Strategies and Technologies for United and Resilient Critical Infrastructures and Vital Services in Pandemic-Stricken Europe

SUNRISE project is focusing on resilience of critical infrastructure (CI) during single adverse events, such as pandemics. Since the project started in the aftermath of COVID pandemic, the initial approach was to address challenges related to this pandemic and derived risks (e.g. from non-pharmaceutical interventions such as lockdown), as well as multi-hazard situations that include other types of pandemics, climate-related crisis, scarcity of supplies or massive cyber attacks against key targets in critical infrastructures.
Pandemics create sudden spikes in demand and sudden drops in workforce availability, which were considered in the project within "temporary condition model". COVID also exposed global dependencies in supply chains, while remote work surged and raised cyber-risk, as attack surface increased and many anomaly detection patterns were not valid anymore. Confusion and miscommunication amplified disruptions in collaborations.
SUNRISE approach therefore relies on three main pillars: 1) collaboration among stakeholders both at cross-border and cross-sectorial levels, given the strong interdependency among CIs; 2) the development of strategy implementation plan for CI resilience in pandemic conditions and 3) the development of technology to protect human, physical and digital resources. The project also addressed interplay of strategic processes (e.g. decisions by the national and regional authorities) and operational technologies.

We established a framework of collaboration among CI operators, fostering the exchange of experiences and good practices. While in the first part of the project discussion focused on the past (to analyze what was done well and what did not work in the emergency of COVID), the second part of the project focused on the future, trying to devise future emergency scenarios (epidemiological, climate, hybrid) as well as to provide feedback about the project directions and draft project results. This collaboration and national workshops finally terminated with permanent stakeholder group of CI operators that will continue to exist and work beyond project finalization.

SUNRISE strategy has been designed to help CIs prepare and respond to pandemic-specific risks and it has the following pillars: modelling disease spreading; modelling climate change; modelling socio-economic impact; modelling CI interdependency; modelling and simulating cascading effects and finally carrying out a risk assessment including what-if analysis. This strategy and its implmentation process is aligned with the CER directive and NIS2 regulation. The strategy implementation is supported by a tool that can simulate different types of pandemics, propagation of threats through interdependent infrastructure and services, as well as macro-economic impacts and risk management.

Technology area of SUNRISE delivered four tools: 1) Tool for Risk-based access control to CI premises, that combines multiple factors including QR codes or recognition of mask wearing; 2) AI-based tool for demand prediction management of vital resources such as hospital beds, use of energy or means of transport; 3) Tool for cyberphysical resilience to protect cyber assets that might cause physical impact and 4) Tool for remote infrastructure inspection based on drones, computer vision and satellite image technology.

All of the key exploitable results - strategy and tools - are co-created and piloted in a real-world setting with several CIs authorities and operators from across eight European Countries.

Friuli Venezia Giulia Autonomous Region has participated to WP9' activities.

1) Strategy for Critical Infrastructure Operators: The SUNRISE strategy will strengthen CI awareness and resilience as well as business continuity by building a precise model of pandemics and incorporating climate change information. The basis for the SUNRISE strategy represents an epidemiological characterisation of pandemic risks and will consider new insights from the spreading of infectious diseases and climate change, thus fostering a multi-dimensional risk assessment and mitigation analysis.

2) Risk-based Access Control (RiBAC): The RiBAC tool will help to ensure that operation of critical infrastructure will not be disrupted by another pandemic or similar event that would bring challenges to safety & security measures of physical access to the vital facilities, while also addressing a high degree of privacy requirements.

3) Tool for Resource Demand Prediction and Management: The Tool is an essential solution to ensure businesses, homes and critical service providers can continue to function. It will help operators to better prepare for periods of high demand to avoid disruptions to vital resources such as life-saving hospital equipment and clean drinking water.

4) Tool for Cyber Physical Resilience: This tool will provide an early warning system that will help inform authorities, security analysts and CI operators to prevent cyber threats from happening and better manage cyber-attacks by understanding their effect and how best to respond.

5) Tool for Remote Physical Infrastructure Inspection: This tool will remove the need for people to inspect infrastructures physically. Using an approach that enables remote inspection reduces the number of people put in danger to detect the problem and reduces the risk of staff becoming injured or unwell.