One particularly revealing study for the Cabinet Office in the UK analysed 11 infrastructures: fuel, utilities, transport, finance, the supply of food and goods, communication, emergency services, social services, justice, health services and weather forecasting.² Each was then broken down into 59 'processes', each of which was examined to identify the generic actions required for their operation. It was thus possible to identify for each process which other processes it depended upon.

This analysis identified the most critical processes on which the greatest number of others depends. Table 1 (see over) shows the most important ones. The table shows the number of critical dependencies (C); the number of non-critical dependencies (N); and the sum of both (T). There are four processes in the most critical category, and eight in the next tier of criticality. Not surprisingly, telecommunications and electric power are the most critical processes, on which virtually all the others depend. The supply of transport fuel and the road infrastructure rank third and fourth, since most material goods move from producer

Second, infrastructure systems fail due to the malfunction of their parts and the stress of the natural environment. The interconnection of systems increases the likelihood that failure at one location will affect ever-larger service areas.

Third, there is a growing body of experience relating specifically to infrastructure attacks by cyber-techniques, or where cyber related vulnerabilities have played an important part. Two cases are noteworthy. On 7 February 2000, two websites were subjected to a distributed denial of service attack. To mount such an attack, the attacker secures access to a number of unprotected computers and instructs them to send a large number of messages to the target website, either requesting information and hence saturating the target's input capacity, or transmitting invalid information that causes the target site to crash. The first attack was on Yahoo at 1:10pm Eastern Standard Time (EST), and shut the site down for five hours.³ Yahoo is visited by 8.7 million (m) users per day, and is an important part of the Internet because it serves as a portal to locate other sites or information. At 2pm on the same day, Buy.com was attacked and closed down for six hours. This e-commerce sales site is visited by 122,000 users per day. On 8 February Amazon.com, a retail sales site visited by 892,000 users daily, was closed for 3.75 hours; the CNN news site, with 642,000 users a day, was closed for 3.5 hours; and the eBay auction site, with 1.68m users, was closed for five hours. This pattern was repeated on 9 February. The E*Trade brokerage site, with 183,000 users daily, was closed for 2.75 hours and ZDNet (734,000 users) closed for 3.25 hours.⁴

The cost of these attacks is difficult to ascertain.⁵ Subsequent estimates have put the cost at hundreds of millions of dollars, but such numbers are quite soft.⁶ When dealing with insurers, or to impress policymakers, there is an incentive to inflate the figures, and when dealing with shareholders and regulators, there is an incentive to deflate them.

Although not primarily cyber-related, protests against rising fuel prices in the UK in September 2000 illustrate the possible effects of an attack on a national infrastructure. On 7 September 2000, protesters blockaded the British Shell refinery at Stanlow. By 10 September, there were blockades at 11 refineries and fuel depots. The rate of departure of fuel tankers from a typical refinery was reduced from one every three minutes to one every hour, for emergency services only. By 12 September, fuel supplies were reduced to zero or near zero at 320 of 960 Texaco filling stations, 350 of 1,600 Esso stations and 600 of 1,500 BP stations; the situation was similar for other chains. By the morning of 13 September, petrol companies estimated that 90% of their stations would run out of fuel.⁷

These protests illustrate the effectiveness of an attack on an infrastructure on which a large number of other systems depends, and provides support for the infrastructure interdependency analysis shown in Table 1.⁸ Panic buying of bread and milk ensued. Supermarket chain Safeway instituted rationing and Asda said it could not guarantee supplies beyond 16 September. The Royal Mail warned that it had supplies for only one more day of deliveries in some areas. Banks warned that they were running out of cash. The British Airports Authority advised airlines to refuel at Heathrow or Gatwick because these airports were served by private pipelines. Bus operators claimed that they had fuel to provide for 75% of normal service until 15 September. Train operators reported that they had supplies only until 15 September. The Confederation of British Industry stated that production lines would start shutting down because of loss of raw materials, and that there was no storage available for unshipped inventory.⁹

The protesters withdrew their blockades on 14 September when it became apparent that public opinion was turning against them.¹⁰ The British Institute of Directors said UK companies faced a loss of $1,4 billion; the hotel industry, manufacturing and transport were especially badly hit. The London Chamber of Commerce estimated that the fuel crisis was costing £250m per day, and that 10% of the UK's daily output of £2.5bn was being lost. The loss to businesses in London was £5om per day.

This attack was made more effective through the widespread use of information technology. Mobile phones allowed the rapid deployment of protesters through organised call networks. Information technology also allowed the need-related delivery of raw materials and goods, resulting in smaller inventories less capable of supporting normal operations over extended periods of disruption.

These examp...