Critical Infrastructure Protection Risk Analysis

Yüklə 472 b.
ölçüsü472 b.

  • Critical Infrastructure Protection

  • Risk Analysis

  • DHS S&T

  • Drinking Water

  • Resilience Project

  • Rick White, Ph.D.

  • University of Colorado, Colorado Springs


  • Drinking Water infrastructure rated ‘D’ in 2013 ASCE Report Card

    • >100 years old
    • 240,000 main breaks/year
  • $384.2 billion capital shortfall

  • Prioritize national investments in drinking water infrastructure

  • Develop risk analysis methodology to uniformly compare risks across assets

  • Account for emerging threats from climate change, aging infrastructure, & cyber attack.

  • Extend methodology to include “lifeline” infrastructure sectors of Water, Energy, Transportation, & Communications.

  • Homeland security is about safeguarding the US from domestic catastrophic destruction.

  • Domestic catastrophic destruction comes in two forms: natural & manmade.

  • Manmade catastrophic destruction can be inflicted by non-state actors employing WMD or subverting critical infrastructure.

    • 1995 Tokyo Subway Attacks
    • 2001 NYC & DC Attacks (9/11)

  • Developed by ASME at request of White House shortly after 9/11

  • Advocated risk method in 2006 National Infrastructure Protection Plan (NIPP); dropped from 2009 & 2013 NIPPs

  • Made into AWWA J100-10 ANSI standard for Risk and Resilience of Water and Wastewater Systems

  • Developed into EPA Vulnerability Self-Assessment Tool (VSAT)

  • Evaluate RAMCAP WRT to emerging threats from climate change, aging infrastructure, & cyber attack

  • Evaluate RAMCAP WRT to lifeline infrastructure including Water, Energy, Transportation, & Communications

  • Recommend requirements to make RAMCAP compliant with DWRP objectives

  • RAMCAP does not account for emerging threats from climate change, aging infrastructure, or cyber attack

  • RAMCAP results are not uniform across different assets, let alone different sectors

  • RAMCAP requires significant structural changes to meet DWRP objectives; developed LIRA prototype to demonstrate potential capability


  • LIRA

  • Top-down risk analysis

  • Default system failure modes

  • Default threat & vulnerability data

  • Fixed & Mobile asset analysis

  • Assesses risk at the local, regional, and national levels

  • Accommodates mitigation and resilience analysis

  • Can be completed in 1-3 hours

  • Accounts for emerging threats, and results comparable across lifeline sectors


  • LIRA

  • R = C X V X T

  • System Asset Identification

  • System Failure Mode Definition

  • First Order Consequences

  • Second Order Consequences

  • Third Order Consequences

  • Consequence Assessment

  • Vulnerability Analysis

  • Probability Analysis

  • Risk Assessment

  • Mitigation Optimization

  • Resilience Optimization

  • Risk Management

  • Input Data Analysis

  • Draft LIRA ANSI specification

  • Conduct stakeholder survey to validate LIRA design

  • Incorporate stakeholder feedback into revised ANSI specification

  • Ten questions related to LIRA and RAMCAP differences in speed, detail, & cost:

  • “Would you rather...” questions framed to pick between competing features

  • Two-month survey conducted from 27 Feb to 27 Apr 2016.

  • Received 26 responses to 684 requests for participation.

  • Responses overwhelmingly supported LIRA over RAMCAP.

  • Because of low participation, very large variation in confidence of results.

  • Results were “convincing” but not “conclusive”.

  • Validate previous survey results and revise LIRA specification accordingly

  • Build stakeholder awareness

  • Develop database tool

  • Received $501K research funding over three years

  • Deliver ANSI specification and working prototype by end of DWRP Y3

  • Contingent upon DHS funding, DWRP Y4 will take LIRA through ANSI process

    • Richard White, Aaron Burkhart, Terrance Boult, and Edward Chow. “Towards a Comparable Cross-Sector Risk Analysis: RAMCAP Revisited“. International Conference on Apples-to-Apples: LIRA vs. RAMCAP X, IFIP AICT 485, pp. 221–237 (2016), DOI 10.1007/978-3-319-48737-3_13, November 2016.
    • Richard White, Randy George, Terrance Boult, and C. Edward Chow. “Apples to Apples: RAMCAP and Emerging Threats to Lifeline Infrastructure”. Homeland Security Affairs 12, Article 2 (September 2016).
    • Richard White, Aaron Burkhart, Terrance Boult, and Edward Chow. “Towards a Comparable Cross-Sector Risk Analysis: A re-examination of the Risk Analysis and Management for Critical Asset Protection (RAMCAP) methodology”. International Journal of Apples-to-Apples: LIRA vs. RAMCAP 14 (2016): 28-40, August 2016.

  • Questions?

Yüklə 472 b.

Dostları ilə paylaş:

Verilənlər bazası müəlliflik hüququ ilə müdafiə olunur © 2022
rəhbərliyinə müraciət

    Ana səhifə