Key challenges identified that could be addressed with promising results in future resilience research include but are not limited to:
- 1. Lack of common language and approaches.
- 2. Lack of will to collaborate across the boundaries of different disciplines to overcome school of thought thinking and disciplinary silo approaches.
- 3. Lack of more systematic (versus just presenting what works) selection and leveraging of systemic approaches from complex system theory, cyberphysical systems modeling, graph models, Markov models, etc.
- 4. Fragmentation and/or inaccessibility of data with unknown levels of reliability (bad quality data).
- 5. Big data may not be so big, in particular, when assessing rare disruption events.
- 6. High computational cost and modeling challenges for interlinked, non-linear, time-dependent problems.
- 7. Epistemic (systematic) and aleatoric (statistical) uncertainties at various levels.
- 8. Liability concerns of stakeholders.
- 9. Exposure and responsibility with respect to threats is diffused.
- 10. Lack of senior leadership and barriers from within the (fragmented) communities.
- 11. Resilience research is hard to validate; there is a long (real-world) learning curve.
- 12. Strategy and response to natural and man-made hazards are cultural, financial, and experience-dependent, often resulting in ergodic and moving-target expectations and goals.
- 13. Hazard quantification is not globally (worldwide) uniform: different hazards are different in essence or are assessed differently. Even in cases where, for instance, quantitative performance-based results are comparable, with the help of unbiased scientific methods, using individual, (non) local, profile, group, or individual personal and objects risks (on resilience objectives), the risk and resilience evaluation (risk and resilience appetite) can be ultimately quite different.
- 14. Resilience is not yet generally believed and/or known to be a business case for success.
Major Gaps in the State of the Art
In the years after 9/П, several threads of research can be identified regarding critical infrastructure contextualization, assessment, and improvement. Regarding the level of detail of investigations, at least in the European Union (EU) research calls opened by the European Commission (EC), a business-ready technology is sought with strong relevance to the civil security user community as well as for massive company involvement toward good economic prospects.
Regarding the infrastructure application domain, it can be observed that the initial enthusiasm for generic approaches with a high relevance for all critical infrastructure operators is somewhat decreasing. When referring again to EU calls, the expected use case scenarios to be addressed by research are developed for most calls in detail, consulting expertise gathered from a wide and by now rather established spectrum of stakeholders representing diverse interest groups. There is currently a consensus that critical infrastructure resilience should be driven mainly by domain-specific operators, rather than asking for generic solutions that are applicable to all types of infrastructures. For instance, this became apparent within a call that asked for the development of generic approaches to EU critical infrastructure resilience, which was answered very differently depending on the infrastructure use cases in a series of EU research projects, see, e.g., the projects RESILENS , RESOLUTE , and DARWIN . Other calls ask from the very beginning for infrastructure-specific sectorial cyber-physical risk control (see e.g., the call on prevention, detection, response, and mitigation of combined physical and cyber threats to critical infrastructure in Europe) . This can be motivated by the insight that resilience assessment and improvement is most efficiently conducted at the level of economic decision makers by addressing improvements possible without changing the legal and societal framework. The research gap is how to identify and deliver relevant evidence that requires users and decision makers to more adequately attend to future infrastructure risk control and resilience.
In this context, game-changing regulatory and legal modifications should be investigated to foster the decisions of operators, commercial and private critical infrastructure users, e.g., using serious gaming environments and simulations of CIS. However, research and frameworks that take into account systematically existing and potential boundary conditions and policies are missing. In particular, when asking for such frameworks that ask for the connection of policies to quantitative infrastructure models.
The last assessment can be understood as a specific gap that originates from the main research gap which is that there are not yet country-wide, multi-country, or even worldwide generally accepted approaches and even fewer standards to understand, model, and simulate interconnected critical infrastructure systems as well as single infrastructures. If domain-specific standardization approaches have been successful, they have been supported by research insights. However, most such standards are only available on the community level. There is a lack of further such efforts covering resilience from a more generic technical perspective and much more so for specific infrastructure domains.
Of particular interest are infrastructure static and dynamic data, as functional (non)performance (service) data that is necessary and sufficient for understanding, modeling, and simulating potential snowball effects, inter and intra cascades of potential events. Coupled infrastructure systems need to be understood well beyond a minimum description to determine such information and data bags.
Regarding research needs, methodological frameworks are missing that are capable of improving the efficiency of resilience approaches; the time scales of adaption to the true needs of society, economy, and the environment. For instance, it is challenging to identify motivating factors that lead to the increased engagement of actual decision makers, which are typically driven by economic revenue, branding options, or patented innovation.
Besides these more generic red threads and major gaps of resilience research, more specific research gaps can be identified that result in the research questions and key challenges identified in Sections 1.4.2 and 1.4.3. Gaps in current research include:
- 1. How to better cope with a lack of data, bad data, and big data.
- 2. How to address the lack of manpower that can be assigned to more frequent resilience issues with the help of more automated approaches such as those that are accessible with machine learning and AI approaches, in particular, for sensing, inspection, and pre-decision making.
- 3. How to design hybrid and partly autonomous systems for coping w'ith rare events, which by definition generates little training data.
- 4. How to quantify resilience gain in terms of economic profit.
Framework to Address the Challenges
The frameworks of (semi)quantification, assessment, design, and/or development of resilient socio-technical systems include:
- 1. Risk management and analysis approaches that focus on “risks on expected resilience behavior” and respective resilience optimization and risk minimization problems (see, e.g., Section 3 of ). Of special interest are identified risks that need to be mitigated and for which methods without machine learning approaches do not (yet) sufficiently deliver.
- 2. Systematic system development processes such as the V-model with extensions or further developed spiral models. Of special interest are additional development steps (e.g., to determine resilience requirements) that require analysis that cannot be conducted with traditional methods.
- 3. Agile short-term and long-term processes driven by disruption events, successful mitigations in similar cases, and expectedly successful approaches,
i.e., resilience improvement in a case by case approaches.
- 4. System analysis and simulation processes including, e.g., identification of resilience investigation targets, system understanding and modeling, system simulation or analysis, results discussion, assessment and evaluation, and executive recommendations.
- 5. Semi-quantitative expert and citizen opinion assessment and evaluation frameworks (see, e.g., Section 3 and 7 of ).
- 6. MCEER’s standard and the PEOPLES framework, see respectively , as well a more recent framework for resilience quantification .
- 7. Performance function-based resilience assessment and improvement processes: Variations of system-function based risk quantification and improvement approaches that identify a system’s main functions of interest and potential disruptions to determine critical combinations that require further investigations in terms of resilience quantification and assessment. Overall, resilience quantities are evaluated and in cases where they are not acceptable resilience improvement measures are selected. The objective is to obtain an overall sufficiently resolved and trusted system resilience quantification to show that all developed and implemented improvement measures lead to overall acceptable system resilience, (see e-g-, ).
- 8. Another example is the structured approach of the “Foresight review of resilience engineering: Designing for the expected and unexpected” stipulated by Lloyd’s register foundation, which provides background, definitions, and challenges while focusing on engineering solutions. It covers a rather wide range of fields .
Proposed Actions to Tackle the Challenges: Concepts, Methods, and Technologies for Future Resilience Research
The following actions are proposed to address the challenges, along with concepts, methods, and technologies believed to strongly support future resilience research:
- 1. Explore synergies between interdisciplinary groups and define common procedures and protocols for sharing data, methods, and tools.
- 2. Build more reliable data and metadata: ontologies, taxonomies, etc.
- 3. Take advantage of data analytics and machine learning techniques to overcome communication barriers and costs.
- 4. Extend risk management and analysis approaches to explicitly cover the objective of being resilient and for assessing “risks on resilience.”
- 5. Apply consistent system functional approaches, system performance function quantification, including aggregated and overall resilience quantification.
- 6. Aim at “all-resilience” approaches.
- 7. Define data, modeling, and interfacing modeling and simulation hubs, extending and joining similar such environments, e.g.,
- (i) A Simcenter automation simulation platform 
- (ii) An Open Framework for Integrated Multi-platform Simulations for Structural Resilience 
- 8. Extend or combine existing simulation urban risk control and resilience frameworks as developed in the EU projects D-BOX. ENCOUNTER, VITRUV, and EDEN, see  and  for multiple potential terror events and other types of events as well as for single events, see, e.g., a simulation environment for terroristic explosive events .
- 9. Develop frameworks for resilience-based design and assessment of structures and systems for life-cycle operation.
- 10. Develop data harvesting tools for building inventories (data pipelines).
- 11. Customize machine learning techniques for resilience applications.
- 12. Train public data sets for model calibration and verification.
- 13. Develop APIs and interface technologies between assets, sensors, geospatial data (GIS), smart systems representations (digital twins), digital building, infrastructure, and urban areas models, such as BIM, City-GML, Internet of Infrastructure (Iol), and early warning systems.
- 14. Enhance rapid real-time post-event capabilities.
- 15. Promote a seamless transition between system health monitoring and functionality assessment as well as for automated warning, disruption detection, monitoring, and recovery activities coordination (one-stop-shop to ensure regular use of platforms and tools).
- 16. Define core professional competencies for engineering practitioners and students in the domain of resilience concepts, design, development, audition, insurance, and research.
Roadmaps and Strategies Proposed for Future Implementation
Figure 1.1 presents a tentative roadmap for future resilience research focusing on the development of a worldwide hub for representation, modeling, and simulation of single critical infrastructure elements as well as networks and coupled networks. It is envisioned that such a development is conducted in several steps. It is believed that the scientific exchange of a potential user community of such a critical infrastructure modeling and simulation hub is crucial for success; one such opportunity could be a third international workshop on critical infrastructure resilience (see Figure 1.3).
Summary and Conclusions
It is expected that the above-described processes, methods, and technological advances will lead to scaling effects for resilience research capabilities, i.e., nonlinear improvements. Especially when putting together semi-automated approaches on a science platform hub. Different participants could provide different parts of modeling and assessment capabilities for assessment and optimal improvement identification of critical infrastructure assets and systems.
This also positively answers the question of whether it is expected that scientific methods can be used to overcome risks as generated by ever more complex, interlinked, and smart infrastructure systems.
Such an envisioned platform would:
- • Leverage the potential of using advanced digital data-driven and self-learning methods (AI approaches) for improving resilience, in particular, for data acquisition of diverse sources
- • Facilitate a better assessment, quantification of risk, and resilience for large-area systems
FIGURE 1.3 Tentative roadmap to an international exchange platform for large-scale area and critical infrastructure simulation and assessment, also showing how it can be iteratively improved.
- • Take into account various scales, complexities, and interdisciplinarities
- • Make standardized computations accessible for assessing fatalities as well as socio-economic and environmental losses
- • Provide international assessment criteria for natural and man-made events
- • Enhance societal preparedness
- • Enhance societal resilience
- • Explore counter natural and man-made disasters
- • Provide technology that supports critical infrastructure operators
- • Allow to better understand large-scale (on citizen crowd level) human- technology interaction
- • Promote transdisciplinary collaboration
- • Set the platform for a broad, multidisciplinary discussion on socio-political and policy issues that relate to the resilience of critical infrastructures to major disruptive events