Introduction

It is no secret that, in modern society, technological development must be powered, encouraged and supported by an economic strength closely linked to business aspect.

And this applies to all the sectors that providing primary services to support human activities. These infrastructures are frequently affected by catastrophic events which involve discontinuity or complete interruption to provided services.

They cannot be forgotten socio-economic consequences due to the recent terrorist attacks or natural disasters like Hurricane Katrina [October 2012] which represents an interesting case study to investigate from the perspective of interdependencies between specific critical infrastructures (CIs) sectors [64]. All these events form part of our cultural heritage must necessarily be converted into valuable lesson for the future.

It is generally accepted that the combination of one or more active failures and latent conditions are followed by indirect damages due to business interruption. These kinds of indirect damages resulted primarily from interconnected risks within infrastructures.

For these reasons, to have a coherent and compressive critical infrastructures model, agent-based (ABM), is mandatory. It must be borne in mind that, like power distri-bution system is a key sector for water distridistri-bution, TELCO, Gas & Oil distridistri-bution

and so on, intellectual activity supplied by people is the lifeblood that feeds every productive process at the basis of our society.

Nobody can predict with any certainty what the future holds but emergency preparedness and response and contingency planning, in critical situation it is a duty towards our modern society and a gateway to improve CIs resilience. Enterprises are constantly exposed to risks of different nature that came from: natural disasters, power outage, transport network, international agreements, economic and financial crisis and so forth. A first risks distinction, with respect to existing interdependencies, should be made by identifying sources of internal risk (from the Business Ecosystem) and sources of external risk (from the outer world) Figure 7.1.

ORGANIZATION

Assets, Organizational Structure, Building Services, Networks

Human Resources, etc.

POWER DISTRIBUTION

WATER DISTRIBUTION

TELCO

OIL & GAS DISTRIBUTION

INTERNATIONAL AGREEMENTS WEATHER

Climate Changes

HIGHWAY SYSTEM

TRANSPORTATION SYSTEMS

SOCIO-ECONOMIC BEHAVIOURS

SOCIO-POLITICAL BEHAVIOURS NATURAL DISASTERS

INTERNATIONAL ACTOF WAR

&

TERRORISM

INTERNAL SOURCEOF RISK

EXTERNAL SOURCEOF RISK

Figure 7.1 Internal and External Risk Interdependencies.

‘Business Continuity Management’ (BCM) has been defined as:

BCM – holistic process that identifies potential threads to an organization and the

impacts to business operations that those threats, if realized, might cause, and which provides a framework for building organizational resilience with the capability for an effective response that safeguards the interests of its key stakeholders, reputation, brand and value-creating activities.

[ISO 22301] [65]

It is clear that when the CI model include outside interactions not all informations are available due to the information sharing problem. In this work we are focused on internal organization ecosystem dynamics using an Asset-Based approach business oriented, however, we can extend such approach to any external source of risk when we need. The Asset-based approaches take on the general aim to identify and mobilize assets that can be used together and in various combinations [66]. At the heart of all these mechanisms, there are ‘people’ and through their skills and workforce, they makes enterprises more robust and resilient with respect to unexpected events. An appropriately Human Resource allocation ensures a proper execution of the considered business process, in order to have an effective BCM.

The terrorist attacks of 11 September 2001 have casting shadow over the world leading debates on significant provision to change BCM practices taking into account enterprise/organization resilience along with resilience by employees to improve a smart recovery in large-scale scenarios [67].

According to CA Technologies research report (The avoidable cost of downtime), it is estimated that the revenues are reduced by one third when corporate critical systems have an interruption [68]. Other Chartered Management Institute study underlines that during the last year, about 40% of the organization has suffered losses due to

IT issues. It can be said that perturbations like extreme weather conditions, loss of skilled personnel, loss of telecommunications and network interruptions could be affect BC [69].

Risk Management, Security management, and Business Continuity Management are designed to protect information and guarantee continued operation within an organization. However, boundaries are ‘fuzzy’ and it is hard to isolate all disciplines which dealing with recovery programs following an accident that threatens an enterprise from internal or external sources of risk. It is important to consider the fact that most disciplines are closely linked through crossover areas [70].

It becomes even more difficult when combination of this disciplines are strictly associated to operational management process because stakeholders, from very differ-ent backgrounds (e.g.: decision makers, business owner, re-engineering and business continuity experts), use different techniques and tools to achieve their objectives. Ac-cordingly, there is not a common language or a consolidated and integrated approach, on the one hand, able to sustain safety, security and continuity and, on the other, to support economic perspective. As an example of how issues arising from different perspective could be the practice to use redundant resources. In certain cases of BC, redundant resources, are highly recommended but also produce vast increases from the economic point of view. Limiting this aspect is already one of the most important challenges into Business Process Management.

Currently, traditional Business Process Management and Management Support Tools do not takes into account how important is to share skilled human resources between internal production processes. This sharing should be enhanced especially during critical situations in order to reduce losses due to business discontinuity. Busi-ness Continuity (BC) stems from the need to maintain high quality of service and productivity upon the occurrence of:

• IT-related issues;

• lack of resources to set up business productivity process;

• destructive events like natural disasters or economic crisis.

Ultimately, the main BC objectives are:

• increase resilience;

• speed up recovery procedures;

• reduce exposure risk due to security systems;

• decrease impact of catastrophic events;

• respond quickly to any kind of thread;

• turn critical situations into new opportunities.

Business Continuity is directly linked to Risk Assessment and must be successfully integrated with existing business processes. Adoption of such strategies have an intrinsic value in themselves and create new opportunities, while, mismanagement should be cause short and long-term losses also in term of company credibility and loss brand value.

Despite these issues are familiar, only two-third of big organisations has developed efficient BC strategies [71]. Probably, such behaviour, is due to short-sightedness of top management, their inability to allocate resources to BC but mostly to the lack of clearly and consolidated framework simply to introduce into pre-existing enterprise mechanisms. To manage and restore normal activities, in situation of high risk and inefficiency, it is necessary to refer to system architectures that are able to guarantee real-time reaction with low latency in response time. Anyway, it is important maintain high standards of safety and security with welfare in social and work settings.