Next Article in Journal
Contest-Based and Norm-Based Interventions: (How) Do They Differ in Attitudes, Norms, and Behaviors?
Next Article in Special Issue
A New Hybrid MCDM Model with Grey Numbers for the Construction Delay Change Response Problem
Previous Article in Journal
Seeking Challenges, Individual Adaptability and Career Growth in the Relationship between Workload and Contextual Performance: A Two-Wave Study
Previous Article in Special Issue
Rzeszow as a City Taking Steps Towards Developing Sustainable Public Transport
Font Type:
Arial Georgia Verdana
Font Size:
Aa Aa Aa
Line Spacing:
Column Width:

A Fuzzy WASPAS-Based Approach to Determine Critical Information Infrastructures of EU Sustainable Development

Institute of Sustainable Construction, Faculty of Civil Engineering, Vilnius Gediminas Technical University, Sauletekio al. 11, LT-10223 Vilnius, Lithuania
Faculty of Fundamental Sciences, Vilnius Gediminas Technical University, Sauletekio al. 11, LT-10223 Vilnius, Lithuania
Department of Information Systems, L.N.Gumilyov Eurasian National University, Satpayev st., 2, 010008 Astana, Kazakhstan
Author to whom correspondence should be addressed.
Sustainability 2019, 11(2), 424;
Submission received: 7 December 2018 / Revised: 8 January 2019 / Accepted: 11 January 2019 / Published: 15 January 2019


Critical information infrastructure exists in different sectors of each country. Its loss or sustainability violation will lead to a negative impact on the supply of essential services, as well as on the social or economic well-being of the population. It also may even pose a threat to people’s health and lives. In the modern world, such infrastructure is more vulnerable and unstable than ever, due to rapid technological changes, and the emergence of a new type of threat—information threats. It is necessary to determine which infrastructure are of crucial importance when decision-makers aim to achieve the reliability of essential infrastructure. This article aims to solve the problem of ensuring the sustainable development of EU countries in terms of identifying critical information infrastructures. Integrated multi-criteria decision-making techniques based on fuzzy WASPAS and AHP methods are used to identify essential information infrastructures, which are related to a new type of potential threat to national security. The paper proposes a model for identifying critical information infrastructures, taking into account the sustainable development of countries.

1. Introduction

Sustainability is one of the essential criteria of the well-being of a country’s citizens [1]. Many definitions of the concept of “sustainability” exist. The meaning of most definitions comes down to “continuity through time”, in context-dependent economic, environmental, and social areas [2,3]. The concept of sustainability is very old, and it represents the process itself [4,5,6]. It is synonymous with the concept of “sustainable development” [7]. Critical information infrastructure (CII) has a huge impact on it. CII can impact organizations or separate countries. The growing number of threats poses a real and increasing danger to the process of achieving the persistence and reliability of CII. New vulnerabilities have emerged with the development and application of information technologies in all spheres of life. Therefore, ensuring the development of vital public structures and institutions, including CII, is an essential responsibility of the government in the context of state security and sustainable development. The government must collectively prioritize, formulate clear objectives, and mitigate risks, adapting based on feedback and changing environments to achieve the stable growth of countries and core infrastructure roles. The risks are identified as “the probabilities of harm or loss”. They refer to “a potentially undesirable result that may arise as a result of an incident or undesirable event”. Ensuring the performance of CII at the national level aims to create protective mechanisms for managing the risks to which the country’s CII may be exposed. A collaboration of various sectors within and outside the state helps to achieve these goals. CII sustainability is related to the need to maintain the viability of the environment and society, starting with administration, economic and financial institutions, those of social welfare and health, the military, and civil protection, and ending with supplies of food, water, and energy, transport, communications, etc.
The concept of “infrastructure reliability” can be understood as the ability of the infrastructure, which is in danger, to adapt to the situation and to recover from losses while preserving the functioning of critical structures and elements. Increasing the level of CII reliability is ensured through risk management. The reliability of infrastructure assets, systems, and networks means that they must be flexible and adaptable. To strengthen the reliability of CII, it is important to have accurate, timely, and valid information about threats, and the ability to analyze expected risks, identify mitigation measures, and respond to threats, and, accordingly, the ability to recover.
Thus, the sustainable development of countries can be achieved through the management of risks that are associated with possible significant threats that are aimed at CII. It is necessary to perform a set of activities to:
  • identify CII;
  • identify, deter, detect, and disrupt threats aimed at CII;
  • reduce the vulnerability of CII, and mitigate the potential consequences of the incidents of CII;
  • organize the reserves (duplicates) of CII.
The ability to overcome adverse effects is significantly affected by the availability of infrastructure. The protection of CII is based on increasing its sustainability against emergency consequences.
Countries around the world face adverse information security events in the sector of critical infrastructures [8,9,10]. They often lead to numerous and significant losses, the essential disruption of production, and the destruction of the environment, etc. [11,12,13,14].
The problem of CII identification is complicated by the influence on a multitude of factors. It is necessary to assess impacts on various services and areas of activity, on the environment, and on the life and health of the population, etc. CII can affect any area of activity, from government management to engineering, including sustainable development. Therefore, this problem has lots of criteria, and to solve this one, it is acceptable to use the multi-criteria decision-making (MCDM) approach. In our case, the problem is solved by using the fuzzy WASPAS method, which has not been previously used for such tasks [15,16,17]. The WASPAS method actually aggregates two approaches: the WSM (Weighted Sum Model) and the WPM (Weighted Product model).
There are many decision-making approaches that are applied in various fields. For example, the MCDM methods were considered in [18]. Different scientists considered the theory of decision support systems [19,20,21] and their practical applications in many fields of human activity [22,23,24]. Decision-making methods develop dynamically [25,26,27]. Sivilevičius et al. presented an original MADM method, which could be applied to assess different security tools [28]. MCDM has widely used decision-making techniques in science and engineering, as well as in management [29,30,31,32]. Various categories of MCDM approaches solve complicated problems [33,34,35].
In the last few years in the field of information technology, there has been a rise in interest in using analyses that are based on a larger number of criteria, as a decision support tool. Such criteria may include stopping the supply of electricity, natural gas, district heating, drinking water, and electronic communications to settlements and other areas.
Thus, the MCDM methodology is defined as a set of tools that supports and facilitates the decision-making process, as an approach that is based on the use of several criteria, ensuring the correct choice of CII. The use of MCDM in determining CII will ensure its objectivity and transparency in assessing the acceptability of solutions.

2. Methodology of Research and Applied Methods

2.1. Research of the Concept of CII

In the last decade, critical infrastructure study has been directed based on interdependencies from various points. The research is mainly concerned with policies in this field [36,37]. Risk analyses and comments into the existing legal framework have been described in [38,39]. The interdependent essential infrastructures are presented in [40,41,42,43,44]. These works are mainly focused on engineering or computer science, to design better modeling, in order to manage the infrastructure, as well as to protect the vital infrastructure [45,46].
As indicated in the Directive [47], essential infrastructure is a system, asset, or part thereof that is situated in countries, and that is very important for the control of critical societal functions and safety, etc., and the failure or breakdown of which would have a great influence on a country; as consequence of an error in keeping up those functions.
The trends and current geopolitical and geostrategic perspectives expand more and more the concept of “national security” for environmental, financial, information technology and communication, and diplomatic components. Essential infrastructures are usually sensitive to the actions of some internal or external attributes, and they are under a risk of being destroyed or made non-operational [48].
The European Union and other countries use different definitions of critical infrastructure. According to the law of the Republic of Lithuania, CII are electronic communication networks or parts of an information system or a component of a complex of information systems, or a process control system, or part of it, a cyber-incident of which can cause significant damage to national security, state economy and public interests [49]. France notes that vital infrastructure is the structure or equipment that provides critical goods and services in the formation of a society and its lifestyle [50]. The Slovenian national importance of critical infrastructure includes its necessary capabilities and services, the violation of which will have a huge influence on national security, essential social or financial operations, safety, and social security [51]. According to the Canadian National Strategy for Critical Infrastructure, critical infrastructure refers to processes, technologies, etc., that are necessary for the health, safety, or economic well-being of the population, and the impactful operation of a country [52].
Based on relevant state concepts, it can be said that each country has its own perception of critical infrastructure. Identifying critical infrastructure is not sufficient to just rely on the definition. To achieve this goal, various methods and techniques should be used. In this case, the problem of CII identification was solved by applying the MCDM approach.

2.2. Achieving the Sustainability of CII, and Potential Threats to CII

Currently, the problem of natural disasters is considered to be one of the most pressing. In recent years, there have been significant changes in views on the sustainable state and development of natural systems. This is also interrelated with the intensive development of scientific and technical (information technology (IT)) and economic potential, and the industrial development of new territories. Often the cause of environmental disasters and devastating consequences lies in the failure of a critical information resource. For example, a failure in the refining industry may cause tens or hundreds of thousands of tons of crude oil or fuel oil to be released into the marine environment. Such an accident has enormous losses, which are very difficult to estimate due to its magnitude. Accordingly, knowledge of the criticality of information infrastructures that affect natural disasters, the timely development of precautionary measures, and the restoration of destroyed territories and their socio-economic systems and ecosystems is an essential attribute for the sustainable development of systems at various levels of EU countries.
Globalization, rapid technological change, and other factors change the global security situation, and expand the list of traditional threats [53,54,55]. A new type of risk has appeared, such as terrorist attacks, cyber-attacks, cyber wars, etc. [56,57,58].
When the distributed denial-of-service (DDoS) attacks on Lithuanian websites began in 2003. Lithuania recognized that the threat of cyber-attacks is real [59]. It should be noted that by the end of 2016, a list of CII of Lithuania was approved [60]. Other countries have also previously faced cyber threats towards the critical infrastructure. In 2007, Estonia suffered greatly from politically motivated cyber-attacks (the first cyberwar) [61].
In recent years, companies of all types, including those offering critical and emergency services, have been the victims of social engineering attacks [62]. The last most infamous type of cyber threat was the WannaCry ransomware, which was one of the most impactful and propagated malware in 2017. This international wave of cyber threats is reported to have struck over 150 countries worldwide [63]. These events have increased the awareness of potential threats towards critical infrastructure that potentially endanger national security. States began to realize that new types of threats could be directed against national critical infrastructures. This infrastructure is the most sensitive and vulnerable infrastructure, which can entail a huge impact on the state and its environment.
Critical infrastructure plays the main role in countries in with regard to the importance of nationwide, socio-economic, or public security [64]. Potential threats to the critical infrastructure of its countries prompted the EU Member State to take measures to protect the essential infrastructure each country. Identifying essential infrastructure is the first step toward protect the country and the interests of people who depend on critically crucial services. Accurately defining critical infrastructure can defend them against potential threats.
The following characteristics must be considered:
  • types of threats;
  • threat objects;
  • sources of threats.
The main types of threats directed towards sustainability include the violation of the accessibility, integrity, and confidentiality of information.
The objects, which are usually influential to CII work, can be represented as a network, an information or automated system, a process control system, etc.
The sources of key threats affecting the reliability of CII can be of two types:
  • External (computer hackers (competitors), carrying out targeted destructive effects, including using computer viruses and other types of malicious codes (human-made, external), terrorists, criminal elements and structures);
  • Internal (employees of an organization who are legal participants in information processing and acting outside their authority; employees of an organization who are legitimate participants in information processing and operating within their jurisdiction);
  • Common acting of external and internal threats with the aim of affecting CII.
The consequences of the threats can be catastrophic, so that it is essential to take all possible actions to protect and ensure the operation of CII. Figure 1 shows one of the options that are proposed by the authors for providing the process of sustainable functioning of CII.
As can be seen from Figure 1, the identification of CII is the first phase to protect critical infrastructure. Various methods can be used to identify CII.

2.3. CII Identification Models

Various models and methodologies, which were proposed earlier by other researchers and governments, are considered in this paper.
The article by Almeida on the identification of critical infrastructure offers a multi-criteria evaluation model [66]. In the Canadian Critical Infrastructure Assessment Model, Macbeth is proposed to solve the problem, using M-MACBETH software. This method was chosen because it has a social-technical approach to development problems, and it is more convenient for decision-makers. The proposed Macbeth model is improved by the Canadian model, but this is only a theoretical model that has not been tested in practice, and the adequacy of real applicability is not evaluated [66]. Despite this, there are a large number of scientific articles that offer other methods.
Applying the AHP method for a multi-criteria task in determining the level of criticality of the water management system is proposed in [67]. This area is an important sector for all countries, and it is critical infrastructure. The goal is to identify and develop the criteria, and a list of items that will be used to identify the properties of the critical level. The AHP method is the MCDM approach that can help a decision-taker, met with the difficult issue of a multitude of criteria [68]. AHP is an effective tool that can speed up the decision-making process. It is one of the most popular methods with a comprehensive, logical and structured system. Thus, this method was useful in analyzing quantitative information in the water supply industry, and the effectiveness of water management [67].
Izuakor and White [69] continued the analysis of the methods used in relation to critical infrastructures. After research, the novel method to identify essential infrastructure was proposed, and further study in this area is suggested using several criteria of decision theory.
The countries of the European Union apply the Critical service-dependent method, which identifies the most important services. Based on these services, they are trying to identify objects or other assets that belong to the CII. This method consists of three steps, which are shown in Figure 1 [63].
The goal of most of the methods is to determine the essential resources on which governments depend, and tp guarantee that they are adequately detecting faults.
Currently, there are more than 220 identified operators of critical infrastructure. In turn, 1000 critical resources are identified [70].
The different methods to identify CII could be applied. Each of the discussed methods has its advantages and disadvantages, but the government chooses the most appropriate method, taking into account their national characteristics.
The identified critical sectors and subsectors services are shown in Table 1 [65].
The European Commission provides a brief of 11 essential areas: energy; information and communication technologies; water; food; health; financial public order and safety; civil administration; transport; chemical and nuclear industry; space and research [70].
To identify the objects of CII supporting critical services it is essential to determine the main factors that allow determining the degree of influence (Table 2) [65].
An important criterion is an impact on the population, which indicates the number of people affected, health problems, heavy injuries, etc. Equally important is the economic impact, which reflects the impact on Gross domestic product GDP, the importance of economic losses, as well as products and the deterioration of service quality. Environmental impact testing indicates an impact on a person and the surrounding landscape and takes the main part in assessing the importance of infrastructure. Infrastructure assessment should take into account the interdependence of criteria that show a certain dependence on infrastructure with another critical infrastructure. It may also be subject to political criteria that reflect confidence in the ability of the government [72]. The European Union has, in particular, estimated the destruction of infrastructure or the severity of the consequences of its destruction, based on six criteria: impact on society, economic consequences, environmental effects, political effects, psychological effects, consequences for public health.
Some criteria for the sectoral and sub-sectoral assessment of the Lithuanian critical infrastructure are presented in Table 3. These criteria indicate the level of impact of the destruction of the particular sector, the object of the subsector, or its inability to manage critical services.
The work is not limited to the criteria for evaluating the sectoral or sub-sectoral criteria. In addition, criteria are included that indicate the significance of the impact of the destruction or damage to the object.
To apply the methodology of the Lithuanian government, the problem of CII identification was solved for three objects. Since the assessment of the critical infrastructure was not publicly available, and this data was not available, the table would be filled with random numbers in the range, from 0 to 3 points. The studied objects provided services for air transport, road transport, rail transport, sea transport, postal subsectors, so the weight of the first criterion was 1. Other results are presented in Table 4.
The number of objects is not limited, but in the example, there are three objects.
The weighted sum method (WSM) is used to calculate the estimates. The results obtained are: Object 1 and Object 2 have 15 scores, and Object 3 has 18 scores. Thus, object 3 has the highest priority, while object 1 and object 2 both share the second priority position. It is impossible to determine which of these objects is more significant, since the importance of the two objects is the same.
Having determined that the WSM method that is used in the above-mentioned method of identifying a CII is currently inappropriate, another MCDM method is further discussed. A methodology should be used to better define the CII, and to solve the problems of the applied WSM model. The use of points from 0 to 3 must be replaced with new ones.
Researchers have proposed different methods for define subjective or objective weights of criteria. The basic idea of assessing the significance of the criterion is that the most critical criterion gains the biggest weight.
An integrated definition of the objective significance of a criterion in the MCDM method is proposed in [74]. In practice, usually, a subjective weight is used, determined by professionals or experts. Many methods have been developed to identify the criteria weights in terms of experts’ assessment of the importance (weights). The most widely used approaches include the Delphi [75], the expert judgment [76], the Analytic Hierarchy Process (AHP) [77,78], the Analytic Network Process, Step-wise weight assessment ratio analysis method (SWARA) [79], and others. For example, criteria weights are determined by applying the AHP method: the weights of the criteria are calculated based on Saaty’s judgment scale and the new original scale, as presented by the authors. The ARAS (Additive Ratio Assessment) method (the MCDM approach) is applied, to solve the problem under investigation. The developed assessment method involves the Leadership in Energy and Environmental Design (LEED) system’s criteria [80].
During the evaluation process, the criteria values, and the degree of domination of each criterion, i.e., the objective weight criteria, could be considered. Unlike their subjective analogues, the objective weights are rarely used in practice. The Entropy method [81,82,83], the LINMAP method [84], the correlation coefficient, and the standard deviation based on the objective value determination method [85], and the prediction algorithm [86] are practical methods that are often used. Combined weighing is based on the integration of both objective and subjective judgments [87,88].
In our case, according to [89], the fuzzy WASPAS method was chosen.

2.4. An MCDM Process to Identify CII

This article presents an MCDM-based model of the applicability of the MCDM method for determining CII.
One of the main stages to determine CII is the design of a mathematical model consisting of:
  • a choice of essential variables;
  • drawing up restrictions, which are satisfied by variables;
  • a compilation of the objective function, which reflects the critical criteria for selecting the assignment of an object to a vital one.
The solution of the problem depends on the set of criteria for classifying objects as critical, as well as on their significance.
The task of classifying an information object is complicated by the presence of incomparable values of criteria, since particular criteria respectively have different units of measure, their scales are not comparable, and therefore, comparing the results that are obtained for each criterion is difficult.
Besides, the scales must be reduced and dimensionless—normalized values of criteria are used. Formally, describing the principle of optimality (the criteria of “correctness of the solution”) is difficult, due to the following reasons:
  • The objects considered by the theory of decision-making are so diverse that it is difficult to establish uniform principles of optimality for all classes of problems.
  • The goals of the decision-making stakeholders are different and often opposite.
  • The criteria for the correctness of the decision depend on the nature of the task, its goals, etc., and also on how correctly they were chosen for a particular country.
  • The difficulties in selecting a solution may be hidden in the specific formulation of the problem, if unrealistic results are required.
Alternative objects are characterized by the correctness of the definition of vital criteria and their significances. They have essential meaning. This is possible, by establishing the criticality of information objects and the priority of the compared options. Using international experience and expert assessments, as well as information sources, the values of the criteria are determined [73].
In this paper, the MCDM method performs the following functions:
  • The identification of CII among the available information objects;
  • The comparison of CII, and the formation of a comparative table.
The proposed model and the stages identified for the method for the CII identification structure are shown in Figure 2.
The procedure should concentrate on an essentially imperative task: to identify the decision-taker, and to differentiate it from the issue analysis. Various variants are possible for the criteria optimization, as well as synthesizing all criteria into one criterion of defining the optimum. The criteria are exceedingly conditioned, with the priorities and critical assets being identified. The criteria for the CII evaluation should be identified with a focus on country-critical services. The main stage in forming the criteria involves choosing the basic criteria for CII identification that can be divided into sub-criteria during the procedure. This could be the criteria for the life and health of the population, the criteria for the impact on the economy of the country, the criteria for environmental damage, etc. Criteria groups have various influences on significance.
To form the steps of the MCDM method of CII, we use the model described in the article [90].
Another model, which is used for identifying CII by the MCDM method, is shown in Figure 3.
There are several cases in which different MCDM approaches have various decisions. It might be explained because of the various mathematical artefacts that are used by different MCDM methods. However, the issue of applying a convenient MCDM approach in a specific case still exists. The choice of MCDM methods based on various parameters has already been studied by earlier researchers in [91]. When a particular MCDM method is finally recommended for a particular application, it is observed that its decision accuracy and ranking efficiency strongly depends on the value of its control parameter [92].
The most suitable solution of a problem in different areas, considering a number of criteria, such as environment, engineering, finance, etc., is the use of the MCDM method [67].
The flowchart of the proposed issue is shown in Figure 4.
Often, due to the lack of accurate data, employees spend a lot of time discussing various expert opinions. The problem-solving approach still stands.
The fuzzy set theory is a class of objects with a continuum of membership grades. Here, a fuzzy set A, presented in space X , is an ordered set of pairs. The components with 0 degrees can be unlisted:
A = { ( x ,   μ A ( x ) ) ,   x X }   ,   x X   ,   and   X [ 0 ;   1 ] ,
where A is described by its function μ A   :   X [ 0 ; 1 ] , which associates with each component x X , a real number μ A ( x ) [ 0 ; 1 ] . The function μ A ( x ) at x identifies the grade of membership of x in A , and is accounted for by the membership degree to which x belongs to A.
An ordinary subset A of X is presented like a fuzzy set in X , with a membership function as its characteristic function:
μ A ( x ) = { 1 ,   x A ; 0 ,   x A   .
If the universe of discourse is discrete and finite with cardinality n, that is X = { x 1 , x 1 , , x n } , A is calculated as:
A = i = 1 n μ A ( x i ) x i = μ A ( x 1 ) x 1 + μ A ( x 2 ) x 2 + + μ A ( x n ) x n   , .
If the universe of discourse X is an interval of real numbers, the A could be shown as follows:
A = X μ A ( x ) x   .
The fuzzy number A is determined to be a fuzzy triangular number, with α- lower, β-modal, and γ-upper values, if its membership function μ A ( x ) [ 0 ,   1 ] is defined as:
μ A ( x ) = { 1 β α x α β α   , i f   x [ α   ,   β ]   , 1 β γ x α β γ , i f   x [ β ,   γ ]   , 0 ,   o t h e r w i s e   , α β γ .
To obtain a crisp output, a defuzzification is implemented, which produces a quantifiable result in fuzzy logic, given the fuzzy sets and their corresponding membership degrees.
The fuzzy number is generally an expert’s given subjective data. Figure 5 presents the ordinary fuzzy set membership function.
Table 5 presents the following basic arithmetic operations for two triangular fuzzy numbers: (6) two triangular fuzzy numbers; (7) addition; (8) subtraction; (9) multiplication; (10) multiplication by constant; (11) division; (12) determining the reciprocal value; (13) the fuzzy power of raising the fuzzy numbers [94].
Experts have determined the weight values 0 < w ˜ j < 1   ,   j = 1 n w j = 1 . It is known that many methods are able to assess weights. Sometimes, some expert data cannot be accurately described by using numerical values. There are four main options that describe various ways of measuring the number of things in quantitative terms: nominal, ordinal, interval, or ratio scales. Likert items were proposed in [95].
Raising a fuzzy triangular number of the power of another fuzzy triangular number, if x ˜ 1 = ( x 1 α 1 , x 1 β 1 , x 1 γ 1 ) , and x ˜ 2 = ( x 2 α 1 , x 2 β 1 , x 2 γ 1   , ) this is special for this situation of research.
In the analysis, an initial data matrix is created initially, in which the rows contain alternatives, and in the columns, there are selected significant indicators. Each indicator is assigned to whether it is maximized or minimized.

2.5. The WASPAS Method

The WSM approach calculates the total score of the alternative as a weighted sum of the criteria. The WPM approach was created to prevent alternatives that have poor attributes or criterion values. Zavadskas et al. used the multiplicative exponential weighting method (or WPM) to solve dynamically changing environment problems [27].
The problem solution process by applying the WASPAS-F method is shown below.
Create the fuzzy decision-making matrix by using the values x ˜ i j and the criteria weights w ˜ j as the decision-making matrix entries. Determine the linguistic ratings.
Usually, experts play a main role in identifying the system of criteria, the linguistic values of the qualitative criteria, and the initial criteria weights.
The initial fuzzy decision-making matrix shows the preferences for m reasonable alternatives rated on n attributes:
X ˜ = [ x ˜ 11 x ˜ 1 j x ˜ 1 n x ˜ i 1 x ˜ i j x ˜ i n x ˜ m 1 x ˜ m j x ˜ m n ]   ;   i = 1 ,   m ¯ ;   j = 1 ,   n ¯   ,
where x ˜ i j is a fuzzy value that presents the performance value of the i alternative in terms of the j criteria. A tilde symbol “~” means a fuzzy set.
The process of normalization of the initial values of all criteria x ˜ i j eliminates different criteria measurement units. The values of the normalized decision-making matrix X ¯ ˜ :
X ¯ ˜ = [ x ¯ ˜ 11 x ¯ ˜ 1 j x ¯ ˜ 1 n x ¯ ˜ i 1 x ¯ ˜ i j x ¯ ˜ i n x ¯ ˜ m 1 x ¯ ˜ m j x ¯ ˜ m n ]   ;    
are determined as follows:
x ¯ ˜ i j = x ˜ i j max i x ˜ i j   i f   max i   x ˜ i j   i s   p r e f e r a b l e   ;   x ¯ ˜ i j = min i x ˜ i j x ˜ i j   i f   min i   x ˜ i j   i s   p r e f e r a b l e   ;   i = 0 ,   m ¯ ;   j = 1 ,   n   ¯ .  
Determine the weighted normalized fuzzy decision-making matrix X ^ ˜ q for the WSM:
X ^ ˜ q = [ x ^ ˜ 11 x ^ ˜ 1 j x ^ ˜ 1 n x ^ ˜ i 1 x ^ ˜ i j x ^ ˜ i n x ^ ˜ m 1 x ^ ˜ m j x ^ ˜ m n ]   ;     x ^ ˜ i j = x ¯ ˜ i j w ˜ j   ;   i = 1 ,   m ¯ ;   j = 1 ,   n   ¯   .
Determine the weighted normalized fuzzy decision-making matrix X ^ ˜ p for the WPM:
X ^ ˜ p = [ x ¯ ¯ ˜ 11 x ¯ ¯ ˜ 1 j x ¯ ¯ ˜ 1 n x ¯ ¯ ˜ i 1 x ¯ ¯ ˜ i j x ¯ ¯ ˜ i n x ¯ ¯ ˜ m 1 x ¯ ¯ ˜ m j x ¯ ¯ ˜ m n ]   ;     x ¯ ¯ ˜ i j = x ¯ ˜ i j w ˜ j   ;   i = 1 ,   m ¯ ;   j = 1 ,   n   ¯   .
Calculate the multi-attribute utility function values:
The WSM for i alternative:
Q ˜ i = j = 1 n x ^ ˜ i j   ;                        i = 1 ,   m ¯   ,
The WPM for i alternative:
P ˜ i = j = 1 n x ¯ ¯ ˜ i j ,     i = 1 ,   m ¯ .
The center-of-area is the most practical and easy to use for the defuzzification of the fuzzy performance measurement:
Q i = 1 3 ( Q i α + Q i β + Q i γ ) .  
P i = 1 3 ( P i α + P i β + P i γ ) .  
The utility function value Ki of the WASPAS-F method is calculated as follows:
K i = λ j = 1 n Q i + ( 1 λ ) j = 1 n P i ; λ = 0 , , 1 , 0 K i 1 ,
λ = i = 1 m P i i = 1 m Q i + i = 1 m P i .
Rank preference orders the alternatives, starting from the highest value, Ki.
A Likert-type 10-point scale was adopted to solve the problem (Figure 6).
A detailed description of the problem-solving process using the AHP and WASPAS-F methods could be found in [93].

3. Results

This article analyzes the problem of identifying the CII of the country.
When solving problems of a MCDM method, first of all, a set of possible alternatives is formed, consisting of the CII. Next, the criteria are selected. A matrix of a set of alternative objects, and the criteria of their criticality are presented in Table 6.
The criteria were identified on the basis of the sectors, which have a large EU counterpart. The list of proposed criteria is as follows:
  • The danger to life or health. This criterion is designed to assess how many people will be disturbed if the provision of a particular service stops. This criterion will cover all sub-sectoral and sectoral criteria, since the impacts considered include failure for these sectors or sub-sectors. Many sub-sectoral and sectoral criteria are estimated by the number of injured people, and by general criteria, the population health is also evaluated by their number; therefore, the unit of measure for this criterion is the population of the country.
  • The impact on the economy of the country. This criterion is widely used in the methodologies of the respective countries, and is included in the list of criteria that is recommended by the European Union. An economic impact assessment may have several expressions, but the proposed methodology deals with the number of productive working days that are lost. It is being understood as the time at which the destruction, damage, or significant damage to an infrastructure facility stops, or significantly disrupts certain activities. The number of lost production days is defined in terms of the number of lost production days multiplied by the number of employees involved in the work activity that has stopped or failed. When evaluating productive working days, it is necessary to take into account the impact of the destruction, damage, or violation of the estimated infrastructure facility on the productive working days of another infrastructure.
  • Environmental damage. The assessment of potential financial damage to the destruction of the environment or infrastructure should be carried out in accordance with the order of the Environmental Protection Law. The measure of environmental damage is the monetary value.
  • The impact of other facilities, in order to ensure the supply of basic services and continuous operation. This criterion includes the impact on the operation of another facility, which provides both the most important services, as well as other important services. Measure—the affected facilities that provide a range of important services.
  • Influence on public safety. Infrastructure damage or significant disruption can lead to widespread unrest. The impact on public safety is considered as the number of municipalities over which public safety management has been lost.
  • Damage to other European Union Member States. The destruction of the CII of one state can lead to negative consequences for other countries. This dependence is one of the important criteria for the EU countries, as its unit of measurement is the impact on the number of countries in the European Union.
Further criteria are determined by the weight, depending on their importance. More significant criteria possess higher weight values (Table 7).
The task of choosing the best alternative, in this case of the creation of a priority sequence of CII, is solved by the previously discussed MCDM methods.
In this case, seven experts were interviewed to assess the critical infrastructure alternatives. Coming both from the information security industry and academia from different European countries, they were invited to ensure the understanding of the European context and deep practical knowledge of the critical infrastructure: one from Poland (academic and industry background), one from Estonia (academic background), one from Sweden (academic background), and four from Lithuania (one of them having academic background and three from an industry background). One of the Lithuanian experts invited is one of the leading information security specialists in Lithuania, with more than 15 years of experience with key competences in critical security control development, a strong background in European knowledge (ENISA and Lithuanian Government advisor on national cybersecurity strategy), keeping CISA (Certified Information Systems Auditor), CRISC (Certified in Risk and Information Systems Control), CISSP (Certified Information Systems Security Professional), and several other security-related certifications. The majority of other experts with practical backgrounds also possessed industry-recognized security related certificates (CISA, CISM (Certified Information Security Manager), CRISC, CEH (Certified Ethical Hacker), CISSP, and others), and have experience in administering critical infrastructure, the organization of CERT (Computer emergency response teams) functions, or performing wide-scale risk assessments.
According to the results of the interview, the data obtained were summarized, and the average estimates of the seven experts were used in the article.
It should also be noted that the assessment of the criticality of the information infrastructure becomes more accurate if the number of experts is greater. Accordingly, it is preferable to take into account the opinion of several experts when assessing criticality.
Materials associated with the CII were collected and defined, and descriptions of the most significant criteria were made. The analysis was implemented. In this study, the SWOT (Strengths, Weaknesses, Opportunities, and Threats) analysis was used. Three information infrastructure alternatives, which are denoted as A1, A2, and A3, were chosen as possible alternatives. The A1 alternative is the information infrastructure of air transport, which provides both air navigation services and airport operation. A2 is the information infrastructure of the health sector, which provides emergency and hospital healthcare services. A3 is the financial information infrastructure, which provides banking, payment transactions, and stock exchange. The AHP approach was used to compare the criteria to each other. As mentioned above, the Likert-type ten-point scale (Figure 6) was used. In addition, a questionnaire about the experts’ evaluation levels toward the CII choices was used. It consisted of 10 various levels—from “not important” ( P ˜ 1 ) to “extremely important” ( P ˜ 6 )—on a fuzzy 10-level scale. So, the score of “not important” ( P ˜ 1 ) corresponded to a Triangular Fuzzy Number (TFN) of (0, 1, 1), respectively. The comparison matrix set is presented in Table 8.
The experts determined the criteria weights. Table 9 presents the integrated results of the established weights. The priority weight vector describes the significance level of the criteria in the decision matrix. After obtaining the significance levels of the criteria, the fuzzy WASPAS approach was used to assess the criticality of the information infrastructures.
In this step of the research, fuzzy WASPAS began to establish fuzzy assessments of the alternative information infrastructures (A1, A2, and A3), taking into account the criteria by applying TFNs. This is an initial decision-making matrix (DMM) for ranking alternatives, and it denotes the implementation ratings of the alternatives in accordance with the criteria. Table 10 presents a comparison of the alternatives in accordance with the criteria.
The normalized decision matrix was achieved by applying relation (16) (Table 11).
Relation (17) was applied to archive the weighted-normalized Fuzzy Multi-Criteria Decision Making (FDMM) for WSM (Table 12), and relation (18) was applied to archive the weighted-normalized FDMM for WPM (Table 13). Relations (19) and (20), respectively, were applied to determine the values of the optimality function values for WSM and WPM.
The integrated utility function value of the fuzzy WASPAS technique for CII was identified by applying relation (24), as shown in Table 13. A1 is the most critical information infrastructure in the WSM, WPM, and WASPAS approach (Table 14). A3 is the least critical alternative among all of the CII considered. Usually, the decision-taker recommends information protection measures according to the level of the criticality of information infrastructures.

4. Discussion

There are various MCDM techniques that are widely applied. The WSM, which is now used in the different EU countries, is one of the recently developed and most widely used methods.
The results obtained according to the Lithuanian WSM-based methodology are less accurate than the results obtained by the WASPAS-F approach. The resulting value estimate was an integer. In calculations, it is often difficult to determine the priority of the object, since the results obtained may be the same and repetitive, but this is not the only drawback of this method. Given the fact that the methodology is subject to expert estimates, this limit is not appropriate. The results are subject to significant changes, and for this reason, the importance of the objects can be calculated erroneously.
In this case, CII may be incorrectly assessed, due to the problems mentioned above, as well as due to a misunderstanding of the method. The WSM method has its drawbacks associated with using the same dimensions for different criteria. The application of this approach requires that the assessments of all the criteria have the same magnitude, but the criteria of the critical infrastructure cover very broad areas. The influence is measured by the number of affected populations, the number of affected areas, and other sizes, and this method cannot be applied to solve this problem. The decision to use scores from 0 to 3 does not solve the current problem, since such a scoring system has no mathematical justification. Currently, using this method of identifying the CII, the sum of all criteria weighs from 14 to 16 scores. Such a weighting of criteria is also inappropriate, since, based on the WSM method, the weights of all the criteria must be equal to 1.
To overcome some of the shortcomings of this method, the fuzzy WASPAS method was chosen. The solved problem for identifying and ranking CII shows a more accurate result than the WSM method. The WASPAS-F method joins the advantages of the WSM and WPM approaches.
In this case, the AHP was applied to identify the importance of the criteria, while the fuzzy WASPAS was used to rank the alternative information infrastructures. The AHP method allowed for the effective determination of the weights of the criteria.
Finally, it was found that the described fuzzy WASPAS approach is practical for ranking alternatives.
Thus, the theoretical research and the practical results have demonstrated the effectiveness of using the Fuzzy WASPAS approach to identify CII. This approach can be used to identify the CII of other countries, including EU countries, as well as to solve other problems.

5. Conclusions

The socio-economic development of any country and its sustainable development, in fact, are directly dependent on the correct identification of CII, their reliability, and their safety. The achievement of the sustainable functioning of CII of countries represents for all states the essential elements in developing their strategies, the development of risk management, and the improvement of the ability to respond to information-related incidents and threats.
The stability of national security is a state of well-being of a country’s citizens, because each country can exist only in a safe environment. However, each country often faces different types of threats to national security.
CII, such as the smart grid, gas and water networks, and transportation and communication networks, has a decisive impact on the quality of life and the environment development of EU.
Inaccurate identification of the list of CII may lead to the non-application of appropriate measures to protect them, which may adversely influence the environment, and the economic and political state of the country, etc.
A new model was proposed to solve the problem of identification of the criticality of information infrastructures by applying the WASPAS-F approach. Six main criteria were defined. The weights of the criteria were calculated based on the AHP method. As a result, the most important criteria were “The danger to life or health” and “Impact on the economy of the country”; the medium-important ones were “Damage to the environment” and “The influence of other facilities ensuring the continuous operation of critical services”; and the least important criteria were the “Effect on public safety” and “Damage to other European Union Member States”.
This model is proposed for further use in calculating the criticality of real information infrastructures.

Author Contributions

Conceptualization, N.G.; Data curation, Z.T. and A.N.; Formal analysis, S.B.; Funding acquisition, N.G.; Investigation, A.N.; Methodology, Z.T.; Supervision, Z.T., N.G. and S.B.; Validation, Z.T.; Writing—original draft, A.N.; Writing—review & editing, Z.T., N.G. and S.B.


This research was partially funded by Ministry of Defense and Aerospace Industry of the Republic of Kazakhstan, grant number AP06851134, AP06851218.

Conflicts of Interest

The authors declare no conflict of interest.


  1. La Greca, P.; Margani, G. Seismic and energy renovation measures for sustainable cities: A critical analysis of the Italian scenario. Sustainability 2018, 10, 254. [Google Scholar] [CrossRef]
  2. Scherer, L.; Behrens, P.; de Koning, A.; Heijungs, R.; Sprecher, B.; Tukker, A. Trade-offs between social and environmental Sustainable Development Goals. Environ. Sci. Policy 2018, 90, 65–72. [Google Scholar] [CrossRef]
  3. Attard, G.; Rossier, Y.; Winiarski, T.; Eisenlohr, L. Deterministic modeling of the impact of underground structures on urban groundwater temperature. Sci. Total Environ. 2016, 572, 986–994. [Google Scholar] [CrossRef] [PubMed]
  4. Shearman, R. The meaning and ethics of sustainability. Environ. Manag. 1990, 14, 1–8. [Google Scholar] [CrossRef]
  5. Clayton, A.M.; Radcliffe, N.J. Sustainability: A Systems Approach; Earthscan Publications Ltd.: London, UK, 1996. [Google Scholar]
  6. Hashemkhani Zolfani, S.; Zavadskas, E.K.; Turskis, Z. Design of products with both International and Local perspectives based on Yin-Yang balance theory and SWARA method. Econ. Res.-Ekon. Istr. 2013, 26, 153–166. [Google Scholar]
  7. Van de Wetering, R.; Mikalef, P.; Helms, R. Driving organizational sustainability-oriented innovation capabilities: A complex adaptive systems perspective. Curr. Opin. Environ. Sustain. 2017, 28, 71–79. [Google Scholar] [CrossRef]
  8. Lim, H.S.M.; Taeihagh, A. Autonomous vehicles for smart and sustainable cities: An in-depth exploration of privacy and cybersecurity implications. Energies 2018, 11, 1062. [Google Scholar] [CrossRef]
  9. Walther, T. Security supporting digitalization in the cement industry. ZKG Int. 2017, 70, 44–46. [Google Scholar]
  10. John-Hopkins, M. Mapping War, Peace and Terrorism in the Global Information Environment. J. Int. Human. Legal Stud. 2017, 8, 202–233. [Google Scholar] [CrossRef]
  11. Jarmakiewicz, J.; Parobczak, K.; Maslanka, K. Cybersecurity protection for power grid control infrastructures. Int. J. Crit. Infrastruct. Prot. 2017, 18, 20–33. [Google Scholar] [CrossRef]
  12. Ghafir, I.; Hammoudeh, M.; Prenosil, V.; Han, L.; Hegarty, R.; Rabie, K.; Aparicio-Navarro, F.J.; Little, R.G. Detection of advanced persistent threat using machine-learning correlation analysis. Future Gen. Comput. Syst.-Int. J. Esci. 2018, 89, 349–359. [Google Scholar] [CrossRef]
  13. Tuptuk, N.; Hailes, S. Security of smart manufacturing systems. J. Manuf. Syst. 2018, 47, 93–106. [Google Scholar] [CrossRef]
  14. Ghafir, I.; Prenosil, V.; Hammoudeh, M.; Baker, T.; Jabbar, S.; Khalid, S.; Jaf, S. BotDet: A System for Real Time Botnet Command and Control Traffic Detection. IEEE Access 2018, 6, 38947–38958. [Google Scholar] [CrossRef] [Green Version]
  15. Zavadskas, E.K.; Turskis, Z.; Antucheviciene, J.; Zakarevicius, A. Optimization of weighted aggregated sum product assessment. Elektr. Elektr. 2012, 122, 3–6. [Google Scholar] [CrossRef]
  16. Zavadskas, E.K.; Antucheviciene, J.; Saparauskas, J.; Turskis, Z. MCDM methods WASPAS and MULTIMOORA: Verification of robustness of methods when assessing alternative solutions. Econ. Comput. Econ. Cybern. Stud. Res. 2013, 47, 5–20. [Google Scholar]
  17. Zavadskas, E.K.; Turskis, Z.; Antucheviciene, J. Selecting a contractor by using a novel method for multiple attribute analysis: Weighted Aggregated Sum Product Assessment with grey values (WASPAS-G). Stud. Inform. Control 2015, 24, 141–150. [Google Scholar] [CrossRef]
  18. Zavadskas, E.K; Liias, R.; Turskis, Z. Multi-attribute decision-making methods for assessment of quality in bridges and road construction: State-of-the-art surveys. Baltic J. Road Bridge Eng. 2008, 3, 152–160. [Google Scholar] [CrossRef]
  19. Amott, D.; Pervan, G. Eight key issues for the decision support systems discipline. Decis. Suppl. Syst. 2008, 44, 657–672. [Google Scholar]
  20. Car, N.J. Using decision models to enable better irrigation Decision Support Systems. Comput. Electr. Agric. 2018, 152, 290–301. [Google Scholar] [CrossRef]
  21. Zavadskas, E.K.; Antucheviciene, J.; Vilutiene, T.; Adeli, H. Sustainable decision-making in civil engineering, construction and building technology. Sustainability 2018, 10, 14. [Google Scholar] [CrossRef]
  22. Zhang, G.; Xu, Y.; Li, T. A special issue on new trends in Intelligent Decision Support Systems. Knowl.-Based Syst. 2012, 32, 1–2. [Google Scholar] [CrossRef]
  23. Wen, W.; Chen, Y.H.; Chen, I.C. A knowledge-based decision support system for measuring enterprise performance. Knowl.-Based Syst. 2008, 21, 148–163. [Google Scholar] [CrossRef]
  24. Ranerup, A.; Noren, L.; Sparud-Lundin, C. Decision support systems for choosing a primary health care provider in Sweden. Patient Educ. Couns. 2012, 86, 342–347. [Google Scholar] [CrossRef] [PubMed]
  25. Turskis, Z. Multi-attribute contractors ranking method by applying ordering of feasible alternatives of solutions in terms of preferability technique. Technol. Econ. Dev. Econ. 2008, 14, 224–239. [Google Scholar] [CrossRef]
  26. Zavadskas, E.K.; Turskis, Z.; Tamosaitiene, J. Contractor selection of construction in a competitive environment. J. Bus. Econ. Manag. 2008, 9, 181–187. [Google Scholar] [CrossRef]
  27. Zavadskas, E.K.; Kaklauskas, A.; Turskis, Z.; Kalibatas, D. An approach to multi-attribute assessment of indoor environment before and after refurbishment of dwellings. J. Environ. Eng. Landsc. Manag. 2009, 17, 5–11. [Google Scholar] [CrossRef]
  28. Sivilevičius, H.; Zavadskas, E.K.; Turskis, Z. Quality attributes and complex assessment methodology of the asphalt mixing plant. Balt. J. Road Bridge Eng. 2008, 3, 161–166. [Google Scholar] [CrossRef]
  29. Hurley, J.S. Quantifying decision making in the critical infrastructure via the Analytic Hierarchy Process (AHP). Int. J. Cyber Warf. Terrorism 2017, 7, 23–34. [Google Scholar] [CrossRef]
  30. Mardani, A.; Zavadskas, E.K.; Khalifah, Z.; Zakuan, N.; Jusoh, A.; Nor, K.M.; Khoshnoudi, M. A review of multi-criteria decision-making applications to solve energy management problems: Two decades from 1995 to 2015. Renew. Sustain. Energy Rev. 2017, 71, 216–256. [Google Scholar] [CrossRef]
  31. Leśniak, A.; Kubek, D.; Plebankiewicz, E.; Zima, K.; Belniak, S. Fuzzy AHP application for supporting contractors’ bidding decision. Symmetry 2018, 10, 642. [Google Scholar] [CrossRef]
  32. Guarini, M.R.; Battisti, F.; Chiovitti, A. A methodology for the selection of multi-criteria decision analysis methods in real estate and land management processes. Sustainability 2018, 10, 507. [Google Scholar] [CrossRef]
  33. Turskis, Z.; Zavadskas, E.K. A novel method for multiple criteria analysis: Grey additive ratio assessment (ARAS-G) method. Informatica 2010, 21, 597–610. [Google Scholar]
  34. Zavadskas, E.K.; Mardani, A.; Turskis, Z.; Jusoh, A.; Nor, K.M.D. Development of TOPSIS Method to Solve Complicated Decision-Making Problems: An Overview on Developments from 2000 to 2015. Int. J. Inf. Technol. Decis. Mak. 2016, 15, 645–682. [Google Scholar] [CrossRef]
  35. Strantzali, E.; Aravossis, K. Decision making in renewable energy investments: A review. Renew. Sustain. Eng. Rev. 2016, 55, 885–898. [Google Scholar] [CrossRef]
  36. Kaska, K.; Trinberg, L. Regulating Cross-Border Dependencies of Critical Information Infrastructure; NATO Cooperative Cyber Defence Centre of Excellence (NATO CCD COE): Tallinn, Estonia, 2015. [Google Scholar]
  37. Moteff, J.D. Critical Infrastructures: Background, Policy, and Implementation; Congressional Research Service: Washington, DC, USA, 2015; Available online: (accessed on 4 December 2018).
  38. Van Asselt, M.B.A.; Vos, E.; Wildhaber, I. Some reflections on EU governance of critical infrastructure risks. Eur. J. Risk Regul. 2015, 6, 185–190. [Google Scholar] [CrossRef]
  39. Lauta, K.C. Regulating a moving nerve: On legally defining critical infrastructure. Eur. J. Risk Regul. 2015, 6, 176–184. [Google Scholar] [CrossRef]
  40. Seppanen, H.; Luokkala, P.; Zhang, Z.; Torkki, P.; Virrantaus, K. Critical infrastructure vulnerability-A method for identifying the infrastructure service failure interdependencies. Int. J. Crit. Inf. Prot. 2018, 22, 25–38. [Google Scholar] [CrossRef]
  41. Zhang, P.C.; Peeta, S. A generalized modeling framework to analyze interdependencies among infrastructure systems. Transp. Res. Part B-Methodol. 2011, 45, 553–579. [Google Scholar] [CrossRef]
  42. Dudenhoeffer, D.D.; Permann, M.R.; Manic, M. CIMS: A framework for infrastructure interdependency modeling and analysis. In Proceedings of the 2006 Winter Simulation Conference, Monterey, CA, USA, 3–6 December 2006; pp. 478–485. [Google Scholar]
  43. Lauge, A.; Hernantes, J.; Sarriegi, J.M. Critical infrastructure dependencies: A holistic, dynamic and quantitative approach. Int. J. Crit. Infrastruct. Prot. 2015, 8, 16–23. [Google Scholar] [CrossRef]
  44. Foytik, P.; Robinson, R.M. Weighting critical infrastructure dependencies to facilitate evacuations. Int. J. Disaster Risk Reduction 2018, 31, 1199–1206. [Google Scholar] [CrossRef]
  45. Harasta, J. Legally critical: Defining critical infrastructure in an interconnected world. Int. J. Crit. Infrastruct. Prot. 2018, 21, 47–56. [Google Scholar] [CrossRef]
  46. Kundur, D.; Contreras, J.; Srinivasan, D.; Gatsis, N.; Wang, M.; Peeta, S. Introduction to the Issue on Signal and Information Processing for Critical Infrastructures. IEEE J. Sel. Top. Sign. Proc. 2018, 12, 575–577. [Google Scholar] [CrossRef]
  47. Council of the European Union. Council Directive 2008/114/EC, on the Identification and Designation of European Critical Infrastructures and the Assessment of the Need to Improve Their Protection; Official Journal of the European Union: Brussels, Belgium, 2008. Available online: (accessed on 4 December 2018).
  48. Neag, M.-M. Critical Infrastructure Protection—The Foundation of National Security (1); Buletin Stiintific. “Nicolae Balcescu” Land Forces Academy: Sibiu, Romania, 2014; Volume 1, pp. 56–61. Available online: (accessed on 4 December 2018).
  49. Law on Cybersecurity of the Republic of Lithuania—Lietuvos Respublikos kibernetinio saugumo įstatymas. 12.11.2014). Nr. XII-1428. Legislation register—Teisės aktų registras. Available online: (accessed on 4 December 2018).
  50. The Critical Infrastructure Protection in France. SGDSN, 2017. Available online: (accessed on 4 December 2018).
  51. Ministry of Defence of the Republic of Slovenia. Critical Infrastructure. Available online: (accessed on 4 December 2018).
  52. National Strategy for Critical Infrastructure. Her Majesty the Queen in Right of Canada. 2009. Available online: (accessed on 4 December 2018).
  53. Nurushev, M.Z.; Diarov, M.D.; Nurusheva, A. Development of oil fields on the shelf of the Caspian Sea and the risk level of accidents. News Nat. Acad. Sci. Rep. Kazakhstan Ser. Geol. Technol. Sci. 2017, 2, 201–211. [Google Scholar]
  54. Boranbayev, S.; Goranin, N.; Nurusheva, A. The methods and technologies of reliability and security of information systems and information and communication infrastructures. J. Theor. Appl. Inf. Technol. 2018, 96, 6172–6188. [Google Scholar]
  55. Boranbayev, A.; Boranbayev, S.; Nurusheva, A.; Yersakhanov, K. The Modern State and the Further Development Prospects of Information Security in the Republic of Kazakhstan. In Information Technology-New Generations; Springer: Cham, Switzerland, 2018; pp. 33–38. [Google Scholar]
  56. Boranbayev, A.; Boranbayev, S.; Yersakhanov, K.; Nurusheva, A.; Taberkhan, R. Methods of ensuring the reliability and fault tolerance of information systems. In Information Technology-New Generations; Springer: Cham, Switzerland, 2018; pp. 729–730. [Google Scholar]
  57. Boranbayev, A.; Boranbayev, S.; Nurusheva, A. Development of a software system to ensure the reliability and fault tolerance in information systems based on expert estimates. In Proceedings of SAI Intelligent Systems Conference; Springer: Cham, Switzerland, 2018; pp. 924–935. [Google Scholar]
  58. Boranbayev, A.; Boranbayev, S.; Nurusheva, A.; Yersakhanov, K. Development of a Software System to Ensure the Reliability and Fault Tolerance in Information Systems. J. Eng. Appl. Sci. 2018, 13, 10080–10085. [Google Scholar]
  59. Strategic Research Center of the General Jonas Zemaitis Military Academy of Lithuania. Lithuanian Annual Strategic Review. 2013–2014. 2014, Volume 12. Available online: (accessed on 4 December 2018).
  60. National Cyber Security Centre under the Ministry of National Defense. National Cyber Security Status Report for the Year 2017. Available online: (accessed on 4 December 2018).
  61. Kaiser, R. The birth of cyberwar. Political Geogr. 2015, 46, 11–20. [Google Scholar] [CrossRef]
  62. Ghafir, I.; Saleem, J.; Hammoudeh, M.; Faour, H.; Prenosil, V.; Jaf, S.; Jabbar, S.; Baker, T. Security threats to critical infrastructure: The human factor. J. Supercomput. 2018, 74, 4986–5002. [Google Scholar] [CrossRef]
  63. Hsiao, S.C.; Kao, D.Y. The Static Analysis of WannaCry Ransomware. In Proceedings of the 20th International Conference on Advanced Communication Technology (ICACT), Chuncheon, Korea, 11–14 February 2018; pp. 153–158. [Google Scholar]
  64. Yazdani, M.; Alidoosti, A.; Zavadskas, E.K. Risk analysis of critical infrastructures using fuzzy COPRAS. Econ. Res. 2011, 24, 27–40. [Google Scholar] [CrossRef]
  65. European Union Agency for Network and Information Security. Methodologies for the Identification of Critical Information Infrastructure Assets and Services. 2014. Guidelines for Charting Electronic Data Communication Networks. Available online: file:///C:/Users/%D0%90%D0%B4%D0%BC%D0%B8%D0%BD%D0%B8%D1%81%D1%82%D1%80%D0%B0%D1%82%D0%BE%D1%80/Downloads/Methodologies%20for%20the%20identification%20of%20Critical%20Information%20Infrastructure%20assets%20and%20services%20(1).pdf (accessed on 4 December 2018).
  66. Almeida, A. A multi-Criteria Methodology for the Identification and Ranking of Critical Infrastructures. Lisbon, Portugal; pp. 1–10. Available online: (accessed on 4 December 2018).
  67. Halim, M.H.; Mohammed, A.H. Identification of critical level of assets by using Analytic Hierarchy Process for water assets management. Int. J. Technol. Res. Appl. 2014, 2, 54–58. [Google Scholar]
  68. Zavadskas, E.K.; Turskis, Z.; Bagočius, V. Multi-criteria selection of a deep-water port in the Eastern Baltic Sea. Appl. Soft Comput. 2015, 26, 180–192. [Google Scholar] [CrossRef]
  69. Izuakor, C.; White, R. Critical infrastructure asset identification: Policy, methodology and gap analysis. In IFIP Advances in Information and Communication Technology; Rice, M., Shenoi, S., Eds.; Critical Infrastructure Protection X; Springer: Cham, Switzerland, 2016; Volume 485, pp. 27–41. [Google Scholar]
  70. Commission of the European Communities. Green Paper on a European Programme for Critical Infrastructure Protection, COM 576 Final. 2005. Available online: (accessed on 4 December 2018).
  71. Government of Canada Position Paper on a National Strategy for Critical Infrastructure Protection. Public Safety and Emergency Preparedness Canada. 2004. Available online: (accessed on 4 December 2018).
  72. Communication from the Commission to the Council and the European Parliament—Protection of Critical Objects in the Fight against Terrorism. Brussels (Komisijos komunikatas Tarybai ir Europos parlamentui—Ypatingos svarbos objektų apsauga kovojant su terorizmu. Briuselis), KOM 702 galutinis. 2004. Available online: (accessed on 4 December 2018).
  73. Resolution on the Critical Information Infrastructure Identification Methodology (Nutarimas dėl ypatingos svarbos informacinės infrastruktūros identifikavimo metodikos). 2016-07-16 Nr. 742. Register of Legal Acts. Available online: (accessed on 4 December 2018).
  74. Zavadskas, E.K.; Podvezko, V. Integrated determination of objective criteria weights in MCDM. Int. J. Inf. Technol. Decis. Mak. 2016, 15, 267–283. [Google Scholar] [CrossRef]
  75. Hwang, C.-L.; Lin, M.-J. Group Decision Making under Multiple Criteria: Methods and Applications, 1st ed.; Springer: Berlin/Heidelberg, Germany, 1987; 400p. [Google Scholar]
  76. Zavadskas, E.K.; Vainiunas, P.; Turskis, Z.; Tamosaitiene, J. Multiple criteria decision support system for assessment of projects managers in construction. Int. J. Inf. Technol. Decis. Mak. 2012, 11, 501–520. [Google Scholar] [CrossRef]
  77. Wu, D.F.; Yang, Z.P.; Wang, N.L.; Li, C.Z.; Yang, Y.P. An Integrated Multi-Criteria Decision Making Model and AHP Weighting Uncertainty Analysis for Sustainability Assessment of Coal-Fired Power Units. Sustainability 2018, 10, 1700. [Google Scholar] [CrossRef]
  78. Saaty, T.L. The Analytic Hierarchy Process; McGraw Hill: New York, NY, USA, 1980. [Google Scholar]
  79. Keršuliene, V.; Zavadskas, E.K.; Turskis, Z. Selection of rational dispute resolution method by applying new step-wise weight assessment ratio analysis (SWARA). J. Bus. Econ. Manag. 2010, 11, 243–258. [Google Scholar] [CrossRef]
  80. Medineckiene, M.; Zavadskas, E.K.; Björk, F.; Turskis, Z. Multi-criteria decision-making system for sustainable building assessment/certification. Arch. Civil Mech. Eng. 2015, 15, 11–18. [Google Scholar] [CrossRef]
  81. Hwang, C.-L.; Yoon, K. Multiple Attribute Decision Making. In Methods and Applications, 1st ed.; A State-of-the-Art Survey; Springer: Berlin/Heidelberg, Germany, 1981; 269p. [Google Scholar]
  82. Shannon, C.E. A mathematical theory of communication. Bell Syst. Technol. J. 1948, 27, 379–423, 623–656. [Google Scholar] [CrossRef]
  83. Šaparauskas, J.; Zavadskas, E.K.; Turskis, Z. Selection of façade’s alternatives of commercial and public buildings based on multiple criteria. Int. J. Strateg. Prop. Manag. 2011, 15, 189–203. [Google Scholar] [CrossRef]
  84. Triantaphyllou, E. Multi-Criteria Decision Making Methods: A Comparative Study, 1st ed.; Springer: Dordrecht, The Netherlands, 2000; 290p. [Google Scholar]
  85. Pekelman, D.; Sen, S.K. Mathematical programming models for the determination of attribute weights. Manag. Sci. 1974, 20, 1217–1229. [Google Scholar] [CrossRef]
  86. Su, H.Z.; Qin, P.; Qin, Z.H. A method for evaluating sea dike safety. Water Res. Manag. 2013, 27, 5157–5170. [Google Scholar] [CrossRef]
  87. Chatterjee, K.; Pamucar, D.; Zavadskas, E.K. Evaluating the performance of suppliers based on using the R’AMATEL-MAIRCA method for green supply chain implementation in electronics industry. J. Clean. Prod. 2018, 184, 101–129. [Google Scholar] [CrossRef]
  88. Zhao, H.R.; Li, N. Optimal Siting of Charging Stations for Electric Vehicles Based on Fuzzy Delphi and Hybrid Multi-Criteria Decision Making Approaches from an Extended Sustainability Perspective. Energy 2016, 9, 270. [Google Scholar] [CrossRef]
  89. Saaty, T.L.; Ergu, D. When is a decision-making method trustworthy? Criteria for evaluating multi-criteria decision-making methods. Int. J. Inf. Technol. Decis. Mak. 2015, 14, 1171–1187. [Google Scholar] [CrossRef]
  90. Marozas, L.; Goranin, N.; Cenys, A.; Radvilavicius, L.; Turskis, Z. Raising effectiveness of access control systems by applying multi-criteria decision analysis: Part 1—Problem Definition. Technol. Econ. Dev. Econ. 2013, 19, 675–686. [Google Scholar] [CrossRef]
  91. Li, Y.Y.; Zhang, H.Y.; Wang, J.Q. Linguistic neutrosophic sets and their application in multicriteria decision-making problems. Int. J. Uncertain. Quant. 2017, 7, 135–154. [Google Scholar] [CrossRef]
  92. Chakraborty, S.; Zavadskas, E.K.; Antucheviciene, J. Applications of WASPAS method as a multi-criteria decision-making tool. Econ. Comput. Econ. Cybern. Stud. Res. 2015, 49, 5–22. [Google Scholar]
  93. Turskis, Z.; Zavadskas, E.K.; Antucheviciene, J.; Kosareva, N. A hybrid model based on fuzzy AHP and fuzzy WASPAS for construction site selection. Int. J. Comput. Commun. Control 2015, 10, 873–888. [Google Scholar] [CrossRef]
  94. Van Laarhoven, P.J.M.; Pedrycz, W. A Fuzzy Extension of Saaty’s Priority Theory. Fuzzy Sets Syst. 1983, 11, 229–241. [Google Scholar] [CrossRef]
  95. Likert, R. A technique for the measurement of attitudes. Arch. Psychol. 1932, 22, 5–55. [Google Scholar]
Figure 1. One of the possible variants of the critical infrastructure sustainable functioning process [65].
Figure 1. One of the possible variants of the critical infrastructure sustainable functioning process [65].
Sustainability 11 00424 g001
Figure 2. Steps of the multi-criteria decision-making (MCDM) approach for critical infrastructure identification [90].
Figure 2. Steps of the multi-criteria decision-making (MCDM) approach for critical infrastructure identification [90].
Sustainability 11 00424 g002
Figure 3. The MCDM model for the selection of CII.
Figure 3. The MCDM model for the selection of CII.
Sustainability 11 00424 g003
Figure 4. Flowchart of the proposed issue-solving process.
Figure 4. Flowchart of the proposed issue-solving process.
Sustainability 11 00424 g004
Figure 5. Triangular membership function [93].
Figure 5. Triangular membership function [93].
Sustainability 11 00424 g005
Figure 6. Membership functions of the linguistic values for criteria rating [93].
Figure 6. Membership functions of the linguistic values for criteria rating [93].
Sustainability 11 00424 g006
Table 1. Critical sectors, sub-sectors, and services [65].
Table 1. Critical sectors, sub-sectors, and services [65].
Critical SectorSubsectorEssential Services
EnergyElectricityGeneration, transmission/distribution, and the electricity market
Petroleum Extraction, refinement, transport, and storage
Natural gasExtraction, transport/distribution, storage
Information, Communication TechnologiesITWeb services, data left/cloud, and software services
CommunicationsVoice/data communication, Internet connectivity
WaterDrinking waterWater storage, distribution and quality assurance
WastewaterWastewater collection and treatment
Food Agriculture/food production, supply, distribution, quality/safety
Health Emergency health- and hospital care, infection/epidemic control, etc.
Financial services Banking, payment transactions, stock exchange
Public order and safety Maintenance of public order and safety, judiciary and penal systems
TransportAviation Air navigation services, airports operation
Road transportBus/tram services, maintenance of the road networks
Train transportManagement or public railway, railway transport services
Maritime transportMonitoring and maintenance of shipping traffic, ice-breaking functions
Postal and Shipping
IndustryCritical industriesEmployment
Chemical and Nuclear IndustryStorage and disposal of hazardous materials
Safety of high-risk industrial units
Civil Administration State functioning
Space Protection of space-based systems
Civil protection Emergency and rescue services
Environment Monitoring and early warning (air and marine pollution, meteorological, groundwater)
Defense National defense
Table 2. The main factors that allow for the determination of the degree of influence [65,71].
Table 2. The main factors that allow for the determination of the degree of influence [65,71].
Key FactorsDescription
Scope or spatial distributionThe geographic zone that can be influenced by the failure or inaccessibility of a essential infrastructure (the international, national, provincial, regional level);
Severity or intensity or magnitudeThe results of the interruption of a specific essential infrastructure;
It can be measured as zero, minimum, moderate, or heavy. Assessment of the potential values may be used for different criteria.
Effects of time or temporal distributionThe point that the loss of a component can have a severe effect (immediately, several days, one week).
The criterion defines when the loss of this part can have a significant impact. Time effects may be measured in different sizes, e.g., directly, for 24–48 hours, one week, or for a longer period.
Table 3. Some criteria for the evaluation of the services of critical infrastructures in Lithuania [73].
Table 3. Some criteria for the evaluation of the services of critical infrastructures in Lithuania [73].
(K1) Environment, food, health, finance, public security and legal services, industry, government, civil protection, international relations, and security policy sectorsThe service would cease to cover more than 145,000 inhabitants, or more than three municipalities, and will last more than 24 hThe service would cease to cover more than 20,000 inhabitants, which will last more than 24 hThe service would cease to cover more than 500 inhabitants, which will last more than 12 hThe service has stopped for less than 12 h
(K1) Services provided by the electricity sub-sector;
Services provided by the natural gas subsector;
Services provided by the district heating sector
Supply will be cut off for more than 145,000 residents or in more than three municipalities or category I consumers, which will last more than 24 hSupply will be terminated for more than 20,000 inhabitants or a quarter of the population of the municipality, which will last more than 24 hSupply will be terminated for more than 500 inhabitants, which will last more than 24 hSupply will be cut off for less than 500 inhabitants
(K1) Services provided by the oil and petroleum products subsector Supply of petroleum products will decrease by more than 25% of the average daily consumptionSupply of petroleum products will decrease by 12–25% of the average daily consumptionSupply of petroleum products will decrease by 7–12% of the average daily consumptionSupply of petroleum products will decrease, but not by more than 7% of the average daily consumption in the state
Table 4. An example of the matrix for assessing the critical information infrastructure (CII).
Table 4. An example of the matrix for assessing the critical information infrastructure (CII).
CIIEvaluation of Criteria
Criteria weights 1111133111
Object 10231003000
Object 20012221100
Object 32033001223
Table 5. Main processes on fuzzy triangular numbers [93].
Table 5. Main processes on fuzzy triangular numbers [93].
x ˜ 1 = ( x 1 α , x 1 β , x 1 γ   ) , x ˜ 2 = ( x 2 α , x 2 β , x 2 γ   ) (6) k x ˜ 1 = ( k x 1 α   ,   k x 1 β   , k x 1 γ ) (10)
x ˜ 1 x ˜ 2 = ( x 1 α + x 2 α   ,   x 1 β + x 2 β   , x 1 γ + x 2 γ ) (7) x ˜ 1 ( ÷ ) x ˜ 2 = ( x 1 α x 2 γ ,   x 1 β x 2 β , x 1 γ x 2 α ) (11)
x ˜ 1 ( ) x ˜ 2 = ( x 1 α x 2 γ   ,   x 1 β x 2 β   , x 1 γ x 2 α ) (8) ( x ˜ 1 ) 1 = ( 1 x 1 γ   , 1 x 1 β   , 1 x 1 α ) (12)
x ˜ 1 x ˜ 2 = ( x 1 α x 2 α   ,   x 1 β x 2 β   , x 1 γ x 2 γ ) (9) ( x ˜ 1 ) x ˜ 2 = ( x 1 α x 2 γ ,   x 1 β x 2 β ,     x 1 γ x 2 α ) (13)
A-lower, β-modal and γ-upper values of fuzzy numbers
Table 6. Matrix for CII assessment.
Table 6. Matrix for CII assessment.
CIICriteria Criticality
Criterion 1Criterion 2Criterion 3Criterion 4Criterion n
Object 1x11x12x13x14x1n
Object 2x21x22x23x24x2n
Object 3x31x32x33x34x3n
Table 7. Criteria weights.
Table 7. Criteria weights.
Criterion 1Criterion 2Criterion 3Criterion 4Criterion n
Criteria weightsWeight 1Weight 2Weight 3Weight 4Weight n
Table 8. Determining the linguistic ratings.
Table 8. Determining the linguistic ratings.
Extremely ImportantEI91010
Very ImportantVI7910
Medium ImportantMI357
Low ImportantLI135
Not ImportantNI011
Table 9. Pairwise comparisons of the criteria weights for CII.
Table 9. Pairwise comparisons of the criteria weights for CII.
The danger to life or healthx11335330.38
Impact on the economy of the countryx20.33113330.20
Damage to the environmentx30.331.0013130.17
The influence of other facilities in ensuring the continuous operation of critical servicesx40.200.330.331330.11
Effect on public safetyx50.330.3310.33130.20
Damage to other European Union Member Statesx60.330.330.330.330.3310.06
Table 10. The initial Fuzzy Multi-Criteria Decision Making (FDMM) for the CII alternatives.
Table 10. The initial Fuzzy Multi-Criteria Decision Making (FDMM) for the CII alternatives.
Table 11. The normalized FDMM.
Table 11. The normalized FDMM.
Table 12. The weighted normalized matrix for WSM.
Table 12. The weighted normalized matrix for WSM.
Q 0.8 0.6 0.5
Table 13. The weighted normalized matrix for WPM.
Table 13. The weighted normalized matrix for WPM.
Q 5.7 5.1 5.2
Q 16.0
Table 14. Integrated utility function values of the fuzzy WASPAS approach.
Table 14. Integrated utility function values of the fuzzy WASPAS approach.
λ 0.90

Share and Cite

MDPI and ACS Style

Turskis, Z.; Goranin, N.; Nurusheva, A.; Boranbayev, S. A Fuzzy WASPAS-Based Approach to Determine Critical Information Infrastructures of EU Sustainable Development. Sustainability 2019, 11, 424.

AMA Style

Turskis Z, Goranin N, Nurusheva A, Boranbayev S. A Fuzzy WASPAS-Based Approach to Determine Critical Information Infrastructures of EU Sustainable Development. Sustainability. 2019; 11(2):424.

Chicago/Turabian Style

Turskis, Zenonas, Nikolaj Goranin, Assel Nurusheva, and Seilkhan Boranbayev. 2019. "A Fuzzy WASPAS-Based Approach to Determine Critical Information Infrastructures of EU Sustainable Development" Sustainability 11, no. 2: 424.

Note that from the first issue of 2016, this journal uses article numbers instead of page numbers. See further details here.

Article Metrics

Back to TopTop