Critical Infrastructures Overview: Past, Present and Future

: Industrialized societies depend on the proper functioning of a whole range of technological infrastructures, such as electricity, road and railway networks and telecommunications which, due to their importance, are generically referred to as critical infrastructures (CIs). Technical failures, natural disasters and malicious events, if not terrorist, could have devastating effects on these infrastructures. The events of the last few years have accelerated efforts to identify and designate CIs at national and European levels and have reinforced concerns about increasing their protection in sensitive sectors for the safety of the individual and the community. The aim of this research is to provide the basic elements to understand the issue along with the reasons for its importance both at national, European and international level. In particular, after analyzing the origin of the problem, a systematic literature review is carried out to study the current research around future perspectives relating to the management of Cis, with particular focus on three research questions: RQ1 “What types of risk assessment methods are used to manage CIs?”, RQ2 “What are the environmental risk mitigation strategies for CIs?” and RQ3 “What is the role of the human factor in the prevention of risks for CIs?”. The results aim to be guidelines for decision makers and researchers interested in this topic.


Introduction 1.Critical Infrastructures, Definitions and Terms
The most industrialized countries are equipped with increasingly extensive and sophisticated infrastructure systems, so-called critical infrastructures (CIs) such as energy distribution networks and transport infrastructures [1].Critical infrastructures are, therefore, those material resources, services, information technology systems, networks and infrastructure assets that, if damaged or destroyed, would cause serious repercussions on the crucial functions of society, including the supply chain, health, security and the economic or social well-being of the state and the population.The term critical infrastructure is defined in Section 1016(e) of the USA Patriot Act of 2001 as those "systems and goods, both physical and virtual, so vital to the nation that their malfunctioning or destruction would produce a debilitating impact on the security of citizens, on the economic security of the nation, on national public health and on any combination of the above" [2].Europe has also issued its own CIs protection program.In fact, in June 2004, the European Council took the initiative to call for the preparation of a strategy for the protection of CIs in the territory of the Union from possible terrorist attacks, which led the Commission to issue Communication 702 of 2004.This activity of the Commission led in 2008 to the approval of Directive 2008/114/EC which currently forms the basis of EU legislation on CIs.A CI is defined in the directive as "an element, system or part thereof located in the Member States which is essential for the maintenance of the vital functions of society, the health, safety and economic and social well-being of citizens and whose damage or destruction would have a significant impact in a Member State due to the impossibility of maintaining those functions" [3].
The Directive aims to establish a European Union (EU) process for identifying and designating European critical infrastructure (ECI), as well as an approach to improve their protection.To this end, EU countries must use cross-cutting criteria such as possible losses, economic effects and effects on citizens and sectoral criteria specific to the type of ECI [4].Of course, EU countries regularly review the identification and designation of ECIs.

Motivation of the Research
The concern to protect critical infrastructure has been increasing over the years.The terrorist attacks of 11 September 2001 in the United States and the attacks on the metro and railways in Madrid in 2004 and London in 2005 have brought to light the criticality of the problem [5].The efforts of States initially focused on the protection of civilian infrastructure against acts of terrorism, even though the general policy documents presented a multi risk approach that also extended to natural disasters and technological accidents.However, the tsunami that shook southeast Asia in 2004 and damaged numerous established infrastructures and the extensive damage resulting from Hurricane Katrina in 2005 that had devastating effects on the city of New Orleans and the states of Louisiana, Alabama and Mississippi, caused the various states to reorient certain policies [6].European countries, as well as the European Union, are now taking into account all the risks that may arise.Terrorist attacks and environmental disasters are critical factors to monitor to prevent damage to critical infrastructure [7].According to estimates by Our World in Data among the main environmental disasters are floods, as shown in Figure 1.In fact, a profound alteration of the environmental balance could only have catastrophic effects on the maintenance of all those functions fundamental for the economic and social well-being of the population.
safety and economic and social well-being of citizens and whose damage or destruction would have a significant impact in a Member State due to the impossibility of maintaining those functions" [3].
The Directive aims to establish a European Union (EU) process for identifying and designating European critical infrastructure (ECI), as well as an approach to improve their protection.To this end, EU countries must use cross-cutting criteria such as possible losses, economic effects and effects on citizens and sectoral criteria specific to the type of ECI [4].Of course, EU countries regularly review the identification and designation of ECIs.

Motivation of the Research
The concern to protect critical infrastructure has been increasing over the years.The terrorist attacks of 11 September 2001 in the United States and the attacks on the metro and railways in Madrid in 2004 and London in 2005 have brought to light the criticality of the problem [5].The efforts of States initially focused on the protection of civilian infrastructure against acts of terrorism, even though the general policy documents presented a multi risk approach that also extended to natural disasters and technological accidents.However, the tsunami that shook southeast Asia in 2004 and damaged numerous established infrastructures and the extensive damage resulting from Hurricane Katrina in 2005 that had devastating effects on the city of New Orleans and the states of Louisiana, Alabama and Mississippi, caused the various states to reorient certain policies [6].European countries, as well as the European Union, are now taking into account all the risks that may arise.Terrorist attacks and environmental disasters are critical factors to monitor to prevent damage to critical infrastructure [7].According to estimates by Our World in Data among the main environmental disasters are floods, as shown in Figure 1.In fact, a profound alteration of the environmental balance could only have catastrophic effects on the maintenance of all those functions fundamental for the economic and social well-being of the population.Therefore, threats to the security of critical infrastructure in the civil sector (schools, hospitals, stadiums, theaters, multiplex cinemas, railway stations, airports, maritime etc.) are one of the main problems of industrialized societies in recent times [8].The manage- Therefore, threats to the security of critical infrastructure in the civil sector (schools, hospitals, stadiums, theaters, multiplex cinemas, railway stations, airports, maritime etc.) are one of the main problems of industrialized societies in recent times [8].The management of CIs requires guarantees of maximum safety, to avoid any accident that could endanger the health and safety of citizens as well as constitute a dangerous impact on the environment and the economy of a country [8].CIs, once substantially isolated and vertically integrated systems, have, for economic, social, political and technological reasons, become increasingly complex and interdependent to the point that an adverse event that occurs to one of them in a given geographical location can spread to other infrastructures, amplifying the negative effects and causing damage to subjects located even in very remote locations with respect to the origin of the initial event.This interdependence has induced in these infrastructures new and unforeseen vulnerability, especially in light of the increased threats linked to the increasing extremity of climatic phenomena and the tormented world sociopolitical situation, that risks real negative consequences for the development and social well-being of a country.The result is that a failure (accidental or malicious) in one of them could easily propagate with a domino effect mechanism to the others, amplifying its effects and causing dysfunctions and malfunctions even to remote users [9].This leads to greater systemic vulnerability due to the presence of domino effects and the globalization of threats, and a greater complexity that has repercussions in the difficulty of analysis, understanding, and management of the system of systems engineering (SoSE) that is created by the integration between the different infrastructures.It is also important to clarify that critical infrastructure security is not an isolated sector, as it fits into the wider context of civil protection policies [10].Therefore, the general objective is to develop instruments to enable the civilian sector to cope with the threats posed by natural disasters, technological accidents and terrorist attacks.This is generally achieved using a multi-point strategy; the prevention of, and protection of persons and infrastructure from, the dangers arising from natural disasters, technological accidents and terrorist attacks; a state of readiness and consequence management; and the reaction and restoration of services.It is clear that the management of CIs is a complex problem that requires an in-depth analysis to identify the state of the art and future perspectives.The aim of this research is twofold.Firstly, to provide the basic elements to understand the issue along with the reasons for its importance at national, European and international level.Secondly, after analyzing the origin of the problem, a systematic literature review is carried out to study the current research around future perspectives relating to CI management.

Structure of the Research
One of the great challenges is to make CIs truly sustainable from all points of view: economic, social, environmental.Infrastructure plays a role in directly and indirectly impacting progress on achieving sustainable development goals (SDGs).As we have already experienced with the pandemic crisis, the future will not spare us any more shocks.And we must prepare ourselves to face them by overcoming the fragilities that have made us, and make us, vulnerable in the face of such significant risks.Nowadays, in our opinion, sustainability, reliability and the safety of CIs are issues of global importance that require a global approach.Therefore, several techniques and methods have been developed to ensure CIs, taking into consideration different aspects such as human error, maintenance policies, energy, water supply, healthcare protection and emergency transportation in case of disaster.Thus, the aim of this study is to investigate the importance of CIs and to answer the relevant questions-what types of risk assessment methods are used to manage CIs?What are the environmental risk mitigation strategies for CIs?What is the role of the human factor in the prevention of risks for CIs?-the findings of which aim to be a guide for policy makers and researchers to define strategic choices and future studies.
The rest of the paper is organized as follows: Section 2 outlines the materials and methods; in Section 3 the main results are summarized; Section 4 points out the empirical evidence and main challenges that emerged from the analysis; and, finally, Section 5 summarizes the main conclusions of the study.

Materials and Methods
In this review paper the Preferred Reporting Items for Systematic reviews and Meta-Analyses (PRISMA) statement is proposed as a guideline to develop a systematic and transparent literature analysis.The PRISMA statement, developed by a group of experts in 2005, is based on the awareness that an accurate drafting of a literature analysis requires a rigorous standardized work [11].Being familiar with PRISMA is helpful in planning and carrying out systematic reviews to ensure that all recommended information is captured.It consists of a checklist and a flowchart.The PRISMA statement checklist consists of 27 items that must be used in the reporting of any systematic review.The 27-item checklist addresses the introduction, methods, results and discussion sections of a systematic review report.In order to develop the PRISMA protocol, the check list requires, for example, the inclusion and exclusion criteria for the review or to specify all databases consulted to identify studies.For more details, see http://prisma-statement.org/documents/PRISMA_2020_checklist.pdf (accessed on 9 January 2022).Figure 2 aims to graphically describe the process of screening, selecting and including articles (according to PRISMA) with the objective of guiding authors in an optimal and transparent way toward a description of the entire work starting from the title up to the conclusions.In order to develop a robust and scientifically rigorous literature analysis an experts team belonging to different sectors (public, business, academic, etc.) with a diverse cultural background was set up.In particular, it was made up of three experts in CIs, three experts in risk assessment, one human reliability analysis, and one environmental/sustainability strategy.
In this review paper the Preferred Reporting Items for Systematic reviews and Meta-Analyses (PRISMA) statement is proposed as a guideline to develop a systematic and transparent literature analysis.The PRISMA statement, developed by a group of experts in 2005, is based on the awareness that an accurate drafting of a literature analysis requires a rigorous standardized work [11].Being familiar with PRISMA is helpful in planning and carrying out systematic reviews to ensure that all recommended information is captured.It consists of a checklist and a flowchart.The PRISMA statement checklist consists of 27 items that must be used in the reporting of any systematic review.The 27-item checklist addresses the introduction, methods, results and discussion sections of a systematic review report.In order to develop the PRISMA protocol, the check list requires, for example, the inclusion and exclusion criteria for the review or to specify all databases consulted to identify studies.
For more details, see http://prisma-statement.org/documents/PRISMA_2020_checklist.pdf(accessed on 8 February 2022).Figure 2 aims to graphically describe the process of screening, selecting and including articles (according to PRISMA) with the objective of guiding authors in an optimal and transparent way toward a description of the entire work starting from the title up to the conclusions.In order to develop a robust and scientifically rigorous literature analysis an experts team belonging to different sectors (public, business, academic, etc.) with a diverse cultural background was set up.In particular, it was made up of three experts in CIs, three experts in risk assessment, one human reliability analysis, and one environmental/sustainability strategy.In the following sections a summary of the main hypotheses and strategies followed to develop the research is described.In the following sections a summary of the main hypotheses and strategies followed to develop the research is described.

Search Strategy
Systematic review was conducted on defined research questions.The main goal of our survey was to answer the following questions: 1.
RQ1.What types of risk assessment method are used to manage CIs? 2.
RQ2.What are the environmental risk mitigation strategies for CIs? 3.
RQ3.What is the role of the human factor in the prevention of risks for CIs?

Database Searching Identification
SCOPUS database, the largest abstract and citation database of peer-reviewed literature was used to select publications.SCOPUS supports a Boolean syntax, which is a type of search allowing users to combine keywords with operators such as AND, NOT and OR to further produce more relevant results.

Inclusion and Exclusion Criteria
Automatic searches could consider inappropriate search results.Thus, the team of experts identified specific inclusion and exclusion criteria as shown in Table 1.

Quality Criteria
The criteria chosen to have a meaningful review are based on articles that must deal with these topics from applicative, experimental and theoretical points of view.In the present study, the following two criteria have been defined: 1.
Q1: Documents in the context of CIs using different methodologies and approaches.2.

Screening and Data Extraction
Based on the addressed research questions defined in Section 2.1 and supported by the expert team, "critical infrastructures", "risk assessment", "method", "risk", "environment", and "human factors" were considered as search terms.In particular, three investigations were conducted on Scopus following the combination of words as detailed below:
The string used with Boolean operators and the number of selected documents are shown in more detail in Table 2.

Bibliometric Search CRITERIA Search String Number of Items without Exclusions
Cluster#1 Risk Assessment

(TITLE (critical AND infrastructures) AND TITLE-ABS-KEY (risk AND assessment) AND TITLE-ABS-KEY (method)) 167
Cluster#2 Risk Environment

(TITLE (critical AND infrastructures) AND TITLE-ABS-KEY (risk)
AND TITLE-ABS-KEY (human AND factor)) 32 Figure 3 shows the PRISMA flow diagram, which summarizes the logical scheme followed for the selection of the documents to be analyzed.

Risk Environment
(risk) AND TITLE-ABS-KEY (environment)) Cluster#3 Human Factors (TITLE (critical AND infrastructures) AND TITLE-ABS-KEY (risk) AND TITLE-ABS-KEY (human AND factor)) 32 Figure 3 shows the PRISMA flow diagram, which summarizes the logical schem followed for the selection of the documents to be analyzed.

Results
This section presents and discusses the finding of the review.First of all, an overvie of the selected 284 studies is presented.All papers have been classified.Quantitative e dence of the study is analyzed considering the following issues: 1.
Publication by years.
Subject area.

Publication by Years
The analysis of documents by years (Figure 4) pointed out that currently most of t documents were published in 2016 (13%), followed by 2019 (11%) and by 2020 (9%) a 2021 (9%).

Results
This section presents and discusses the finding of the review.First of all, an overview of the selected 284 studies is presented.All papers have been classified.Quantitative evidence of the study is analyzed considering the following issues: 1.
Publication by years.
Subject area.

Publication by Years
The analysis of documents by years (Figure 4) pointed out that currently most of the documents were published in 2016 (13%), followed by 2019 (11%) and by 2020 (9%) and 2021 (9%).

Documents by Types
The analysis of documents by type pointed out the following distribution: articles (43%) and conference papers (57%).Figure 5 shows the distribution of the group of papers as a function of the publication year.In our study only documents published in English have been considered in more detail.
An interesting aspect concerns the open access article types available in Scopus, as shown in Figure 6.It is remarkable to note that two main strategies have emerged to guarantee open access publications: (1) "green" or the practice of authors to self-archive copies of their articles in institutional or disciplinary archives, or again on their personal sites, after negotiating rights and publishing them in scientific journals, even for a fee and (2) "gold" or the publication of articles directly and immediately accessible to open access.Journals that publish exclusively in this way are called open access journals.The most famous examples are the journals of the publisher Public Library of Science (PLoS), PeerJ and Directory of Open Access Journals.In particular, it emerged that 26% of the documents are published as Open Access.Notably, 14% are posted as green published versions or manuscript accepted for publication, available at a repository.The open access policy is a new trend in recent years that is characterizing the strategies of scientific journals.It is a new phenomenon that needs to be monitored in order to understand its evolution over time.In fact, currently, open access is at the origin of many discussions among academics, librarians, university administrators and politicians, due to the differences in interests of these different actors, in particular regarding the economic remuneration of academics and, more generally, on the business models to be adopted.

Documents by Types
The analysis of documents by type pointed out the following distribution: arti (43%) and conference papers (57%).Figure 5 shows the distribution of the group of pap as a function of the publication year.In our study only documents published in Eng have been considered in more detail.

Documents by Types
The analysis of documents by type pointed out the following distribution: articles (43%) and conference papers (57%).Figure 5 shows the distribution of the group of papers as a function of the publication year.In our study only documents published in English have been considered in more detail.An interesting aspect concerns the open access article types available in Scopus, as shown in Figure 6.It is remarkable to note that two main strategies have emerged to guarantee open access publications: (1) "green" or the practice of authors to self-archive copies of their articles in institutional or disciplinary archives, or again on their personal sites, after negotiating rights and publishing them in scientific journals, even for a fee and ( 2) "gold" or the publication of articles directly and immediately accessible to open access.is a new trend in recent years that is characterizing the strategies of scientific journals.It is a new phenomenon that needs to be monitored in order to understand its evolution over time.In fact, currently, open access is at the origin of many discussions among academics, librarians, university administrators and politicians, due to the differences in interests of these different actors, in particular regarding the economic remuneration of academics and, more generally, on the business models to be adopted.Table 3 presents journals ranked by their citescore, scimago index and impact factor.The ranking of journals highlights average citations received per document (CiteScore2020); the weighted citations received by the serial that depends on subject field and prestige of the citing serial (SJR 2020) and the average number of citations received in a year by papers published in the journal during the two preceding years (Impact Fac-tor2020).Citations were calculated using data from 5 May 2021 (as stated on Scopus).

Country Analysis
Figure 7 shows that the largest number of documents is published in the USA (25%), followed by UK (11%) and Italy (10%).This result is not a surprise.In fact, these countries are the most careful in the management of critical infrastructure for cultural, political, and strategic reasons as well as for the interest of the scientific community.Table 3 presents journals ranked by their citescore, scimago index and impact factor.The ranking of journals highlights average citations received per document (CiteScore2020); the weighted citations received by the serial that depends on subject field and prestige of the citing serial (SJR 2020) and the average number of citations received in a year by papers published in the journal during the two preceding years (Impact Factor2020).Citations were calculated using data from 5 May 2021 (as stated on Scopus).

Country Analysis
Figure 7 shows that the largest number of documents is published in the USA (25%), followed by UK (11%) and Italy (10%).This result is not a surprise.In fact, these countries are the most careful in the management of critical infrastructure for cultural, political, and strategic reasons as well as for the interest of the scientific community.

Subject Area
Another interesting aspect is the analysis of documents by subject area as shown in Figure 8.It emerges that the documents are heterogeneously distributed.The phenomenon is explained by the fact that the issue of managing critical infrastructures is actually a topic that affects various disciplines.For example, the management of emergencies from a medical point of view, or the development of probabilistic models for risk analysis or the development of decision-making models useful for the implementation of strategic policies shared by the various stakeholders.In any case, for all clusters it emerges that the most productive area is engineering (58%) followed by computer science (43%).

Subject Area
Another interesting aspect is the analysis of documents by subject area as shown in Figure 8.It emerges that the documents are heterogeneously distributed.The phenomenon is explained by the fact that the issue of managing critical infrastructures is actually a topic that affects various disciplines.For example, the management of emergencies from a medical point of view, or the development of probabilistic models for risk analysis or the development of decision-making models useful for the implementation of strategic policies shared by the various stakeholders.In any case, for all clusters it emerges that the most productive area is engineering (58%) followed by computer science (43%).

Data Synthesis of Individual Studies
In this section a team of experts analyzed only the documents published in the last five years in international scientific journals excluding all other publications.The choice arises from the awareness that, generally, documents published in proceedings or other sources are preliminary research, therefore less scientifically rigorous and less in-depth.Furthermore, having a solid knowledge of CIs, it is essential to analyze the most recent documents to have a prospective vision of future strategies on this issue.Thus, this section

Subject Area
Another interesting aspect is the analysis of documents by subject area as shown in Figure 8.It emerges that the documents are heterogeneously distributed.The phenomenon is explained by the fact that the issue of managing critical infrastructures is actually a topic that affects various disciplines.For example, the management of emergencies from a medical point of view, or the development of probabilistic models for risk analysis or the development of decision-making models useful for the implementation of strategic policies shared by the various stakeholders.In any case, for all clusters it emerges that the most productive area is engineering (58%) followed by computer science (43%).

Data Synthesis of Individual Studies
In this section a team of experts analyzed only the documents published in the last five years in international scientific journals excluding all other publications.The choice arises from the awareness that, generally, documents published in proceedings or other sources are preliminary research, therefore less scientifically rigorous and less in-depth.Furthermore, having a solid knowledge of CIs, it is essential to analyze the most recent documents to have a prospective vision of future strategies on this issue.Thus, this section

Data Synthesis of Individual Studies
In this section a team of experts analyzed only the documents published in the last five years in international scientific journals excluding all other publications.The choice arises from the awareness that, generally, documents published in proceedings or other sources are preliminary research, therefore less scientifically rigorous and less in-depth.Furthermore, having a solid knowledge of CIs, it is essential to analyze the most recent documents to have a prospective vision of future strategies on this issue.Thus, this section provides an overview of the 69 documents analyzed.For clarity and punctuality, the analysis of selected documents is organized according to the bibliometric search criteria defined in Table 2. Section 4.2 presents an analysis of the documents belonging to Cluster#1 "critical infrastructures and risk assessment" in more detail, while Section 4.3 presents an analysis of the documents belonging to Cluster #2 "critical infrastructures and risk environment" and Section 4.4 presents an analysis of the documents belonging to Cluster#3 "critical infrastructures and human factors".Some important considerations emerged from the search process and its results, as detailed below.

CLUSTER#1 "Risk Assessment" (39 Documents)
The documents belonging to this selection are related to "Risk Assessment".In this section we try to answer the following research question RQ1"What types of risk assess-ment method are used to manage CIs?" To this end, Table 4 summarizes a classification of documents by year, type of publication and the main focus.Through detailed analysis of them in detail, it emerges that Rydén Sonesson et al. [12] have proposed a risk analysis across transportation, energy and telecommunication in Sweden.The document highlights the importance of using integrated tools in order to identify risks and establish strategic priorities for managing very complex and global systems.Some authors, such as Michalis and Sentenac [13], proposed very sectoral and specific studies such as, for example, an investigation of the condition of dams in Scotland using Electromagnetic (EM) sensing.It is also interesting to mention the research developed by Johnson et al. [14] in which the use of probabilistic risk analysis (PRA) for critical infrastructure is proposed.Technological innovation also makes it possible to process data capable of defining resilient models of critical infrastructure as clarified by Meslem et al. [15] who developed a customized framework/software based on the outcome of the risk and cost-benefit analysis relating to the liquefaction risk.Furthermore, Veeraraghavan et al. [16] have developed a software to monitor CIs, in this case an open-source software for seismic risk assessment.The importance of using software tools is also demonstrated by the study proposed by Donratanapat et al. [17] that develops a Python web application to assess the potential impacts of flooding on CIs.The analysis of the documents also highlights how multicriteria decision-making approaches are useful methods for managing critical infrastructures.For example, the approach defined by Chou and Ongkowijoyo [18], that combines the Decision Making Trial and Evaluation Laboratory (DEMATEL), Analytic Network Process (ANP), and fuzzy logic theory, to quantify and define the interdependencies among various components of CI.Vamvakeridou et al. [19] through a case study in Torbay (UK), proposed a decision support system to assess hazard impacts to enhance the resilience of CIs to urban flooding.Turskis et al. [20] describe a multicriteria model, based on AHP and DEMATEL, for risk assessment for CIs.Přibyl et al. [21] present a decision support system for tunnel managers designed to preserve or even increase tunnel safety using the CAPITA method.Furthermore, Greiving et al. [22] through a case study in Lima (Peru), developed a multi-risk approach to identify CIs in urban areas.The main results demonstrate that the electricity sector is the sector with the highest systemic criticality, followed by IT and emergency response.The research developed by Kasmi et al. [23] is also very interesting in that it proposes a fuzzy logic-based clustering algorithm for management of CIs.A new safety allocation approach named critical risks method (CRM) for CIs is proposed by Di Bona et al. [24].Boothroyd et al. [25] defined a risk assessment of decadal river migration at critical bridge infrastructure in the Philippines.Interesting perspectives are developed on flood emergencies using specific case studies.For example, Fekete [26], through a case study in Cologne (Germany), demonstrates the cascading effects that may arise in the event of a flood disaster.Similarly, Rehak et al. [27] assessed cascading effects in a CI system.A different perspective is proposed by Esposito et al. [28] that develop a stress test for non-nuclear civil infrastructure systems against natural hazards.Results can help stakeholders and authorities to define policies and strategies.Similarly, but with a more practical approach, Argyroudis et al. [29] proposed a risk-based multi-level stress test methodology relating to six critical non-nuclear infrastructures in Europe.Huff et al. [30] examined the benefit of development and analysis of the NATO Human View to aid engineering managers to make investment decisions that can mitigate security threats.Some authors, like Mokhor et al. [31] and de Bruijn et al. [32] present a review on the methods of cybersecurity risk and flood emergencies, respectively.Related to the topic of cybersecurity, Karbowski et al. [33] proposed an application of the Markov chain model to assess the risk affecting CIs.The theme of managing flood-related emergencies is a recurring one as also demonstrated by the study developed by Murdock et al. [34] that investigates how to quantify CIs' resilience to flood emergences by monitoring them using an annual disruption (EADIS) metric.Pearson et al. [35] investigated, through a literature analysis, how to increase societies resilience to floods.It is evident that the progress of technology and digitalization requires the development of tools to protect the information systems of critical infrastructures.Thus, Tweneboah-Koduah and Buchanan [36] developed a comparative analysis of existing methods for evaluating cyber attacks by proposing a dynamic method approach as an alternative.Other authors propose specific studies on particular types of critical infrastructures such as the management of water infrastructures [37] or cybersecurity assessment and design of supervisory control and data acquisition (SCADA) systems [38].Mao and Li [39], analyzing three CIs in China (electric power system, a telecommunication system, and a water supply system), demonstrate the vulnerability of CIs if their interdependencies were not considered.Klügel and Stäuble-Akcay [40] develop a methodology to design critical infrastructures for certain levels of seismic intensity directly.In 2018, Thacker et al. [41] evaluated the benefits of risk reduction integrating methods from the study of climate adaptation, infrastructure systems, and complex networks.Previously, in 2017, Thacker et al. [42] proposed a metric of infrastructure criticality in terms of the number of users who may be directly or indirectly disrupted by the failure of physically interdependent infrastructures.This problem was also analyzed by Bloomfield et al. [43] and by Delvosalle et al. [44].Lam et al. [45] developed a scientific methodology of cyclone risk mapping for critical coastal infrastructures.Gonzalez-Granadillo et al. [46] using a case study, calculated the impact of cyber attacks and security countermeasures in a multidimensional coordinate system.Espada et al. [47] developed an integrated framework for assessing the flood risk and climate change to help address flood risk management issues and identify climate adaptation strategies.Ongkowijoyo and Doloi [48] proposed a fuzzy critical risk analysis (FCRA) for assessing the infrastructure risks from a risk-community network perspective.A theoretical analysis has been proposed by Daniel and Nicolae [49] that highlights the basic elements within the national power system as possible vulnerabilities in case of terrorist threats, natural disasters or man-made destruction.Finally, a theoretical case study has been proposed by van Staalduinen et al. [50] to apply functional quantitative security risk analysis (QSRA) to assist in protecting CIs.The analysis of the documents shows that, in general, the risk assessment in critical infrastructures is approached with classical methods or with mathematical methods that are based on complex analyses that cannot be easily replicated in real contexts.It is clear, instead, that in real situations simple methods are needed, easily applicable in order to have an effective risk management.
As shown in Figure 9, the analysis of the main keywords for documents belonging to cluster#1 highlights the greatest occurrence for public works (many critical infrastructures are alleged to belong to the public sector), risk assessment, flooding, cybersecurity and in general for assessment methods.
Di Bona et al. [24] 2020 Theoretical/Application Nuclear power plants Boothroyd et al. [25] 2021 Theoretical/Application River erosion Fekete [26]  As shown in Figure 9, the analysis of the main keywords for documents belo cluster#1 highlights the greatest occurrence for public works (many critical infrast are alleged to belong to the public sector), risk assessment, flooding, cybersecurit general for assessment methods.The documents belonging to this selection are related to "Risk Environment".In this section we try to answer the following research question RQ2"What are the environmental risk mitigation strategies for CIs?" To this end, Table 5 summarizes a classification of documents by year, type of publication and main focus.Analyzing in detail each of them, it emerges that Imteaj et al. [51] has proposed a distributed machine learning technique called Federated Learning (FL) to predict the probable outage and resource status of CIs.Depina et al. [52] investigates the application of the Performance-Based Wind Engineering (PBWE) methodology to the risk assessment of critical telecommunication infrastructure subjected to wind hazard.An interesting concept is discussed by Hendricks et al. [53] claiming that existing environmental justice and hazard vulnerability literature inadequately addresses key texts and topics related to critical physical infrastructure, including stormwater, green space, sewerage, energy, and roads, among other systems.Yuan et al. [54] use an Internet of People (IoP) enabled framework to assess a road network's performance loss during disasters, illustrating a case study of hurricane Florence in Wilmington (USA).
Wahab et al. [55] develop a method to calculate the vulnerability of a residential building using four factors (susceptibility, surrounding environment, landslide intensity and people) for the assessment.Der Sarkissian et al. [56] evaluated the state of Saint-Martin's CI before and after Hurricane Irma and, accordingly, reveal the indicators to assess during reconstruction projects.Thompson et al. [57] have proposed an interdependent critical infrastructure model (ICIM) based on an agent-based model of power and water infrastructure.Baggott et al. [58] have illustrated a risk analysis framework to enhance the cyber security and critical infrastructure of the electric power grid of the United States.In the article proposed by Rød et al. [59] a CIs resilience is analyzed in terms of how ISO 31000 risk management standard could be incorporated into the existing safety and security practices.Lo et al. [60] have developed a multicriteria decision support system to map out the interdependencies and priorities among CIs in a complex system in Taiwan.Benmokhtar et al. [61] aimed to monitor CIs and sensitize governments to consider their vulnerabilities in their disaster risk management.Hawchar et al. [62] have defined a GIS -based framework to rank risk that could occur in CIs vulnerable to a specific climate threat.In 2018, Gheorghe et al. [63] presented a new perspective arguing that the existence of critical space infrastructures implies the emergence of a new category of disasters related to disruption risks.Serre and Heinzlef [64] classified some methods to assess resilience levels to floods taking into account CIs networks.Braun et al. [65] developed an approach for investigating road network vulnerability in developing regions in Chile.Jaïdi et al. [66] proposed a methodology for monitoring the compliance of trusted access control policies in CIs.A comparative exploration of approaches to managing risks related to hazardous incidents and critical infrastructure outages has been carried out by Krings et al. [67].Häyhtiö and Zaerens [68] proposed a risk management model to assess financial differences between centralized and decentralized protection of CIs.A general overview on the problem of protecting CIs has been discussed by Capano [69].Wilson et al. [70] have presented volcanic vulnerability models.Finally, a general concept of a combined sensor and thermal actuator structure has been proposed by Flatscher et al. [71] to maintain CIs under cold climate conditions.The analysis of the documents shows that the management of environmental risk in critical infrastructures is an issue of evident importance.However, it is also evident that there is a lack of clear and globally recognized methods.The use of clear and open indicators is crucial for measuring risks and opportunities.The future for proper environmental risk management is in data management.Data, therefore, can help us create algorithms that can predict certain trends and help governments and businesses to implement the necessary measures to increase the security of CIs.The phases of collecting, processing and analyzing the information obtained through open data could be strategic to guide a better decision-making process for politicians and for all stakeholders.
As shown in Figure 10, the analysis of the main keywords for documents belonging to cluster #2 highlights the greatest occurrence for environmental protection, natural disaster, land use and vulnerability.

CLUSTER#3 "Human Factors" (9 Documents)
The documents belonging to this selection are related to "Human Factors".In this section we try to answer the following research question RQ3"What is the role of the human factor in the prevention of risks for CIs?" To this end, Table 6 summarizes a classification of documents by year, type of publication and main focus.Analyzing in detail each of them, it emerges that this cluster presents heterogeneous monoscripts since the human factor is analyzed from different points of view.For example, Le Blanc [72] describes human factors challenges in developing cyber informed risk assessment for CIs.While, Khanam et al. [73] have provided a framework for assessing the risk factors of our modern infrastructure located in vulnerable coastal areas.A rather different perspective is analyzed in the research developed by Silver et al. [74] in which a behavioral risk factor surveillance system is discussed.Splichalova et al. [75] aimed to demonstrate the importance of the decision-making process of critical infrastructures and therefore the fundamental role of the human factor in this process.Similarly, Rehak [76] has argued on the importance of individual factors in organizational resilience of CIs.Ghafir et al. [77] and Panda et al. [78] have proposed a training framework useful for operators of CIs.Petrillo et al. have presented a hybrid model for human error probability analysis [79], called Emergency Human Error Analysis (EHEA), which considers all contingency factors that influence decisions and actions of the operator.Finally, Panteli and Mancarella [80] have discussed the relationship between the resilience of CIs and human response as a key dimension to monitor CIs.The analysis of the documents shows that, in general, the human factor is little analyzed for the management of CIs.However, it is evident that many accidents in history (such as Chernobyl) can be attributed to the inexperience and unreadiness of the personnel.It would be essential to evaluate the performance of operators in panic situations or situations that cannot be predicted a priori (Black Swan).As shown in Figure 10, the analysis of the main keywords for documents belonging to cluster #2 highlights the greatest occurrence for environmental protection, natural disaster, land use and vulnerability.As shown in Figure 11, the analysis of the main keywords for documents belonging to cluster#3 highlights the greatest occurrence for human reliability, safety factors, risk factors and disaster.

Reflections and Main Challenges
This section contains a brief discussion of the main evidence that has emerged from the analysis of the documents.Table 7 shows in more detail, for each cluster analyzed empirical evidence and main challenges developed after systematic literature review.It clear that this is a non-exhaustive scheme, which can be optimized in the future with con tinuous processing of new scientific documents and scientific evidence.It is important t note that Table 7 is a proposal by the authors based on the documents analyzed.Thu Table 7 summarizes for each cluster analyzed, the research question, the literature ga identified by the authors and the main challenges proposed by the authors.

Reflections and Main Challenges
This section contains a brief discussion of the main evidence that has emerged from the analysis of the documents.Table 7 shows in more detail, for each cluster analyzed, empirical evidence and main challenges developed after systematic literature review.It is clear that this is a non-exhaustive scheme, which can be optimized in the future with continuous processing of new scientific documents and scientific evidence.It is important to note that Table 7 is a proposal by the authors based on the documents analyzed.Thus, Table 7 summarizes for each cluster analyzed, the research question, the literature gap identified by the authors and the main challenges proposed by the authors.From  Lack of knowledge and understanding of the territory Multidisciplinary platform: it would be necessary to design a system that provides decision-making support to essential service managers and governments, through the real-time acquisition of different types of data for monitoring and assessing the risk of extreme natural events and the subsequent assessment of their impact on services, population and the industrial system.
Cluster#3 "Human Factors" RQ3 "What is the role of the human factor in the prevention of risks for CIs?" From [72][73][74][75][76][77][78][79][80] Lack of a recognized method for human factors assessment Training: A specific training program based on behavioral science techniques should be developed and the improvement to increase the operator's level of reliability taking into account the complexity of all the elements with which they have to interface.This obviously implies the tendency to minimize the presence of errors.

Conclusions 6.1. Concluding Remarks
Both natural and man-made accidents (deliberate or accidental) can potentially damage, disable or destroy critical infrastructure.Rather than focusing on one type of threat or danger at a time, such as natural disasters or terrorist attacks, States should identify all the threats and risks that pose the greatest risks to critical infrastructure.This is the only way to think about more effective and efficient planning and allocation of resources.

Limitations and Future Research Developments
This research represents a preliminary study to investigate the importance of guaranteeing the safety of CIs.In particular, three macro issues related to the safety of CIs were investigated: (1) What types of risk assessment method are used to manage CIs?; (2) "What are the environmental risk mitigation strategies for CIs?" and (3) "What is the role of the human factor in the prevention of risks for CIs?"The documents analyzed, although all very interesting, highlight some limitations since in most cases they propose theoretical approaches.On the contrary, the safety of CIs requires practical approaches that are globally valid and capable of guaranteeing the safety of the community.Furthermore, one of the challenges that emerges from the analysis of the literature is that cybersecurity is now an essential necessity for the protection of the country system and, in particular, of critical infrastructures, which have become the target of attacks with potentially disruptive effects for citizens.Utilities are undergoing a massive transformation and digitalization of their infrastructure to improve efficiency and reduce operating costs, but they are also becoming significantly more exposed and vulnerable to external and internal cyber attacks.However, the literature is still not very solid on this perspective.Current publications on cybersecurity address prospective analyses rather than real solutions.In any case, in the near future, it is the authors' opinion that the scientific community will produce more consistent research with real practical implications.The proposed research is a pilot study, a dynamic research, that will be single-modified and enriched in the future.We are indeed convinced that the impact of cyber threats was further amplified by the COVID-19 pandemic which imposed a sudden and massive use of digital technologies for the provision of public administration services, as well as, in general, to allow remote work activities.Thus, the aim of future research will be to investigate the evolution of cybersecurity applications with a view to CIs.In fact, it will be essential to understand and foresee general and global measures for the security of CIs in the national cyber strategies of individual states.

Figure 1 .
Figure 1.Deaths globally from natural disasters by type between 1900 to 2020 (Source: This data has been aggregated by Our World in Data by country and year based on the raw database of disasters published by EM-DAT, CRED / UCLouvain, Brussels, Belgium-www.emdat.be(assessed on 2 January 2022) D. Guha-Sapir).

Figure 1 .
Figure 1.Deaths globally from natural disasters by type between 1900 to 2020 (Source: This data has been aggregated by Our World in Data by country and year based on the raw database of disasters published by EM-DAT, CRED / UCLouvain, Brussels, Belgium-www.emdat.be(assessed on 2 January 2022) D. Guha-Sapir).

Table 1 .
Inclusion and exclusion criteria and their explanations.Article in an international journal published in the last 5 years (2017-2021)

Table 2 .
Query and number of items identified.

Table 4 .
Classification of documents belonging to CLUSTER#1 "Risk Assessment".

Table 5 .
Classification of documents belonging to CLUSTER#2 "Risk Environment".

Table 7 .
Empirical evidence and main challenges (proposed by the authors).

Table 7 .
Empirical evidence and main challenges (proposed by the authors).