1st Edition

Critical Infrastructure System Security and Resiliency



ISBN 9781466557505
Published April 12, 2013 by CRC Press
229 Pages 44 B/W Illustrations

USD $110.00

Prices & shipping based on shipping country


Preview

Book Description

Security protections for critical infrastructure nodes are intended to minimize the risks resulting from an initiating event, whether it is an intentional malevolent act or a natural hazard. With an emphasis on protecting an infrastructure's ability to perform its mission or function, Critical Infrastructure System Security and Resiliency presents a practical methodology for developing an effective protection system that can either prevent undesired events or mitigate the consequences of such events.

Developed at Sandia National Labs, the authors’ analytical approach and methodology enables decision-makers and security experts to perform and utilize risk assessments in a manner that extends beyond the theoretical to practical application. These protocols leverage expertise in modeling dependencies—optimizing system resiliency for effective physical protection system design and consequence mitigation.

The book begins by focusing on the design of protection strategies to enhance the robustness of the infrastructure components. The authors present risk assessment tools and necessary metrics to offer guidance to decision-makers in applying sometimes limited resources to reduce risk and ensure operational resiliency.

Our critical infrastructure is vast and made up of many component parts. In many cases, it may not be practical or affordable to secure every infrastructure node. For years, experts—as a part of the risk assessment process—have tried to better identify and distinguish higher from lower risks through risk segmentation. In the second section of the book, the authors present examples to distinguish between high and low risks and corresponding protection measures. In some cases, protection measures do not prevent undesired events from occurring. In others, protection of all infrastructure components is not feasible. As such, this section describes how to evaluate and design resilience in these unique scenarios to manage costs while most effectively ensuring infrastructure system protection.

With insight from the authors’ decades of experience, this book provides a high-level, practical analytical framework that public and private sector owners and operators of critical infrastructure can use to better understand and evaluate infrastructure security strategies and policies. Strengthening the entire homeland security enterprise, the book presents a significant contribution to the science of critical infrastructure protection and resilience.

Table of Contents

SECURITY RISK ASSESSMENT
Introduction to Security Risk Assessment
Security Risk Assessment
Protection System Robustness
Security System Resiliency
System Approach for Security Risk Assessment
Determine Undesired Events, Associated Critical Assets,
and Available Resources
Threat Analysis
Assess Likelihood of Initiating Event
Estimate Protection System Effectiveness
Assess Consequences for Undesired Event
Estimate Security Risk
Upgrade the Protection System to Be Robust against Undesired Event
Upgrade Security System to Be Resilient for Undesired Event
Undesired Events, Associated Critical Assets, and Available Resources
Critical Assets
Logic Model
Threat Analysis
Malevolent Threats
Type of Adversary
Adversary Capability
Design Basis Threat
Natural Hazards
Hurricane
Earthquake
Tornado
Flood
Accidents
Likelihood of Initiating Events
Malevolent Threat
Outsider Threat
Insider Threat
Natural Hazard Threat
Accident Threat
Assess Consequences and Responses for Undesired Event
Reference Table for Consequences
Estimating Consequence Level for Undesired Events
Assessment of Protection System Effectiveness
Assessment of Protection System Effectiveness for Malevolent Threat
Adversary Scenarios
Effective Physical Protection System for the Malevolent Threat
Physical Protection System Effectiveness Assessment
Physical Protection System Effectiveness Assessment—Example
Protection System Effectiveness against Blast Attacks
Protection System Effectiveness for Blast Attacks Assessment—Example
Mitigation of the Insider Threat
Cyber Protection System Effectiveness
Cyber Functions
Cyber Protection System Effectiveness Assessment—Example
Effectiveness for Natural Hazards
Protection System Effectiveness Assessment for Natural
Hazards—Example
Protection System Effectiveness for Accidents
Protection System Effectiveness Assessment for Accidents—Example
Estimate Security Risk
System Approach for Security Risk Assessment
Determine Undesired Events, Associated Critical Assets, and Available Resources
Threat Analysis
Assess Likelihood of Initiating Event
Estimate Protection System Effectiveness
Assess Consequences for Undesired Event
Estimate Security Risk
Upgrade Protection System to Be Robust against Undesired Event
Upgrade Security System to Be Resilient for Undesired Event
EVALUATION AND DESIGN OF RESILIENT SYSTEMS
Motivating Infrastructure Resilience Analysis
Current State of Resilience Assessment
Definitions of Resilience
Domains
Assessment Processes
Structural Resilience Assessment Methodologies
Performance-Based Measurement
Hybrid Approaches
Gaps and Limitations
Infrastructure Resilience Analysis Methodology
Definition of Resilience
Measurement of Resilience Costs
Systemic Impact
Total Recovery Effort
Resilience Cost Calculation
Use and Interpretation of Recovery-Dependent Resilience
Costs and Optimal Resilience Costs Quantities
Additional Notes on Calculation of Resilience Costs
Qualitative Structural Analysis
Absorptive Capacity
Adaptive Capacity
Restorative Capacity
Additional Notes on Resilience Capacities
Applying the Infrastructure Resilience Analysis Methodology
Case Studies Using the Infrastructure Resilience Analysis Framework
Qualitative Resilience Analysis Case Study
Define Systems
Define Scenario
Perform Structural Analysis
Analysis Conclusions
Quantitative Resilience Analysis Case Study
Define Systems
Define Scenario
Define Metrics and Obtain Data
Calculate Resilience Costs
Perform Structural Analysis
Case Study on Optimizing Resilient Recovery Strategies
Define Systems
Define Scenario
Define Metrics
Obtain Data and Calculate Resilience Costs
Future Directions
APPENDIX A: EXAMPLE USE OF FAULT TREES TO IDENTIFY CRITICAL ASSETS
APPENDIX B: PHYSICAL PROTECTION FEATURES PERFORMANCE DATA
INDEX

...
View More

Author(s)

Biography

Betty E. Biringer is a mathematician currently conducting specialized technical assessments and research in the national interest as a distinguished member of the technical staff at Sandia National Laboratories. As the former manager of the Security Risk Assessment Department, she provided oversight and technical guidance for Sandia’s modeling and simulation tools for physical security vulnerability analyses and risk assessments. Ms. Biringer was actively involved in the development and implementation of most of Sandia’s service-marked Risk Assessment Methodology (RAM) tools for critical infrastructure elements, including dams, high-voltage electric power transmission, chemical facilities, communities, and energy. She has served as a subject matter expert for security risk on review panels for the Department of Homeland Security’s National Centers of Excellence. Her other primary research area is the development of methodologies for the assessment and mitigation of the insider threat.

Dr. Eric D. Vugrin is currently a distinguished member of the technical staff in the Resilience and Regulatory Effects Department at Sandia National Laboratories. His primary research interest is the development of analytical tools and methods for infrastructure analysis. Most recently, his research has focused on capability development for vulnerability, consequence, and resilience analysis of chemical supply chains, transportation networks, electrical power systems, and other infrastructure networks. These efforts provided support and guidance to the U.S. Department of Homeland Security’s Infrastructure Protection, Science and Technology, and Policy programs. Prior to his work in the area of infrastructure analysis, he performed risk analyses for complex systems as Sandia’s technical lead for Total Systems Performance Assessment at the Waste Isolation Pilot Plant, the world’s only certified, deep-underground repository for nuclear waste.

Dr. Drake E. Warren was a senior member of technical staff at Sandia National Laboratories until he joined the RAND Corporation as an associate policy researcher in 2011. While at Sandia, he worked on projects across a range of homeland security and national security issues, including projects that assessed the economic impacts of disruptions to industries and infrastructure systems caused by hurricanes, climate change, and other disruptive events. He helped develop frameworks for assessing the resilience and criticality of infrastructure and economic systems and led studies directed toward improving foresight of national security challenges.