Identifying Critical Failure-Propagation in Function Models of Complex Systems

Complex interconnected systems have high demands on meaningful analysis of the impact of failures on the actual service provision. This includes the study of obvious and high probable events, but also failures that are difficult to anticipate, e.g. due to cascading effects or combined events. This work introduces a framework for failure analysis that enables the exhaustive identification of combined failures with the strongest impact on the functionality of a system. The framework consists of two principal elements: a method for capturing the propagation of failures in complex systems that are represented via function models, and algorithms for solving the identification problem, which is formulated as combinatorial optimization problem. The feasibility of the approach is verified at hand of a function model of an Offshore Wind Farm (OWF). Both algorithms are then applied to the model of an offshore wind farm in order to identify the failure combinations with the strongest impact on the functionality

Simulation of the impact of parameter manipulations due to cyber-attacks and severe electrical faults on Offshore Wind Farms

Motivated by the transition to renewable energies in the context of ongoing climate change, offshore wind energy is of rising importance for the energy provision on national and international level. This trend, though, puts pressure on the safety and security community to provide appropriate analyses and solutions in regard to safety and security threats. Based on this motivation, this work investigates the internal disturbances in Offshore Wind Farms (OWF) provoked by cyber-attacks and severe electrical faults that might lead to high impact events. Therefore, the influences of these disturbances are quantified using a simulation model that represents electrical and mechanical aspects as well as the protection and control system. Furthermore, the dependence of the system response on to the disturbance characteristics is determined and the critical values of the disturbance characteristics leading to the OWF service interruption or even physical damage are identified. The results indicate in quantitative manner processes in the electrical and mechanical systems during parameter manipulations due to cyber-attacks and severe electrical faults. This, together with the quantitative signatures of the disturbances, enable future improvements of the security and stability of OWF systems

Investigation of high-impact low-probability disturbances in offshore wind farms.

The topic of this contribution is the investigation in quantitative terms of Offshore Wind Farm (OWF) disturbances due to cyber-attacks, physical attacks and natural causes leading to high-impact low-probability events. The impact of these disturbances was quantified with simulation models of OWFs and identified as service interruption and damage. Critical characteristics of these disturbances were determined by which a disturbance at wind turbine scale results in a disruption at OWF scale as a cascading/snowball effect. Accordingly, the results provide the quantitative signatures of the disturbances which are useful for the improvement of the OWF systems design and operation

Modeling unauthorized access to offshore platforms using a Bayesian network

Platforms in the offshore wind energy industry are of particular importance for the uninterrupted functioning of the power grid due to their increasing relevance for the security of supply. Therefore, they require an increased level of protection. The paper presents an attempt for a probabilistic threat modeling and assessment based on a Functional Resonance Analysis Method (FRAM). The approach is tested for the attack scenario “unauthorized access to a high voltage direct current converter platform (HVDCC)

Evaluation of the proposed European Commission directive on critical entities resilience and its potential to consolidate the resilience terminology

The European Commission (EC) has proposed a new directive on critical entities resilience. The aim is to enhance the protection and to unify the approaches in different member states. The stated novelty of this directive lies in the thought that protecting the infrastructure is not sufficient. Therefore, it is necessary to reinforce the resilience of the critical infrastructure operators. This paper gives a brief overview on past legislative developments in critical infrastructure protection and attempts to evaluate the impact of the new EC proposal. We base the estimate on impact analyses past legislation. There are two key findings. EC legislation leaves the implementation to the member states, which gives them a certain freedom to interpret the text of EC directives. This has led to heterogeneous adaptation of the legislation within member states. This kind of heterogeneous impact will likely be also the result of the current proposal. Secondly, EC directives have had mandates for cooperation between member states. These have resulted in member states developing common vocabularies in the focus areas of directives. In the resilience engineering field, this may have a significant consolidating effect, as technological resilience is still a new concept associated with some ambiguity around its definition. Our paper discusses this matter and provides evidence that existing legislation had already a consolidating effect in the resilience engineering field

Framework for Operational Resilience Management of Critical Infrastructures and Organizations

Progressing digitalization and networking of systems and organizations representing Critical Infrastructures opens promising new potentials and opportunities, which on the downside, are accompanied by rising complexity and increasingly opaque interdependencies. The consequently increasing lack of knowledge leads to uncertainties affecting risk assessment and decision-making in case of adverse events. This trend motivated recent discussions and developments in risk science, emphasizing the need to handle such uncertainties. Complementarily, research in the resilience domain focuses on system capabilities to handle surprising hazardous situations. Several frameworks presented in the literature aim at combining both perspectives but either lack the focus on operational management, have a rather theoretical approach, or are designed for specific applications. Based on this observation, we propose an approach that integrates resilience management into the actual operation of Critical Infrastructure Systems and Organizations by providing an operational process that coordinates the fundamental resilience capabilities of responding, monitoring, anticipation, and learning. Furthermore, we tackle the challenge of uncertainties resulting from a lack of knowledge by aligning the concepts of digital twin and resilience management. The proposed framework is extensively discussed, and required processes are presented in detail. Eventually, its applicability and potential are reviewed by means of a complex hazardous situation at a Bavarian district heating power plant

A scenario based threat assessment using Bayesian networks for a high voltage direct current converter platform

The climate change challenges a variety of aspects in our society. One spect is the energy production and the composition of the energy mix. Through the last years the amount of offshore wind farms has increased as well as the structure of the electricity producing infrastructure has changed from a more centralized (power plant oriented) to a more regional mode (decentral (offshore) wind farms and solar panels) of production. The vulnerability of the power-generating infrastructure is also changing. Therefore a quantification of the threat level is necessary. This paper should evaluate if a Bayesian network as a quantitative risk assessment model can be used to assess the threat level of an offshore wind farm. Common approaches build a Bayesian network based on a qualitative risk assessment. The Bayesian network presented in the paper is build based on a Functional Resonance Analysis Method (FRAM) based process model because a threat is strongly influenced by the scenario under consideration. The developed approach will be applied to the case study “unauthorized access to an high voltage direct current converter platform (HVDCC)”

Container terminal simulation for vulnerability assessment

Threat and risk scenarios, which could led to disruptions at ports, are manifold. To understand the behavior of the port under disruptions, simulations are used by port operators and researchers. This leads to the need of a simulation of the container terminal which could include disruptions and look at process performance for a vulnerability assessment. The paper describes this development of a port simulation for the flexible integration of disruptions. First, a graphical process model is established, the main processes of the process model are transferred into a simulation model and then the influence from disruptions in sub-processes on the main process are examined. The consideration of disruptions in the main and sub-processes, leads to a variety of multilayered models. To reduce complexity and for more transparency and overview, a concentration on single scenarios is expedient. The paper provides first insight in how the models could be designed