Integrated Infrastructure Modelling — Managing Interdependencies with a Generic Approach

Infrastructure provision is a highly challenging task, especially when accounting for climate change mitigation and adaptation needs. Efforts of making infrastructure more efficient and flexible result in an increasing number of sensitive infrastructure interdependencies. This enforces an integrated infrastructure assessment for planning purposes, in contrast to the traditional independent infrastructure-sector modelling. For the unification of the existing infrastructure-sector models, we propose the implementation of a generic communication interface, which allows the separate sector-models to communicate at the necessarily disaggregate level in order to account for interdependencies appropriately. This approach allows for infrastructure provision modelling under one unified umbrella in a minimally invasive way, while conserving crucial individualities of the separate models. This is achieved through a generic network description, in which we solve the resource allocation through a pragmatic network-flow algorithm that resembles market and consumer behaviour. The developed framework establishes the basis for fully integrated infrastructure evaluation and hence cross-sectorial infrastructure investment decision making — a crucial tool in times of tight governmental budgets

Dynamic real-time risk analytics of uncontrollable states in complex internet of things systems: cyber risk at the edge

AbstractThe Internet of Things (IoT) triggers new types of cyber risks. Therefore, the integration of new IoT devices and services requires a self-assessment of IoT cyber security posture. By security posture this article refers to the cybersecurity strength of an organisation to predict, prevent and respond to cyberthreats. At present, there is a gap in the state of the art, because there are no self-assessment methods for quantifying IoT cyber risk posture. To address this gap, an empirical analysis is performed of 12 cyber risk assessment approaches. The results and the main findings from the analysis is presented as the current and a target risk state for IoT systems, followed by conclusions and recommendations on a transformation roadmap, describing how IoT systems can achieve the target state with a new goal-oriented dependency model. By target state, we refer to the cyber security target that matches the generic security requirements of an organisation. The research paper studies and adapts four alternatives for IoT risk assessment and identifies the goal-oriented dependency modelling as a dominant approach among the risk assessment models studied. The new goal-oriented dependency model in this article enables the assessment of uncontrollable risk states in complex IoT systems and can be used for a quantitative self-assessment of IoT cyber risk posture.</jats:p

Network Interdependency Modeling for Risk Assessment on Built Infrastructure Systems

As modern infrastructures become more interconnected, the decision-making process becomes more difficult because of the increased complexity resulting from infrastructure interdependencies. Simulation and network modeling provide a way to understand system behavior as a result of interdependencies. One area within the asset management literature that is not well covered is infrastructure system decay and risks associated with that decay. This research presents an enhanced version of Haimes\u27 input-output inoperability model (IIM) in the analysis of built infrastructure systems. Previous applications of the IIM characterized infrastructure at the national level utilizing large economic databases. This study develops a three-phased approach that takes component level data stored within geographic information systems (GIS) to provide a metric for network interdependency across a municipal level infrastructure. A multi-layered approach is proposed which leverages the layered data structure of GIS. Furthermore, Monte Carlo simulation using stochastic decay estimates shows how infrastructure risk as a result of interdependency effects changes over time. Such an analysis provides insight to infrastructure asset managers on the impact of policy and strategy decision-making regarding the maintenance and management of their infrastructure systems

Metodología para la evaluación de soluciones de inversiones en infraestructuras interdependientes mediante técnicas de simulación

La presente investigación consiste en el diseño y construcción de una herramienta para estimar y evaluar medidas de desempeño de Sistemas Críticos Interdependientes (CIS) bajo condiciones de afectación y ante opciones de inversión, con la finalidad de validar modelos matemáticos para la optimización de inversión en CIS, ya desarrollados. Se hará uso de técnicas de simulación; modelos matemáticos, que proveerán soluciones previamente generadas; y algoritmos, con la finalidad de simular el comportamiento de una red de infraestructuras críticas y evaluar el desempeño de la misma considerando escenarios de gran afectación, fallas menores y proyectos de inversión. Los modelos utilizados en esta investigación hacen uso de relaciones de interdependencia para representar en mayor medida la interacción entre infraestructuras y el comportamiento del sistema.MaestríaMagister en Ingeniería Industria

A Novel Approach to Determining Real-Time Risk Probabilities in Critical Infrastructure Industrial Control Systems

Critical Infrastructure Industrial Control Systems are substantially different from their more common and ubiquitous information technology system counterparts. Industrial control systems, such as distributed control systems and supervisory control and data acquisition systems that are used for controlling the power grid, were not originally designed with security in mind. Geographically dispersed distribution, an unfortunate reliance on legacy systems and stringent availability requirements raise significant cybersecurity concerns regarding electric reliability while constricting the feasibility of many security controls. Recent North American Electric Reliability Corporation Critical Infrastructure Protection standards heavily emphasize cybersecurity concerns and specifically require entities to categorize and identify their Bulk Electric System cyber systems; and, have periodic vulnerability assessments performed on those systems. These concerns have produced an increase in the need for more Critical Infrastructure Industrial Control Systems specific cybersecurity research. Industry stakeholders have embraced the development of a large-scale test environment through the Department of Energy’s National Supervisory Control and Data Acquisition Test-bed program; however, few individuals have access to this program. This research developed a physical industrial control system test-bed on a smaller-scale that provided an environment for modeling a simulated critical infrastructure sector performing a set of automated processes for the purpose of exploring solutions and studying concepts related to compromising control systems by way of process-tampering through code exploitation, as well as, the ability to passively and subsequently identify any risks resulting from such an event. Relative to the specific step being performed within a production cycle, at a moment in time when sensory data samples were captured and analyzed, it was possible to determine the probability of a real-time risk to a mock Critical Infrastructure Industrial Control System by comparing the sample values to those derived from a previously established baseline. This research achieved such a goal by implementing a passive, spatial and task-based segregated sensor network, running in parallel to the active control system process for monitoring and detecting risk, and effectively identified a real-time risk probability within a Critical Infrastructure Industrial Control System Test-bed. The practicality of this research ranges from determining on-demand real-time risk probabilities during an automated process, to employing baseline monitoring techniques for discovering systems, or components thereof, exploited along the supply chain

相互依存性を有するクリティカルインフラストラクチャーの地震時性能と地震災害マネジメントに関する研究

京都大学0048新制・課程博士博士(工学)甲第17142号工博第3632号新制||工||1551(附属図書館)29881京都大学大学院工学研究科都市社会工学専攻(主査）教授 清野 純史, 教授 小池 武, 准教授 古川 愛子学位規則第4条第1項該当Doctor of Philosophy (Engineering)Kyoto UniversityDFA

Disaster risk management of interdependent infrastructure systems for community resilience planning

This research focuses on developing methodologies to model the damage and recovery of interdependent infrastructure systems under disruptive events for community resilience planning. The overall research can be broadly divided into two parts: developing a model to simulate the post-disaster performance of interdependent infrastructure systems and developing decision frameworks to support pre-disaster risk mitigation and post-disaster recovery planning of the interdependent infrastructure systems towards higher resilience. The Dynamic Integrated Network (DIN) model is proposed in this study to simulate the performance of interdependent infrastructure systems over time following disruptive events. It can consider three different levels of interdependent relationships between different infrastructure systems: system-to-system level, system-to-facility level and facility-to-facility level. The uncertainties in some of the modeling parameters are modeled. The DIN model first assesses the inoperability of the network nodes and links over time to simulate the damage and recovery of the interdependent infrastructure facilities, and then assesses the recovery and resilience of the individual infrastructure systems and the integrated network utilizing some network performance metrics. The recovery simulation result from the proposed model is compared to two conventional models, one with no interdependency considered, and the other one with only system-level interdependencies considered. The comparison results suggest that ignoring the interdependencies between facilities in different infrastructure systems would lead to poorly informed decision making. The DIN model is validated through simulating the recovery of the interdependent power, water and cellular systems of Galveston City, Texas after Hurricane Ike (2008). Implementing strategic pre-disaster risk mitigation plan to improve the resilience of the interdependent infrastructure systems is essential for enhancing the social security and economic prosperity of a community. Majority of the existing infrastructure risk mitigation studies or projects focus on a single infrastructure system, which may not be the most efficient and effective way to mitigate the loss and enhance the overall community disaster resilience. This research proposes a risk-informed decision framework which could support the pre-disaster risk mitigation planning of several interdependent infrastructure systems. The characteristics of the Interdependent Infrastructure Risk Mitigation (IIRM) decision problem, such as objective, decision makers, constraints, etc., are clearly identified. A four-stage decision framework to solve the IIRM problem is also presented. The application of the proposed IIRM decision framework is illustrated using a case study on pre-disaster risk mitigation planning for the interdependent critical infrastructure systems in Jamaica. The outcome of the IIRM problem is useful for the decision makers to allocate limited risk mitigation budget or resources to the most critical infrastructure facilities in different systems to achieve greater community disaster resilience. Optimizing the post-disaster recovery of damaged infrastructure systems is essential to alleviate the adverse impacts of natural disasters to communities and enhance their disaster resilience. As a result of infrastructure interdependencies, the complete functional restoration of a facility in one infrastructure system relies on not only the physical recovery of itself, but also the recovery of the facilities in other systems that it depends on. This study introduces the Interdependent Infrastructure Recovery Planning (IIRP) problem, which aims at optimizing the assignment and scheduling of the repair teams for an infrastructure system with considering the repair plan of the other infrastructure systems during the post-disaster recovery phase. Key characteristics of the IIRP problem are identified and a game theory-based IIRP decision framework is presented. Two recovery time-based performance metrics are introduced and applied to evaluate the efficiency and effectiveness of the post-disaster recovery plan. The IIRP decision framework is illustrated using the interdependent power and water systems of the Centerville virtual community subjected to seismic hazard