Integration of Critical Infrastructure and Societal Consequence Models: Impact on Swedish Power System Mitigation Decisions

Critical infrastructures provide society with services essential to its functioning, and extensive disruptions give rise to large societal consequences. Risk and vulnerability analyses of critical infrastructures generally focus narrowly on the infrastructure of interest and describe the consequences as nonsupplied commodities or the cost of unsupplied commodities; they rarely holistically consider the larger impact with respect to higher‐order consequences for the society. From a societal perspective, this narrow focus may lead to severe underestimation of the negative effects of infrastructure disruptions. To explore this theory, an integrated modeling approach, combining models of critical infrastructures and economic input–output models, is proposed and applied in a case study. In the case study, a representative model of the Swedish power transmission system and a regionalized economic input–output model are utilized. This enables exploration of how a narrow infrastructure or a more holistic societal consequence perspective affects vulnerability‐related mitigation decisions regarding critical infrastructures. Two decision contexts related to prioritization of different vulnerability‐reducing measures are considered—identifying critical components and adding system components to increase robustness. It is concluded that higher‐order societal consequences due to power supply disruptions can be up to twice as large as first‐order consequences, which in turn has a significant effect on the identification of which critical components are to be protected or strengthened and a smaller effect on the ranking of improvement measures in terms of adding system components to increase system redundancy.     

Toward Disaster‐Resilient Cities: Characterizing Resilience of Infrastructure Systems with Expert Judgments

Resilient infrastructure systems are essential for cities to withstand and rapidly recover from natural and human‐induced disasters, yet electric power, transportation, and other infrastructures are highly vulnerable and interdependent. New approaches for characterizing the resilience of sets of infrastructure systems are urgently needed, at community and regional scales. This article develops a practical approach for analysts to characterize a community's infrastructure vulnerability and resilience in disasters. It addresses key challenges of incomplete incentives, partial information, and few opportunities for learning. The approach is demonstrated for Metro Vancouver, Canada, in the context of earthquake and flood risk. The methodological approach is practical and focuses on potential disruptions to infrastructure services. In spirit, it resembles probability elicitation with multiple experts; however, it elicits disruption and recovery over time, rather than uncertainties regarding system function at a given point in time. It develops information on regional infrastructure risk and engages infrastructure organizations in the process. Information sharing, iteration, and learning among the participants provide the basis for more informed estimates of infrastructure system robustness and recovery that incorporate the potential for interdependent failures after an extreme event. Results demonstrate the vital importance of cross‐sectoral communication to develop shared understanding of regional infrastructure disruption in disasters. For Vancouver, specific results indicate that in a hypothetical M7.3 earthquake, virtually all infrastructures would suffer severe disruption of service in the immediate aftermath, with many experiencing moderate disruption two weeks afterward. Electric power, land transportation, and telecommunications are identified as core infrastructure sectors.     

Topological Performance Measures as Surrogates for Physical Flow Models for Risk and Vulnerability Analysis for Electric Power Systems

Critical infrastructure systems must be both robust and resilient in order to ensure the functioning of society. To improve the performance of such systems, we often use risk and vulnerability analysis to find and address system weaknesses. A critical component of such analyses is the ability to accurately determine the negative consequences of various types of failures in the system. Numerous mathematical and simulation models exist that can be used to this end. However, there are relatively few studies comparing the implications of using different modeling approaches in the context of comprehensive risk analysis of critical infrastructures. In this article, we suggest a classification of these models, which span from simple topologically‐oriented models to advanced physical‐flow‐based models. Here, we focus on electric power systems and present a study aimed at understanding the tradeoffs between simplicity and fidelity in models used in the context of risk analysis. Specifically, the purpose of this article is to compare performance estimates achieved with a spectrum of approaches typically used for risk and vulnerability analysis of electric power systems and evaluate if more simplified topological measures can be combined using statistical methods to be used as a surrogate for physical flow models. The results of our work provide guidance as to appropriate models or combinations of models to use when analyzing large‐scale critical infrastructure systems, where simulation times quickly become insurmountable when using more advanced models, severely limiting the extent of analyses that can be performed.     

An Optimization‐Based Framework for the Identification of Vulnerabilities in Electric Power Grids Exposed to Natural Hazards

This article proposes a novel mathematical optimization framework for the identification of the vulnerabilities of electric power infrastructure systems (which is a paramount example of critical infrastructure) due to natural hazards. In this framework, the potential impacts of a specific natural hazard on an infrastructure are first evaluated in terms of failure and recovery probabilities of system components. Then, these are fed into a bi‐level attacker–defender interdiction model to determine the critical components whose failures lead to the largest system functionality loss. The proposed framework bridges the gap between the difficulties of accurately predicting the hazard information in classical probability‐based analyses and the over conservatism of the pure attacker–defender interdiction models. Mathematically, the proposed model configures a bi‐level max‐min mixed integer linear programming (MILP) that is challenging to solve. For its solution, the problem is casted into an equivalent one‐level MILP that can be solved by efficient global solvers. The approach is applied to a case study concerning the vulnerability identification of the georeferenced RTS24 test system under simulated wind storms. The numerical results demonstrate the effectiveness of the proposed framework for identifying critical locations under multiple hazard events and, thus, for providing a useful tool to help decisionmakers in making more‐informed prehazard preparation decisions.     

Geographic Hotspots of Critical National Infrastructure

Failure of critical national infrastructures can result in major disruptions to society and the economy. Understanding the criticality of individual assets and the geographic areas in which they are located is essential for targeting investments to reduce risks and enhance system resilience. Within this study we provide new insights into the criticality of real‐life critical infrastructure networks by integrating high‐resolution data on infrastructure location, connectivity, interdependence, and usage. We propose a metric of infrastructure criticality in terms of the number of users who may be directly or indirectly disrupted by the failure of physically interdependent infrastructures. Kernel density estimation is used to integrate spatially discrete criticality values associated with individual infrastructure assets, producing a continuous surface from which statistically significant infrastructure criticality hotspots are identified. We develop a comprehensive and unique national‐scale demonstration for England and Wales that utilizes previously unavailable data from the energy, transport, water, waste, and digital communications sectors. The testing of 200,000 failure scenarios identifies that hotspots are typically located around the periphery of urban areas where there are large facilities upon which many users depend or where several critical infrastructures are concentrated in one location.     

Infrastructure Vulnerability Assessment Model (I-VAM)

Quantifying vulnerability to critical infrastructure has not been adequately addressed in the literature. Thus, the purpose of this article is to present a model that quantifies vulnerability. Vulnerability is defined as a measure of system susceptibility to threat scenarios. This article asserts that vulnerability is a condition of the system and it can be quantified using the Infrastructure Vulnerability Assessment Model (I-VAM). The model is presented and then applied to a medium-sized clean water system. The model requires subject matter experts (SMEs) to establish value functions and weights, and to assess protection measures of the system. Simulation is used to account for uncertainty in measurement, aggregate expert assessment, and to yield a vulnerability (Omega) density function. Results demonstrate that I-VAM is useful to decisionmakers who prefer quantification to qualitative treatment of vulnerability. I-VAM can be used to quantify vulnerability to other infrastructures, supervisory control and data acquisition systems (SCADA), and distributed control systems (DCS).     

A Risk Assessment Framework for the Socioeconomic Impacts of Electricity Transmission Infrastructure Failure Due to Space Weather: An Application to the United Kingdom

Space weather phenomena have been studied in detail in the peer‐reviewed scientific literature. However, there has arguably been scant analysis of the potential socioeconomic impacts of space weather, despite a growing gray literature from different national studies, of varying degrees of methodological rigor. In this analysis, we therefore provide a general framework for assessing the potential socioeconomic impacts of critical infrastructure failure resulting from geomagnetic disturbances, applying it to the British high‐voltage electricity transmission network. Socioeconomic analysis of this threat has hitherto failed to address the general geophysical risk, asset vulnerability, and the network structure of critical infrastructure systems. We overcome this by using a three‐part method that includes (i) estimating the probability of intense magnetospheric substorms, (ii) exploring the vulnerability of electricity transmission assets to geomagnetically induced currents, and (iii) testing the socioeconomic impacts under different levels of space weather forecasting. This has required a multidisciplinary approach, providing a step toward the standardization of space weather risk assessment. We find that for a Carrington‐sized 1‐in‐100‐year event with no space weather forecasting capability, the gross domestic product loss to the United Kingdom could be as high as £15.9 billion, with this figure dropping to £2.9 billion based on current forecasting capability. However, with existing satellites nearing the end of their life, current forecasting capability will decrease in coming years. Therefore, if no further investment takes place, critical infrastructure will become more vulnerable to space weather. Additional investment could provide enhanced forecasting, reducing the economic loss for a Carrington‐sized 1‐in‐100‐year event to £0.9 billion.     

A Risk-Based Approach to Setting Priorities in Protecting Bridges Against Terrorist Attacks

This article presents an approach to the problem of terrorism risk assessment and management by adapting the framework of the risk filtering, ranking, and management method. The assessment is conducted at two levels: (1) the system level, and (2) the asset-specific level. The system-level risk assessment attempts to identify and prioritize critical infrastructures from an inventory of system assets. The definition of critical infrastructures offered by Presidential Decision Directive 63 was used to determine the set of attributes to identify critical assets--categorized according to national, regional, and local impact. An example application is demonstrated using information from the Federal Highway Administration National Bridge Inventory for the State of Virginia. Conversely, the asset-specific risk assessment performs an in-depth analysis of the threats and vulnerabilities of a specific critical infrastructure. An illustration is presented to offer some insights in risk scenario identification and prioritization, multiobjective evaluation of management options, and extreme-event analysis for critical infrastructure protection.     

Probabilistic Multiple Hazard Resilience Model of an Interdependent Infrastructure System

Multiple hazard resilience is of significant practical value because most regions of the world are subject to multiple natural and technological hazards. An analysis and assessment approach for multiple hazard spatiotemporal resilience of interdependent infrastructure systems is developed using network theory and a numerical analysis. First, we define multiple hazard resilience and present a quantitative probabilistic metric based on the expansion of a single hazard deterministic resilience model. Second, we define a multiple hazard relationship analysis model with a focus on the impact of hazards on an infrastructure. Subsequently, a relationship matrix is constructed with temporal and spatial dimensions. Further, a general method for the evaluation of direct impacts on an individual infrastructure under multiple hazards is proposed. Third, we present an analysis of indirect multiple hazard impacts on interdependent infrastructures and a joint restoration model of an infrastructure system. Finally, a simplified two‐layer interdependent infrastructure network is used as a case study for illustrating the proposed methodology. The results show that temporal and spatial relationships of multiple hazards significantly influence system resilience. Moreover, the interdependence among infrastructures further magnifies the impact on resilience value. The main contribution of the article is a new multiple hazard resilience evaluation approach that is capable of integrating the impacts of multiple hazard interactions, interdependence of network components (layers), and restoration strategy.     

Stochastic Counterfactual Risk Analysis for the Vulnerability Assessment of Cyber‐Physical Attacks on Electricity Distribution Infrastructure Networks

In December 2015, a cyber‐physical attack took place on the Ukrainian electricity distribution network. This is regarded as one of the first cyber‐physical attacks on electricity infrastructure to have led to a substantial power outage and is illustrative of the increasing vulnerability of Critical National Infrastructure to this type of malicious activity. Few data points, coupled with the rapid emergence of cyber phenomena, has held back the development of resilience analytics of cyber‐physical attacks, relative to many other threats. We propose to overcome data limitations by applying stochastic counterfactual risk analysis as part of a new vulnerability assessment framework. The method is developed in the context of the direct and indirect socioeconomic impacts of a Ukrainian‐style cyber‐physical attack taking place on the electricity distribution network serving London and its surrounding regions. A key finding is that if decision‐makers wish to mitigate major population disruptions, then they must invest resources more‐or‐less equally across all substations, to prevent the scaling of a cyber‐physical attack. However, there are some substations associated with higher economic value due to their support of other Critical National Infrastructures assets, which justifies the allocation of additional cyber security investment to reduce the chance of cascading failure. Further cyber‐physical vulnerability research must address the tradeoffs inherent in a system made up of multiple institutions with different strategic risk mitigation objectives and metrics of value, such as governments, infrastructure operators, and commercial consumers of infrastructure services.     

A Screening Methodology for the Identification and Ranking of Infrastructure Vulnerabilities Due to Terrorism

The extreme importance of critical infrastructures to modern society is widely recognized. These infrastructures are complex and interdependent. Protecting the critical infrastructures from terrorism presents an enormous challenge. Recognizing that society cannot afford the costs associated with absolute protection, it is necessary to identify and prioritize the vulnerabilities in these infrastructures. This article presents a methodology for the identification and prioritization of vulnerabilities in infrastructures. We model the infrastructures as interconnected digraphs and employ graph theory to identify the candidate vulnerable scenarios. These scenarios are screened for the susceptibility of their elements to a terrorist attack, and a prioritized list of vulnerabilities is produced. The prioritization methodology is based on multiattribute utility theory. The impact of losing infrastructure services is evaluated using a value tree that reflects the perceptions and values of the decisionmaker and the relevant stakeholders. These results, which are conditional on a specified threat, are provided to the decisionmaker for use in risk management. The methodology is illustrated through the presentation of a portion of the analysis conducted on the campus of the Massachusetts Institute of Technology.     

Optimization of Cascade‐Resilient Electrical Infrastructures and its Validation by Power Flow Modeling

Large‐scale outages on real‐world critical infrastructures, although infrequent, are increasingly disastrous to our society. In this article, we are primarily concerned with power transmission networks and we consider the problem of allocation of generation to distributors by rewiring links under the objectives of maximizing network resilience to cascading failure and minimizing investment costs. The combinatorial multiobjective optimization is carried out by a nondominated sorting binary differential evolution (NSBDE) algorithm. For each generators–distributors connection pattern considered in the NSBDE search, a computationally cheap, topological model of failure cascading in a complex network (named the Motter‐Lai [ML] model) is used to simulate and quantify network resilience to cascading failures initiated by targeted attacks. The results on the 400 kV French power transmission network case study show that the proposed method allows us to identify optimal patterns of generators–distributors connection that improve cascading resilience at an acceptable cost. To verify the realistic character of the results obtained by the NSBDE with the embedded ML topological model, a more realistic but also more computationally expensive model of cascading failures is adopted, based on optimal power flow (namely, the ORNL‐Pserc‐Alaska) model). The consistent results between the two models provide impetus for the use of topological, complex network theory models for analysis and optimization of large infrastructures against cascading failure with the advantages of simplicity, scalability, and low computational cost.     

Spatial Risk Analysis of Power Systems Resilience During Extreme Events

The increased frequency of extreme events in recent years highlights the emerging need for the development of methods that could contribute to the mitigation of the impact of such events on critical infrastructures, as well as boost their resilience against them. This article proposes an online spatial risk analysis capable of providing an indication of the evolving risk of power systems regions subject to extreme events. A Severity Risk Index (SRI) with the support of real‐time monitoring assesses the impact of the extreme events on the power system resilience, with application to the effect of windstorms on transmission networks. The index considers the spatial and temporal evolution of the extreme event, system operating conditions, and the degraded system performance during the event. SRI is based on probabilistic risk by condensing the probability and impact of possible failure scenarios while the event is spatially moving across a power system. Due to the large number of possible failures during an extreme event, a scenario generation and reduction algorithm is applied in order to reduce the computation time. SRI provides the operator with a probabilistic assessment that could lead to effective resilience‐based decisions for risk mitigation. The IEEE 24‐bus Reliability Test System has been used to demonstrate the effectiveness of the proposed online risk analysis, which was embedded in a sequential Monte Carlo simulation for capturing the spatiotemporal effects of extreme events and evaluating the effectiveness of the proposed method.     

Evaluating and Visualizing the Economic Impact of Commercial Districts Due to an Electric Power Network Disruption

Critical infrastructure networks enable social behavior, economic productivity, and the way of life of communities. Disruptions to these cyber–physical–social networks highlight their importance. Recent disruptions caused by natural phenomena, including Hurricanes Harvey and Irma in 2017, have particularly demonstrated the importance of functioning electric power networks. Assessing the economic impact (EI) of electricity outages after a service disruption is a challenging task, particularly when interruption costs vary by the type of electric power use (e.g., residential, commercial, industrial). In contrast with most of the literature, this work proposes an approach to spatially evaluate EIs of disruptions to particular components of the electric power network, thus enabling resilience‐based preparedness planning from economic and community perspectives. Our contribution is a mix‐method approach that combines EI evaluation, component importance analysis, and GIS visualization for decision making. We integrate geographic information systems and an economic evaluation of sporadic electric power outages to provide a tool to assist with prioritizing restoration of power in commercial areas that have the largest impact. By making use of public data describing commercial market value, gross domestic product, and electric area distribution, this article proposes a method to evaluate the EI experienced by commercial districts. A geospatial visualization is presented to observe and compare the areas that are more vulnerable in terms of EI based on the areas covered by each distribution substation. Additionally, a heat map is developed to observe the behavior of disrupted substations to determine the important component exhibiting the highest EI. The proposed resilience analytics approach is applied to analyze outages of substations in the boroughs of New York City.     

Rethinking Resilience Analytics

The concept of “resilience analytics” has recently been proposed as a means to leverage the promise of big data to improve the resilience of interdependent critical infrastructure systems and the communities supported by them. Given recent advances in machine learning and other data‐driven analytic techniques, as well as the prevalence of high‐profile natural and man‐made disasters, the temptation to pursue resilience analytics without question is almost overwhelming. Indeed, we find big data analytics capable to support resilience to rare, situational surprises captured in analytic models. Nonetheless, this article examines the efficacy of resilience analytics by answering a single motivating question: Can big data analytics help cyber–physical–social (CPS) systems adapt to surprise? This article explains the limitations of resilience analytics when critical infrastructure systems are challenged by fundamental surprises never conceived during model development. In these cases, adoption of resilience analytics may prove either useless for decision support or harmful by increasing dangers during unprecedented events. We demonstrate that these dangers are not limited to a single CPS context by highlighting the limits of analytic models during hurricanes, dam failures, blackouts, and stock market crashes. We conclude that resilience analytics alone are not able to adapt to the very events that motivate their use and may, ironically, make CPS systems more vulnerable. We present avenues for future research to address this deficiency, with emphasis on improvisation to adapt CPS systems to fundamental surprise.     

A Bayesian Method to Mine Spatial Data Sets to Evaluate the Vulnerability of Human Beings to Catastrophic Risk

Vulnerability of human beings exposed to a catastrophic disaster is affected by multiple factors that include hazard intensity, environment, and individual characteristics. The traditional approach to vulnerability assessment, based on the aggregate‐area method and unsupervised learning, cannot incorporate spatial information; thus, vulnerability can be only roughly assessed. In this article, we propose Bayesian network (BN) and spatial analysis techniques to mine spatial data sets to evaluate the vulnerability of human beings. In our approach, spatial analysis is leveraged to preprocess the data; for example, kernel density analysis (KDA) and accumulative road cost surface modeling (ARCSM) are employed to quantify the influence of geofeatures on vulnerability and relate such influence to spatial distance. The knowledge‐ and data‐based BN provides a consistent platform to integrate a variety of factors, including those extracted by KDA and ARCSM to model vulnerability uncertainty. We also consider the model's uncertainty and use the Bayesian model average and Occam's Window to average the multiple models obtained by our approach to robust prediction of the risk and vulnerability. We compare our approach with other probabilistic models in the case study of seismic risk and conclude that our approach is a good means to mining spatial data sets for evaluating vulnerability.     

考虑恢复依赖的基础设施网络应急恢复决策

在大规模突发事件发生后,基础设施恢复任务之间会形成复杂的依赖关系,本文考虑了在此条件下基础设施系统的恢复设计与调度决策问题。基于网络流理论,以累积恢复效能最大化与成本最小化为目标,构建了涵盖阻塞依赖、选项依赖和效率依赖三类恢复依赖关系的集成恢复设计与调度决策混合整数规划模型,并且设计了求解模型的启发式算法。最后,以长沙市真实基础设施数据集为基础,构造了突发事件后的损毁场景实例,利用模型求解得出了受损基础设施的恢复设计与调度决策方案,并且分析了决策周期长度与工作组数量对累积恢复效能和成本的影响。结果表明：(1)该模型在突发事件后的基础设施恢复决策中具有应用可行性;(2)决策周期长度显著影响累积恢复效能,随着决策周期长度与恢复过程中各组件恢复耗时契合度的提升,累积恢复效能获得有效增长,并且,在决策周期长度的取值范围内,总成本存在最小值;(3)随工作组数量的增加,累积恢复效能呈增长趋势,增长率逐渐减小,同时,总成本呈减少趋势,减少率也逐渐减小。     

Ranking the Risks from Multiple Hazards in a Small Community

Natural hazards, human-induced accidents, and malicious acts have caused great losses and disruptions to society. After September 11, 2001, critical infrastructure protection has become a national focus in the United States and is likely to remain one for the foreseeable future. Damage to the infrastructures and assets could be mitigated through predisaster planning and actions. A systematic methodology was developed to assess and rank the risks from these multiple hazards in a community of 20,000 people. It is an interdisciplinary study that includes probabilistic risk assessment (PRA), decision analysis, and expert judgment. Scenarios are constructed to show how the initiating events evolve into undesirable consequences. A value tree, based on multi-attribute utility theory (MAUT), is used to capture the decisionmaker's preferences about the impacts on the infrastructures and other assets. The risks from random failures are ranked according to their expected performance index (PI), which is the product of frequency, probabilities, and consequences of a scenario. Risks from malicious acts are ranked according to their PI as the frequency of attack is not available. A deliberative process is used to capture the factors that could not be addressed in the analysis and to scrutinize the results. This methodology provides a framework for the development of a risk-informed decision strategy. Although this study uses the Massachusetts Institute of Technology campus as a case study of a real project, it is a general methodology that could be used by other similar communities and municipalities.     

基于知识库的应急领域脆弱性指标体系研究

应急事件的演化和应急领域的脆弱性指标变化有着密切关系。大型运作系统核心能力受损后的应急期间,管理者非常关心如何根据动态变化的受损情况把握关键指标因素进行恢复,从而降低应急管理成本。本文基于知识库对应急领域知识结构进行分析,并将层级时序记忆方法引入应急脆弱性指标知识挖掘体系,通过脆弱性态势感知解决了指标约简问题,最后给出了构建知识库的推理机设计和推理算法。本文得到有助于应急管理的结论：基于知识库的脆弱性指标体系可动态分析突发事件和应急管理中蕴涵的知识,有助于对应急事件演化机理准确把握,提高应对效率。     

Assessing the Performance of a Classification‐Based Vulnerability Analysis Model

In this article, a classification model based on the majority rule sorting (MR‐Sort) method is employed to evaluate the vulnerability of safety‐critical systems with respect to malevolent intentional acts. The model is built on the basis of a (limited‐size) set of data representing (a priori known) vulnerability classification examples. The empirical construction of the classification model introduces a source of uncertainty into the vulnerability analysis process: a quantitative assessment of the performance of the classification model (in terms of accuracy and confidence in the assignments) is thus in order. Three different app oaches are here considered to this aim: (i) a model–retrieval‐based approach, (ii) the bootstrap method, and (iii) the leave‐one‐out cross‐validation technique. The analyses are presented with reference to an exemplificative case study involving the vulnerability assessment of nuclear power plants.