Identification of safety and security critical systems and activities

There are many initiatives taken to identify safety and security critical systems and activities, at different levels and in different contexts, ranging from infrastructures at the societal level to equipment on the production plant level. Different approaches are implemented to define the critical systems and activities. Some of these relate to vulnerabilities, others incorporate the probability dimension and are risk based. We also see approaches taking into account values of the decision-maker and relevant stakeholders. In this paper, we discuss the rationale for these approaches. Is vulnerability an adequate measure to be used as a basis for determining criticality? Is it meaningful to specify safety and security critical systems and activities without addressing risk? How should we take into account the limitations of the risk assessments? Should we extend the concept of criticality to also cover utility aspects? We bring new insights into the discussion by being precise on the key risk concepts—including uncertainty, probability and expected value—and considering alternative risk perspectives. A novel approach is suggested based on expected values and uncertainties in underlying phenomena and processes. Our main concern is activities with potential severe consequences and large uncertainties.