Terrorism is one of many sources of risk which may reduce the capacity of critical infrastructure organizations to deliver against their objectives. However, unlike more frequent and more predictable incidents like criminal offenses or natural hazards, terrorist acts are non-routine risks and therefore difficult to anticipate. Typically, non routine risks have low probability, that is, they occur rarely or in some instances have never occurred but have very high consequences for the organisation. The attack on CI can be particularly attractive for a terrorist organization or an individual due to its highly interdependent infrastructures and its often high symbolic value. Critical infrastructure resilience (CIR) is an integrating objective designed to foster system-level investment strategies. Three resilience capacities are used to define, quantify, and ultimately design for a better resilience of the particular system: (1) absorptive capacities, or the ability of the system to absorb the disruptive event; (2) adaptive capacities, or the ability to adapt to the event; and (3) restorative capacities, or the ability of the system to recover. Occasionally the magnitude of a crisis exceeds an organization's own ability to respond. At such times the intervention and assistance of external groups (including government, other businesses, and the public) can be decisive.