Risk Management for Leontief-Based Interdependent Systems

When stricken by a terrorist attack, a war, or a natural disaster, an economic unit or a critical infrastructure may suffer significant loss of productivity. More importantly, due to interdependency or interconnectedness, this initial loss may propagate into other systems and eventually lead to much greater derivative loss. This belongs to what is known as a cascading effect. It is demonstrated in this article that the cascading effect and the derivative loss can be significantly reduced by effective risk management. This is accomplished by deliberately distributing the initial inoperability to other systems so that the total loss (or inoperability) is minimized. The optimal distribution strategy is found by a linear programming technique. The same risk management can also be applied to situations where objectives need to be prioritized. A case study featuring 12 economic sectors illustrates the theory. The result suggests that using the same amount of resources, minimizing risk (inoperability) of infrastructures will generally give rise to highest payoff, whereas overlooking it may result in greatest total loss. The framework developed in this work uses a steady-state approach that applies primarily to managing situations where the attack is catastrophic resulting in very long recovery time.     

Risk Modeling of Interdependent Complex Systems of Systems: Theory and Practice

The emergence of the complexity characterizing our systems of systems (SoS) requires a reevaluation of the way we model, assess, manage, communicate, and analyze the risk thereto. Current models for risk analysis of emergent complex SoS are insufficient because too often they rely on the same risk functions and models used for single systems. These models commonly fail to incorporate the complexity derived from the networks of interdependencies and interconnectedness (I–I) characterizing SoS. There is a need to reevaluate currently practiced risk analysis to respond to this reality by examining, and thus comprehending, what makes emergent SoS complex. The key to evaluating the risk to SoS lies in understanding the genesis of characterizing I–I of systems manifested through shared states and other essential entities within and among the systems that constitute SoS. The term “essential entities” includes shared decisions, resources, functions, policies, decisionmakers, stakeholders, organizational setups, and others. This undertaking can be accomplished by building on state‐space theory, which is fundamental to systems engineering and process control. This article presents a theoretical and analytical framework for modeling the risk to SoS with two case studies performed with the MITRE Corporation and demonstrates the pivotal contributions made by shared states and other essential entities to modeling and analysis of the risk to complex SoS. A third case study highlights the multifarious representations of SoS, which require harmonizing the risk analysis process currently applied to single systems when applied to complex SoS.     

Risk‐Based Input‐Output Analysis of Influenza Epidemic Consequences on Interdependent Workforce Sectors

Outbreaks of contagious diseases underscore the ever‐looming threat of new epidemics. Compared to other disasters that inflict physical damage to infrastructure systems, epidemics can have more devastating and prolonged impacts on the population. This article investigates the interdependent economic and productivity risks resulting from epidemic‐induced workforce absenteeism. In particular, we develop a dynamic input‐output model capable of generating sector‐disaggregated economic losses based on different magnitudes of workforce disruptions. An ex post analysis of the 2009 H1N1 pandemic in the national capital region (NCR) reveals the distribution of consequences across different economic sectors. Consequences are categorized into two metrics: (i) economic loss, which measures the magnitude of monetary losses incurred in each sector, and (ii) inoperability, which measures the normalized monetary losses incurred in each sector relative to the total economic output of that sector. For a simulated mild pandemic scenario in NCR, two distinct rankings are generated using the economic loss and inoperability metrics. Results indicate that the majority of the critical sectors ranked according to the economic loss metric comprise of sectors that contribute the most to the NCR's gross domestic product (e.g., federal government enterprises). In contrast, the majority of the critical sectors generated by the inoperability metric include sectors that are involved with epidemic management (e.g., hospitals). Hence, prioritizing sectors for recovery necessitates consideration of the balance between economic loss, inoperability, and other objectives. Although applied specifically to the NCR, the proposed methodology can be customized for other regions.     

Disaster Risk Management Policies and the Measurement of Resilience for Philippine Regions

How can a government prioritize disaster risk management policies across regions and types of interventions? Using an economic model to assess welfare risk and resilience to disasters, this article systematically tackles the questions: (1) How much asset and welfare risks does each region in the Philippines face from riverine flood disasters? (2) How resilient is each region to riverine flood disasters? (3) What are, per region, the possible interventions to strengthen resilience to riverine flood disasters and what will be their measured benefit? We study the regions of the Philippines to demonstrate the channels through which macroeconomic asset and output losses from disasters translate to consumption and welfare losses at the micro-economic level. Apart from the regional prioritizations, we identify a menu of policy options ranked according to their level of effectiveness in increasing resilience and reducing welfare risk from riverine floods. The ranking of priorities varies for different regions when their level of expected value at risk is different. This suggests that there are region-specific conditions and drivers that need to be integrated into considerations and policy decisions, so that these are effectively addressed.     

Strategic Preparedness for Recovery from Catastrophic Risks to Communities and Infrastructure Systems of Systems

Natural and human‐induced disasters affect organizations in myriad ways because of the inherent interconnectedness and interdependencies among human, cyber, and physical infrastructures, but more importantly, because organizations depend on the effectiveness of people and on the leadership they provide to the organizations they serve and represent. These human–organizational–cyber–physical infrastructure entities are termed systems of systems. Given the multiple perspectives that characterize them, they cannot be modeled effectively with a single model. The focus of this article is: (i) the centrality of the states of a system in modeling; (ii) the efficacious role of shared states in modeling systems of systems, in identification, and in the meta‐modeling of systems of systems; and (iii) the contributions of the above to strategic preparedness, response to, and recovery from catastrophic risk to such systems. Strategic preparedness connotes a decision‐making process and its associated actions. These must be: implemented in advance of a natural or human‐induced disaster, aimed at reducing consequences (e.g., recovery time, community suffering, and cost), and/or controlling their likelihood to a level considered acceptable (through the decisionmakers’ implicit and explicit acceptance of various risks and tradeoffs). The inoperability input‐output model (IIM), which is grounded on Leontief's input/output model, has enabled the modeling of interdependent subsystems. Two separate modeling structures are introduced. These are: phantom system models (PSM), where shared states constitute the essence of modeling coupled systems; and the IIM, where interdependencies among sectors of the economy are manifested by the Leontief matrix of technological coefficients. This article demonstrates the potential contributions of these two models to each other, and thus to more informative modeling of systems of systems schema. The contributions of shared states to this modeling and to systems identification are presented with case studies.     

Topological Performance Measures as Surrogates for Physical Flow Models for Risk and Vulnerability Analysis for Electric Power Systems

Critical infrastructure systems must be both robust and resilient in order to ensure the functioning of society. To improve the performance of such systems, we often use risk and vulnerability analysis to find and address system weaknesses. A critical component of such analyses is the ability to accurately determine the negative consequences of various types of failures in the system. Numerous mathematical and simulation models exist that can be used to this end. However, there are relatively few studies comparing the implications of using different modeling approaches in the context of comprehensive risk analysis of critical infrastructures. In this article, we suggest a classification of these models, which span from simple topologically‐oriented models to advanced physical‐flow‐based models. Here, we focus on electric power systems and present a study aimed at understanding the tradeoffs between simplicity and fidelity in models used in the context of risk analysis. Specifically, the purpose of this article is to compare performance estimates achieved with a spectrum of approaches typically used for risk and vulnerability analysis of electric power systems and evaluate if more simplified topological measures can be combined using statistical methods to be used as a surrogate for physical flow models. The results of our work provide guidance as to appropriate models or combinations of models to use when analyzing large‐scale critical infrastructure systems, where simulation times quickly become insurmountable when using more advanced models, severely limiting the extent of analyses that can be performed.     

Context in the Risk Assessment of Digital Systems

As the use of digital computers for instrumentation and control of safety-critical systems has increased, there has been a growing debate over the issue of whether probabilistic risk assessment techniques can be applied to these systems. This debate has centered on the issue of whether software failures can be modeled probabilistically. This paper describes a context-based approach to software risk assessment that explicitly recognizes the fact that the behavior of software is not probabilistic. The source of the perceived uncertainty in its behavior results from both the input to the software as well as the application and environment in which the software is operating. Failures occur as the result of encountering some context for which the software was not properly designed, as opposed to the software simply failing randomly. The paper elaborates on the concept of error-forcing context as it applies to software. It also illustrates a methodology which utilizes event trees, fault trees, and the Dynamic Flowgraph Methodology (DFM) to identify error-forcing contexts for software in the form of fault tree prime implicants.     

Risk Perception and Disaster Preparedness in Immigrants and Canadian‐Born Adults: Analysis of a National Survey on Similarities and Differences

Research has documented that immigrants tend to experience more negative consequences from natural disasters compared to native‐born individuals, although research on how immigrants perceive and respond to natural disaster risks is sparse. We investigated how risk perception and disaster preparedness for natural disasters in immigrants compared to Canadian‐born individuals as justifications for culturally‐adapted risk communication and management. To this end, we analyzed the ratings on natural disaster risk perception beliefs and preparedness behaviors from a nationally representative survey (N = 1,089). Factor analyses revealed three underlying psychological dimensions of risk perception: external responsibility for disaster management, self‐preparedness responsibility, and illusiveness of preparedness. Although immigrants and Canadian‐born individuals shared the three‐factor structure, there were differences in the salience of five risk perception beliefs. Despite these differences, immigrants and Canadian‐born individuals were similar in the level of risk perception dimensions and disaster preparedness. Regression analyses revealed self‐preparedness responsibility and external responsibility for disaster management positively predicted disaster preparedness whereas illusiveness of preparedness negatively predicted disaster preparedness in both groups. Our results showed that immigrants’ risk perception and disaster preparedness were comparable to their Canadian‐born counterparts. That is, immigrant status did not necessarily yield differences in risk perception and disaster preparedness. These social groups may benefit from a risk communication and management strategy that addresses these risk perception dimensions to increase disaster preparedness. Given the diversity of the immigrant population, the model remains to be tested by further population segmentation.     

信息系统规划发起方式的影响因素研究

信息系统规划的发起方式反映规划过程中权力的分解和转移过程,发起方式对信息系统规划的效果有显著影响.识别可能影响信息系统规划发起方式的主要因素,分析这些因素与发起方式之间的关系,提出研究假设,收集125份中国企业的数据,应用线性回归方法进行实证检验.实证研究结果表明,IT主管的角色、高层管理者对IT重要性的认识和环境的竞争性对信息系统规划发起方式有显著的影响,信息系统的角色和价值链的信息密集度对信息系统规划发起方式的影响不显著.     

An Assessment of Change in Risk Perception and Optimistic Bias for Hurricanes Among Gulf Coast Residents

This study focuses on levels of concern for hurricanes among individuals living along the Gulf Coast during the quiescent two‐year period following the exceptionally destructive 2005 hurricane season. A small study of risk perception and optimistic bias was conducted immediately following Hurricanes Katrina and Rita. Two years later, a follow‐up was done in which respondents were recontacted. This provided an opportunity to examine changes, and potential causal ordering, in risk perception and optimistic bias. The analysis uses 201 panel respondents who were matched across the two mail surveys. Measures included hurricane risk perception, optimistic bias for hurricane evacuation, past hurricane experience, and a small set of demographic variables (age, sex, income, and education). Paired t‐tests were used to compare scores across time. Hurricane risk perception declined and optimistic bias increased. Cross‐lagged correlations were used to test the potential causal ordering between risk perception and optimistic bias, with a weak effect suggesting the former affects the latter. Additional cross‐lagged analysis using structural equation modeling was used to look more closely at the components of optimistic bias (risk to self vs. risk to others). A significant and stronger potentially causal effect from risk perception to optimistic bias was found. Analysis of the experience and demographic variables’ effects on risk perception and optimistic bias, and their change, provided mixed results. The lessening of risk perception and increase in optimistic bias over the period of quiescence suggest that risk communicators and emergency managers should direct attention toward reversing these trends to increase disaster preparedness.     

系统策划中影响决策者意图的因素分析

准确理解决策者意图是系统策划中的最根本部分.利用服务管理中有关顾客对服务期望的理论,对决策者意图进行分析,将决策者意图划分为理想意图和基本意图两种水平,分别分析了影响两种意图的因素来源及其作用方式,建立了影响决策者意图的因素关系模型.根据分析结果,提出正确把握决策者意图要从直接沟通、间接了解和主动引导三方面入手,并给出了若干具体实现措施和建议,为后续策划活动的顺利展开打下基础.     

Stochastic Counterfactual Risk Analysis for the Vulnerability Assessment of Cyber‐Physical Attacks on Electricity Distribution Infrastructure Networks

In December 2015, a cyber‐physical attack took place on the Ukrainian electricity distribution network. This is regarded as one of the first cyber‐physical attacks on electricity infrastructure to have led to a substantial power outage and is illustrative of the increasing vulnerability of Critical National Infrastructure to this type of malicious activity. Few data points, coupled with the rapid emergence of cyber phenomena, has held back the development of resilience analytics of cyber‐physical attacks, relative to many other threats. We propose to overcome data limitations by applying stochastic counterfactual risk analysis as part of a new vulnerability assessment framework. The method is developed in the context of the direct and indirect socioeconomic impacts of a Ukrainian‐style cyber‐physical attack taking place on the electricity distribution network serving London and its surrounding regions. A key finding is that if decision‐makers wish to mitigate major population disruptions, then they must invest resources more‐or‐less equally across all substations, to prevent the scaling of a cyber‐physical attack. However, there are some substations associated with higher economic value due to their support of other Critical National Infrastructures assets, which justifies the allocation of additional cyber security investment to reduce the chance of cascading failure. Further cyber‐physical vulnerability research must address the tradeoffs inherent in a system made up of multiple institutions with different strategic risk mitigation objectives and metrics of value, such as governments, infrastructure operators, and commercial consumers of infrastructure services.     

混合分销渠道结构下短生命周期产品供应链库存策略分析

随着竞争的加剧,产品生命周期日渐缩短。信息和网络技术的不断进步,使得网络作为一种特殊的分销渠道出现。传统分销渠道和网上直销渠道并存的混合分销渠道结构给理论研究和管理实践提出了新的挑战,本文针对混合分销渠道结构下短生命周期产品供应链,运用报童问题的框架,分析了两种不同运作模式下生产商和零售商库存策略,并通过数值实验研究了需求不确定性对生产商和零售商最优库存策略的影响。最后,根据数值实验的计算结果,总结了本研究的管理启示。     

GIS‐Based Integration of Social Vulnerability and Level 3 Probabilistic Risk Assessment to Advance Emergency Preparedness,Planning, and Response for Severe Nuclear Power Plant Accidents

In the nuclear power industry, Level 3 probabilistic risk assessment (PRA) is used to estimate damage to public health and the environment if a severe accident leads to large radiological release. Current Level 3 PRA does not have an explicit inclusion of social factors and, therefore, it is not possible to perform importance ranking of social factors for risk‐informing emergency preparedness, planning, and response (EPPR). This article offers a methodology for adapting the concept of social vulnerability, commonly used in natural hazard research, in the context of a severe nuclear power plant accident. The methodology has four steps: (1) calculating a hazard‐independent social vulnerability index for the local population; (2) developing a location‐specific representation of the maximum radiological hazard estimated from current Level 3 PRA, in a geographic information system (GIS) environment; (3) developing a GIS‐based socio‐technical risk map by combining the social vulnerability index and the location‐specific radiological hazard; and (4) conducting a risk importance measure analysis to rank the criticality of social factors based on their contribution to the socio‐technical risk. The methodology is applied using results from the 2012 Surry Power Station state‐of‐the‐art reactor consequence analysis. A radiological hazard model is generated from MELCOR accident consequence code system, translated into a GIS environment, and combined with the Center for Disease Control social vulnerability index (SVI). This research creates an opportunity to explicitly consider and rank the criticality of location‐specific SVI themes based on their influence on risk, providing input for EPPR.     

Traceability and Risk Analysis Strategies for Addressing Counterfeit Electronics in Supply Chains for Complex Systems

Within the microelectronics industry, there is a growing concern regarding the introduction of counterfeit electronic parts into the supply chain. Even though this problem is widespread, there have been limited attempts to implement risk‐based approaches for testing and supply chain management. Supply chain risk management tends to focus on the highly visible disruptions of the supply chain instead of the covert entrance of counterfeits; thus counterfeit risk is difficult to mitigate. This article provides an overview of the complexities of the electronics supply chain, and highlights some gaps in risk assessment practices. In particular, this article calls for enhanced traceability capabilities to track and trace parts at risk through various stages of the supply chain. Placing the focus on risk‐informed decision making through the following strategies is needed, including prioritization of high‐risk parts, moving beyond certificates of conformance, incentivizing best supply chain management practices, adoption of industry standards, and design and management for supply chain resilience.     

Risk Analysis of Safety Service Patrol (SSP) Systems in Virginia

The transportation infrastructure is a vital backbone of any regional economy as it supports workforce mobility, tourism, and a host of socioeconomic activities. In this article, we specifically examine the incident management function of the transportation infrastructure. In many metropolitan regions, incident management is handled primarily by safety service patrols (SSPs), which monitor and resolve roadway incidents. In Virginia, SSP allocation across highway networks is based typically on average vehicle speeds and incident volumes. This article implements a probabilistic network model that partitions “business as usual” traffic flow with extreme‐event scenarios. Results of simulated network scenarios reveal that flexible SSP configurations can improve incident resolution times relative to predetermined SSP assignments.     

A Framework for Analysis of Production Authorization Card‐Controlled Production Systems

A framework for the analysis of manufacturing systems operating under a production authorization card (PAC) system is outlined. The PAC system provides a single model, which encompasses a broad variety of control strategies, including Kanban and CONWIP. This paper describes a framework for the performance analysis and comparison of both specific and families of control strategies. The framework starts with system performance measures estimated by simulation. These simulations in turn provide training data for neural network metamodels. The metamodels allow for a variety of analysis and optimization approaches, including the construction of optimal policy curves, which can provide considerable insight into the systems under study.     

Analysis of Affordance,Time, and Adaptation in the Assessment of Industrial Control System Cybersecurity Risk

Industrial control systems increasingly use standard communication protocols and are increasingly connected to public networks—creating substantial cybersecurity risks, especially when used in critical infrastructures such as electricity and water distribution systems. Methods of assessing risk in such systems have recognized for some time the way in which the strategies of potential adversaries and risk managers interact in defining the risk to which such systems are exposed. But it is also important to consider the adaptations of the systems’ operators and other legitimate users to risk controls, adaptations that often appear to undermine these controls, or shift the risk from one part of a system to another. Unlike the case with adversarial risk analysis, the adaptations of system users are typically orthogonal to the objective of minimizing or maximizing risk in the system. We argue that this need to analyze potential adaptations to risk controls is true for risk problems more generally, and we develop a framework for incorporating such adaptations into an assessment process. The method is based on the principle of affordances, and we show how this can be incorporated in an iterative procedure based on raising the minimum period of risk materialization above some threshold. We apply the method in a case study of a small European utility provider and discuss the observations arising from this.     

基于“柠檬”理论的在线信誉反馈系统有效性研究

信任问题是困扰在线拍卖市场发展的瓶颈之一.在线信誉反馈系统在消除信息不对称性,解决在线拍卖市场逆向选择问题中发挥着重要的作用.首先分析在线拍卖市场中逆向选择问题产生的原因,而后基于"柠檬"理论,从更换交易对手的重复博弈角度分析在线信誉反馈系统中信誉运行模型,对在线拍卖市场的信誉运行机理进行分析.研究指出在线信誉反馈系统能激励卖家诚信交易,一定程度上降低逆向选择问题,为我国在线拍卖网站和网络卖家更好地实施网络声誉战略提供一个思路.     

Methodology for the Calculation of Annualized Incremental Risks in Systems of Dams

In the past few years, the field of dam safety has approached risk informed methodologies throughout the world and several methodologies and programs are appearing to aid in the systematization of the calculations. The most common way of implementing these calculations is through the use of event trees, computing event probabilities, and incremental consequences. This methodology is flexible enough for several situations, but its generalization to the case of systems of several dams is complex and its implementation in a completely general calculation methodology presents some problems. Retaining the event tree framework, a new methodology is proposed to calculate incremental risks. The main advantage of this proposed methodology is the ease with which it can be applied to systems of several dams: with a single risk model that describes the complete system and with a single calculation the incremental risks of the system can be obtained, being able to allocate the risk of each dam and of each failure mode. The article shows how both methodologies are equivalent and also applies them to a case study.