Socio-Technical Resilience. A Response to the Vulnerabilities of Critical Information Infrastructures

Project description

Information and communication technologies are increasingly permeating all areas of basic social functions and are becoming a critical factor in maintaining them. As critical information infrastructures, they have already become part of other critical infrastructures, so ensuring their security becomes a virtually existential task. In this context, operators of critical information infrastructures are confronted with a plethora of challenges due to the composition of their system and its environment: On the one hand, the convergence of physical and digital infrastructures is accelerating the flow of information, and as the number of interdependent components increases, so does the pressure on operators to act. On the other hand, secure operation is threatened by increasing uncertainties related to climate change, terrorism, cybercrime, and state-sponsored cyberattacks. Despite all adversities, operators have so far managed to ensure high availability of their infrastructure. Yet, what social structures and capabilities do they need to continue operating securely? What kind of coping strategy still does justice to such a difficult-to-predict field of potential threats?

Taking into account the technical system composition of critical information infrastructures, the specific characteristics of a terrorist threat situation, and the challenges in the social organization of operations, I am working on a socio-technical coping strategy in my dissertation. The focus is on the following research question: Which strategy is capable of coping with the threat dimensions of terrorism for and the system vulnerabilities in critical information infrastructures?

Using the bridging concept of resilience, I present a possible response to this question. Resilient organizations cultivate capabilities that enable them to sustain necessary operations under all circumstances. However, a sociological approach raises the question of what is meant by necessary operations? And at what point are organizations resilient? Given the numerous actors that operate, regulate, or depend on critical information infrastructures, a simple answer does not seem possible. The core and resilience of those infrastructures are not a fixed entity. They are co-constituted by different stakeholders, which is why resilience is always marked by contingency and transformation.

The objective of my thesis is to provide a sociologically informed coping strategy that sheds new light on the urgent challenges of critical information infrastructure dynamics. To this end, problem-centered interviews are conducted with representatives of organizations that play a central role in maintaining the functionality and security of critical information infrastructures. The collected expectations will be evaluated using a qualitative content analysis in order to review and revise the resilience concept for its adequacy to the subject matter.

Contact

Alexandros Gazos, M.A.
Karlsruhe Institute of Technology (KIT)
Institute for Technology Assessment and Systems Analysis (ITAS)
P.O. Box 3640
76021 Karlsruhe
Germany

Tel.: +49 721 608-23228
E-mail