Critical Infrastructure System Security and Resiliency: 1st Edition (Hardback) book cover

Critical Infrastructure System Security and Resiliency

1st Edition

By Betty Biringer, Eric Vugrin, Drake Warren

CRC Press

229 pages | 44 B/W Illus.

Purchasing Options:$ = USD
Hardback: 9781466557505
pub: 2013-04-12
SAVE ~$21.00
$105.00
$84.00
x
eBook (VitalSource) : 9780429253966
pub: 2013-04-12
from $52.50


FREE Standard Shipping!

Description

Security protections for critical infrastructure nodes are intended to minimize the risks resulting from an initiating event, whether it is an intentional malevolent act or a natural hazard. With an emphasis on protecting an infrastructure's ability to perform its mission or function, Critical Infrastructure System Security and Resiliency presents a practical methodology for developing an effective protection system that can either prevent undesired events or mitigate the consequences of such events.

Developed at Sandia National Labs, the authors’ analytical approach and methodology enables decision-makers and security experts to perform and utilize risk assessments in a manner that extends beyond the theoretical to practical application. These protocols leverage expertise in modeling dependencies—optimizing system resiliency for effective physical protection system design and consequence mitigation.

The book begins by focusing on the design of protection strategies to enhance the robustness of the infrastructure components. The authors present risk assessment tools and necessary metrics to offer guidance to decision-makers in applying sometimes limited resources to reduce risk and ensure operational resiliency.

Our critical infrastructure is vast and made up of many component parts. In many cases, it may not be practical or affordable to secure every infrastructure node. For years, experts—as a part of the risk assessment process—have tried to better identify and distinguish higher from lower risks through risk segmentation. In the second section of the book, the authors present examples to distinguish between high and low risks and corresponding protection measures. In some cases, protection measures do not prevent undesired events from occurring. In others, protection of all infrastructure components is not feasible. As such, this section describes how to evaluate and design resilience in these unique scenarios to manage costs while most effectively ensuring infrastructure system protection.

With insight from the authors’ decades of experience, this book provides a high-level, practical analytical framework that public and private sector owners and operators of critical infrastructure can use to better understand and evaluate infrastructure security strategies and policies. Strengthening the entire homeland security enterprise, the book presents a significant contribution to the science of critical infrastructure protection and resilience.

Table of Contents

SECURITY RISK ASSESSMENT

Introduction to Security Risk Assessment

Security Risk Assessment

Protection System Robustness

Security System Resiliency

System Approach for Security Risk Assessment

Determine Undesired Events, Associated Critical Assets,

and Available Resources

Threat Analysis

Assess Likelihood of Initiating Event

Estimate Protection System Effectiveness

Assess Consequences for Undesired Event

Estimate Security Risk

Upgrade the Protection System to Be Robust against Undesired Event

Upgrade Security System to Be Resilient for Undesired Event

Undesired Events, Associated Critical Assets, and Available Resources

Critical Assets

Logic Model

Threat Analysis

Malevolent Threats

Type of Adversary

Adversary Capability

Design Basis Threat

Natural Hazards

Hurricane

Earthquake

Tornado

Flood

Accidents

Likelihood of Initiating Events

Malevolent Threat

Outsider Threat

Insider Threat

Natural Hazard Threat

Accident Threat

Assess Consequences and Responses for Undesired Event

Reference Table for Consequences

Estimating Consequence Level for Undesired Events

Assessment of Protection System Effectiveness

Assessment of Protection System Effectiveness for Malevolent Threat

Adversary Scenarios

Effective Physical Protection System for the Malevolent Threat

Physical Protection System Effectiveness Assessment

Physical Protection System Effectiveness Assessment—Example

Protection System Effectiveness against Blast Attacks

Protection System Effectiveness for Blast Attacks Assessment—Example

Mitigation of the Insider Threat

Cyber Protection System Effectiveness

Cyber Functions

Cyber Protection System Effectiveness Assessment—Example

Effectiveness for Natural Hazards

Protection System Effectiveness Assessment for Natural

Hazards—Example

Protection System Effectiveness for Accidents

Protection System Effectiveness Assessment for Accidents—Example

Estimate Security Risk

System Approach for Security Risk Assessment

Determine Undesired Events, Associated Critical Assets, and Available Resources

Threat Analysis

Assess Likelihood of Initiating Event

Estimate Protection System Effectiveness

Assess Consequences for Undesired Event

Estimate Security Risk

Upgrade Protection System to Be Robust against Undesired Event

Upgrade Security System to Be Resilient for Undesired Event

EVALUATION AND DESIGN OF RESILIENT SYSTEMS

Motivating Infrastructure Resilience Analysis

Current State of Resilience Assessment

Definitions of Resilience

Domains

Assessment Processes

Structural Resilience Assessment Methodologies

Performance-Based Measurement

Hybrid Approaches

Gaps and Limitations

Infrastructure Resilience Analysis Methodology

Definition of Resilience

Measurement of Resilience Costs

Systemic Impact

Total Recovery Effort

Resilience Cost Calculation

Use and Interpretation of Recovery-Dependent Resilience

Costs and Optimal Resilience Costs Quantities

Additional Notes on Calculation of Resilience Costs

Qualitative Structural Analysis

Absorptive Capacity

Adaptive Capacity

Restorative Capacity

Additional Notes on Resilience Capacities

Applying the Infrastructure Resilience Analysis Methodology

Case Studies Using the Infrastructure Resilience Analysis Framework

Qualitative Resilience Analysis Case Study

Define Systems

Define Scenario

Perform Structural Analysis

Analysis Conclusions

Quantitative Resilience Analysis Case Study

Define Systems

Define Scenario

Define Metrics and Obtain Data

Calculate Resilience Costs

Perform Structural Analysis

Case Study on Optimizing Resilient Recovery Strategies

Define Systems

Define Scenario

Define Metrics

Obtain Data and Calculate Resilience Costs

Future Directions

APPENDIX A: EXAMPLE USE OF FAULT TREES TO IDENTIFY CRITICAL ASSETS

APPENDIX B: PHYSICAL PROTECTION FEATURES PERFORMANCE DATA

INDEX

About the Authors

Betty E. Biringer is a mathematician currently conducting specialized technical assessments and research in the national interest as a distinguished member of the technical staff at Sandia National Laboratories. As the former manager of the Security Risk Assessment Department, she provided oversight and technical guidance for Sandia’s modeling and simulation tools for physical security vulnerability analyses and risk assessments. Ms. Biringer was actively involved in the development and implementation of most of Sandia’s service-marked Risk Assessment Methodology (RAM) tools for critical infrastructure elements, including dams, high-voltage electric power transmission, chemical facilities, communities, and energy. She has served as a subject matter expert for security risk on review panels for the Department of Homeland Security’s National Centers of Excellence. Her other primary research area is the development of methodologies for the assessment and mitigation of the insider threat.

Dr. Eric D. Vugrin is currently a distinguished member of the technical staff in the Resilience and Regulatory Effects Department at Sandia National Laboratories. His primary research interest is the development of analytical tools and methods for infrastructure analysis. Most recently, his research has focused on capability development for vulnerability, consequence, and resilience analysis of chemical supply chains, transportation networks, electrical power systems, and other infrastructure networks. These efforts provided support and guidance to the U.S. Department of Homeland Security’s Infrastructure Protection, Science and Technology, and Policy programs. Prior to his work in the area of infrastructure analysis, he performed risk analyses for complex systems as Sandia’s technical lead for Total Systems Performance Assessment at the Waste Isolation Pilot Plant, the world’s only certified, deep-underground repository for nuclear waste.

Dr. Drake E. Warren was a senior member of technical staff at Sandia National Laboratories until he joined the RAND Corporation as an associate policy researcher in 2011. While at Sandia, he worked on projects across a range of homeland security and national security issues, including projects that assessed the economic impacts of disruptions to industries and infrastructure systems caused by hurricanes, climate change, and other disruptive events. He helped develop frameworks for assessing the resilience and criticality of infrastructure and economic systems and led studies directed toward improving foresight of national security challenges.

Subject Categories

BISAC Subject Codes/Headings:
BUS041000
BUSINESS & ECONOMICS / Management
LAW041000
LAW / Forensic Science
POL012000
POLITICAL SCIENCE / Political Freedom & Security / International Security
SOC040000
SOCIAL SCIENCE / Disasters & Disaster Relief