Abstract
This paper applies research in dependency modelling to a process-based risk assessment methodology suitable for critical infrastructures. The proposed methodology dynamically assesses the evolution of cascading failures over time between assets involved in a business process of an infrastructure. This approach can be applied by a CI operator/owner to explore how a failure in a single component (asset) affects the other assets and relevant business processes. It could also be applied in an analysis that includes multiple CI operators in the same supply chain to explore the dependencies between their assets and explore how these affect the provision of key societal services. The paper presents a proof-of-concept tool, based on business-process risk assessment and graph modelling, and a realistic case example of a rail scheduling process. The approach allows risk assessors and decision makers to analyse and identify critical dependency chains and it can reveal underestimated risks due to dependencies.
Highlights
Typical risk assessment (RA) for critical infrastructures (CIs) includes dependency analysis when the RA refers to a cross-CI or cross-sector analysis
Various impact growth models are employed to capture slow, linear and rapidly evolving effects, but instead of using static impact ranks, the impact evolution in each asset dependency is modelled by a fuzzy system that considers the effects of nearby dependencies
The main advantages of using fuzzy logic (FL) is that it can work with no real-life training data since we know the domain we are modelling and its reaction/behaviour rules; e.g., we model chains of assets depending on business process needs and we know their impact/likelihood rules in case of failures through standard RA
Summary
Typical risk assessment (RA) for critical infrastructures (CIs) includes dependency analysis when the RA refers to a cross-CI or cross-sector analysis. The proposed methodology can dynamically assess the evolution of cascading failures over time between assets involved in an infrastructure’s business processes. Various impact growth models are employed to capture slow, linear and rapidly evolving effects, but instead of using static impact ranks, the impact evolution in each asset dependency is modelled by a fuzzy system that considers the effects of nearby dependencies. For each dependency, this is achieved through the quantification of impact on a time axis in the form of many-valued logic. The output of the tool can assist decision makers in proactively analysing dynamic and complex dependency risk paths between assets and business processes by identifying potentially underestimated low risk asset dependencies and reclassifying them to a higher risk category or by simulating the effectiveness of countermeasures on assets
Sign-in/Register to view highlights & summary Sign-in/Register to access full text options 
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a callDisclaimer: All third-party content on this website/platform is and will remain the property of their respective owners and is provided on "as is" basis without any warranties, express or implied. Use of third-party content does not indicate any affiliation, sponsorship with or endorsement by them. Any references to third-party content is to identify the corresponding services and shall be considered fair use under The CopyrightLaw.
