Critical Infrastructure Resilience 2018 Report
Authorised and published by the Victorian Government, 1 Treasury Place, Melbourne. November 2019 ISBN 978-1-922262-23-3 (pdf/online/MS word) Š State of Victoria 2019 Unless indicated otherwise, this work is made available under the terms of the Creative Commons Attribution 4.0 International licence. To view a copy of this licence, visit creativecommons.org/licenses/by/4.0 It is a condition of this Creative Commons Attribution 4.0 Licence that you must give credit to the original author who is the State of Victoria. Unless stated otherwise all images are copyright Shutterstock. If you would like to receive this publication in an alternative format telephone (03) 8684 7900 or email igem@igem.vic.gov.au Inspector-General for Emergency Management GPO Box 4356, Melbourne, Victoria 3001 Telephone: (03) 8684 7900 Email: igem@igem.vic.gov.au This publication is available in PDF and Word format on www.igem.vic.gov.au
Critical Infrastructure Resilience 2018 Report
4
Preface The health, safety and prosperity of the Victorian community are reliant on services supported by certain infrastructure. Emergency events, whether natural or human-induced, pose a risk of disrupting the ability of critical infrastructure to deliver essential services to the community. Furthermore, the complex, interconnected and often interdependent nature of critical infrastructure in modern society increases the risk of a disaster-causing systemic failure. In Victoria, the Inspector-General for Emergency Management (IGEM) has a legislated responsibility to monitor, review and assess critical infrastructure resilience at a system level. On 1 July 2015, new emergency risk management arrangements for critical infrastructure resilience (the arrangements) came into effect. The arrangements adopt an all hazards approach to building resilience founded on strong partnership between government and industry. The vision for the arrangements is to limit disruption to the supply of essential services to the Victorian community. Since the commencement of the arrangements, IGEM has monitored the implementation of the arrangements, assessed incremental improvements and identified improvement opportunities through a continuous improvement lens. IGEM's observations and findings have been made publicly available through: •
Critical Infrastructure Resilience – Implementation Progress Report 2016 (2016 Report)
•
Critical Infrastructure Resilience – Implementation Progress Report 2017 (2017 Report).
In the 2017 Report, IGEM found that overall government organisations were working collaboratively with their respective critical infrastructure sectors in implementing activities in line with the intent of the arrangements. As signalled in IGEM's 2016 and 2017 Reports, IGEM will transition from monitoring the implementation of the arrangements into an approach which monitors and assesses the effectiveness of the arrangements. This transition enables IGEM to more closely align its assurance focus with its legislative objective to monitor, review and assess critical infrastructure resilience at a system level. To enable the transition to monitoring and assessing effectiveness, IGEM will first assess the efficiency of the critical infrastructure resilience arrangements. This report does not make any findings or recommendations, but instead sets the foundation for and makes transparent IGEM’s future assurance approach for Victoria’s critical infrastructure resilience based on the vision of and the activities under the arrangements. In undertaking its assurance role, IGEM appreciates the continued visibility and access provided by government and industry. This helps IGEM better understand the complexities and challenges faced by different critical infrastructure sectors in building resilience. IGEM commends the dedication of government organisations and their industry partners in working together to the realise the vision of the arrangements. Tony Pearce Inspector-General for Emergency Management
Critical Infrastructure Resilience | 2018 Report
5
Contents Preface ................................................................................................................................................................................................................................... 4 Executive summary....................................................................................................................................................................................................... 6 1
Introduction....................................................................................................................................................................................................... 8
1.1
Assurance principles .................................................................................................................................................................................................................... 9
2
Case study – South Australian black system event .......................................................................................................... 10
2.1
Interdependencies ....................................................................................................................................................................................................................... 10
3
Victorian critical infrastructure sectors ....................................................................................................................................... 12
3.1
Energy .................................................................................................................................................................................................................................................... 13
3.2
Transport ............................................................................................................................................................................................................................................. 13
3.3
Water ......................................................................................................................................................................................................................................................14
3.4
Banking and finance ...................................................................................................................................................................................................................14
3.5
Communications............................................................................................................................................................................................................................ 15
3.6
Food supply........................................................................................................................................................................................................................................ 15
3.7
Government.......................................................................................................................................................................................................................................16
3.8
Health .....................................................................................................................................................................................................................................................16
4
Key activities under the arrangements ........................................................................................................................................ 17
4.1
Sector resilience networks, plans and reports......................................................................................................................................................... 17
4.2
Assessment, designation and the Victorian Critical Infrastructure Register ................................................................................... 18
4.3
Resilience Improvement Cycle ............................................................................................................................................................................................19
5
IGEM system level assurance .............................................................................................................................................................. 21
5.1
Intent of the arrangements .................................................................................................................................................................................................... 21
5.2
Key observations from 2016 and 2017 ............................................................................................................................................................................ 25
5.3
Assurance approach going forward .............................................................................................................................................................................. 28
6
Concluding remarks .................................................................................................................................................................................. 32
6
Executive summary The Victorian community’s wellbeing relies on infrastructure to deliver services such as banking, energy, food supply, government services, healthcare, communications, transport and water. Unfortunately, natural and human-induced emergency events pose risks to the ability of infrastructure to deliver these services. The widespread loss of electricity supply in South Australia in September 2016 – often referred to as the ‘black system event’ – demonstrated how disruption of electricity supply can cascade through infrastructure networks to affect road and rail traffic, access to fuel, telecommunications, banking, and emergency services.
The critical infrastructure resilience arrangements In Victoria, emergency risk management arrangements for critical infrastructure resilience (the arrangements) came into effect in July 2015. The Critical Infrastructure Resilience Strategy (the Strategy) states that the majority of Victoria’s critical infrastructure assets are owned and/or operated by private entities. According to the Strategy, while primary responsibility for critical infrastructure resilience rests with infrastructure owners and/or operators, the community expects that government will take appropriate measures to ensure that owners and/or operators are managing their risks and that vital service delivery is not interrupted. The Strategy highlights that building the resilience of Victoria’s infrastructure is the responsibility of government, public and private sector stakeholders working in partnership.
Role of the Inspector-General for Emergency Management Consistent with its function and objectives under the Emergency Management Act 2013 (the Act),1 the Inspector-General for Emergency Management (IGEM) monitored implementation of the arrangements, assessed incremental improvements and identified improvement opportunities. IGEM published findings in the Critical Infrastructure Resilience – Implementation Progress Report 2016 and in the Critical Infrastructure Resilience – Implementation Progress Report 2017. The 2017 Report signalled that IGEM would transition from monitoring implementation of the arrangements towards assessing the effectiveness of the arrangements. IGEM has developed an assurance plan for 2018 and 2019 in consultation with key stakeholders. Given the context of the arrangements and given IGEM’s legislated objectives and function, IGEM will consider how the arrangements interact with the emergency management system.2,3
1
IGEM has a function to monitor, review and assess critical infrastructure resilience at a system level under section 64(1)(ga) of the Act. IGEM undertakes this function in accordance with its objectives under section 62 of the Act, which are to provide assurance to the government and the community in respect of emergency management arrangements in Victoria, and to foster continuous improvement of emergency management in Victoria.
2
IGEM understands the emergency management system to encompass fields of activity beyond emergency response operational decision making – as is reflected by the Act and associated legislation and policy. 3
IGEM does not assume that key activities under the arrangements will generate real-time risk status and vulnerability information to be provided for the purposes of emergency response operational decision making. IGEM’s assessments start with information provision explicitly anticipated in the arrangements and, in consultation with stakeholders, consider interactions which may improve performance of the arrangements and the emergency management system.
Critical Infrastructure Resilience | 2018 Report
7
IGEM has begun the process of assessing efficiency, that is, assessing whether risk and mitigation information generated in the key activities under the arrangements is being provided to the appropriate decision makers in a timely manner. IGEM plans to report findings of this assessment of efficiency in 2020, and the findings will also be used to inform IGEM's approach to assessing the effectiveness of the arrangements.
This report This report explains why IGEM is transitioning from monitoring implementation of the arrangements to assessing the efficiency, and eventually the effectiveness, of the arrangements. This report: •
begins with a case study on the South Australia black system event to provide readers with an appreciation of the interdependencies between services
•
provides an overview of the arrangements in Victoria
•
outlines IGEM's interpretation of the intent of the arrangements based on the objectives and roles for government and industry established in the Act and based on the vision, principles, strategic priorities and roles for government and industry described in the Strategy
•
explains how this interpretation is guiding IGEM's approach to assessing the efficiency, and eventually the effectiveness, of the arrangements.
IGEM wishes to leave readers with an appreciation of the importance and potential of the arrangements to enable the provision of risk and mitigation information for decision making to contribute to the Strategy’s vision of arrangements that limit disruption to the supply of essential services to the Victorian community. IGEM is focusing its future assurance approach accordingly.
1 Introduction
In July 2015 emergency risk management arrangements for critical infrastructure resilience (the arrangements) came into effect in Victoria to broaden the focus of critical infrastructure resilience activities from terrorism-protection to consider all potential hazards whether natural or human-induced. The arrangements include: •
Part 7A of the Emergency Management Act 2013 (the Act)
•
the Emergency Management (Critical Infrastructure Resilience) Regulations 2015
•
the Ministerial Guidelines for Critical Infrastructure Resilience (the Guidelines)
•
the Critical Infrastructure Resilience Strategy (the Strategy).
The Strategy explains that the health, safety and prosperity of the Victorian community are reliant on certain infrastructure and that the complex, interconnected and often interdependent nature of this critical infrastructure increases the risk of a disaster-causing systemic failure. The Strategy’s vision is arrangements for Victorian critical infrastructure resilience, founded on a strong partnership between government and industry sectors, that limit disruption to the supply of essential services to the Victorian community. Part 7A of the Act requires, and the Strategy encourages, resilience building activities by government and industry. The Strategy gives effect to Part 7A of the Act and outlines roles and responsibilities for building resilience. The Inspector-General for Emergency Management (IGEM) has a function to monitor, review and assess critical infrastructure resilience at a system level under section 64(1)(ga) of the Act. The arrangements do not operate in isolation. IGEM considers the arrangements in the context of broader emergency management and regulatory frameworks which includes: •
other emergency management arrangements and economic regulation in Victoria which influence owners and operators of infrastructure and afford powers to government in an emergency
•
national and international regulation which applies to the delivery of each of the services given that each relies on complex supply chains crossing state and national borders.
As outlined in the publicly available 2016 Report4 and 2017 Report5, IGEM has monitored implementation of the arrangements, assessed incremental improvements and identified improvement opportunities. Overall, IGEM was satisfied that government organisations were working collaboratively with their respective critical infrastructure sectors in implementing the activities in line with the intent of the arrangements. This report explains why IGEM is transitioning from monitoring implementation of the arrangements to assessing the efficiency, and eventually the effectiveness, of the arrangements guided by IGEM's interpretation of the intent of the arrangements. IGEM will continue to consult with stakeholders about its assurance approach. 4 5
Critical Infrastructure Resilience – Implementation Progress Report 2016 Critical Infrastructure Resilience – Implementation Progress Report 2017
Critical Infrastructure Resilience | 2018 Report
1.1 Assurance principles Four assurance principles guide IGEM’s practice. These assurance principles aim to promote more coordinated, less burdensome and more valuable assurance activities. This will drive continuous improvement of the emergency management system and contribute towards better outcomes for Victorian communities before, during and after emergencies. Continuous improvement means appreciating the complexity of emergency management in a rapidly changing context. It means valuing parts of the system which continue to work well and seeing where incremental or immediate improvement, or innovation, is necessary. In developing this report IGEM: •
focused on the performance of processes and systems, rather than individuals
•
appreciated that critical infrastructure resilience is complex
•
appreciated that emergencies can be chaotic and that those managing the situation need to, at times, make swift decisions without perfect information and without the benefit of hindsight
•
understood that stakeholders need time, resources and opportunity to identify and implement improvements
•
shared information on what works well and what can be improved.
Collaboration and coordination means working together and organising activities to increase efficiency and effectiveness. In developing this report IGEM: •
recognised the expertise of owners and operators of critical infrastructure, portfolio departments, Emergency Management Victoria (EMV) and Victoria Police
•
involved and consulted with portfolio departments, EMV and Victoria Police
•
shared the results of its implementation monitoring from the 2016 Report and 2017 Report.
Reducing burden means respecting and minimising the amount of time and resources which stakeholders need to devote to an assurance activity. In developing this report IGEM: •
appropriately scoped its assurance to critical infrastructure resilience at a system level
•
offered flexibility in methods of submitting information and feedback
•
provided advance notice and minimised intensive engagement with stakeholders during their busiest periods
•
thoroughly checked reports for quality before release.
Adding value encourages assurance practitioners to maximise the potential benefits of their assurance activity – namely providing assurance and informing decision making for continuous improvement. IGEM has: •
proactively identified risks that may hinder achievement of intended outcomes
•
focused on the essential service sectors given their priority under the arrangements
•
maintained the line of sight from the evidence to the analysis and through to findings
•
reported findings without avoidable delay.
9
2 Case study – South Australian black system event People become used to reliable services and have little cause to stop to think about all the interdependent systems which function together so that, for instance, the traffic lights guide their commute out of the central business district, petrol is pumped into their car, and money can be paid with the tap of a card. This chapter is a short case study on the South Australia black system event which demonstrated how disruption to the delivery of one service – electricity supply in this case – can cascade through infrastructure networks to affect the delivery of many other services. This case study serves as a reminder of the need, in a modern society, for government and industry to work together to manage risks and build resilience.
2.1 Interdependencies In 2016 South Australia experienced a winter of extreme weather with flood events. Severe weather was forecast for and arrived on 28 September 2016. According to the Australian Energy Market Operator, tornadoes damaged electricity transmission lines, faults grew, and automatic mechanisms acted to protect assets.6 These factors led to an imbalance between supply and demand which caused a loss of electricity supply to South Australia. Eight hundred and fifty thousand customers lost electricity supply, affecting households, businesses, transport, community services and major industries. The review by Burns, Adams and Buckley7 includes a sobering reminder of the dependence on electricity: Electricity is, with few exceptions, integral to all our systems, needs and requirements as a modern society. The loss of power quickly impacts upon essential services, critical infrastructure and the very fabric of our society. Electrical power is often taken for granted but modern society (at all levels) is heavily reliant and dependent on it. While electrical power was restored to Adelaide within several hours, large areas of South Australia remained without power for several days. The review describes specific effects and consequences of the black system event in some detail and demonstrates the interdependencies between services. It was about an hour before the end of normal business hours on a Wednesday afternoon when the power went out. Transport signals and many traffic lights stopped working and the Traffic Management Centre lost the ability to observe and control intersections. As a result, police personnel were used to control key intersections in the difficult weather conditions.
6
Black System South Australia 28 September 2016, published March 2017 Final Report of the Independent Review of the Extreme Weather Event South Australia 28 September-5 October 2016, January 2017 7
Critical Infrastructure Resilience | 2018 Report
11
Electric trains and trams stopped on the rails. Extraction fans in the city's main train station failed meaning that diesel trains could not be used as a redundancy measure to move passengers. Buses were used to move commuters. Issues with refuelling added to the difficulty. Many service stations had generator back-up to provide electricity for their shopfronts, but few could power the pumps which bring fuel up from underground tanks to customers’ vehicles. The review notes that customers’ ability to pay for fuel at stations which could pump was an issue given automatic teller machines, card services and electronic payment options were rendered unavailable. The loss of electricity supply meant that South Australia’s main fuel distribution point did not have the capacity to pump fuel. The review notes that an enduring power outage would quickly impact the whole fuel supply network leading to shortage. The review commented on gaps in the business continuity planning of government agencies, businesses and individuals. The review outlined that the extended loss of power caused mobile and landline telecommunication networks to fail or at best provide an intermittent and therefore unreliable network. It describes the impact on police, ambulance, fire and rescue services including impacts to operational communication, control centres and community access to emergency call-taking and dispatch. It also describes effects on emergency broadcasting of public information. The cascading disruption from the electricity supply to telecommunications flowed further. For example, where the electricity outage was prolonged, food retailers also lost the ability to offer electronic payments, cash out transactions, and send or receive orders of grocery items, perishables and frozen food. The chamber of commerce and industry for South Australia surveyed members of the business community soon after the event. From the results it estimated the cost of the black system event on South Australian businesses at $367 million, including an estimated $115 million impact on major industrial businesses. The review explains that the water authority’s business continuity planning arrangements ensured the supply of water and sewerage services, therefore avoiding public health issues. In Port Lincoln, where the electricity outage lasted longer than it did in Adelaide, a rotational system of back-up generation was implemented at key sites, ensuring that town sewerage did not become a major issue. The review notes that overall, both metropolitan and country hospitals generally stood up well during the black system event. However, the review also discusses specific instances where pharmacies and aged care facilities were challenged and mentions losses at a private fertility clinic. The South Australian black system event is a real-life scenario of how a disruption to just one essential service, electricity, has the capacity to result in significant flow-on impacts on the delivery of other services, resulting in consequences for the community on a statewide scale. It also serves as an example of where a resilience building activity, in this case business continuity planning by a water authority, can help to mitigate consequences to the community.
Image: AAP Image/David Mariuz
3 Victorian critical infrastructure sectors
The Strategy describes a vision of arrangements for Victorian critical infrastructure resilience, founded on a strong partnership between government and industry sectors, that limit disruption to the supply of essential services to the Victorian community. The Strategy recognises eight critical infrastructure sectors and encourages resilience building activities within and between each of these sectors. Each of the eight critical infrastructure sectors has been assigned to a portfolio department whose role is to provide the primary interface between government and critical infrastructure owners or operators and lead planning for their sector. Machinery of government changes effective 1 January 2019 have assigned portfolio responsibility for the transport, communications and food supply sectors to new portfolio departments. Table 1: Critical infrastructure sectors and respective portfolio department as at 1 January 2019 SECTOR
PORTFOLIO DEPARTMENT
Energy
Department of Environment, Land, Water and Planning
Transport
Department of Jobs, Precincts and Regions
Water
Department of Environment, Land, Water and Planning
Banking and finance
Department of Treasury and Finance
Communications
Department of Jobs, Precincts and Regions
Food Supply
Department of Jobs, Precincts and Regions
Government
Department of Premier and Cabinet
Health
Department of Health and Human Services
The following sections describe the eight critical infrastructure sectors which deliver services to the Victorian community, and examples of recent emergency events which impacted on their operations where appropriate. These descriptions are included to provide readers with an overview of the services, assets, networks and systems within each critical infrastructure sector. IGEM avoids identifying particular infrastructure or the owners or operators given security implications and commercial sensitivities.
Critical Infrastructure Resilience | 2018 Report
3.1 Energy The energy sector supplies the essential services of fuel (including gas), light and power to the Victorian community. It comprises three sub-sectors: •
liquid fuel – owners or operators of liquid fuel production and import facilities, refineries, storage systems, distribution systems and retail outlets
•
gas – owners or operators of gas production, receiving, processing and storage facilities, transmission systems and distribution systems
•
electricity – owners or operators of electricity generation, transmission and distribution systems.
Most of Victoria’s energy infrastructure is privately owned or operated. The energy sector operates as part of broader national energy markets and international supply chains. The energy sector is transforming due to technological, climatic, economic, political and regulatory factors. A range of Victorian and national risk management regulations apply to the energy sub-sectors. Interdependencies exist between the liquid fuel, gas and electricity sub-sectors, such that disruption in one sub-sector can lead to flow-on effects in others. Most of the critical infrastructure sectors identify energy as a critical dependency. Many Victorians may recall the impact and consequences of a large-scale gas supply disruption more than two decades ago. Events which impacted the energy sector in 2017 and 2018 include storms and periods of high temperature and humidity which led to electricity supply interruptions for customers in Victoria.
3.2 Transport Transport is an essential service to the Victorian community comprised of four sub-sectors: •
public transport – owners or operators of train, tram and bus systems, intermodal hubs, and ferries
•
freight and logistics – owners or operators of freight systems
•
road and rail – owners or operators of roads, tunnels and bridges, and rail infrastructure
•
port and marine – owners or operators of airports and marine ports.
Ownership of Victoria’s transport infrastructure varies with some assets being government-owned and some being privately owned.
13
14
Events in one sub-sector often have flow-on effects for other sectors and the broader community beyond known dependencies. Events which affected parts of the transport sector in 2017 and 2018 include the Flinders Street incident in December 2017 and the South West Fires in March 2018. While the transport sector retains a focus on incidents and developments in cyber and physical security, the sector acknowledges chronic stressors which affect resilience including urbanisation, an ageing population, changing weather patterns and increased frequency of natural events leading to emergencies.
3.3 Water The water sector supplies the essential services of water and sewerage to the Victorian community. It comprises owners or operators of water catchments, storage infrastructure, treatment facilities and transfer systems – who have the responsibility to collect, treat, transport and deliver water, and manage wastewater for urban or rural communities. Some provide bulk water supply and bulk sewerage services to other owners or operators. Water sector infrastructure is largely State-owned and most operators are statutory authorities. The water sector is regulated at the state level with national overlays on aspects such as drinking water guidelines. An emergency in the water sector has the potential to impact across most sectors and the water sector has some level of dependency on most of the other sectors, particularly the energy sector. The water sector continues to deal with familiar hazard sources such as fire, flood, dry seasons and drought, and is engaging with cyber security and climate change. Events that impacted on members of the water sector in 2017 and 2018 include the dumping of plastic pellets into a sewerage facility in 2017 and the South West Fires in March 2018.
3.4 Banking and finance The banking and finance sector provides financial services to the Victorian community. It comprises two groupings: •
retail and wholesale financial service providers (including banks), insurance and wealth management service providers and settlement agencies
•
national regulatory agencies.
Assets which enable service provision include information and communication technology systems and corporate headquarters. Operations of the banking and finance sector are structured around common, interdependent systems physically located in Australia and overseas which facilitate financial transactions. The banking and finance sector operates within globally competitive financial service markets and is subject to national regulation.
Critical Infrastructure Resilience | 2018 Report
The banking and finance sector is focused on developments in cyber security and acknowledges its dependency on a range of essential services and telecommunications.
3.5 Communications The communications sector supplies voice and data telecommunication services over fixed and mobile networks. The communications sector comprises organisations which variously: •
provide customers access to their networks
•
purchase access to other organisation’s networks which they then on-sell to customers
•
broadcast media content through the networks
•
maintain platforms on the networks for customers to engage in social and commercial activity.
Copper and fibre-optic networks, mobile telephone and wireless internet towers, satellites, exchanges and data centres enable transmission, backhaul and customer access to telecommunication. The communications sector is impacted by the roll out of new network transmission technologies. The majority of Victoria’s telecommunications infrastructure is privately owned or operated. Most of the service providers operate across Australia and many of these operate internationally. The sector is regulated at the national level with competition policy as a major consideration. Most other critical infrastructure sectors identify telecommunications as a critical dependency. The South West Fires in March 2018 impacted some operators and highlighted the dependency of the communications sector on the energy sector.
3.6 Food supply The food supply sector provides fresh, refrigerated and packaged food and groceries to the Victorian community. Assets enabling food and grocery supply continuity are held by private businesses and include large warehousing and distribution centres that in turn require complex logistics network services which are provided through outsourcing. The sector is made up of a national network of operators, which is primarily regulated at a national level with a strong focus on competition. Localised floods and fires had a limited impact on the sector in 2017 and 2018. The food supply sector identifies food producers and the energy, water, and transport sectors as critical dependencies.
15
16
3.7 Government Victorian Government departments, agencies and Victoria Police deliver or regulate the delivery of a broad range of services to the Victorian community. Some of these services include education, public safety, emergency services, transport, communications, social security and welfare, health and land management. The government sector also provides advice to ministers and supports high-level decision making. Departments and agencies operate subject to statelevel legislation and regulation with national overlays, for example, in the delivery of education. Human resources, information and communication technology systems and office properties enable government to provide its services. Each department or agency is responsible for its own security, preparedness to respond to an emergency, and for its own business continuity management.
Image: Victoria State Emergency Service
3.8 Health The health sector provides services such as health treatment, care, education and disease prevention to the Victorian community. Health services are delivered by a network of public and private providers including: •
medical practitioners, nurses, pre-hospital and ambulance services
•
mental, allied, dental and preventative health services
•
pharmacies.
These providers operate from a range of settings such as hospitals, medical clinics, community centres and private practices. The health sector is regulated at the state and national level and is subject to international standards and guidelines. Key challenges faced by the health sector include sustaining timely access to services, ensuring that its infrastructure keeps up with the growing population, and supporting regional communities and growth corridors to have the same access to services as those in metropolitan Melbourne. This sector is reliant on a complex system of interconnected infrastructures meaning that a failure of energy, water, transport or telecommunications infrastructure could have a flow-on effect to the delivery of health services. Most other critical infrastructure sectors identify a healthy workforce as a critical dependency. In 2017 and 2018, a number of incidents impacted Victorian communities and also challenged health services at local and regional level. Emergencies that are known to impact the sector or health system as a whole include mass casualty events, significant electricity outages or protracted disruptions to key dependencies such as information communications technology.
4 Key activities under the arrangements This chapter provides an overview of the key activities required or encouraged under the arrangements. This overview is included to provide readers with a high-level understanding of the arrangements which IGEM has monitored implementation of, and which IGEM will assess the efficiency and effectiveness of going forward. This overview uses a number of specific terms and phrases because of their particular meanings in the arrangements.
4.1 Sector resilience networks, plans and reports The Strategy recognises eight critical infrastructure sectors and a portfolio department is assigned to each. The Strategy outlines that the portfolio department for each sector is to chair a regular forum which includes representatives from industry, EMV, Victoria Police and, on invitation, other government departments and agencies. Industry members include representatives of owners or operators of critical infrastructure. The purpose of a Sector Resilience Network is to improve the resilience of a sector’s critical infrastructure assets and operations through joint planning, information sharing and reporting to government. In addition, a forum comprising members from each of the eight Sector Resilience Networks is to be regularly convened. This forum is called the All Sectors Resilience Network Forum and its purpose is to highlight the interdependencies between sectors and increase understanding of cross-sectoral vulnerabilities. The State Crisis and Resilience Council8, through its Risk and Resilience Sub-Committee, is to oversee the operation and activities of the Sector Resilience Networks to ensure accountability at the most senior levels of government. The central mechanism for each Sector Resilience Network to report to the State Crisis and Resilience Council is a Sector Resilience Plan developed annually by the respective portfolio department in consultation with industry. The Strategy outlines that portfolio departments are responsible for briefing relevant ministers on completed Sector Resilience Plans and monitoring the implementation of resilience improvement activities undertaken by industry. The purpose of a Sector Resilience Plan is to provide the Victorian Government with the status of, and continuous improvement arrangements for, each sector’s overall resilience. In addition, an All Sectors Resilience Report which summarises the resilience of Victoria’s critical infrastructure sectors is to be produced annually by EMV through the Risk and Resilience Sub-Committee of the State Crisis and Resilience Council. 8
The State Crisis and Resilience Council, per section 8 of the Act, consists of the head of each Victorian Government department, the Chief Commissioner of Police, the Chief Executive of EMV, the Emergency Management Commissioner, the IGEM (as an observer), and the Chief Executive Officer of the Municipal Association of Victoria as the representative of local government.
18
The Strategy states that the All Sectors Resilience Report is to be used to brief the State Crisis and Resilience Council and the Minister for Police and Emergency Services9 on the resilience of Victoria’s critical infrastructure, and to assist the State Crisis and Resilience Council to determine if any further actions by portfolio departments are required. The Strategy anticipates that the Minister for Police and Emergency Services will authorise public release of the All Sectors Resilience Report.
4.2 Assessment, designation and the Victorian Critical Infrastructure Register Division 2 of the Act requires the relevant minister to assess whether any infrastructure is vital, major or significant. Section 74B of the Act defines ‘infrastructure’ as any premises, asset, good or system used for the purpose of the generation, production, extraction, storage, transmission, distribution or operation of an essential service – and any communication system used for the delivery of an essential service, including any system used to generate, send, receive, store or otherwise process any electronic communication for the purpose of an essential service. The essential services listed in section 74C of the Act are transport, fuel (including gas), light, power, water and sewerage. This is similar to the list in the Essential Services Act 1958 and its predecessor legislation from 1948.10 IGEM understands that the Victorian Government applies the Act on the basis of Orders in Council11 which identify ministers in respect of the essential services as relevant ministers and therefore it is these ministers who are authorised to assess infrastructure. The relevant ministers who assess infrastructure correlate with the energy, transport and water sectors. The prescribed methodology for assessment is identified in the Ministerial Guidelines for Critical Infrastructure Resilience as the Victorian Criticality Assessment Tool.12 The Strategy indicates that the assessment categorises infrastructure according to the geographic extent of the adverse impact if the infrastructure or the services it provides were lost or degraded. On the recommendation of the relevant minister, the Governor in Council may designate infrastructure to be vital critical infrastructure. The relevant minister must provide a copy of an Order designating vital critical infrastructure to the person designated as the responsible entity, EMV, the Chief Commissioner of Police and the Chief Executive Officer of any municipal council in which the infrastructure is wholly or partly located.
9 The General Order of 1 January 2019 identifies that the Minister for Police and Emergency Services administers the Act (previously the Minister for Emergency Services). 10 Where the Act refers to “fuel (including gas)”, the Essential Service Act 1958 and Essential Service Act 1948 refer to “fuel”. 11 Victoria Government Gazette G20 21 May 2015 page 1137 and Victoria Government Gazette G35 30 August 2018 p1901. 12 First issued May 2015 with updates in August 2016 and March 2017.
Critical Infrastructure Resilience | 2018 Report
19
Figure 1: Criticality levels as described in the Strategy
The responsible entity is the owner or operator of designated vital critical infrastructure. Division 4 of the Act sets out that EMV must maintain a register called the Victorian Critical Infrastructure Register which must contain specific information about each infrastructure which has been assessed as vital, major or significant. Access to the Victorian Critical Infrastructure Register is to be limited to persons who have functions or powers in respect of critical infrastructure, counter terrorism or emergency management.
4.3 Resilience Improvement Cycle Division 5 of the Act requires a responsible entity – the owner or operator of designated vital critical infrastructure – to complete the four activities of the Resilience Improvement Cycle each year: •
Prepare an emergency risk management plan. Regulations13 under the Act prescribe ISO31000:2009 Risk Management – Principles and Guidelines14 and its companion handbook as the basis for emergency risk management planning by responsible entities. This standard describes a model of risk management at the heart of which is the implementation of risk treatments which are informed by a process of risk assessment.
•
Develop, conduct and evaluate an exercise to test its planning, preparedness, prevention,15 response or recovery in respect of an emergency.
13
Emergency Management (Critical Infrastructure Resilience) Regulations 2015 The website of the International Organization for Standardization advises that ISO31000:2009 has been revised by ISO31000:2018. 15 Amendments to the Act not yet in operation include amendments substituting the word “mitigation” instead of “prevention”. 14
20
•
Conduct an audit of its emergency risk management processes. The purpose of the audit is to evaluate the efficiency, effectiveness and appropriateness of the management by the responsible entity of risks to its capability in relation to planning, preparedness, prevention,16 response or recovery.
•
Submit a statement of assurance to the relevant minister. The Strategy indicates that a statement of assurance is intended to provide the relevant minister with confidence that the responsible entity has processes and plans in place to manage emergency risks to the supply of essential services to the Victorian community.
The Strategy describes these requirements as a collaborative cycle to help industry and government articulate the emergency risks to the supply of essential services to the Victorian community, and to develop risk management strategies to mitigate and manage those risks. Figure 2: Resilience Improvement Cycle adapted from the Strategy
16
Amendments to the Act not yet in operation include amendments substituting the word “mitigation” instead of “prevention”.
5 IGEM system-level assurance This chapter outlines IGEM's interpretation of the intent of the arrangements based on the objectives and roles for government and industry established in the Act and based on the vision, principles, strategic priorities and roles for government and industry described in the Strategy. It goes on to outline some of the key observations IGEM made in 2016 and 2017 about the implementation of the arrangements. Finally, this chapter explains why IGEM is transitioning from monitoring implementation of the arrangements to assessing the efficiency, and eventually the effectiveness, of the arrangements.
5.1 Intent of the arrangements Broad context Given IGEM’s function is to monitor, review and assess critical infrastructure resilience at a system level, IGEM considers it important to consider the arrangements in their broad context. The Strategy gives effect to Part 7A of the Act and Part 7A contains the provisions which authorise a number of key activities under the arrangements.17 IGEM reads significance into Part 7A having been embedded in the Act rather than in another piece of legislation. The Act is the principal legislation for emergency management in Victoria. As such, the arrangements should be interpreted in the context of emergency management and consideration should be given to how the arrangements interact with the emergency management system. IGEM understands the emergency management system to encompass fields of activity beyond emergency response operational decision making – as is reflected by the Act and associated legislation and policy (refer to Figure 3 on the next page). While the Act is the principal legislation for emergency management in Victoria, it is not the only legislation, regulation or policy which contains provisions for emergency management in relation to essential services in Victoria from a Victorian perspective or from a national perspective – examples include: •
The Essential Services Act 1958 which enables a minister to operate, control, regulate and direct any essential service during a period of emergency which has been proclaimed by the Governor in Council in relation to the essential service.
•
Legislation which enables government action in an emergency in relation to the supply of essential services such as the Electricity Industry Act 2000, Gas Industry Act 2001, Fuel Emergency Act 1977, Road Management Act 2004, Rail Management Act 1996, Port Management Act 1995, and Water Act 1989.
17
IGEM appreciates that activities such as sector resilience networks and plans are called for in the Strategy, and IGEM notes that the Strategy states that it ‘gives effect to recent legislative changes to the Act which came into effect on 1 July 2015’.
22
•
A range of national legislation with provisions for emergency management in relation to essential services, such as the Liquid Fuels Emergency Act 1984 (Commonwealth) which enables the relevant Australian Government minister powers to control fuel stocks, fuel production and fuel sales across Australia where the Governor General has declared a national liquid fuel emergency.
•
Hazard specific legislation which operates at the Victorian and national levels, for example, in relation to terrorism there is the Terrorism (Community Protection Act) 200318 in Victoria and the Defence Act 1903 (Commonwealth) as a national level overlay.19
IGEM focuses on the essential service sectors of energy, transport and water. However, IGEM’s assurance approach also considers the other five sectors recognised by the Strategy in their own right and because of the interdependencies with essential services. The Strategy asks government and industry to consider all hazards.20 Figure 3: Examples of emergency management activities clustered into groups from the Emergency Management Manual Victoria Part 1 – Emergency Management in Victoria
18
Section 21F Authorisation of special powers to protect essential services from a terrorist act. Part IIIAAA – Utilisation of Defence Force to protect Commonwealth interests and States and self-governing Territories. 20 IGEM understands that disruption to the supply of an essential service can constitute a hazard source of an emergency and/or an effect of an emergency and/or a consequence of an emergency. 19
Critical Infrastructure Resilience | 2018 Report
23
Intended outcome IGEM interprets that the intended outcome of the arrangements is to limit disruption to the supply of essential services to the Victorian community. The Strategy describes a vision of: Arrangements for Victorian critical infrastructure resilience, founded on a strong partnership between government and industry sectors, that limit the disruption to the supply of essential services to the Victorian community. The Ministerial Foreword to the Strategy sets an expectation that government and industry will work together to build critical infrastructure resilience: Building the resilience of the State’s infrastructure is the responsibility of government, public and private sector stakeholders working in partnership. This demonstrates our commitment in working together to build a strong and resilient community and to position Victoria to meet the future challenges ahead.
Means to achieve the intended outcome IGEM interprets the key activities under the arrangements to be risk management activities which enable information provision between government and industry to support decision making to limit disruption to the supply of essential services. Statements of intent from the Act support this interpretation: •
The first objective of the Act is to foster a sustainable and efficient emergency management system that minimises the likelihood, effect and consequences of emergencies.
•
The object of Part 7A of the Act is to provide for emergency risk management arrangements for critical infrastructure resilience.
Likewise, the second reading speech from the passage through Parliament of the amendments creating Part 7A of the Act reads that “The purpose of the bill is to amend the Emergency Management Act 2013 to provide for risk management arrangements for building critical infrastructure resilience.”21 The key activities under the arrangements, as outlined in Chapter 4 ‘Key activities under the arrangements’ of this report, generally conform to a model where: •
Subject matter experts (such as the owners or operators of infrastructure, portfolio departments, EMV and Victoria Police) are involved in identifying and assessing risks to the continuity of supply of essential services and identifying potential mitigations.
•
This risk and mitigation information is brought to the attention of appropriate decision makers (such as owners or operators of infrastructure, portfolio departments, EMV, Sector Resilience Networks, the State Crisis and Resilience Council, relevant ministers, the Minister for Police and Emergency Services, the Governor in Council, and persons who have functions or powers in respect of critical infrastructure, counter terrorism or emergency management).
•
Appropriate decision makers have this risk and mitigation information at hand so that they can make decisions which contribute towards limiting disruption to the supply of essential services.22
21
As recorded in Hansard of the Legislative Assembly 6 August 2014 at page 2563. IGEM does not assume that the key activities under the arrangements will generate real-time risk status and vulnerability information to be provided for the purposes of emergency response operational decision making. 22
24
There are a range of decisions under the arrangements which could contribute towards limiting disruption to the supply of essential services. Examples of such decisions could include but are not limited to: •
Industry and government members including a resilience improvement initiative in their Sector Resilience Plan to mitigate a risk identified during the discussions of a Sector Resilience Network meeting, and taking appropriate measures at their respective organisations to implement the initiative.23
•
When assessing or reassessing the criticality of infrastructure, the owner or operator and the portfolio department24 considering the upstream and downstream dependencies identified in a Sector Resilience Plan.
•
The responsible entity adjusting its emergency risk management plan informed by the findings of the evaluation of its exercise and the audit of its emergency risk management processes, as part of the Resilience Improvement Cycle.25
•
The State Crisis and Resilience Council determining that further actions by portfolio departments are required based on the briefing in the All Sectors Resilience Report produced annually by EMV through the Risk and Resilience Sub-Committee.
IGEM considers that risk and mitigation information generated and provided in actions required or encouraged under the arrangements may also support decision making under other parts of the Act and in emergency management more broadly.26 A primary example of this is the legislative requirement that the relevant minister provide a copy of an Order designating vital critical infrastructure to the responsible entity, EMV, the Chief Commissioner of Police and the Chief Executive Officer of any municipal council in which the infrastructure is wholly or partly located.
23
The Strategy at page 30 explains: “Through industry collaboration, they [Sector Resilience Plans (SRPs)] provide an overview of the sector’s critical assets and operations. The SRPs develop a profile of risks facing the sector, including an evaluation of the risks identified. Responding to this identification and evaluation of sector risks, the SRPs identify resilience improvement initiatives to address significant risks posed to the sector. The implementation of these initiatives is monitored by government.” 24 The Guidelines at page 6 explain: “While relevant ministers have primary responsibility for assessing the criticality of the infrastructure within their portfolio, as per section 74D of the Emergency Management Act 2013 (the Act), the final recommendation considers input from a self-assessment process from owners and operators of critical infrastructure, and an assessment from the relevant department.” 25 The Guidelines at pages 8-9 explain: “The following principles are provided to guide responsible entities in the development of their risk management plans: …2. RMPs [risk management plans] must consider the impact on responsible entities and the response to an emergency risk event experienced by a service on which the responsible entity is dependent… 3. RMPs must contain the emergency response procedures to be implemented in response to the occurrence of an emergency risk event. Emergency response procedures must be aligned to and be consistent with the State Emergency Response Plan and its sub-plans and the Emergency Management Manual Victoria… 4. RMPs must contain the procedures for recovery of the Vital Critical Infrastructure from an emergency risk event, and for its continued safe operation...” 26 IGEM’s assessments start with information provision explicitly anticipated in the arrangements and, in consultation with stakeholders, consider interactions which may improve performance of the arrangements and the emergency management system.
Critical Infrastructure Resilience | 2018 Report
25
5.2 Key observations from 2016 and 2017 This part presents again some selected key observations from IGEM’s 2016 Report and 2017 Report to highlight how improved provision of risk and mitigation information generated under the arrangements could support decision making which contributes towards the Strategy’s vision of limiting disruption to the supply of essential services to the Victorian community.27 IGEM anticipates that these key observations will be examined as part of its assurance approach going forward.
Providing value In the 2016 Report, IGEM noted that the critical infrastructure resilience governance arrangements were in their infancy. IGEM observed that the supporting role provided by government could be further enhanced by maximising the critical infrastructure resilience governance arrangements depicted in the Strategy. IGEM anticipated that, as the new arrangements became embedded over time, maximising the governance arrangements could include tabling long-standing industry challenges at the State Crisis and Resilience Council or its sub-committees so that common issues could be addressed at the appropriate levels. IGEM anticipated that addressing common issues at the appropriate levels would strengthen linkages and build stronger government–industry partnerships, and also raise awareness of industry issues that have the potential to affect longer-term government planning considerations.
Stretching capability to stimulate learning and cross sector-exercising In the 2017 Report, IGEM observed the good practice of some responsible entities who were moving away from exercising only for compliance purposes, towards exercising to stretch capacity and stimulate learning and improvement. IGEM also observed the good practice of portfolio departments organising additional exercising which involves industry and government from multiple sectors to explore crosssector dependencies. With deeper understanding of cross-sector dependencies, decision makers may have higher quality information about dependencies, risk to the continuity of the supply of essential services and the limits of existing risk mitigations.
Aligning audits with the intent of the arrangements The purpose of the audit under the Resilience Improvement Cycle is to evaluate the efficiency, effectiveness and appropriateness of the management by the responsible entity of risks to its capability in relation to planning, preparedness, prevention,28 response or recovery. In the 2017 Report, IGEM observed that if the responsible entity consults with the portfolio department on the scope of its audit and if the portfolio department provides structured feedback to the responsible entity on the audit it submits then, over time, audits may become more closely aligned with the intent of the arrangements. With better quality audits, decision makers may have higher quality information about the limitations of the responsible entities’ emergency risk management processes.
27
Refer to the 2016 and 2017 Reports for the full detail of IGEM’s findings and observations. Amendments to the Act not yet in operation include amendments substituting the word “mitigation” instead of “prevention”. 28
26
Statements of assurance – consultation and progress reporting of actions In the 2017 Report, IGEM observed the good practice of portfolio departments providing feedback to responsible entities on their draft statements of assurance to validate risk assessments and improve the level of information provided. IGEM also observed the good practice of a responsible entity describing in its statement of assurance how actions in the previous year were progressing in terms of the intended outcome. With validated risk assessments and a meaningful description of improvement in risk treatments, portfolio departments may have higher quality information about risk and the effectiveness of existing risk mitigations.
Sector Resilience Plans – status of each sector’s overall resilience The Strategy establishes that the purpose of a Sector Resilience Plan is to provide the Victorian Government with the status of, and continuous improvement arrangements for, each critical infrastructure sector’s overall resilience. In the 2017 Report, IGEM observed that if a Sector Resilience Plan noted the residual exposure of the sector’s services to key emergency risks or critical dependencies29 then this would provide a clearer sense of the status of a sector’s overall resilience. IGEM appreciates that a measure of risk is not necessarily a direct measure of resilience. IGEM observed that the compilation of data on inherent risk and residual risk from responsible entities’ statements of assurance30 could serve as evidence substantiating statements about the status of the energy, transport or water sector’s overall resilience. In other words, this compilation of data could be used to validate the risk assessments presented in a Sector Resilience Plan. In the absence of data and a direct measure of resilience, a portfolio department may find value by tracking changes in risk from year-to-year for key risk exposures and critical dependencies for a sample of critical infrastructure assets and operations in their sector or in the constituent sub-sectors. IGEM appreciates that changes in levels of inherent and residual risk may be driven by factors which are not within the control of an owner or operator of critical infrastructure, a portfolio department, the sector or government as a whole. The Sector Resilience Plan template asks that any significant changes in the emergency risk environment from previous years should also be included, along with an explanation of the change. With validated risk measurements about a sector or its constituent sub-sectors, a portfolio department may have higher quality information about risk and the effectiveness of existing mitigations over time.
29 The Guidelines provide guidance to support portfolio departments to complete Sector Resilience Plans. For each of a sector’s key emergency risk exposures or critical dependencies, the Sector Resilience Plan template asks that a brief qualitative description be provided of the sector’s overall exposure to the risk or dependency, noting the residual exposure of the sector’s critical services to the risk or dependency. 30 The Guidelines provide guidance to assist responsible entities to effectively manage emergency risk, and to prepare the annual statement of assurance. For each identified emergency risk, the statement of assurance template asks for summary details of the assessed likelihood, consequence and level of risk and for summary details of the status and assessed effectiveness of the risk management actions or activities.
Critical Infrastructure Resilience | 2018 Report
27
Such higher quality information may support performance of the accuracy and appropriateness attestations in relation to Sector Resilience Plans which are anticipated in the Strategy.
Analysis across all sectors The Strategy anticipates that the All Sectors Resilience Report will brief or inform three audiences – the State Crisis and Resilience Council, the Minister for Police and Emergency Services and the public. The All Sectors Resilience Report is intended to summarise the resilience of Victoria’s critical infrastructure sectors, including an overview of the key emergency risks and the resilience improvement measures being adopted by government and industry in response to those risks. It is also intended to identify interdependencies between sectors. In the 2017 Report, IGEM observed that an analysis of the resilience of Victoria’s critical infrastructure, including common risks or dependencies, across all sectors may validate or improve existing prioritisations of risks and resilience improvement initiatives. Such an analysis might also help identify risks and interdependencies which may not be immediately apparent when considered from the perspective of a particular sector. IGEM acknowledged such an analysis would take time, resources and opportunity given the challenges involved. IGEM appreciates that the All Sectors Resilience Report may not be appropriate as a single form of communication of the findings of such an analysis to all audiences given the security implications and commercial sensitivities. Therefore, the level of detail provided to each audience may need to be different. As noted in the 2017 Report, while EMV considers that the Sector Resilience Plans serve the purpose of briefing the State Crisis and Resilience Council, IGEM anticipates that the State Crisis and Resilience Council may also be assisted by being briefed on the overall resilience of Victoria’s critical infrastructure. Also, EMV advised that the Minister for Police and Emergency Services would be briefed using other processes. With an analysis of resilience from a cross-sector perspective communicated at the appropriate level of detail to the respective audiences, decision makers may have higher quality information about interdependencies, risk and the effectiveness of existing mitigations.
Measurement and reporting and coordination Under the Strategy, EMV has a responsibility to develop and support effective communication, monitoring and reporting networks to provide assurance on the effective implementation of the Strategy. In the 2017 Report, IGEM observed that the development of a robust performance measurement and assurance framework by EMV, in partnership with and adopted by all sectors, would enable the system to measure its own performance against key indicators and monitor the achievement of outcomes. It would also assist in the identification of good practice and lessons, which can then be embedded back into the system.
28
IGEM also noted EMV’s advice that it faced a key constraint when undertaking its lead role maintaining and coordinating whole of government strategy and policy for critical infrastructure resilience to ensure a consistent approach across government. The constraint was EMV’s limited visibility and involvement in the Resilience Improvement Cycle. With robust performance measurement and assurance and better visibility of the Resilience Improvement Cycle, EMV and portfolio departments may have higher quality information about risk and mitigation areas of priority going forward.
Resourcing In the 2016 Report, IGEM observed that departmental staff were mission critical assets to the implementation of the arrangements. IGEM identified four characteristics as most relevant to successful implementation of the arrangements: •
The value of experience and knowledge of individual staff affects levels of initial and continued engagement with industry and government stakeholders.
•
Informal relationship management plays a major role – informal relationships require significant time and effort to develop and to realise the benefits.
•
Trust is a key element in resilience building, with transparency and clarity fundamental factors to securing stakeholder buy-in.
•
A central tenet of resilience is that collaborative approaches are more effective than directive ones.
In the 2017 Report, IGEM reiterated this theme adding that the teams within portfolio departments and EMV which implement the arrangements are small and many are also required to perform operational, policy and administrative roles in relation to broader emergency management responsibilities. IGEM observed that, in order to ensure the intent of the arrangements can be realised in the years to come, there may be a need for government to consider the resources dedicated to the implementation of the arrangements from a sustainability and business continuity perspective – particularly if more infrastructure is assessed and designated as vital critical infrastructure. IGEM appreciates that the stability of teams and their level of resourcing impact the rate at which continuous improvements can be considered and, if appropriate, implemented.
5.3 Assurance approach going forward IGEM has a function to monitor, review and assess critical infrastructure resilience at a system level under section 64(1)(ga) of the Act. IGEM undertakes this function in accordance with its objectives under section 62 of the Act, which are to provide assurance to the government and the community in respect of emergency management arrangements in Victoria, and to foster continuous improvement of emergency management in Victoria. The scope of IGEM’s assurance role includes, but is not limited to, consideration of: •
the performance of the arrangements
•
how the arrangements interact with the broader emergency management system to limit disruption to the supply of essential services to the Victorian community
•
improvement opportunities.
IGEM is not able to acquit every aspect of its assurance role every year given the resource requirement and the burden it would place on stakeholders. IGEM approaches assurance with a view to adding value. Since 2015, IGEM has built its understanding of the arrangements in the course of monitoring the implementation of the arrangements. To continue to provide assurance and foster continuous improvement, IGEM is adapting its assurance methods towards assessing critical infrastructure resilience at the system level.
Critical Infrastructure Resilience | 2018 Report
29
IGEM has developed an assurance plan for 2018 and 2019 in consultation with key stakeholders (portfolio departments, EMV and Victoria Police). The remainder of this chapter outlines some of the key considerations behind IGEM’s assurance approach going forward and the assessment methods which will be used.
Critical infrastructure resilience The Act does not readily define ‘critical infrastructure resilience’ or ‘resilience’. The arrangements, and reports generated under the arrangements, seem to offer related but varied definitions of resilience: •
As outlined in part 5.1.3 ‘Means to achieve the intended outcome’ of this report, IGEM understands the key activities under the arrangements to be risk management activities which are intended to be done at the organisation, sector and cross-sector levels. The implication is the arrangements envisage that critical infrastructure resilience is built by managing risk at the organisation, sector and cross-sector levels.
•
The Strategy explains that ‘resilience of infrastructure’ is provided through good design of the network and systems to ensure infrastructure has the necessary resistance, reliability and redundancy, and by establishing good organisational resilience to provide the ability, capacity and capability to respond and recover from disruptive events which is gained through business operations and appropriate support for business continuity management.
•
The All Sectors Resilience Report 2017 defines ‘resilience’ as the capacity of individuals, communities, institutions, businesses and systems to survive, adapt and thrive no matter what kind of chronic stresses and acute shocks they experience.31 Three Sector Resilience Plans include the same or a similar definition. One of these three includes a relatively advanced discussion of what resilience means for its sector.
Part 5.2.7 ‘Measurement and reporting and coordination’ of this report highlighted that a robust performance measurement and assurance framework developed by EMV, in partnership with and adopted by all sectors, would enable the stakeholders to measure their own performance against key indicators and monitor the achievement of outcomes. If such a framework were developed to accommodate definitions of critical infrastructure resilience which respect each sector’s context, including national obligations, then IGEM could proceed with reference to it. In the absence of a framework developed by the stakeholders, IGEM proceeds with its assessments based on its understanding of the arrangements as outlined in part 5.1 ‘Intent of the arrangements’ of this report. IGEM’s methodologies for assessing critical infrastructure resilience at the system level have been and will continue to be developed iteratively in consultation with stakeholders.
Assessing the efficiency of the arrangements As explained in part 5.1.3 ‘Means to achieve the intended outcome’ of this report, IGEM interprets the key activities under the arrangements to be risk management activities which enable information provision between government and industry to support decision making to limit disruption to the supply of essential services. Systems evaluation theory provides a method to examine the provision of information in terms of efficiency and assumes efficiency is a prerequisite for effectiveness.32
31
This definition is referenced to the Community Resilience Framework for Emergency Management which defines “chronic stresses” as long-term issues that weaken the fabric of a community on a daily or cyclical basis, for example: high unemployment, inefficient public transport system, poor health, endemic violence, food or water shortages and the impact of climate change, and which defines “acute shocks” as sudden, sharp events that can threaten individuals, households and the community, for example: bushfire, floods, earthquakes, disease outbreaks and terrorist attacks. 32 IGEM’s approach is guided by systems evaluation theory as described by Professor Ralph Renger and colleagues in a series of articles published in the Evaluation Journal of Australasia between 2015 and 2017.
30
IGEM has begun the process of assessing whether risk and mitigation information generated in the key activities under the arrangements is being provided to the appropriate decision makers33 in a timely34 manner to inform decision making that contributes to the Strategy’s vision of limiting disruption to the supply of essential services to the Victorian community. The key activities under the arrangements which IGEM will focus on are outlined in Chapter 4 ‘Key activities under the arrangements’ of this report, namely: •
sector resilience networks, plans and reports
•
assessment, designation and the Victorian Critical Infrastructure Register
•
the Resilience Improvement Cycle.
IGEM has worked with and will continue to work with stakeholders to: •
map and prioritise the provision of risk and mitigation information (generated from key activities) to the attention of appropriate decision makers
•
for the priority flows of risk and mitigation information, assess the timeliness and quality of the information provided to decision makers.
IGEM’s assessments will focus on how risk and mitigation information is passed on or communicated to appropriate decision makers, rather than the effectiveness of the decisions made. IGEM will also consider how the decision makers provide feedback to those who generated the information. IGEM’s assessments start with the information provision explicitly described in the arrangements, and then consider interactions which may improve performance of the arrangements or the emergency management system to limit disruption to the supply of essential services to the Victorian community.35,36 IGEM anticipates that its assessments will prove suitable for assessing the improvement opportunities highlighted in part 5.2 ‘Key observations from 2016 and 2017’ of this report including those improvement opportunities which reflect on the performance measurement and assurance aspects of the key activities under the arrangements. IGEM plans to report findings of this efficiency assessment in 2020, and the findings will also be used to inform IGEM's approach to assessing the effectiveness of the arrangements. In line with its usual practice, IGEM plans to report findings in context.
Assessing the effectiveness of the arrangements IGEM has not yet determined its methodology for assessing the effectiveness of the arrangements. IGEM appreciates that ‘resilience’ is at times used as an umbrella term to accommodate different concepts for different purposes. As discussed in part 5.3.1 ‘Critical infrastructure resilience’ of this report, the arrangements, and reports generated under the arrangements, seem to offer related but varied definitions of resilience based on: •
risk management
•
resistance, reliability, redundancy, response and recovery
•
the capacity to survive, adapt and thrive.
33
Appropriate decision makers are discussed in Chapter 4 ‘Key activities under the arrangements’ and in Part 5.1.3 ‘Means to achieve the intended outcome’ of this report. 34 The Macquarie Dictionary Revised Edition (1985) defines ‘timely” as an adjective which means “occurring at a suitable time”. IGEM uses the phrase “timely manner” or the variant “timeliness” in acknowledgement that the purpose of information in question determines the appropriate timeframe for its provision. 35
IGEM understands the emergency management system to encompass fields of activity beyond emergency response operational decision making – as is reflected by the Act and associated legislation and policy.
36
IGEM does not assume that key activities under the arrangements will generate real-time risk status and vulnerability information to be provided for the purposes of emergency response operational decision making.
Critical Infrastructure Resilience | 2018 Report
31
Some portfolio departments have advised IGEM of progress in their efforts to develop concepts of critical infrastructure resilience which are appropriate for their sector, and which are able to be assessed. Consistent with past practice, IGEM will consult with stakeholders about methods for assessing effectiveness of the arrangements. Key considerations which will inform the development of IGEM’s methodology include: •
Definitions of critical infrastructure resilience which exist in the arrangements or in reports generated under the arrangements as discussed in part 5.3.1 ‘Critical infrastructure resilience’ of this report.
•
Defined outcomes for critical infrastructure resilience.
•
EMV's development of the performance measurement and assurance framework in partnership with all sectors as discussed in part 5.2.7 ‘Measurement and reporting and coordination’ and part 5.3.1 ‘Critical infrastructure resilience’ of this report.
•
Data and measures that are already being collected and reported in relation to the critical infrastructure sectors.
In the course of IGEM’s assessment of efficiency, measures to assess the effectiveness of the arrangements may become clearer. As part of public sector reform, the Victorian Government has developed an outcomes approach that seeks to provide a clearer and more effective way to measure the impact of activity in key priority areas. Departments are developing outcomes frameworks relevant to their vision and programs. There is also a process within the emergency management sector, which has been in development since 2015, to define a set of outcomes and outcome measures for emergency management in Victoria. In the absence of a performance measurement and assurance framework developed by the stakeholders, IGEM may proceed with its effectiveness assessment based on its interpretation that the intended outcome of the arrangements is to limit disruption to the supply of essential services to the Victorian community as explained in part 5.1.2 ‘Intended outcome’ of this report. IGEM anticipates that outcome measurements over time may provide results which show whether disruption to the supply of essential services is improving, is stable, or is deteriorating. A time-series of outcome measurement results may indicate where further improvements are necessary and where further assurance is required. Such an approach may add value in that it may help to move along conversations among stakeholders about the meaning of ‘critical infrastructure resilience’. IGEM appreciates that outcome measurement comes with challenges such as: •
Attribution – a range of environmental conditions and decisions of so many different people, including in government, industry and the community, over long periods of time contribute towards an outcome. The contribution of any risk mitigation to limiting disruption to the supply of essential services will be difficult to pinpoint.
•
Counterfactuals – determining the extent to which the risk mitigations have limited disruption to the supply of essential services is inherently challenging as we are unable to observe the outcome if systems had been set up differently.
•
Scale and scope – a disruption to the supply of essential services which is catastrophic for a street of neighbours may only calculate as minor if considered across the whole population of Victoria.
In line with its usual practice, IGEM will report any findings in context.
6 Concluding remarks
IGEM thanks portfolio departments, EMV and Victoria Police for their cooperation, contribution and the insights they shared during the implementation monitoring phase from 2015 to 2017 and with respect to the foundational work to support assessment of the efficiency of critical infrastructure resilience arrangements. This report has described the transition from implementation monitoring of the arrangements towards assessing the efficiency, and eventually the effectiveness, of the arrangements. The short case study on the South Australia black system event demonstrated how disruption in the supply of one service can cascade to disrupt the supply of other services to the community on a statewide scale. It also served as an example of where resilience building activity plays an important role in mitigating consequences to the community. IGEM wishes to leave readers with an appreciation of the importance and potential of the arrangements to enable the provision of risk and mitigation information for decision making to limit disruption to the supply of essential services. IGEM is focusing its future assurance approach accordingly. In doing so, IGEM will continue to work closely with key stakeholders. This consultation will include targeted discussions, collecting evidence, observing exercises, and attending a wide range of sector forums and meetings. IGEM commends the emergency management sector and critical infrastructure owners and operators for their ongoing commitment to limiting disruption to the supply of essential services to the Victorian community.
Image: Parks Victoria
This page has been left blank intentionally.
This page has been left blank intentionally.
igem.vic.gov.au
