” (Safety) according to current knowledge refers to a set of means and measures by which humanity ensures its security (English: Security) and sustainable development (English: Sustainable Development). In Figure 3, the concept focused on safety is depicted, i.e., on a higher goal; it is not just about reducing risk, but about increasing the safety of people and other public assets on which people depend [27].

The relationship between safety and security, as a tool to ensure safety [27].

From the above, it follows that safety and risk are related, but they are not complementary quantities, because safety can be increased by organizational measures that do not affect the size of the risk. Criticality is a complementary quantity to safety. By reducing the criticality, we increase the safety of the monitored object.

2.1.5 Human safety and integral safety

Human Security, the goal of security management, has been a topic of concern since the dawn of humanity, but the term has only recently been defined in the realm of security sciences. The United Nations defines Human Security as a concept that means: “…protecting the vital core of all human lives in ways that enhance human freedoms and human fulfillment. Human security means protecting fundamental freedoms – freedoms that are the essence of life. It means protecting people from critical (severe) and pervasive (widespread) threats and situations. It means using processes that build on people’s strengths and aspirations. It means creating political, social, environmental, economic, military, and cultural systems that together give people the building blocks of survival, livelihood, and dignity…” [8]. This definition represents a shift in focus from merely protecting the state against threats from hostile armed forces to a people-centric approach that emphasizes safeguarding lives and protecting against other well-known threats. According to the UN, the key areas of the “Human Security and Threats” concept are as follows [8]:
  • Economic security (persistent poverty, unemployment),
  • Food security (hunger, famine),
  • Health security (deadly infectious diseases, unsafe food, malnutrition, lack of basic healthcare),
  • Environmental security (environmental degradation, resource depletion, natural disasters, pollution),
  • Personal security (physical violence, crime, terrorism, domestic violence, child abuse),
  • Political security (ethnic, religious, and other identity-based tensions),
  • Community security (political repression, abuse of human rights).
From the perspective of economic security, the concept of Human Security emphasizes restoring (rehabilitating) transportation and transport routes. Transportation underpins the successful achievement of objectives in the various areas of security, i.e., the Human Security concept. However, transportation systems themselves can also create new threats, such as pollution and direct impacts on human lives, health, and property [19]. Nations ensure Human Security and its various objectives through what are known as the primary functions of the state, one of which is infrastructure [2]. This work focuses on transport infrastructure and associated critical infrastructure (e.g., critical information infrastructure). A tool for ensuring Human Security is integral safety, which is ensured through various types of safety methods and technologies. It encompasses other engineering fields such as reliability management, functional safety, security of cyber-physical systems, technical and physical protection, surveillance, occupational safety, securing safe places, human safety, etc. Integral safety addresses the security of multiple assets within a monitored area, which interact with one another, are interconnected, and have various links to superior and surrounding systems. The concept of integral safety also considers all possible sources of threats that may affect the monitored entity [2]. Managing integral safety involves the management of integral risks [19]. The real world, as we perceive it, is far from ideal, and due to imperfections and differences, conflicts arise. Conflicts also emerge in various areas of security, safety, and interdisciplinary contexts. As a result, increasing the safety of one element in a monitored system may inadvertently degrade the safety of another element, thereby affecting integral safety and overall Human Security. It becomes evident that ensuring integral safety requires more than just enhancing the safety or security of individual system components. These components, with their mutual links, form a complex system. Thus, an effective management system capable of addressing the complexities of the real world is essential [19]. Enhancing Integral Safety is based on process and project management aimed at continuous quality improvement and maintaining a certain level of system safety under dynamically changing real-world conditions (e.g., environmental factors, interactions with other systems, cultural shifts, and individual or group behavior changes). Within the European Union, a project management approach known as Total Quality Management (TQM) is utilized [28]. To ensure its effectiveness, ISO standards such as 9000 and 14000 series have been developed. TQM is based on the premise that all employees, from frontline workers to top management, participate in the quality improvement process, which, at its highest level, essentially involves enhancing integral safety. The quality improvement process is driven by customer or citizen needs [29,30]. TQM assumes that sustained product and service quality cannot be achieved through directives, inspections, isolated programs, or organizational or economic measures alone, but through targeted investigation, measurement, and evaluation of the reasons behind stagnant productivity and quality. This process effectively creates a safety culture, focusing on how measures and human activities are implemented. Attention is given to the processes within the organization, and during TQM implementation, the specifics of the organization are considered to ensure that all measures align with its structure, making them locally specific [19,30]. In addition to standardized management systems (ISO standards) based on TQM principles, TQM also incorporates principles and approaches for managing soft socio-technical systems with simplified, idealized goals comprehensible to all involved personnel or residents of a given area. From a safety perspective, TQM develops Total Safety Systems (TSS), which introduce the concept of Zero Risks as a foundation for strategies like Zero Defects and Right First Time. Incorporating specific prevention into the safety of socio-technical organizational elements involves comparing contributions from Total Prevention Systems (TPS), which include principles like Zero Breakdown, and Human Development Systems, aimed at training workers to implement the “Right First Time” principle [28]. These Total Prevention Systems include practices such as Total Operation Maintenance [28]. An integrally safe system encompasses three primary elements:
  • Place safety (e.g., layout, environmental management, emergency procedures, fire safety measures, first aid, lighting, social infrastructure).
  • Process safety (e.g., physical security, emergency stop elements, “fail-safe” principles, perimeter protection).
  • Human resource safety (e.g., safety training, personal protective equipment, supervision, medical check-ups).
The EU has issued a checklist, widely used for inspections, covering these three areas [2]. The TQM system, together with TSS, often exceeds legislative requirements in the Czech Republic. To enhance safety, the systems emphasize risk reduction through proactive programs involving continuous measurement and elimination of near-misses (events that could have led to an accident but did not due to factors like operator alertness) [19,21,28]. Current trends in safety science and risk engineering are grounded in engineering risk management principles, accounting for the complexity of systems arising from the nature, properties, and uncertainties of socio-technical and cyber-physical systems, known as Systems of Systems (SoS) [2,19,26,30,31].

2.1.6 Critical infrastructure and its security

Critical infrastructure is defined in terms of Council Directive 2008/114/EC on the identification and designation of European critical infrastructures and the assessment of the need to improve their protection [32] as: “Assets, systems, and parts thereof located in a Member State which are essential for maintaining vital societal functions, health, safety, security, or economic or social well-being of people, and whose disruption or destruction would have a significant impact on a Member State due to the failure of these functions.” According to the source [33], critical infrastructure can be described in other words as systems of various types (technical, organizational, cyber, territorial, educational, etc.) that may impact the functioning of the economy, the state, and the management of emergency and critical situations. In the Czech Republic, critical infrastructure consists of infrastructures divided into the following nine areas [33]:
  1. Energy supplies (electricity, gas, heat, oil, and oil products).
  2. Water (provision of drinking and utility water, securing and managing surface and groundwater sources, wastewater systems).
  3. Food supply and agriculture (food production, food care, agricultural production).
  4. Healthcare (pre-hospital emergency care, hospital care, public health protection, production, storage, and distribution of pharmaceutical products and medical devices).
  5. Transport (road, rail, air, and water).
  6. Cyber, communication, and information systems (fixed and mobile telecommunication network services, radio communication and navigation, television and satellite communication, postal and parcel services, internet, and data services).
  7. Banking and financial sector (public finance management, banking, insurance, capital market).
  8. Rescue system (Czech Fire Rescue Service, fire protection units, Czech Police, Czech Army, radiation monitoring, forecasting, warning system, etc.).
  9. Public administration (state administration and self-government, social security and employment, state social support and social assistance, administration of the judiciary and prison system).
The area of critical infrastructure is regulated by the Crisis Act [34]. An object or element of critical infrastructure means a building, facility, resource, or public infrastructure determined based on cross-sectional and sectoral criteria, i.e., according to [35]. Regarding the railway system, critical infrastructure objects include, for example, train stations, metro stations, significant bridges or tunnels, technological equipment, and information, material, and energy flows in systems, according to the methodology for determining the criticality of objects as per source [33]. Protecting the health and property of people is a primary interest of the fundamental function of the state enshrined in the Constitution of the Czech Republic (Act No. 1/1993 Coll.). Potential disasters may not only disrupt the proper functioning of a critical infrastructure element but may also endanger the health and property of people as well as the environment. Therefore, appropriate measures are implemented depending on the category of the disaster mentioned in the previous paragraph [4,13,33].

2.1.7 Modern approaches: All-Hazard-Approach and Defense in Depth

The All-Hazard-Approach [12] means considering all possible types of hazards when managing safety, i.e., phenomena that can cause damage, losses, and harm to the monitored assets, i.e., people and relevant entities in the given area [2]. Defence-In-Depth is a comprehensive security philosophy that began to be applied in technology in the 1980s [27]. In general terms, this approach can be understood as the protection of a system through multi-layered security measures. According to [36], Defence-In-Depth represents a comprehensive approach that ensures that both people and the environment will be protected even under critical conditions within a facility. It includes all activities aimed at ensuring the security of the facility and the area in which the facility is located, starting from the location, through design and planning, construction, commissioning, operation, and decommissioning of the facility. Barrier systems and procedural measures are used to ensure a secure system of systems. The Defence-In-Depth approach is also known in cybersecurity and control system security, as described, for example, in [37], figure 4. Figure 4 illustrates the Defence-In-Depth approach as a strategy for security management, covering the following areas:
  • security directives,
  • security requirements specifications,
  • security by design,
  • secure implementation,
  • security verification and validation,
  • Defence-In-Depth strategy.
The generalized layered model for security management according to the Defence-In-Depth approach, used in the dissertation, is described further in section 2.3.4.
Figure 4. Defence-In-Depth strategy according to [37].

2.1.8 Systems of systems (SoS), project and over-project phenomena

The System of Systems (SoS) is defined in the field of systems engineering [38] as a set of independent systems, integrated into a larger system that provides unique properties. The independent so-called constituent systems collaborate to produce global behavior that they cannot produce on their own. In accordance with the source [39], the classical concept of a system and SoS differs mainly in the following elements:
  • autonomy – autonomy is exercised by the constituent systems to fulfill the purpose of the global system, i.e., SoS,
  • affiliation – individual constituent systems choose their affiliation based on the ratio of costs and benefits to fulfill their own purpose and in belief of the supra-purpose of SoS; in the classical system concept, affiliation is determined by their nature and cannot be arbitrarily changed (e.g., as a member of one family),
  • connectivity – countless possible interconnections of systems and their parts to enhance the capabilities of SoS,
  • diversity – higher diversity in the capabilities of SoS achieved through the autonomy of different constituent systems, their chosen affiliation, and open connectivity,
  • emergence – in the SoS concept, the increased intentional unpredictability of the system and the creation of conditions for the possibility of emergence (i.e., the emergence) is of crucial importance in both negative (emergence of unpredictable negative events, disasters) and positive (early detection and elimination of adverse system behaviors) aspects.
The element of emergence plays a crucial role in the choice of methods for working with systems, with a predominance of exact methods for classical systems, and a predominance of heuristic methods for SoS, including the use of artificial intelligence (AI), etc. For the purposes of the dissertation, we understand SoS as a set of open, interconnected systems [33], further composed of subsystems and objects (components) of various properties and locations. The links between subsystems and objects ensure the necessary functions and behaviors of the entire SoS [40]. The interdependencies, i.e., interdependence, are physical, cyber, local, and logical by nature [6]. The interdependencies of SoS can further be divided into:
  • desired: improve the properties of systems, devices, and infrastructures,
  • undesired:
a) under normal and abnormal conditions: they are addressed by the project according to legislative requirements [41], b) under critical conditions (beyond-design):
  • lead to system losses,
  • cause systems to fail to properly perform their functions,
  • cause systems to endanger themselves and their surroundings.
Under certain conditions of the solved system, some situations can be addressed with exact methods. The safety conditions are determined in the project according to its lifetime and criticality, in this case, we talk about design criteria. In the event of unfavorable phenomena or accidents, if the design criteria or conditions are not exceeded, they are referred to as design phenomena (accidents). Safety primarily addresses areas beyond the specified limits and conditions of systems, i.e., beyond-design phenomena, or accidents. The terms design (Design Basis Accident) and beyond-design (Beyond Design Basis Accident) accidents are formally defined, for example, by the International Atomic Energy Agency (IAEA) [42], although they are commonly used in other areas of technical safety management [41].

Related Posts

Leave a Comment

Your email address will not be published. Required fields are marked *

Contact us

  • We provide guidance on safety, risk management, and the security of industrial systems and emerging technologies.
  • We’ll propose solutions to identified issues. We help identify and effectively address weaknesses in your processes, systems, or technologies.
Scroll to Top