International Journal of Critical Infrastructures (8 papers in press)
Design and Validation of the Medusa Supply Chain Risk Assessment Methodology and System
by Spyridon Papastergiou, Nineta Polemi, Panayiotis Kotzanikolaou
Abstract: Supply Chains (SC) can be viewed as complex interconnected systems that play a vital role of the transportation and delivery of goods and services. SC usually involve various Critical Infrastructures, mainly in the transportation sector and exhibit intra-sector and cross-border dependencies with various business entities. Although efforts have been made to standardize Supply Chain Risk Assessment approaches (SC RA), there is a lack of targeted methodologies. In our previous work  we have proposed a preliminary version of the Medusa SC RA methodology, compliant with ISO28001. The primary goal of Medusa is to assess the risks of a SC rising from the interconnections and interdependencies between the various entities within it. In this paper, we significantly extend our previous work, in order to define all specific details of the Medusa SC RA, such as estimations of threat levels, consequences, risk scales, cascading risks; generation of a baseline SC security policy and identification of security controls. Furthermore we validate our methodology based on real case scenarios, derived from the pilot operations of the Medusa project; and we provide implementation details of the Medusa collaborative system which hosts the methodology and offers SC RA services to the involved business partners.
Keywords: Supply Chain; Risk Assessment; Critical Infrastructures; Dependency Graphs; experimental validation.
Exploring the effect of national policies on the safety level of tunnels that belong to the Trans-European Road Network: A comparative analysis.
by Panagiotis Ntzeremes, Konstantinos Kirytopoulos, Ioannis Benekos
Abstract: The Trans-European Road Network (TERN) was defined to improve the road network of the European Union (EU). Hence, it should guarantee users a high and uniform level of services and safety. Road tunnels, which are a key element of TERN, must be designed to serve these purposes. To this respect and after the disastrous tunnel accidents in Europe in the late 90s, the EU introduced the Directive 2004/54/EC. The Directive imposed minimum infrastructure (including equipment) requirements for all TERNs tunnels attributing also high importance to risk assessment for further enhancing their safety. However, this paper illustrates that the variety of the risk assessment methods adopted by each Member State, although compliant with the provisions of the Directive, do not guarantee the same level of safety for all the TERN tunnels. To argue for that, two methods that share a very high degree of similarity, are used to study the same fire accident scenario at the same TERN tunnel. Despite the similarity of the methods, the differences that occurred in the estimated level of tunnel safety raises skepticism. It is concluded that the same tunnel under the same conditions can be characterised differently in regard to its safety level, depending on the method and national policies used. The outcome illustrates the need to improve policy formulation on this matter.
Keywords: Road network; Transportation; Road tunnel; Directive 54/2004/EC; Risk assessment; Infrastructure safety.
Developing a model and instrument to measure the resilience of critical infrastructure sector organisations
by Tracy Hatton, Charlotte Brown, Robert Kipp, Erica Seville, Peter Brouggy, Michelle Loveday
Abstract: Societies are highly reliant on uninterrupted critical infrastructure services. Until recently, the focus has been on the physical resilience of hard assets such as pipes, cables and buildings. But attention is also turning to a systems approach, considering the capabilities of, and interconnections between, the organisations responsible for developing, maintaining and running those infrastructures. This paper draws on existing research into organisational resilience to develop a model and measurement instrument for whole of sector resilience for selected critical infrastructure sectors, in order to identify sector resilience strengths and weaknesses, and to develop and evaluate the effectiveness of their resilience strategies and investments. The model is intended as a conversation starter to prompt further research on how critical infrastructure organisations can best address their significant co-dependencies to ensure the overall sectors ability to survive and thrive, even in times of crisis.
Keywords: model development; instrument development; measuring resilience; critical infrastructure resilience; organisational resilience; sector resilience; critical infrastructure organisations; resilience strategies.
A deterministic approach for systems-of-systems resilience quantification
by Ilyas Ed-daoui, Mhamed Itmi, Abdelkhalak El Hami, Nabil Hmina, Tomader Mazri
Abstract: With recent advances in systems-of-systems, reliability analysis becomes a very challenging research topic. One of the most pressing issues is to figure out a plan to handle resilience. On this basis, we propose, in this paper, a structural deterministic approach to quantitatively measure systems resilience. This approach is based on a 3-step method. First, evaluate the functional dependencies between groups by considering a system-of-systems as a large-scale interconnected network of systems distributed into interdependent groups. This leads us to better understand the overall connections and process continuity. Next, analyse how much the global architecture of the system-of-systems depends on every group. Last, estimate its structural resilience by measuring the impact of each systems failure on the other systems forming the global system and building the process. Two case studies are provided to experiment our approach. The results are cross-compared and evaluated.
Keywords: Critical infrastructures; Criticality; Failure impact; Reliability; Resilience; Systems-of-systems.
A Critical Review on Cyber Security and Cyber Terrorism - Threats to Critical Infrastructure in Energy Sector
by Sampath Kumar Venkatachary, Jagdish Prasad, Ravi Samikannu
Abstract: Cyber terrorism and Cyber security are two synonyms. With advancement in ICT technologies and extensive use of it in ICS in energy sector, it has its pros and cons. Energy sector does an excellent job of managing risks facing their operations. However, cyber security and terrorism remains opaque and stubborn to monitor, manage, measure. It is critical that the environment for this be analyzed. In this paper two aspects of Cyber security and cyber terrorism is brought into limelight and discussed. The paper highlights different vectors, algorithms used as means for cyberattack from 2003 on Critical Systems and its impacts
Keywords: Systemic Cyber Event; Syntatic Attack,.
A Fire Management Decision Support Systems to Minimize Economic Losses: A Case Study in a Petrochemical Complex
by Khaled Alutaibi, Abdullah Alsubaie, Jose Marti
Abstract: Fires are very expensive to fight and may result in devastating human, economic, and environmental effects. Due to limited fire management resources and budget constraints, fire management becomes increasingly challenging. The increased interdependencies among existing infrastructure systems make economic losses induced by fires very severe and difficult to predict. Despite recent advances in fire management decision support systems (FMDSSs), economic analysis capabilities have not received enough attention in these systems. Efficient FMDSS incorporates economic considerations to determine optimal fire fighting tactics and strategies. This paper proposes an FMDSS for developing optimal fire management plans. The proposed system adopts the Cost-Plus-Net-Value Change (C + NV C) concept to evaluate the economic efficiency of the plans. In order to capture the net value change of goods and services due to fires, an infrastructure interdependency simulator (i2Sim) is used to incorporate the interaction among infrastructure systems. The proposed FMDSS is capable of developing long-term (strategic) plans and short-term (operational) plans. The applicability of the proposed system is demonstrated using a case study involving multiple fire incidents in a large petrochemical complex.
Keywords: economic efficiency; decision support systems; firernmanagement; critical infrastructures; interdependencies; firefighting;rnindustrial fires.
The impact of partial capacity reduction on network vulnerability against cascading failure
by Kashin Sugishita, Yasuo Asakura
Abstract: Recent natural and man-made disasters have revealed the inherent weakness in mutually dependent critical infrastructures. A potential risk in such complex systems is that an influence of failures in one system can propagate along dependency and multiple systems can be broken simultaneously. Hence it is important to understand risks hidden behind dependency. Under the background, we investigate the impact of partial capacity reduction on network vulnerability against cascading failure. This study demonstrates that the partial capacity reduction increases the vulnerability of the whole network and failures can spread out easily. We also show that how critical nodes whose removals bring about devastating damage on the whole network appear in a network. Our results indicate a possibility that nodes which are located not only inside but also outside of the area of the capacity reduction can turn into critical nodes.
Keywords: cascading failure; critical infrastructures; vulnerability; network risks; capacity reduction; dependency; complex networks.
Analyzing Robustness in Intra-Dependent and Inter-Dependent Networks using a New Model of Interdependency
by Joydeep Banerjee, Kaustav Basu, Arunabha Sen
Abstract: Power and Communication network of a nation are heavily
interdependent on each other. Dependencies exist between the individual
networks, for example, the power network, as well. Failure of certain entities
results in cascading failure leading to widespread power blackouts. Hence it is
critical to understand and model such dependencies. In previous literature, authors
have proposed different models to describe these dependencies. However, these
models are limited to capture the complex dependencies that might exist in a
critical infrastructure. In this paper, firstly we present a Boolean logic based
model called the Implicative Interdependency Model, which overcomes the major
shortcomings of the previous models. Using the model a metric to compute
Robustness of these systems is defined. The computational complexity to compute
this metric is proved to be NP-complete. An optimal Integer Linear program and
a sub-optimal heuristic with polynomial time complexity are provided that solves
the Robustness Computation problem. Using real world data of interdependent
power-communication network and data of different bus systems for power
network the efficacy of the heuristic is compared to the optimal solution.
Keywords: Power Network; Communication Network; Dependency; Interdependency; Robustness.