2,357 research outputs found

    Best Practices and Methodological Guidelines for Conducting Gas Risk Assessments

    Get PDF
    The EC Regulation concerning measures to safeguard security of gas supply (EC/994/2010) requires member states to make a full assessment of the risks affecting the security of gas supply. According to Article 9, this risk assessment must: (a) use the infrastructure and supply standards (articles 6 and 8); (b) take into account all relevant national and regional circumstances; (c) run various disruption scenarios; (d) identify the interaction and correlation of risks with other Member States. (e) take into account the maximal interconnection capacity of each border entry and exit point. The objective of this report is to provide guidance and advice for performing risk assessments. It will do so by first providing a literature review, and then by proposing a basic structure for undertaking a gas security risk assessment, in accordance with best practices and standard procedures found in risk management.JRC.F.3-Energy securit

    A stochastic multi-criteria assessment of security of transportation assets

    Get PDF
    Transportation project evaluation and prioritization use traditional performance measures including travel time, safety, user costs, economic efficiency, and environmental quality. The project impacts in terms of enhancing the infrastructure resilience or mitigating the consequences of infrastructure damage in the event of disaster occurrence are rarely considered in project evaluation. This dissertation presents a methodology to address this issue so that in evaluating and prioritizing investments, infrastructure with low security can receive the attention they deserve. Secondly, the methodology can be used for evaluating and prioritizing candidate investments dedicated specifically to security enhancement. In defining security as a function of threat likelihood, asset resilience and damage consequences, this dissertation uses security-related considerations in investment prioritization thus adding further robustness in traditional evaluations. As this leads to an increase in the number of performance criteria in the evaluation, the dissertation adopts a multiple-criteria analysis approach. The methodology quantifies the overall security level for an infrastructure in terms of the threats it faces, its resilience to damage, and the consequences in the event of the infrastructure damage. The dissertation demonstrates that it is feasible to develop a security-related measure that can be used as a performance criterion in the evaluation of general transportation projects or projects dedicated specifically towards security improvement. Through a case study, the dissertation applies the methodology by measuring the risk (and hence, security) of each for bridge infrastructure in Indiana. The method was also fuzzified and a Monte Carlo simulation was run to account for unknown data and uncertainty. On the basis of the multiple types of impacts including risk impacts such as the increase in security due to each candidate investment, this dissertation shows how to prioritize security investments across the multiple infrastructure assets using multiple-criteria analysis

    Mitigating Malicious Packets Attack via Vulnerability-aware Heterogeneous Network Devices Assignment

    Get PDF
    Due to high homogeneity of current network devices, a network is compromised if one node in the network is compromised by exploiting its vulnerability (e.g., malicious packets attack). Many existing works adopt heterogeneity philosophy to improve network survivability. For example, “diverse variants” are assigned to nodes in the network. However, these works assume that diverse variants do not have common vulnerabilities, which deem an invalid assumption in real networks. Therefore, existing diverse variants deployment schemes could not achieve optimal performance. This paper considers that some variants have common vulnerabilities, and proposes a novel solution called Vulnerability-aware Heterogeneous Network Devices Assignment (VHNDA). Firstly, we introduce a new metric named Expected Infected Ratio (EIR) to measure the impact of malicious packets’ attacks spread on the network. Secondly, we use EIR to model the vulnerability-aware diverse variants deployment problem as an integer-programming optimization problem with NP-hard complexity. Considering NP-hardness, we then design a heuristic algorithm named Simulated Annealing Vulnerability-aware Diverse Variants Deployment (SA-VDVD) to address the problem. Finally, we present a low complexity algorithm named Graph Segmentation-based Simulated Annealing Vulnerability-aware Diverse Variants Deployment (GSSA-VDVD) for large-scale networks named graph segmentation-based simulated annealing. The experimental results demonstrate that the proposed algorithms restrain effectively the spread of malicious packets attack with a reasonable computation cost when compared with baseline algorithms

    Measuring the Risk of Cyber Attack in Industrial Control Systems

    Get PDF
    Open Access articleCyber attacks on industrial control systems (ICS) that underpin critical national infrastructure can be characterised as high-impact, low-frequency events. To date, the volume of attacks versus the overall global footprint of ICS is low, and as a result there is an insufficient dataset to adequately assess the risk to an ICS operator, yet the impacts are potentially catastrophic. This paper identifies key elements of existing decision science that can be used to inform and improve the cyber security of ICS against antagonistic threats and highlights the areas where further development is required to derive realistic risk assessments, as well as detailing how data from established safety processes may inform the decision-making process. The paper concludes by making recommendations as to how a validated dataset could be constructed to support investment in ICS cyber security

    Risk Management for the Future

    Get PDF
    A large part of academic literature, business literature as well as practices in real life are resting on the assumption that uncertainty and risk does not exist. We all know that this is not true, yet, a whole variety of methods, tools and practices are not attuned to the fact that the future is uncertain and that risks are all around us. However, despite risk management entering the agenda some decades ago, it has introduced risks on its own as illustrated by the financial crisis. Here is a book that goes beyond risk management as it is today and tries to discuss what needs to be improved further. The book also offers some cases

    Application of Complex Network Theory in Power System Security Assessment

    Get PDF
    The power demand increases every year around the world with the growth of population and the expansion of cities. Meanwhile, the structure of a power system becomes increasing complex. Moreover, increasing renewable energy sources (RES) has linked to the power network at different voltage levels. These new features are expected to have a negative impact on the security of the power system. In recent years, complex network (CN) theory has been studied intensively in solving practical problems of large-scale complex systems. A new direction for power system security assessment has been provided with the developments in the CN field. In this thesis, we carry out investigations on models and approaches that aim to make the security assessment from an overview system level with CN theory. Initially, we study the impact of the renewable energy (RE) penetration level on the vulnerability in the future grid (FG). Data shows that the capacity of RE has been increasing over by 10% annually all over the world. To demonstrate the impact of unpredictable fluctuating characteristics of RES on the power system stability, a CN model given renewable energy integration for the vulnerability analysis is introduced. The numerical simulations are investigated based on the simplified 14-generator model of the South Eastern Australia power system. Based on the simulation results, the impact of different penetrations of RES and demand side management on the Australian FG is discussed. Secondly, the distributed optimization performance of the communication network topology in the photovoltaic (PV) and energy storage (ES) combined system is studied with CN theory. A Distributed Alternating Direction Method of Multipliers (D-ADMM) is proposed to accelerate the convergence speed in a large dimensional communication system. It is shown that the dynamic performance of this approach is highly-sensitive to the communication network topology. We study the variation of convergence speed under different communication network topology. Based on this research, guidance on how to design a relatively more optimal communication network is given as well. Then, we focus on a new model of vulnerability analysis. The existing CN models usually neglect the detailed electrical characteristics of a power grid. In order to address the issue, an innovative model which considers power flow (PF), one of the most important characteristics in a power system, is proposed for the analysis of power grid vulnerability. Moreover, based on the CN theory and the Max-Flow theorem, a new vulnerability index is presented to identify the vulnerable lines in a power system. The comparative simulations between the power flow model and existing models are investigated on the IEEE 118-bus system. Based on the PF model, we improve a power system cascading risk assessment model. In this research the risk is defined by the consequence and probabilities of the failures in the system, which is affected by both power factors and the network structure. Furthermore, a cascading event simulation module is designed to identify the cascading chain in the system during a failure. This innovation can form a better module for the cascading risk assessment of a power system. Finally, we argue that the current cyber-physical network model have their limitations and drawbacks. The existing “point-wise” failure model is not appropriate to present the interdependency of power grid and communication network. The interactions between those two interdependent networks are much more complicated than they were described in some the prior literatures. Therefore, we propose a new interdependency model which is based on earlier research in this thesis. The simulation results confirm the effectiveness of the new model in explaining the cascading mechanism in this kind of networks
    • …
    corecore