A Guideline on the Analysis of Stochastic Interdependencies in Critical Infrastructures

König, Sandra; Grafenauer, Thomas; Rass, Stefan; Schauer, Stefan; Warum, Manuel

Home // International Journal On Advances in Security, volume 12, numbers 3 and 4, 2019 // View article

A Guideline on the Analysis of Stochastic Interdependencies in Critical Infrastructures

Authors:
Sandra König
Thomas Grafenauer
Stefan Rass
Stefan Schauer
Manuel Warum

Keywords: critical infrastructure; dependencies; risk management; water supply

Abstract:
Protecting Critical Infrastructures (CIs) requires decisions made about systems with complex dynamics, which rarely admits accurate descriptions or precise predictions. For this reason, simulation models are often probabilistic, embodying known (physical) laws to the extent possible, but generally adding a random element to account for unexpected events that security management is primarily concerned with. One such complex element is the interplay between different components of a CI, i.e., the dynamic inside a CI, which is more than just the sum of the mutual dependencies. Another important factor is the interplay between CIs, which might be understood between two specific CIs but less well known when it comes to mutual impacts. Simulations can help assessing these dependencies, but only to the extent as they are accurately specifiable. This work addresses the practical issues of using a probabilistic model to simulate cascading effects in interdependent CIs by proposing methods to allow for specifications carrying subjective uncertainty. The description follows a running example of a fictitious water provider, where a stochastic simulation model of incident propagation is embedded into its existing risk management process. Our exposition runs up to the final question of the decision maker about where to take action and how to prioritize assets regarding their need for protection, but also their role in impact propagation. The final picture delivered by the method outlined here is meant as a support for risk management decisions, containing possible concrete scenarios in an aggregate form. The value for a decision maker is the revelation of previously unseen influences and impacts besides the known causes and threats being subject of the risk management. This paper demonstrates how a stochastic model of dependencies between CIs can be integrated in a standard risk management process and illustrates each step for the case of a fictitious water provider.

Pages: 164 to 176

Publication date: December 30, 2019

Published in: journal

ISSN: 1942-2636