Challenges in the vulnerability and risk analysis of critical infrastructures

https://doi.org/10.1016/j.ress.2016.02.009Get rights and content

Highlights

  • The problem of the protection and resilience of CIs is the focus of the work.

  • The vulnerability and risk analysis framework for this is critically examined.

  • The complexity of CIs is presented as a challenge for system modeling and analysis.

  • The integration of different modeling perspectives of analysis is put forward as a solution.

  • The extension of the analysis framework to new methods for dealing with surprises and black swans is advocated.

Abstract

The objective of this paper is to provide a systematic view on the problem of vulnerability and risk analysis of critical infrastructures. Reflections are made on the inherent complexities of these systems, related challenges are identified and possible ways forward for their analysis and management are indicated. Specifically: the framework of vulnerability and risk analysis is examined in relation to its application for the protection and resilience of critical infrastructures; it is argued that the complexity of these systems is a challenging characteristic, which calls for the integration of different modeling perspectives and new approaches of analysis; examples of are given in relation to the Internet and, particularly, the electric power grid, as representative of critical infrastructures and the associated complexity; the integration of different types of analyses and methods of system modeling is put forward for capturing the inherent structural and dynamic complexities of critical infrastructures and eventually evaluating their vulnerability and risk characteristics, so that decisions on protections and resilience actions can be taken with the required confidence.

Introduction

In this paper, we consider critical infrastructures (CI) like the energy transmission and distribution networks, the telecommunication networks, the transportation systems, the water and gas distribution systems. These are complex systems made by many interacting components assembled by design to provide optimal performance, reliable operation and functional safety [109], [130].

CI are designed to function for long periods of time (several tens of years), through maintenance, updating and integration of new technologies. Extensions of capacity are also often required to meet changing and growing service demands. This leads to the need of injecting flexibility and adaptability to the system engineering design, to respond to the ever-changing domains of technology, society, economy, legislation and politics, which determine the profiles of service demand and the corresponding expected performance.

In this scenario of technologically and structurally evolving (and more and more interdependent) CI, understandable concerns are arising on their vulnerability and risk of failure, i.e. on the danger that:

  • The allocated system capacities may not be adequate to support the growing demands in scenarios of greater CI integration and market deregulation;

  • The safety margins preventively designed may not be sufficient to cope with the expected and, most of all, unexpected stresses arriving onto the systems.

These issues are difficult to analyze as, due to the complexity of CI, emergent behaviors may arise at system level from the collective response of the elementary components, in ways difficult to predict and manage. As a result, large uncertainties exist in the characterization of scenarios of CI failure [160].

On the practical side of the issue, the matter of fact is that CI are witnessing more and more system-level breakdowns, which emerge from small perturbations that cascade to large-scale consequences. Then, it is not surprising that CI protection and resilience have become a national and international priority, which calls for the analysis of CI vulnerability and the evaluation of their resilient properties, for ensuring their protection and resilience [124].

Here, the problem is that the classical methods of system vulnerability and risk analysis cannot capture the (structural and dynamic), complexities of CI; the analysis of these systems cannot be carried out with classical methods of system decomposition and logic modeling. A framework is needed for the integration of methods capable of viewing the problem from different perspectives (topological and functional, static and dynamic), suitable for coping with the high complexity of the system and the related uncertainties [84].

Several researchers have addressed this problem, introducing new perspectives and methods of analysis and applying them for the protection and resilience of CI (see for example [151], [110], for some reviews of methods). In this paper, the complexity of CI is presented as a challenging characteristic, which calls for an integrated framework of different types of analyses and methods of vulnerability and risk assessment, for application to CI protection and resilience. The concepts of vulnerability, risk and resilience are discussed in details and analyzed with respect to their characterization in CI, and the challenges therein. Recent new perspectives on these concepts and their applications are also discussed in relation to their applicability for analyzing CI vulnerability and risk in view of decision making for protection and resilience.

The paper is organized as follows:

  • In Section 2, we introduce the concept of critical infrastructures and specify them as engineered complex systems;

  • In Section 3, vulnerability and risk concepts are introduced and discussed with reference to critical infrastructures design and operation. Three statements are proposed to advocate the need for extended modeling as a way to understanding system behavior and capturing the related risk and vulnerability factors;

  • In Section 4, some perspectives are offered on approaches for looking into the complexity characteristics of CI, for analyzing their vulnerability and risk.

Section snippets

Critical infrastructures

Infrastructures are large scale, man-made systems that function interdependently to produce and distribute essential goods (such as energy, water and data) and services (such as transportation, banking and health care). An infrastructure is termed critical if its incapacity or destruction has a significant impact on health, safety, security, economics and social well-being (Council Directive 2008/114/EC). A failure in such an infrastructure, or the loss of its service, can be damaging to a

Vulnerability and risk analysis

CI are exposed to many types of hazards, such as natural hazards, component aging and failure, sharp load demand increase, climatic changes, intentional attacks. For this reason, Critical Infrastructure Protection (CIP) has gained great importance in all nations, with particular focus being placed traditionally on physical protection and asset hardening [25], [26], [38], [90]. To protect CI, it requires modeling their component fragilities under different hazards and, then, analyzing their

Conclusion

The social and economic stability of the World has become strongly dependent on the reliable supply of essential goods and services that are transported and distributed across large technological networked infrastructure systems. These critical infrastructures are challenged by potential disruptive factors coming from the hazardous, natural and man-made, environments they are operated in, e.g. global warming, disease outbreaks, food (distribution) shortages, financial crashes, heavy solar

Acknowledgments:

The author thanks the eleven anonymous referees and the handling editors for their critical comments that have helped improve the paper in the different stages of its development, through six detailed revisions. Especially the criticisms by one patient referee have been instrumental for resiliently revising the work, helping to finally shape it in a much improved form. The author also acknowledges the contribution of Dr. Elisa FERRARIO in the constructive and expert check of the paper.

References (164)

  • Y. Deng et al.

    A research on subway physical vulnerability based on network theory and FMECA

    Safety Science

    (2015)
  • I. Eusgeld et al.

    "System-of-systems" approach for interdependent critical infrastructures

    Reliab Eng Syst Saf

    (2011)
  • E. Ferrario et al.

    Assessing nuclear power plant safety and recovery from earthquakes using a system-of-systems approach

    Reliab Eng Syst Saf

    (2014)
  • F. Goerlandt et al.

    On the assessment of uncertainty in risk diagrams

    Saf Sci

    (2016)
  • I. Granic et al.

    The self-organization of the internet and changing modes of thought

    New Ideas Psychol

    (2000)
  • D. Henry et al.

    Generic metrics and quantitative approaches for system resilience as a function of time

    Reliab Eng Syst Saf

    (2012)
  • L. Hong et al.

    Vulnerability assessment and mitigation for the Chinese railway system under floods

    Reliab Eng Syst Saf

    (2015)
  • J.G. Jin et al.

    Enhancing metro network resilience via localized integration with bus services

    Transp Res Part E: Logist Transp Rev

    (2014)
  • J. Johansson et al.

    An approach for modelling interdependent infrastructures in the context of vulnerability analysis

    Reliab Eng Syst Saf

    (2010)
  • N. Khakzad

    Application of dynamic Bayesian network to risk analysis of domino effects in chemical infrastructures

    Reliab Eng Syst Saf

    (2015)
  • N. Khakzad et al.

    Using graph theory to analyze the vulnerability of process plants in the context of cascading effects

    Reliab Eng Syst Saf

    (2015)
  • W. Kröger

    Critical infrastructures at risk: a need for a new conceptual approach and extended analytical tools

    Reliab Eng Syst Saf

    (2008)
  • N. Leveson

    A new accident model for engineering safer systems

    Saf Sci

    (2004)
  • L.F. Agnati et al.

    Three explanatory instruments in biology

    Commun Integr Biol

    (2009)
  • A. Alessandri et al.

    Evaluation of resilience of interconnected systems based on stability analysis

  • Z. Alipour et al.

    Comparing topological and reliability-based vulnerability analysis of Iran power transmission network

    Proc Inst Mech Eng Part O-J Risk Reliab

    (2014)
  • H. Amini et al.

    Resilience to contagion in financial networks

    Math Financ

    (2013)
  • G.E. Apostolakis et al.

    A screening methodology for the identification and ranking of infrastructure vulnerabilities due to terrorism

    Risk Anal

    (2005)
  • N.O. Attoh-Okine et al.

    Formulation of resilience index of urban infrastructure using belief functions

    Syst J, IEEE

    (2009)
  • T. Aven

    On some recent definitions and analysis frameworks for risk, vulnerability, and resilience response

    Risk Anal

    (2011)
  • Aven T. A conceptual foundation for assessing and managing risk, surprises and black swans. Paper presented at the...
  • R. Baldick et al.

    Initial review of methods for cascading failure analysis in electric power transmission systems IEEE PES CAMS task force on understanding, prediction, mitigation and restoration of cascading failures

    Power Energy Soc General Meet - Convers Deliv Electr Energy 21st Century, 2008 IEEE

    (2008)
  • H. Baroud et al.

    Inherent costs and interdependent impacts of infrastructure network resilience

    Risk Anal

    (2015)
  • M. Barthélemy

    Spatial networks

    Phys Rep

    (2011)
  • B. Bergman

    Conceptualistic pragmatism: a framework for Bayesian analysis?

    IIE Trans

    (2009)
  • Y. Berezin et al.

    Localized attacks on spatially embedded networks with dependencies

    Sci Rep

    (2015)
  • R. Bloomfield et al.

    Infrastructure interdependency analysis: introductory research review

    (2009)
  • G.A. Bonanno et al.

    What predicts psychological resilience after disaster? The role of demographics, resources, and life stress

    J Consult Clin Psychol

    (2007)
  • S. Bouchon

    The vulnerability of interdependent critical infrastructures systems: epistemological and conceptual state-of-the-art

    (2006)
  • T. Brown et al.

    Assessing infrastructure interdependencies: the challenge of risk analysis for complex adaptive systems

    Int J Crit Infrastruct

    (2004)
  • M. Bruneau et al.

    A framework to quantitatively assess and enhance the seismic resilience of communities

    Earthq Spectra

    (2003)
  • K.-M. Bryson et al.

    Using formal MS/OR modeling to support disaster recovery planning

    Eur J Oper Res

    (2002)
  • G.W. Bush

    Homeland Secur Pres Dir-3 (HSPD-3)

    (2002)
  • G.W. Bush

    Homeland Secur Pres Dir-7 (HSPD-7)

    (2003)
  • L. Buzna et al.

    Efficient response to cascading disaster spreading

    Phys Rev E

    (2007)
  • Z. Çağnan et al.

    Post-earthquake restoration planning for Los Angeles electric power

    Earthq Spectra

    (2006)
  • S. Carpenter et al.

    From metaphor to measurement: resilience of what to what?

    Ecosystems

    (2001)
  • B.A. Carreras et al.

    Evidence for self-organized criticality in a time series of electric power system blackouts

    Circuits Syst I: Regul Pap, IEEE Trans

    (2004)
  • E. Casalicchio et al.

    Inter-dependency assessment in the ICT-PS network: the MIA project results

  • M. Casari et al.

    Sequencing lifeline repairs after an earthquake: an economic approach

    Journal Regul Econ

    (2005)
  • Cited by (312)

    • Simulation-based dynamic risk analysis of urban buried gas pipeline network

      2023, Journal of Loss Prevention in the Process Industries
    View all citing articles on Scopus
    View full text