Keywords

These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.

In this book, the subject of vulnerable systems has been addressed in depth. The focus has been on engineered physical critical infrastructures (CIs) such as the networks for energy supply, transportation, information and telecommunication. These are large-scale arrays of systems and assets that function systematically to produce and distribute services vital for modern economy and social welfare.

One main motif underlying the viewpoints presented in the book is that of the complexity of these systems and the related emergent behaviors which may arise in collective ways, difficult to predict from the superposition of the behavior of the individual elements of the system. This complex, emergent behavior has been demonstrated by system breakdowns often triggered by small perturbations followed by accelerating cascades and large-scale, border-crossing consequences, stressing the importance of (inter)dependencies (see Table  2.4 for details). As a conclusion, the analysis of these systems cannot be carried out with classical analytical methods of system decomposition and logic analysis; a framework of analysis is needed to integrate a number of methods capable of viewing the problem from different perspectives (topological and functional, static and dynamic, etc.).

Another relevant complexity attribute that has been stressed throughout relates to the increased integration of CIs, e.g., driven by the pervasive use of computer-based communication and control systems, which is beneficial in many respects but on the other hand it introduces additional vulnerabilities due to the increased (inter)dependence which can lead to surprising behaviors in response to perturbations. The electric power supply system, for instance, is undergoing a design re-conceptualization to allow for the integration of large shares of electricity produced by harvesting solar and wind energies at the most suitable sites (e.g., desert solar and offshore wind farms). The grids will become “smarter” by decentralized generation, smart metering, new devices for increased controllability, etc., which will “convert the existing power grid from a static infrastructure to be operated as designed into a flexible, adaptive infrastructure operated proactively” (IEC 2010). These types of developments can be expected to be shared among CIs, but the final states and related challenges may be different. For instance, the extended use of traffic control systems may increase the complexity of our road transport systems at a first glance, but may in the end turn them into less dynamic systems upon transferring important influencing factors such as speed, distance keeping, performance, etc., from individual drivers to computer-based systems.

Another important aspect that has underpinned a number of considerations in this book, relates to the fact that the types of CIs considered are subject to a broader spectrum of hazards and threats, including malicious attacks; this has led to the conclusion that an all-hazards approach is required for the understanding of the failure behavior of such systems, for their consequent protection.

The above considerations have led to the structuring of the analysis of vulnerable CI systems in the book into five levels:

  • The problem definition level, at which the concepts of CI and vulnerability have been unambiguously introduced, together with and in reference to other key terms.

  • The issues level, at which the peculiar characteristic features of such intra- and inter-connected systems have been described, the related challenges with respect to their analysis have been identified and the methods have been critically addressed.

  • The approaches level, at which approaches to meeting the challenges have been discussed.

  • The methods level, at which the methods currently under consideration for the analysis of vulnerable CIs have been illustrated to a level of detail sufficient for their implementation and use, and with a careful analysis of their respective strengths, limitations, and degrees of maturity for practical application.

  • The framework level, at which an integrated view of the procedure for vulnerability analysis has been offered, coherent with the relevant aspects and features of intra- and inter-dependent CI systems highlighted above.

As unidirectional and bidirectional relationships within and among CIs are expected to continue standing as a real-world issue and representing a major challenge for analysis methods, the evaluation of the vulnerability of CIs becomes central for their future efficient and safe development and operation. As a contribution to this, the present book introduces an operational definition of vulnerability in terms of weaknesses that render the CI susceptible to destruction or incapacitation when exposed to a set of hazards or threats (see Fig. 1.3).

Furthermore, in practice CIs are considered critical with regard to some criteria, possibly varying from country to country and from one perspective to another, e.g., corporate, societal, system or user’s view. In the book, an attempt has been made to distinguish the degrees of criticality, because this is considered to help guiding the vulnerability analysis.

Turning the attention to vulnerability analysis, the book embraces the classical characterization of CIs as systems made of a large number of elements interacting in different complex ways which make system behaviors emerge (sometimes in unexpected ways). The differentiation from complicated systems is clearly pointed out (see also Table 2.1), together with the resulting fact that decomposition may not help in identifying and analyzing the (emergent) system behaviors, so that the CI system itself must be looked at as a whole with all its intra- and inter-dependencies.

In the book, the procedure of vulnerability analysis offered comprises three tasks (on top of the analysis of the system structure, properties and (all) hazards): the quantification of vulnerability indicators, the identification of critical elements and the application of the analysis results for system improvements (see Fig. 3.1). Correspondingly, the challenges to the methods used within the vulnerability analysis procedure depend on the specific objectives of the analysis and on the system characteristics; a common challenge comes from the large number of parameters needed to characterize the model of the system and the paucity of reliable data in support. Other specific challenges come from the need to capture the emergent behaviors and intricate rules of interaction, various system features like multi-layering, state changes, adaptation to new developments, “system-of-systems” characteristics, the susceptibility to a broad spectrum of hazards and threats (see Fig. 3.3). All these features need to be tackled by the methods for vulnerability assessment. A number of these have been compiled, characterized, and critically evaluated against the assessment steps, the desired outputs and practical objectives (Table 4.1). Methods of statistical analysis, probabilistic modeling techniques (e.g., Bayesian networks), and tabular methods for hazard studies and risk analysis (HAZOP, FMEA, pure expert judgment) used in isolation have been concluded to show limited chances of success against the challenges posed; on the contrary, integration of elements of probabilistic risk assessment (e.g., adapted logic trees), complex network theory and agent-based modeling and simulation techniques, including high-level architecture (HLA), appear most promising.

In the end, it is concluded that a universal, all encompassing modeling approach capable of addressing by itself the assessment of vulnerable systems does not exist. Rather, a conceptual framework is proposed (Fig. 5.1) to systematically tackle the problem in a step-wise and integrated fashion which stands on a preparatory phase, a screening analysis and an in-depth analysis of major critical areas of the system. Integration is intended to refer also to the multitude of perspectives of the different “players” (users/operators) involved, their different logics, and even potential confidentiality issues.

The book points at methods of network theory, probabilistic risk analysis, cascading failure dynamics for the screening analysis, which although performed at a relatively high level of abstraction is capable of providing generic insights into the topology and phenomena involved which can serve as guidance for the successive in-depth vulnerability analysis phase. For this latter more detailed phase, the combination of agent-based modeling with Monte Carlo simulation techniques and, where appropriate, with physical models (e.g., for mass or power flows) has been pointed at in the book as the most promising approach.

For (inter)dependency analysis HLA standard might be attractive as the modeling of the interconnected systems in a super-model with adequate granularity might be impossible due to further exacerbated computer time/resources issues and overall model complexities.

In the book, the above mentioned methods of screening and in-depth analysis have been illustrated by a detailed description of their functioning and evaluated as to how/to what extent they succeed in the analysis of vulnerable systems and in meeting the related challenges, and to how mature they are for practical application. The considerations that have merged in the book (see Table 7.1) show in general terms differing levels of capabilities; some of the methods have been developed in other fields of technical risk assessment, e.g., PRA for nuclear power plants, or other sectors, e.g., network theory and agent-based modeling in social systems, and applied/adapted to the vulnerability assessment of engineered CIs. The results gained and the way to illustrate them also differ (e.g., metrics of robustness of network topology, curves depicting frequency, and size of potential blackouts) and are, therefore, differently qualified as input for decision making. Although some of the concepts and results have been proved against statistical data (e.g., statistical data on blackouts) and benchmarked against other methods, the analysis provided in the book shows that there is still general lack of validation, there are still contradictions between (limited) empirical investigations and theoretical analysis.

Table 7.1 Summary of the various methods for the vulnerability analysis of CIs
Full size table

It is worth mentioning that the specific advantages and limitations of a framework of analysis laying over two levels of system abstraction (high-level for screening and detailed for in-depth analysis) eventually lay the groundwork for their specific and separate application to particular areas as well as for their interplay within a comprehensive analysis of CI networks. Highly detailed modeling approaches with close adherence to reality may also serve for quantifying the reliability of a specific system under given operational conditions. In complementation, minimal, highly abstract models allow for a qualitative identification of basic underlying mechanisms and generic key factors, which are not restricted to specific systems. Such insights may again serve as valuable clues on where to put the focus with highly detailed modeling approaches. On the other way around, quantitative results from specific systems may also be checked with regard to their generality by using minimal models.

Finally, uncertainty analysis is much needed for inclusion into the picture, although still rarely an element of an overall vulnerability assessment; in this respect, computational tools for uncertainty propagation and sensitivity analysis in large scale applications, with reasonable computing times are missing. The same holds for the need of including the interactions and influences of the human operators, a cross-cutting issue into vulnerability analysis which has been addressed in other than CI sectors, mainly in the framework of PRA for nuclear power plants, but is now starting to arise also in the field of vulnerable CIs analysis.

In conclusion, the writing of the book has served the authors to build the confirmation that there is still a gap between the ability to design and operate complex networked CI systems and the ability to understand, model and simulate them for identifying and reducing vulnerabilities. In this view, intensive research, development and application work must be continued and many other books can be expected in future.