Integration of Critical Infrastructure and Societal Consequence Models: Impact on Swedish Power System Mitigation Decisions

Critical infrastructures provide society with services essential to its functioning, and extensive disruptions give rise to large societal consequences. Risk and vulnerability analyses of critical infrastructures generally focus narrowly on the infrastructure of interest and describe the consequences as nonsupplied commodities or the cost of unsupplied commodities; they rarely holistically consider the larger impact with respect to higher‐order consequences for the society. From a societal perspective, this narrow focus may lead to severe underestimation of the negative effects of infrastructure disruptions. To explore this theory, an integrated modeling approach, combining models of critical infrastructures and economic input–output models, is proposed and applied in a case study. In the case study, a representative model of the Swedish power transmission system and a regionalized economic input–output model are utilized. This enables exploration of how a narrow infrastructure or a more holistic societal consequence perspective affects vulnerability‐related mitigation decisions regarding critical infrastructures. Two decision contexts related to prioritization of different vulnerability‐reducing measures are considered—identifying critical components and adding system components to increase robustness. It is concluded that higher‐order societal consequences due to power supply disruptions can be up to twice as large as first‐order consequences, which in turn has a significant effect on the identification of which critical components are to be protected or strengthened and a smaller effect on the ranking of improvement measures in terms of adding system components to increase system redundancy.     

Critical Infrastructure Vulnerability to Spatially Localized Failures with Applications to Chinese Railway System

This article studies a general type of initiating events in critical infrastructures, called spatially localized failures (SLFs), which are defined as the failure of a set of infrastructure components distributed in a spatially localized area due to damage sustained, while other components outside the area do not directly fail. These failures can be regarded as a special type of intentional attack, such as bomb or explosive assault, or a generalized modeling of the impact of localized natural hazards on large‐scale systems. This article introduces three SLFs models: node centered SLFs, district‐based SLFs, and circle‐shaped SLFs, and proposes a SLFs‐induced vulnerability analysis method from three aspects: identification of critical locations, comparisons of infrastructure vulnerability to random failures, topologically localized failures and SLFs, and quantification of infrastructure information value. The proposed SLFs‐induced vulnerability analysis method is finally applied to the Chinese railway system and can be also easily adapted to analyze other critical infrastructures for valuable protection suggestions.     

An Optimization‐Based Framework for the Identification of Vulnerabilities in Electric Power Grids Exposed to Natural Hazards

This article proposes a novel mathematical optimization framework for the identification of the vulnerabilities of electric power infrastructure systems (which is a paramount example of critical infrastructure) due to natural hazards. In this framework, the potential impacts of a specific natural hazard on an infrastructure are first evaluated in terms of failure and recovery probabilities of system components. Then, these are fed into a bi‐level attacker–defender interdiction model to determine the critical components whose failures lead to the largest system functionality loss. The proposed framework bridges the gap between the difficulties of accurately predicting the hazard information in classical probability‐based analyses and the over conservatism of the pure attacker–defender interdiction models. Mathematically, the proposed model configures a bi‐level max‐min mixed integer linear programming (MILP) that is challenging to solve. For its solution, the problem is casted into an equivalent one‐level MILP that can be solved by efficient global solvers. The approach is applied to a case study concerning the vulnerability identification of the georeferenced RTS24 test system under simulated wind storms. The numerical results demonstrate the effectiveness of the proposed framework for identifying critical locations under multiple hazard events and, thus, for providing a useful tool to help decisionmakers in making more‐informed prehazard preparation decisions.     

Stochastic Counterfactual Risk Analysis for the Vulnerability Assessment of Cyber‐Physical Attacks on Electricity Distribution Infrastructure Networks

In December 2015, a cyber‐physical attack took place on the Ukrainian electricity distribution network. This is regarded as one of the first cyber‐physical attacks on electricity infrastructure to have led to a substantial power outage and is illustrative of the increasing vulnerability of Critical National Infrastructure to this type of malicious activity. Few data points, coupled with the rapid emergence of cyber phenomena, has held back the development of resilience analytics of cyber‐physical attacks, relative to many other threats. We propose to overcome data limitations by applying stochastic counterfactual risk analysis as part of a new vulnerability assessment framework. The method is developed in the context of the direct and indirect socioeconomic impacts of a Ukrainian‐style cyber‐physical attack taking place on the electricity distribution network serving London and its surrounding regions. A key finding is that if decision‐makers wish to mitigate major population disruptions, then they must invest resources more‐or‐less equally across all substations, to prevent the scaling of a cyber‐physical attack. However, there are some substations associated with higher economic value due to their support of other Critical National Infrastructures assets, which justifies the allocation of additional cyber security investment to reduce the chance of cascading failure. Further cyber‐physical vulnerability research must address the tradeoffs inherent in a system made up of multiple institutions with different strategic risk mitigation objectives and metrics of value, such as governments, infrastructure operators, and commercial consumers of infrastructure services.     

A Risk Assessment Framework for the Socioeconomic Impacts of Electricity Transmission Infrastructure Failure Due to Space Weather: An Application to the United Kingdom

Space weather phenomena have been studied in detail in the peer‐reviewed scientific literature. However, there has arguably been scant analysis of the potential socioeconomic impacts of space weather, despite a growing gray literature from different national studies, of varying degrees of methodological rigor. In this analysis, we therefore provide a general framework for assessing the potential socioeconomic impacts of critical infrastructure failure resulting from geomagnetic disturbances, applying it to the British high‐voltage electricity transmission network. Socioeconomic analysis of this threat has hitherto failed to address the general geophysical risk, asset vulnerability, and the network structure of critical infrastructure systems. We overcome this by using a three‐part method that includes (i) estimating the probability of intense magnetospheric substorms, (ii) exploring the vulnerability of electricity transmission assets to geomagnetically induced currents, and (iii) testing the socioeconomic impacts under different levels of space weather forecasting. This has required a multidisciplinary approach, providing a step toward the standardization of space weather risk assessment. We find that for a Carrington‐sized 1‐in‐100‐year event with no space weather forecasting capability, the gross domestic product loss to the United Kingdom could be as high as £15.9 billion, with this figure dropping to £2.9 billion based on current forecasting capability. However, with existing satellites nearing the end of their life, current forecasting capability will decrease in coming years. Therefore, if no further investment takes place, critical infrastructure will become more vulnerable to space weather. Additional investment could provide enhanced forecasting, reducing the economic loss for a Carrington‐sized 1‐in‐100‐year event to £0.9 billion.     

Toward Disaster‐Resilient Cities: Characterizing Resilience of Infrastructure Systems with Expert Judgments

Resilient infrastructure systems are essential for cities to withstand and rapidly recover from natural and human‐induced disasters, yet electric power, transportation, and other infrastructures are highly vulnerable and interdependent. New approaches for characterizing the resilience of sets of infrastructure systems are urgently needed, at community and regional scales. This article develops a practical approach for analysts to characterize a community's infrastructure vulnerability and resilience in disasters. It addresses key challenges of incomplete incentives, partial information, and few opportunities for learning. The approach is demonstrated for Metro Vancouver, Canada, in the context of earthquake and flood risk. The methodological approach is practical and focuses on potential disruptions to infrastructure services. In spirit, it resembles probability elicitation with multiple experts; however, it elicits disruption and recovery over time, rather than uncertainties regarding system function at a given point in time. It develops information on regional infrastructure risk and engages infrastructure organizations in the process. Information sharing, iteration, and learning among the participants provide the basis for more informed estimates of infrastructure system robustness and recovery that incorporate the potential for interdependent failures after an extreme event. Results demonstrate the vital importance of cross‐sectoral communication to develop shared understanding of regional infrastructure disruption in disasters. For Vancouver, specific results indicate that in a hypothetical M7.3 earthquake, virtually all infrastructures would suffer severe disruption of service in the immediate aftermath, with many experiencing moderate disruption two weeks afterward. Electric power, land transportation, and telecommunications are identified as core infrastructure sectors.     

A Methodology for Modeling Regional Terrorism Risk

Over the past decade, terrorism risk has become a prominent consideration in protecting the well‐being of individuals and organizations. More recently, there has been interest in not only quantifying terrorism risk, but also placing it in the context of an all‐hazards environment in which consideration is given to accidents and natural hazards, as well as intentional acts. This article discusses the development of a regional terrorism risk assessment model designed for this purpose. The approach taken is to model terrorism risk as a dependent variable, expressed in expected annual monetary terms, as a function of attributes of population concentration and critical infrastructure. This allows for an assessment of regional terrorism risk in and of itself, as well as in relation to man‐made accident and natural hazard risks, so that mitigation resources can be allocated in an effective manner. The adopted methodology incorporates elements of two terrorism risk modeling approaches (event‐based models and risk indicators), producing results that can be utilized at various jurisdictional levels. The validity, strengths, and limitations of the model are discussed in the context of a case study application within the United States.     

A Framework to Understand Extreme Space Weather Event Probability

An extreme space weather event has the potential to disrupt or damage infrastructure systems and technologies that many societies rely on for economic and social well‐being. Space weather events occur regularly, but extreme events are less frequent, with a small number of historical examples over the last 160 years. During the past decade, published works have (1) examined the physical characteristics of the extreme historical events and (2) discussed the probability or return rate of select extreme geomagnetic disturbances, including the 1859 Carrington event. Here we present initial findings on a unified framework approach to visualize space weather event probability, using a Bayesian model average, in the context of historical extreme events. We present disturbance storm time (Dst ) probability (a proxy for geomagnetic disturbance intensity) across multiple return periods and discuss parameters of interest to policymakers and planners in the context of past extreme space weather events. We discuss the current state of these analyses, their utility to policymakers and planners, the current limitations when compared to other hazards, and several gaps that need to be filled to enhance space weather risk assessments.     

An Integrated Approach for Assessing the Impact of Large-Scale Future Floods on a Highway Transport System

The negative impact of climate change continues to escalate flood risk. Floods directly and indirectly damage highway systems and disturb the socioeconomic order. In this study, we propose an integrated approach to quantitatively assess how floods impact the functioning of a highway system. The approach has three parts: (1) a multi-agent simulation model to represent traffic, heterogeneous user demand, and route choice in a highway network; (2) a flood simulator using future runoff scenarios generated from five global climate models, three representative concentration pathways (RCPs), and the CaMa-Flood model; and (3) an impact analyzer, which superimposes the simulated floods on the highway traffic simulation system, and quantifies the flood impact on a highway system based on car following model. This approach is illustrated with a case study of the Chinese highway network. The results show that (i) for different global climate models, the associated flood damage to a highway system is not linearly correlated with the forcing levels of RCPs, or with future years; (ii) floods in different years have variable impacts on regional connectivity; and (iii) extreme flood impacts can cause huge damages in highway networks; that is, in 2030, the estimated 84.5% of routes between provinces cannot be completed when the highway system is disturbed by a future major flood. These results have critical implications for transport sector policies and can be used to guide highway design and infrastructure protection. The approach can be extended to analyze other networks with spatial vulnerability, and it is an effective quantitative tool for reducing systemic disaster risk.     

Catastrophe Risk Models for Evaluating Disaster Risk Reduction Investments in Developing Countries

Major natural disasters in recent years have had high human and economic costs, and triggered record high postdisaster relief from governments and international donors. Given the current economic situation worldwide, selecting the most effective disaster risk reduction (DRR) measures is critical. This is especially the case for low‐ and middle‐income countries, which have suffered disproportionally more economic and human losses from disasters. This article discusses a methodology that makes use of advanced probabilistic catastrophe models to estimate benefits of DRR measures. We apply such newly developed models to generate estimates for hurricane risk on residential structures on the island of St. Lucia, and earthquake risk on residential structures in Istanbul, Turkey, as two illustrative case studies. The costs and economic benefits for selected risk reduction measures are estimated taking account of hazard, exposure, and vulnerability. We conclude by emphasizing the advantages and challenges of catastrophe model‐based cost‐benefit analyses for DRR in developing countries.     

Adversarial risk analysis for counterterrorism modeling

Recent large-scale terrorist attacks have raised interest in models for resource allocation against terrorist threats. The unifying theme in this area is the need to develop methods for the analysis of allocation decisions when risks stem from the intentional actions of intelligent adversaries. Most approaches to these problems have a game-theoretic flavor although there are also several interesting decision-analytic-based proposals. One of them is the recently introduced framework for adversarial risk analysis, which deals with decision-making problems that involve intelligent opponents and uncertain outcomes. We explore how adversarial risk analysis addresses some standard counterterrorism models: simultaneous defend-attack models, sequential defend-attack-defend models, and sequential defend-attack models with private information. For each model, we first assess critically what would be a typical game-theoretic approach and then provide the corresponding solution proposed by the adversarial risk analysis framework, emphasizing how to coherently assess a predictive probability model of the adversary's actions, in a context in which we aim at supporting decisions of a defender versus an attacker. This illustrates the application of adversarial risk analysis to basic counterterrorism models that may be used as basic building blocks for more complex risk analysis of counterterrorism problems.     

Using Probabilistic Terrorism Risk Modeling for Regulatory Benefit-Cost Analysis: Application to the Western Hemisphere Travel Initiative in the Land Environment

This article presents a framework for using probabilistic terrorism risk modeling in regulatory analysis. We demonstrate the framework with an example application involving a regulation under consideration, the Western Hemisphere Travel Initiative for the Land Environment, (WHTI‐L). First, we estimate annualized loss from terrorist attacks with the Risk Management Solutions (RMS) Probabilistic Terrorism Model. We then estimate the critical risk reduction, which is the risk‐reducing effectiveness of WHTI‐L needed for its benefit, in terms of reduced terrorism loss in the United States, to exceed its cost. Our analysis indicates that the critical risk reduction depends strongly not only on uncertainties in the terrorism risk level, but also on uncertainty in the cost of regulation and how casualties are monetized. For a terrorism risk level based on the RMS standard risk estimate, the baseline regulatory cost estimate for WHTI‐L, and a range of casualty cost estimates based on the willingness‐to‐pay approach, our estimate for the expected annualized loss from terrorism ranges from $2.7 billion to $5.2 billion. For this range in annualized loss, the critical risk reduction for WHTI‐L ranges from 7% to 13%. Basing results on a lower risk level that results in halving the annualized terrorism loss would double the critical risk reduction (14–26%), and basing the results on a higher risk level that results in a doubling of the annualized terrorism loss would cut the critical risk reduction in half (3.5–6.6%). Ideally, decisions about terrorism security regulations and policies would be informed by true benefit‐cost analyses in which the estimated benefits are compared to costs. Such analyses for terrorism security efforts face substantial impediments stemming from the great uncertainty in the terrorist threat and the very low recurrence interval for large attacks. Several approaches can be used to estimate how a terrorism security program or regulation reduces the distribution of risks it is intended to manage. But, continued research to develop additional tools and data is necessary to support application of these approaches. These include refinement of models and simulations, engagement of subject matter experts, implementation of program evaluation, and estimating the costs of casualties from terrorism events.     

Rethinking Resilience Analytics

The concept of “resilience analytics” has recently been proposed as a means to leverage the promise of big data to improve the resilience of interdependent critical infrastructure systems and the communities supported by them. Given recent advances in machine learning and other data‐driven analytic techniques, as well as the prevalence of high‐profile natural and man‐made disasters, the temptation to pursue resilience analytics without question is almost overwhelming. Indeed, we find big data analytics capable to support resilience to rare, situational surprises captured in analytic models. Nonetheless, this article examines the efficacy of resilience analytics by answering a single motivating question: Can big data analytics help cyber–physical–social (CPS) systems adapt to surprise? This article explains the limitations of resilience analytics when critical infrastructure systems are challenged by fundamental surprises never conceived during model development. In these cases, adoption of resilience analytics may prove either useless for decision support or harmful by increasing dangers during unprecedented events. We demonstrate that these dangers are not limited to a single CPS context by highlighting the limits of analytic models during hurricanes, dam failures, blackouts, and stock market crashes. We conclude that resilience analytics alone are not able to adapt to the very events that motivate their use and may, ironically, make CPS systems more vulnerable. We present avenues for future research to address this deficiency, with emphasis on improvisation to adapt CPS systems to fundamental surprise.     

Bayesian Stacked Parametric Survival with Frailty Components and Interval‐Censored Failure Times: An Application to Food Allergy Risk

To better understand the risk of exposure to food allergens, food challenge studies are designed to slowly increase the dose of an allergen delivered to allergic individuals until an objective reaction occurs. These dose‐to‐failure studies are used to determine acceptable intake levels and are analyzed using parametric failure time models. Though these models can provide estimates of the survival curve and risk, their parametric form may misrepresent the survival function for doses of interest. Different models that describe the data similarly may produce different dose‐to‐failure estimates. Motivated by predictive inference, we developed a Bayesian approach to combine survival estimates based on posterior predictive stacking, where the weights are formed to maximize posterior predictive accuracy. The approach defines a model space that is much larger than traditional parametric failure time modeling approaches. In our case, we use the approach to include random effects accounting for frailty components. The methodology is investigated in simulation, and is used to estimate allergic population eliciting doses for multiple food allergens.     

A Risk Analysis Framework for Cyber Security and Critical Infrastructure Protection of the U.S. Electric Power Grid

The purpose of this article is to introduce a risk analysis framework to enhance the cyber security of and to protect the critical infrastructure of the electric power grid of the United States. Building on the fundamental questions of risk assessment and management, this framework aims to advance the current risk analysis discussions pertaining to the electric power grid. Most of the previous risk-related studies on the electric power grid focus mainly on the recovery of the network from hurricanes and other natural disasters. In contrast, a disproportionately small number of studies explicitly investigate the vulnerability of the electric power grid to cyber-attack scenarios, and how they could be prevented or mitigated. Such a limited approach leaves the United States vulnerable to foreign and domestic threats (both state-sponsored and “lone wolf”) to infiltrate a network that lacks a comprehensive security environment or coordinated government response. By conducting a review of the literature and presenting a risk-based framework, this article underscores the need for a coordinated U.S. cyber security effort toward formulating strategies and responses conducive to protecting the nation against attacks on the electric power grid.     

Comparative Study of Predictive Computational Models for Nanoparticle‐Induced Cytotoxicity

With the increasing use of nanomaterials incorporated into consumer products, there is a need for developing approaches to establish “quantitative structure‐activity relationships” (QSARs). These relationships could be used to predict various biological responses after exposure to nanomaterials for the purposes of risk analysis. This risk analysis is applicable to manufacturers of nanomaterials in an effort to determine potential hazards. Because metal oxide materials are some of the most widely applicable and studied nanoparticle types for incorporation into cosmetics, food packaging, and paints and coatings, we focused on comparing different approaches for establishing QSARs for this class of materials. Metal oxide nanoparticles are believed, by some, to cause alterations in cellular function due to their size and/or surface area. Others have said that these nanomaterials, because of the oxidized state of the metal, do not induce stress in biological tests systems. This controversy highlights the need to systematically develop structure‐activity relationships (i.e., the relationship between physicochemical features to the cellular responses) and tools for predicting potential biological effects after a metal oxide nanomaterial exposure. Here, we attempt to identify a set of properties of two specific metal oxide nanomaterials—TiO₂ and ZnO—that could be used to characterize and predict the induced cellular membrane damage of immortalized human lung epithelial cells. We adopt a mathematical modeling approach that uses the engineered nanomaterial size characterized as a dry nanopowder and the nanomaterial behavior in ultrapure water, phosphate buffer, and cell culture media to predict nanomaterial‐induced cellular membrane damage (via lactate dehydrogenase release). Results of these studies provide insights on how engineered nanomaterial features influence cellular responses and thereby outline possible approaches for developing and applying predictive computational models for biological responses caused by exposure to nanomaterials.     

Addressing Climate Change as an Emerging Risk to Infrastructure Systems

The consequences that climate change could have on infrastructure systems are potentially severe but highly uncertain. This should make risk analysis a natural framework for climate adaptation in infrastructure systems. However, many aspects of climate change, such as weak background knowledge and societal controversy, make it an emerging risk where traditional approaches for risk assessment and management cannot be confidently employed. A number of research developments aimed at addressing these issues have emerged in recent years, such as the development of probabilistic climate projections, climate services, and robust decision frameworks. However, additional research is needed to improve the suitability of these methods for infrastructure planning. In this perspective, we outline some of the challenges in addressing climate change risks to infrastructure and summarize new developments aimed at meeting these challenges. We end by highlighting needs for future research, many of which could be well‐served by expertise within the risk analysis community.     

Extending the Quantitative Assessment of Industrial Risks to Earthquake Effects

In the general framework of quantitative methods for natural‐technological (NaTech) risk analysis, a specific methodology was developed for assessing risks caused by hazardous substances released due to earthquakes. The contribution of accidental scenarios initiated by seismic events to the overall industrial risk was assessed in three case studies derived from the actual plant layout of existing oil refineries. Several specific vulnerability models for different equipment classes were compared and assessed. The effect of differing structural resistances for process equipment on the final risk results was also investigated. The main factors influencing the final risk values resulted from the models for equipment vulnerability and the assumptions for the reference damage states of the process equipment. The analysis of case studies showed that in seismic zones the additional risk deriving from damage caused by earthquakes may be up to more than one order of magnitude higher than that associated to internal failure causes. Critical equipment was determined to be mainly pressurized tanks, even though atmospheric tanks were more vulnerable to containment loss. Failure of minor process equipment having a limited hold‐up of hazardous substances (such as pumps) was shown to have limited influence on the final values of the risk increase caused by earthquakes.     

Rethinking Risk Assessment for Public Utility Safety Regulation

To aid in their safety oversight of large‐scale, potentially dangerous energy and water infrastructure and transportation systems, public utility regulatory agencies increasingly seek to use formal risk assessment models. Yet some of the approaches to risk assessment used by utilities and their regulators may be less useful for this purpose than is supposed. These approaches often do not reflect the current state of the art in risk assessment strategy and methodology. This essay explores why utilities and regulatory agencies might embrace risk assessment techniques that do not sufficiently assess organizational and managerial factors as drivers of risk, nor that adequately represent important uncertainties surrounding risk calculations. Further, it describes why, in the special legal, political, and administrative world of the typical public utility regulator, strategies to identify and mitigate formally specified risks might actually diverge from the regulatory promotion of “safety.” Some improvements are suggested that can be made in risk assessment approaches to support more fully the safety oversight objectives of public regulatory agencies, with examples from “high‐reliability organizations” (HROs) that have successfully merged the management of safety with the management of risk. Finally, given the limitations of their current risk assessments and the lessons from HROs, four specific assurances are suggested that regulatory agencies should seek for themselves and the public as objectives in their safety oversight of public utilities.     

Decision‐Making Analytics Using Plural Resilience Parameters for Adaptive Management of Complex Systems

It is critical for complex systems to effectively recover, adapt, and reorganize after system disruptions. Common approaches for evaluating system resilience typically study single measures of performance at one time, such as with a single resilience curve. However, multiple measures of performance are needed for complex systems that involve many components, functions, and noncommensurate valuations of performance. Hence, this article presents a framework for: (1) modeling resilience for complex systems with competing measures of performance, and (2) modeling decision making for investing in these systems using multiple stakeholder perspectives and multicriteria decision analysis. This resilience framework, which is described and demonstrated in this article via a real‐world case study, will be of interest to managers of complex systems, such as supply chains and large‐scale infrastructure networks.