Addressing Climate Change as an Emerging Risk to Infrastructure Systems

The consequences that climate change could have on infrastructure systems are potentially severe but highly uncertain. This should make risk analysis a natural framework for climate adaptation in infrastructure systems. However, many aspects of climate change, such as weak background knowledge and societal controversy, make it an emerging risk where traditional approaches for risk assessment and management cannot be confidently employed. A number of research developments aimed at addressing these issues have emerged in recent years, such as the development of probabilistic climate projections, climate services, and robust decision frameworks. However, additional research is needed to improve the suitability of these methods for infrastructure planning. In this perspective, we outline some of the challenges in addressing climate change risks to infrastructure and summarize new developments aimed at meeting these challenges. We end by highlighting needs for future research, many of which could be well‐served by expertise within the risk analysis community.     

Stochastic Counterfactual Risk Analysis for the Vulnerability Assessment of Cyber‐Physical Attacks on Electricity Distribution Infrastructure Networks

In December 2015, a cyber‐physical attack took place on the Ukrainian electricity distribution network. This is regarded as one of the first cyber‐physical attacks on electricity infrastructure to have led to a substantial power outage and is illustrative of the increasing vulnerability of Critical National Infrastructure to this type of malicious activity. Few data points, coupled with the rapid emergence of cyber phenomena, has held back the development of resilience analytics of cyber‐physical attacks, relative to many other threats. We propose to overcome data limitations by applying stochastic counterfactual risk analysis as part of a new vulnerability assessment framework. The method is developed in the context of the direct and indirect socioeconomic impacts of a Ukrainian‐style cyber‐physical attack taking place on the electricity distribution network serving London and its surrounding regions. A key finding is that if decision‐makers wish to mitigate major population disruptions, then they must invest resources more‐or‐less equally across all substations, to prevent the scaling of a cyber‐physical attack. However, there are some substations associated with higher economic value due to their support of other Critical National Infrastructures assets, which justifies the allocation of additional cyber security investment to reduce the chance of cascading failure. Further cyber‐physical vulnerability research must address the tradeoffs inherent in a system made up of multiple institutions with different strategic risk mitigation objectives and metrics of value, such as governments, infrastructure operators, and commercial consumers of infrastructure services.     

A Data‐Driven Approach to Assessing Supply Inadequacy Risks Due to Climate‐Induced Shifts in Electricity Demand

The U.S. electric power system is increasingly vulnerable to the adverse impacts of extreme climate events. Supply inadequacy risk can result from climate‐induced shifts in electricity demand and/or damaged physical assets due to hydro‐meteorological hazards and climate change. In this article, we focus on the risks associated with the unanticipated climate‐induced demand shifts and propose a data‐driven approach to identify risk factors that render the electricity sector vulnerable in the face of future climate variability and change. More specifically, we have leveraged advanced supervised learning theory to identify the key predictors of climate‐sensitive demand in the residential, commercial, and industrial sectors. Our analysis indicates that variations in mean dew point temperature is the common major risk factor across all the three sectors. We have also conducted a statistical sensitivity analysis to assess the variability in the projected demand as a function of the key climate risk factor. We then propose the use of scenario‐based heat maps as a tool to communicate the inadequacy risks to stakeholders and decisionmakers. While we use the state of Ohio as a case study, our proposed approach is equally applicable to all other states.     

Catastrophe Risk Models for Evaluating Disaster Risk Reduction Investments in Developing Countries

Major natural disasters in recent years have had high human and economic costs, and triggered record high postdisaster relief from governments and international donors. Given the current economic situation worldwide, selecting the most effective disaster risk reduction (DRR) measures is critical. This is especially the case for low‐ and middle‐income countries, which have suffered disproportionally more economic and human losses from disasters. This article discusses a methodology that makes use of advanced probabilistic catastrophe models to estimate benefits of DRR measures. We apply such newly developed models to generate estimates for hurricane risk on residential structures on the island of St. Lucia, and earthquake risk on residential structures in Istanbul, Turkey, as two illustrative case studies. The costs and economic benefits for selected risk reduction measures are estimated taking account of hazard, exposure, and vulnerability. We conclude by emphasizing the advantages and challenges of catastrophe model‐based cost‐benefit analyses for DRR in developing countries.     

A Risk Assessment Framework for the Socioeconomic Impacts of Electricity Transmission Infrastructure Failure Due to Space Weather: An Application to the United Kingdom

Space weather phenomena have been studied in detail in the peer‐reviewed scientific literature. However, there has arguably been scant analysis of the potential socioeconomic impacts of space weather, despite a growing gray literature from different national studies, of varying degrees of methodological rigor. In this analysis, we therefore provide a general framework for assessing the potential socioeconomic impacts of critical infrastructure failure resulting from geomagnetic disturbances, applying it to the British high‐voltage electricity transmission network. Socioeconomic analysis of this threat has hitherto failed to address the general geophysical risk, asset vulnerability, and the network structure of critical infrastructure systems. We overcome this by using a three‐part method that includes (i) estimating the probability of intense magnetospheric substorms, (ii) exploring the vulnerability of electricity transmission assets to geomagnetically induced currents, and (iii) testing the socioeconomic impacts under different levels of space weather forecasting. This has required a multidisciplinary approach, providing a step toward the standardization of space weather risk assessment. We find that for a Carrington‐sized 1‐in‐100‐year event with no space weather forecasting capability, the gross domestic product loss to the United Kingdom could be as high as £15.9 billion, with this figure dropping to £2.9 billion based on current forecasting capability. However, with existing satellites nearing the end of their life, current forecasting capability will decrease in coming years. Therefore, if no further investment takes place, critical infrastructure will become more vulnerable to space weather. Additional investment could provide enhanced forecasting, reducing the economic loss for a Carrington‐sized 1‐in‐100‐year event to £0.9 billion.     

基于元网络分析的重大基础设施建设项目风险评估框架与实证

重大基础设施项目具有战略性、集成性、复杂性等特征，项目容易受到多种风险因素的综合影响，导致项目目标的偏离。现有风险评估与风险决策的方法缺乏对于风险因素、风险事件之间关联的分析。为了实现重大基础设施建设项目综合系统的风险评估，本文采用元网络分析方法，构建项目目标、风险事件和风险因素的交互模型，揭示重大基础设施风险事件发生机制的黑箱过程。风险评估过程中，通过多个网络叠加运算分析每个风险因素对于各种风险事件以及项目各目标的影响情况，改进了以往仅对风险因素单一影响程度的风险评估方法。同时，本研究选择我国某河流水电站过坝运输项目方案比选的风险评估过程验证方法的适用性。     

EvacuAid: A Probabilistic Model to Determine the Expected Loss of Life for Different Mass Evacuation Strategies During Flood Threats

Evacuation of people in case of a threat is a possible risk management strategy. Evacuation has the potential to save lives, but it can be costly with respect to time, money, and credibility. The consequences of an evacuation strategy depend on a combination of the time available, citizen response, authority response, and capacity of the infrastructure. The literature that discusses evacuations in case of flood risk management focuses, in most cases, only on a best‐case strategy as a preventive evacuation and excludes other possible strategies. This article introduces a probabilistic method, EvacuAid, to determine the benefits of different types of evacuation with regards to loss of life. The method is applied for a case study in the Netherlands for preventive and vertical evacuation due to flood risk. The results illustrate the impact of uncertainties in available time and actual conditions (e.g., the responses of citizens and authorities and the use of infrastructure). It is concluded that preparation for evacuation requires adaptive planning that takes preventive and vertical evacuation into account, based on a risk management approach.     

Review and Evaluation of the J100-10 Risk and Resilience Management Standard for Water and Wastewater Systems

Risk analysis standards are often employed to protect critical infrastructures, which are vital to a nation's security, economy, and safety of its citizens. We present an analysis framework for evaluating such standards and apply it to the J100-10 risk analysis standard for water and wastewater systems. In doing so, we identify gaps between practices recommended in the standard and the state of the art. While individual processes found within infrastructure risk analysis standards have been evaluated in the past, we present a foundational review and focus specifically on water systems. By highlighting both the conceptual shortcomings and practical limitations, we aim to prioritize the shortcomings needed to be addressed. Key findings from this study include (1) risk definitions fail to address notions of uncertainty, (2) the sole use of “worst reasonable case” assumptions can lead to mischaracterizations of risk, (3) analysis of risk and resilience at the threat-asset resolution ignores dependencies within the system, and (4) stakeholder values need to be assessed when balancing the tradeoffs between risk reduction and resilience enhancement.     

A Comprehensive Risk Analysis of Transportation Networks Affected by Rainfall‐Induced Multihazards

Climate change and its projected natural hazards have an adverse impact on the functionality and operation of transportation infrastructure systems. This study presents a comprehensive framework to analyze the risk to transportation infrastructure networks that are affected by natural hazards. The proposed risk analysis method considers both the failure probability of infrastructure components and the expected infrastructure network efficiency and capacity loss due to component failure. This comprehensive approach facilitates the identification of high‐risk network links in terms of not only their susceptibility to natural hazards but also their overall impact on the network. The Chinese national rail system and its exposure to rainfall‐related multihazards are used as a case study. The importance of various links is comprehensively assessed from the perspectives of topological, efficiency, and capacity criticality. Risk maps of the national railway system are generated, which can guide decisive action regarding investments in preventative and adaptive measures to reduce risk.     

Insurance,Public Assistance,and Household Flood Risk Reduction: A Comparative Study of Austria,England, and Romania

In light of increasing losses from floods, many researchers and policymakers are looking for ways to encourage flood risk reduction among communities, business, and households. In this study, we investigate risk‐reduction behavior at the household level in three European Union Member States with fundamentally different insurance and compensation schemes. We try to understand if and how insurance and public assistance influence private risk‐reduction behavior. Data were collected using a telephone survey (n = 1,849) of household decisionmakers in flood‐prone areas. We show that insurance overall is positively associated with private risk‐reduction behavior. Warranties, premium discounts, and information provision with respect to risk reduction may be an explanation for this positive relationship in the case of structural measures. Public incentives for risk‐reduction measures by means of financial and in‐kind support, and particularly through the provision of information, are also associated with enhancing risk reduction. In this study, public compensation is not negatively associated with private risk‐reduction behavior. This does not disprove such a relationship, but the negative effect may be mitigated by factors related to respondents' capacity to implement measures or social norms that were not included in the analysis. The data suggest that large‐scale flood protection infrastructure creates a sense of security that is associated with a lower level of preparedness. Across the board there is ample room to improve both public and private policies to provide effective incentives for household‐level risk reduction.     

Risk Analysis of Dust Explosion Scenarios Using Bayesian Networks

In this study, a methodology has been proposed for risk analysis of dust explosion scenarios based on Bayesian network. Our methodology also benefits from a bow‐tie diagram to better represent the logical relationships existing among contributing factors and consequences of dust explosions. In this study, the risks of dust explosion scenarios are evaluated, taking into account common cause failures and dependencies among root events and possible consequences. Using a diagnostic analysis, dust particle properties, oxygen concentration, and safety training of staff are identified as the most critical root events leading to dust explosions. The probability adaptation concept is also used for sequential updating and thus learning from past dust explosion accidents, which is of great importance in dynamic risk assessment and management. We also apply the proposed methodology to a case study to model dust explosion scenarios, to estimate the envisaged risks, and to identify the vulnerable parts of the system that need additional safety measures.     

The Benefits and Costs of Disclosing Information about Risks: What Do We Know about Right‐to‐Know?

Following the attacks of September 11, 2001, the Environmental Protection Agency and other government agencies removed information from their web sites that they feared could invite attacks on critical public and private infrastructure. Accordingly, the benefits and costs of environmental information disclosure programs have come under increasing scrutiny. This article describes a framework for examining these benefits and costs and illustrates the framework through brief case studies of two information disclosure programs: risk management planning and materials accounting. The article outlines what we know and still need to find out about information disclosure programs in order to appropriately balance benefits and costs.     

Geographic Hotspots of Critical National Infrastructure

Failure of critical national infrastructures can result in major disruptions to society and the economy. Understanding the criticality of individual assets and the geographic areas in which they are located is essential for targeting investments to reduce risks and enhance system resilience. Within this study we provide new insights into the criticality of real‐life critical infrastructure networks by integrating high‐resolution data on infrastructure location, connectivity, interdependence, and usage. We propose a metric of infrastructure criticality in terms of the number of users who may be directly or indirectly disrupted by the failure of physically interdependent infrastructures. Kernel density estimation is used to integrate spatially discrete criticality values associated with individual infrastructure assets, producing a continuous surface from which statistically significant infrastructure criticality hotspots are identified. We develop a comprehensive and unique national‐scale demonstration for England and Wales that utilizes previously unavailable data from the energy, transport, water, waste, and digital communications sectors. The testing of 200,000 failure scenarios identifies that hotspots are typically located around the periphery of urban areas where there are large facilities upon which many users depend or where several critical infrastructures are concentrated in one location.     

Ranking the Risks from Multiple Hazards in a Small Community

Natural hazards, human-induced accidents, and malicious acts have caused great losses and disruptions to society. After September 11, 2001, critical infrastructure protection has become a national focus in the United States and is likely to remain one for the foreseeable future. Damage to the infrastructures and assets could be mitigated through predisaster planning and actions. A systematic methodology was developed to assess and rank the risks from these multiple hazards in a community of 20,000 people. It is an interdisciplinary study that includes probabilistic risk assessment (PRA), decision analysis, and expert judgment. Scenarios are constructed to show how the initiating events evolve into undesirable consequences. A value tree, based on multi-attribute utility theory (MAUT), is used to capture the decisionmaker's preferences about the impacts on the infrastructures and other assets. The risks from random failures are ranked according to their expected performance index (PI), which is the product of frequency, probabilities, and consequences of a scenario. Risks from malicious acts are ranked according to their PI as the frequency of attack is not available. A deliberative process is used to capture the factors that could not be addressed in the analysis and to scrutinize the results. This methodology provides a framework for the development of a risk-informed decision strategy. Although this study uses the Massachusetts Institute of Technology campus as a case study of a real project, it is a general methodology that could be used by other similar communities and municipalities.     

A Risk-Based Approach to Setting Priorities in Protecting Bridges Against Terrorist Attacks

This article presents an approach to the problem of terrorism risk assessment and management by adapting the framework of the risk filtering, ranking, and management method. The assessment is conducted at two levels: (1) the system level, and (2) the asset-specific level. The system-level risk assessment attempts to identify and prioritize critical infrastructures from an inventory of system assets. The definition of critical infrastructures offered by Presidential Decision Directive 63 was used to determine the set of attributes to identify critical assets--categorized according to national, regional, and local impact. An example application is demonstrated using information from the Federal Highway Administration National Bridge Inventory for the State of Virginia. Conversely, the asset-specific risk assessment performs an in-depth analysis of the threats and vulnerabilities of a specific critical infrastructure. An illustration is presented to offer some insights in risk scenario identification and prioritization, multiobjective evaluation of management options, and extreme-event analysis for critical infrastructure protection.     

An Adversarial Risk Analysis Framework for Cybersecurity

Risk analysis is an essential methodology for cybersecurity as it allows organizations to deal with cyber threats potentially affecting them, prioritize the defense of their assets, and decide what security controls should be implemented. Many risk analysis methods are present in cybersecurity models, compliance frameworks, and international standards. However, most of them employ risk matrices, which suffer shortcomings that may lead to suboptimal resource allocations. We propose a comprehensive framework for cybersecurity risk analysis, covering the presence of both intentional and nonintentional threats and the use of insurance as part of the security portfolio. A simplified case study illustrates the proposed framework, serving as template for more complex problems.     

What's Wrong with Hazard‐Ranking Systems? An Expository Note

Two commonly recommended principles for allocating risk management resources to remediate uncertain hazards are: (1) select a subset to maximize risk-reduction benefits (e.g., maximize the von Neumann-Morgenstern expected utility of the selected risk-reducing activities), and (2) assign priorities to risk-reducing opportunities and then select activities from the top of the priority list down until no more can be afforded. When different activities create uncertain but correlated risk reductions, as is often the case in practice, then these principles are inconsistent: priority scoring and ranking fails to maximize risk-reduction benefits. Real-world risk priority scoring systems used in homeland security and terrorism risk assessment, environmental risk management, information system vulnerability rating, business risk matrices, and many other important applications do not exploit correlations among risk-reducing opportunities or optimally diversify risk-reducing investments. As a result, they generally make suboptimal risk management recommendations. Applying portfolio optimization methods instead of risk prioritization ranking, rating, or scoring methods can achieve greater risk-reduction value for resources spent.     

Analysis of Affordance,Time, and Adaptation in the Assessment of Industrial Control System Cybersecurity Risk

Industrial control systems increasingly use standard communication protocols and are increasingly connected to public networks—creating substantial cybersecurity risks, especially when used in critical infrastructures such as electricity and water distribution systems. Methods of assessing risk in such systems have recognized for some time the way in which the strategies of potential adversaries and risk managers interact in defining the risk to which such systems are exposed. But it is also important to consider the adaptations of the systems’ operators and other legitimate users to risk controls, adaptations that often appear to undermine these controls, or shift the risk from one part of a system to another. Unlike the case with adversarial risk analysis, the adaptations of system users are typically orthogonal to the objective of minimizing or maximizing risk in the system. We argue that this need to analyze potential adaptations to risk controls is true for risk problems more generally, and we develop a framework for incorporating such adaptations into an assessment process. The method is based on the principle of affordances, and we show how this can be incorporated in an iterative procedure based on raising the minimum period of risk materialization above some threshold. We apply the method in a case study of a small European utility provider and discuss the observations arising from this.     

Market‐Implied Spread for Earthquake CAT Bonds: Financial Implications of Engineering Decisions

In the event of natural and man‐made disasters, owners of large‐scale infrastructure facilities (assets) need contingency plans to effectively restore the operations within the acceptable timescales. Traditionally, the insurance sector provides the coverage against potential losses. However, there are many problems associated with this traditional approach to risk transfer including counterparty risk and litigation. Recently, a number of innovative risk mitigation methods, termed alternative risk transfer (ART) methods, have been introduced to address these problems. One of the most important ART methods is catastrophe (CAT) bonds. The objective of this article is to develop an integrative model that links engineering design parameters with financial indicators including spread and bond rating. The developed framework is based on a four‐step structural loss model and transformed survival model to determine expected excess returns. We illustrate the framework for a seismically designed bridge using two unique CAT bond contracts. The results show a nonlinear relationship between engineering design parameters and market‐implied spread.     

System of Systems Engineering and Risk Management of Extreme Events: Concepts and Case Study

The domain of risk analysis is expanded to consider strategic interactions among multiple participants in the management of extreme risk in a system of systems. These risks are fraught with complexity, ambiguity, and uncertainty, which pose challenges in how participants perceive, understand, and manage risk of extreme events. In the case of extreme events affecting a system of systems, cause‐and‐effect relationships among initiating events and losses may be difficult to ascertain due to interactions of multiple systems and participants (complexity). Moreover, selection of threats, hazards, and consequences on which to focus may be unclear or contentious to participants within multiple interacting systems (ambiguity). Finally, all types of risk, by definition, involve potential losses due to uncertain events (uncertainty). Therefore, risk analysis of extreme events affecting a system of systems should address complex, ambiguous, and uncertain aspects of extreme risk. To accomplish this, a system of systems engineering methodology for risk analysis is proposed as a general approach to address extreme risk in a system of systems. Our contribution is an integrative and adaptive systems methodology to analyze risk such that strategic interactions among multiple participants are considered. A practical application of the system of systems engineering methodology is demonstrated in part by a case study of a maritime infrastructure system of systems interface, namely, the Straits of Malacca and Singapore.