Interview of a CEO & Scientific coordinator
Interview of Dr. Jovanovic, CEO of the European risk and resilience institute and scientific coordinator of InfraStress
RV: My first question relates to the InfraStress project and how it responds to the needs of different stakeholders. Could you please detail which stakeholders and which needs are addressed?
AJ: First of all, many thanks for the interest and for having this opportunity to talk about the project, the ideas developed in the project, and the ideas leading us in applying the project’s result later. Everything that we deal with today needs to be put in context.
The starting point for explaining this context to the people to the potentially interested parties and followers of the project is your question. Your question addressing the needs of different stakeholders and the diverse needs of various stakeholders is a crucial and essential one. Because we are talking about the context, which is constantly changing, so the context of the project of our work, of our daily life, is continually evolving.
We have seen this in the current crisis, the COVID crisis. And in the particular case of this project, we have essentially three types of different stakeholders: the plant owners, the people involved in operating the plants, and the competent authorities. They are all interested to see how they can, in today’s world, be sure that they are covering compliance, but that they are also going beyond compliance, which means that you are not only interested in people having only their safety belts in their cars. You are also interested that they stay alive.
So, these are two different things, and of course, it’s much easier to control the fact that people have their safety belts buckled than to be sure that this policy’s implementation will lead to the results we need.
Similar but still different needs are on the side of the EU. They are facing new types of threats, and they need new kind of responses. So, these responses today cannot be based on just simple checks and checklists. They have to be, as we have seen in many of the cases, very proactive, and that they have to combine the basic principle, which is applied in many EU policies, which is the policy based on the precautionary principle, but also on the policy which is evidence-based, which is adapting to the new evidence which is coming from applications.
In this context, we are talking today about something present in many areas, not only in the area of infrastructures, which is the orientation towards resilience. This orientation towards resilience is needed because we cannot cover all risks. We cannot come up with the solutions that will prevent and “ban” all the threats we have around. We have to be sure that if something like that happens, we will be able to recover, or our infrastructure will recover.
In that sense, the EU is facing the need, as a stakeholder, to ensure that the policy they propose is (applied and) future-oriented. They give the answers that are needed, but for practical implementation of these policies, they need projects that deliver examples and the “rest”.
Of course, society, as the third big stakeholder group or stakeholder, is often in a sort of observer seat. So, they see what the plant owners and people dealing with plants are doing. They are seeing what the EU is doing. And they want to be sure that the safety, security against these new threats is provided. Today, we have a change in this area because it is not only the society that wants to know that we are having safe industrial plants, but also having good policies. They also want to have a role in this process, and this active or more active role is something that we have to take into account when creating our answers. Be it on the European level or the level of policies or the solutions that projects like InfraStress provide.
To conclude, the EU and the society have a different set of needs, and all projects, the EU, and all the stakeholders involved have to provide a good answer to these needs.
How does the InfraStress project address these needs?
If you want to look at this from the formal point of view, we can always answer that the project will implement its work plan. Still, it will not be the answer that will make InfraStress a distinctive project going beyond the formal obligations and providing some new ideas and new solutions for a broader community.
So first of all, the solutions which the project is providing on the level of new methods and tools have to integrate different things, not just, e.g., “a software, delivered to partner B” Take an example: we all know that in the plants a lot of investment is required to improve security and safety. We’re talking about threats that are cyber and physical, many of them very unknown. You take the new type of cyber-attacks, you take the new types of extreme weather, and you will understand that we don’t know much about these scenarios and that we have to assume many things.
But we still have to provide a sort of a guarantee that we are improving the situation. We’re going to show it by comparing “before” and “after”, i.e., assessing the resilience level, which we had before and after, once when these methods and tools developed in InfraStress are introduced. We will hopefully have some better solutions and better situations. The specific and probably unique feature of interest is that we can assess this improvement qualitatively and quantitatively. And this is one thing which, as an integrated included solution, is hopefully going to meet many of the needs which we have mentioned above.
The other thing is mainly related to communication. We honestly try in the project to go beyond the traditional one-way communication. So, we’re not saying to people: look how good our results are, look how beautiful our tools are. We’re trying to ensure two-way communication. So not only saying that is what the project has delivered, but also to see the perceived benefits of the solutions in the society.
Especially in some of our pilot projects in Slovenia or Portugal, we have a lot of feedback which is coming a bit from the plant owner, a bit from the community around the critical infrastructure as such. This brings us to something that I would call a second most crucial element of «Project- for-Policies». It has to deal with two components, policies to projects and projects to policies.
The project delivers feedback to the policy creators, telling them the most crucial evidence and experience. We have a strong message from the project to all the people involved in resilience, ensuring resilience altogether, and this is the message that we have to go beyond the first response, meaning that we not only have super firefighters putting out the fire, in the case of fire. But we have improved both the preparatory phase identifying and looking at new risks and the phase of transformation which comes after that, so that we are not responding to the next fire in the same way as to the last one, which was hopefully also good, but that we are better prepared for the next one.
That is the part that belongs to the project to policies, which means that the project is sending a message to the policy creators: that’s how the policies should be improved in the future, so that’s probably the quintessence of the answer.
The last question is about the legacy of the project? What continuation is being considered once the project is over?
We have tried to solve this in as in the other areas of the project, we had tried to provide some practical solutions which implement the idea of «think big» so that the project results should stay afterward, but start small with the things that are tangible, that are practical.
All the tools which we have developed are integrated into one platform. This platform will continue to live because we have envisaged and started implementing a business-oriented structure called ERA (European Risk and Resilience Assessment initiative). This idea will allow many to find and create added value using the tools after the project. Be it assessment, be it stress testing, or just using some tools for their own needs. The people participating in this era initiative will have a sort of a business model which will, on one side, keep the platform alive and on the other side keep the possibility to develop these tools after the project further. That will hopefully be shown as a concept at the end of the project and beyond or outside the users of the project involved in the project.
The other thing that is usual for many other good projects is that we will try to make the sample solutions developed in the project, available to others. So we have made a special effort to have reports available as much as possible. And a dedicated Open Access book – people can access these results without paying – will be available after the project. Still, as I say, this is a more conventional part of leaving the results of the project.
The last part of the legacy is more unique for the project. Not very many EU projects contribute to the international standards. Our project directly contributes to the new ISO 31050 standard, which deals with emerging risks -our area is cyber-physical attacks- and how the management of these emerging risks can enhance the resilience of critical entities. This is something where the project results will be visible and embedded in something used by the international community.
On a more practical engineering and application-oriented level, we plan to finish and publish, before the end of the project, the DIN Spec, a national standard. Also, AFNOR, the French standardization body, has already joined the German national standardization body, which is the lead partner for this DIN spec. We are negotiating at this moment the participation of the Italian national standardization body having their positive first response already. But the process is not finished.
So, in that area, we will be specifying one particular aspect: the stress testing of the resilience of critical entities. If you want to say in this way: we are covering the high level in the terms of the ISO standard, we are tackling the most important practical result, which is the stress testing of the resilience of critical entities, in our DIN spec document, which is, as I say, not only German but also French and Italian. So, I hope flying as good as Airbus is flying !
Thank you very much ! For more information, check our website, our YouTube channel, join our Collective Intelligence platform, and read our publications.