Abstract
Challenges to methods for vulnerability analysis have been distillated and approaches, framed into categories, have been explained briefly in the previous chapters. It has also been stated that no all-encompassing method exists but rather an interplay of methods is necessary to provide trustworthy information about vulnerabilities within and among critical infrastructures (CIs). Starting with the evaluation of statistical data this chapter introduces methods in detail which are regarded as most promising to deal with the complex behavior of these systems within screening and, in particular, in depth analysis.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Notes
- 1.
- 2.
In Schläpfer et al. (2008), the term object rather than the term agent is used.
- 3.
It should be noted that the distributed simulation approach should not be considered as an option if only one system (without any subsystems) needs to be simulated.
- 4.
Other simulation standards include distributed interactive simulation (DIS) and aggregate level simulation protocol (ALSP). However, their inherent weaknesses limit the capabilities as the standard for distributed simulation approach. For instance, ALSP is not able to support real-time communication and DIS fails to provide a time synchronization mechanism.
- 5.
DMSO has been renamed as US Department of Defense (DOD) Modeling and Simulation Coordination Office (M&S CO).
- 6.
HLA standard does not describe which class should be implemented during the simulation development, which is a developer's task to decide according to simulation requirements. It is possible that both classes are implemented or only one class is implemented, in one federate.
- 7.
RTU is the remote device of SCADA, which is usually located away from the control centre and is responsible for acquiring physical data from the field and executing the control instruction(s) sent from the control centre.
- 8.
An HFE is a basic event modeled in the logic models of a PRA (logic) and represents a failure of a function, system, or component that is the result of one or more unsafe actions. A human failure event reflects the PRA system’s modeling perspective (Kirwan 1994).
- 9.
An unsafe action is an action inappropriately taken, or not taken when needed, by plant personnel that results in a degraded plant safety condition (Kirwan 1994).
References
Albert R, Barabási A-L (2002) Statistical mechanics of complex networks. Rev Mod Phys 74:47–97
Albert R, Jeong H, Barabási A-L (2000) Error and attack tolerance of complex networks. Nature 406:378–382
Apostolakis GE, Lemon DM (2005) A screening methodology for the identification and ranking of infrastructure vulnerabilities due to terrorism. Risk Anal 25:361–376
Argonne National Laboratory (2008) The electricity market complex adaptive system (EMCAS), technical report. Argonne, USA
Batagelj V (1994) Semirings for social networks analysis. J Math Sociol 19(1):53–68
Beeker ER, Page EH (2006) A case study of the development and use of a MANA-based federation for studying US border operations. In: Proceedings of the 38th conference on winter simulation, 3–6 Dec. 2006, pp 841–847
Behdani B, Lukszo Z et al (2010) Performance analysis of a multi-plant specialty chemical manufacturing enterprise using an agent-based model. Comput Chem Eng 34(5):793–801
Bell J, Holroyd J (2009) Review of human reliability assessment methods. Health & Safety Laboratory
Billinton R, Li W (1994) Reliability assessment of electrical power systems using Monte Carlo methods. Plenum Press, New York
Birolini A (2007) Reliability engineering: theory and practice. Springer, Berlin
Boccaletti S, Latora V, Moreno Y, Chavez M, Hwang D-U (2006) Complex networks: structure and dynamics. Phys Rep 424:175–308
Bonabeau E (2002) Agent-based modeling: methods and techniques for simulation human systems. Proc Natl Acad Sci USA 99:7280–7287
Buchanan M (2009) Meltdown modeling. Nature 460:680–682
Cadini F, Zio E, Petrescu C-A (2009) Using centrality measures to rank the importance of the components of a complex network infrastructure. In: Critical information infrastructure security, proceedings of the 3rd international workshop on critical information infrastructures security, CRITIS 2008, Rome, Italy, 13–15 October 2008, pp 155–167
Cardellini V, Casalicchio E, Galli E (2007) Agent-based modelling of interdependencies in critical infrastructures through UML. In: Proceedings of the 2007 spring simulation multiconference, Norfolk, Virginia, USA
Chen J, Thorp S-J, Dobson I (2005) Cascading dynamics and mitigation assessment in power system disturbances via a hidden failure model. Int J Electr Power Energ Syst 27:318–326
Chien SH, Dykes AA, Stetkar JW, Bley DC (1988) Quantification of human error rates using a SLIM-based approach. In: IEEE fourth conference on human factors and power plants, June 5–9, 1988, Monterey, California
Coffman EG, Ge Z, Misra V, Towsley D (2002) Network resilience: exploring cascading failures within BGP. In: Proceedings of the 40th annual Allerton conference on communications, computing and control
Crucitti P, Latora V, Marchiori M, Rapisarda A (2003) Efficiency of scale-free networks: error and attack tolerance. Physica A 320:622–642
D’Inverno M, Luck M (2004) Understanding agent systems. Springer, Berlin
Dahmann JS, Fujjimoto RM, Weatherly RM (1997) The department of defense high level architecture. In: Proceedings of the 29th conference on winter simulation, Atlanta, Georgia, United States: IEEE Computer Society
Darby J (2006) Evaluation of terrorist risk using belief and plausibility. PSAM8, New Orleans, USA
Department of Energy (2005) From OE-417, electric emergency incident and disturbance report. US Department of Energy, Office of Electricity Delivery and Energy Reliability. http://www.eia.doe.gove/oss/forms.html. Accessed date/month/year
Dobson I, Carreras AB, Lynch VE, Newman DE (2004) Complex systems analysis of series of blackouts: cascading failure, criticality, and self-organization. In: Bulk power system dynamics and control—VI. Cortina d’Ampezzo, 22–27 August 2004
Dobson I, Carreras BA, Newman DE (2005) A loading-dependent model of probabilistic cascading failure. Probab Eng Inform Sci 19(15):32
Dobson I, Carreras BA, et al (2007) Complex systems analysis of series of blackouts: cascading failure, critical points, and self-organization. Chaos 17(2): 026103 (13 pages), 2007
Duflos S, Diallo A, Grand AGL (2007) An overlay simulator for interdependent critical information infrastructures. In: Proceedings of the 2nd international conference on dependability of computer systems, IEEE computer society
Embrey DE, Kirwan B (1983) A comparative evaluation of three subjective human reliability quantification techniques. In: Proceedings of the annual ergonomics society conference
Embrey DE, Humphreys PC, Rosa EA, Kirwan B, Rea K (1984) SLIM-MAUD: An approach to assessing human error probabilities using structured expert judgement. United States Nuclear Regulatory Commission
Erdős P, Rényi A (1960) On the evolution of random graphs. Publ Math Inst Hung Acad Sci A 5:17–61
Eurocontrol (2007) Overview of HRA methods. Farandole project
Eusgeld I, Nan C (2009) Creating a simulation environment for critical infrastructure interdependencies study. In: Industrial engineering and engineering management, 2009. IEEM 2009. IEEE international conference on, 8–11 December 2009, pp 2104–2108
Eusgeld I, Kröger W, Sansavini G, Schläpfer M, Zio E (2009) The role of network theory and object-oriented modeling within a framework for the vulnerability analysis of critical infrastructures. Reliab Eng Syst Safe 94(5):954–963
Ezel BC (2007) Infrastructure vulnerability assessment model (I-VAM). Risk Anal 27:571–583
Floyd RW (1962) Algorithm 97: shortest path. Commun ACM 5(6):345
Forester J, Ramey-Smith A, Bley D, Kolaczkowski A, Cooper S (1998) Discussion of comments from a peer review of a technique for human event analysis (ATHEANA)
Forester J, Kolaczkowski A, Lois E, Kelly D (2006) Evaluation of human reliability analysis methods against good practices. United States Nuclear Regulatory Commission
Forester J, Kolaczkowski A, Cooper S, Bley D, Lois E (2007) ATHEANA user’s guide. United States Nuclear Regulatory Commission
Freeman LC (1979) Centrality in social networks conceptual clarification. Soc Networks 1(3):215–239
Garrick BJ, Hall JE, Kilger M, McDonald JC, McGroddy JC, O’Toole T, Probst PS, Rindskopf Parker E, Rosenthal R, Trivelpiece AW, Van Arsdale L, Zebroski E (2004) Confronting the risks of terrorism: making the right decisions. Reliab Eng Syst Safe 86:129–176
Garrido JM (2009) Object-oriented simulation. Springer, Berlin
Gibson HW, Kirwan B (2008a) Application of the CARA HRA tool to air traffic management safety cases. In: Proceedings of the 9th international conference on probabilistic safety assessment and management (PSAM9)
Gibson HW, Kirwan B (2008b) Current trends in human reliability assessment. In: Proceedings of the international conference on contemporary ergonomics (CE2008), Nottingham, UK, April 1–3, 2008
Gorbil G, Gelenbe E (2009) Design of a mobile agent-based adaptive communication middleware for federations of critical infrastructure simulations. In: Proceedings of CRITIS 2009
Grigg NS (2003) Water utility security: multiple hazards and multiple barriers. J Infrastruct Syst 9(2):81–88
Grigg C, Wong P et al (1996) The IEEE reliability test system 1996, 1996 IEEE/PES winter meeting, Baltimore, Maryland, IEEE-Inst Electrical Electronics Engineers Inc
Haimes YY, Horowitz BM (2004) Modeling interdependent infrastructures for sustainable counterterrorism. J Infrastruct Syst 10:33–42
Hansen JV, Lowry PB, Meservy RD, McDonald DM (2007) Genetic programming for prevention of cyber terrorism through dynamic and evolving intrusion detection. Decis Supp Syst 43(4):1362–1374
Hines P, Blumsack S (2008) A centrality measure for electrical networks. In: Proceedings of the 41st Hawaii international conference on system science
Hines P, Apt J, Talukdar S (2008) Trends in the history of large blackouts in the United States. IEEE, Authorized licensed use limited to ETH Bibliothek Zurich
Hollangel E (1998) Cognitive reliability and error analysis method. Elsevier, New York
Hopkinson KM, Giovanini R, Wang XR (2003) Integrated commercial off-the-shelf software for agent-based electric power and communication simulation. In: Proceedings of the 2003 winter simulation conference, pp 1158–1166
Huang K (1987) Statistical mechanics, 2nd edn. John Wiley & Sons, New York, pp 31–35 206–210
Hudson LD, Ware BS, Laskey KB, Mahoney SM (2002) An application of Bayesian networks to antiterrorism risk management for military planners, Rapport technique. George Mason University
IEEE (1999) IEEE RTS Task Force of APM Subcommittee. The IEEE reliability test system 1996. IEEE Trans Power Syst 14, 1010–1020
IEEE (2000) IEEE standard for modeling and simulation, high level architecture (HLA): framework and rules, IEEE Std. 1516–2000, i–22
IEEE (2009) IEEE draft standard for modeling and simulation (M&S) high level architecture (HLA): framework and rules, IEEE unapproved draft std P1516/D5
IRGC (2006) Managing and reducing social vulnerabilities from coupled critical infrastructures, White Paper No. 3, International Risk Governance Council, Geneva, p. 68
Jennings RN (2000) On agent-based software engineering. Artif Intell 117:277–296
Kaegi M, Mock R, Kröger W (2009) Analyzing maintenance strategies by agent-based simulations: a feasibility study. Reliab Eng Syst Safe 94:1416–1421
Kaplan S, Garrick BJ (1981) On the quantitative definition of risk. Risk Anal 1:11–27
Kim IK, Ma YB, Lee JS (2006a) Adaptive quantization-based communication data management for high-performance geo-computation in grid computing. In: Proceedings of the grid and cooperative computing workshops, 2006. GCCW ‘06, fifth international conference on, Oct 2006, pp 470–476
Kim J, Jung W, Jang S, Wang J (2006b) A case study for the selection of a railway human reliability analysis method. In: International railway safety conference, 22–27 October 2006, Belfast
Kirwan B (1994) A guide to practical human reliability assessment. Taylor & Francis, London
Kirwan B, Gibson HW (2007) CARA: a human reliability assessment tool for air traffic safety management: technical basis and preliminary architecture. In: Proceedings of the fifteenth safety-critical systems symposium
Koonce AM, Apostolakis GE, Cook BK (2008) Bulk power risk analysis: ranking infrastructure elements according to their risk significance. Int J Electr Power Energ Syst 30:169–183
Kröger W (2005) Risk analyses and protection strategies for operation of nuclear power plants, in Landolt-Börnstein New Series Vol. VIII/3B (advanced materials and technologies/energy). Springer-Verlag, Berlin
Kröger W (2008) Critical infrastructures at risk: a need for a new conceptual approach and extended analytical tools. Reliab Eng Syst Safe 93:1781–1787
Kyriakidis MA (2009a) A scoping method for human performance integrity and reliability assessment in process industries. Laboratory for Safety Analysis, Institute for Energy Technology, D-MAVT, ETH Zurich
Kyriakidis MA (2009b) A study regarding human reliability within power system control rooms. Laboratory for Safety Analysis, D-MAVT, ETH Zurich
Lane R, Stanton NA, Harrison D (2006) Applying hierarchical task analysis to medication administration errors. Appl Ergon 37:669–679
Latora V, Marchiori M (2001) Efficient behavior of small-world networks. Phys Rev Lett 87(19):198701 (1–4)
Latora V, Marchiori M (2005) Vulnerability and protection of infrastructure networks. Phys Rev E 71:015103 (1–4)
Latora V, Marchiori M (2007) A measure of centrality based on the network efficiency. New J Phys 9:188
Lees M, Logan B, Theodoropoulos G (2007) Distributed simulation of agent-based systems with HLA. ACM Trans Model Comput Simul 17(3):11
Lemmers AJJ, Kuiper PJ, Verhage FR (2002) Performance of a component-based flight simulator architecture using the HLA paradigm. In: Proceedings of the AIAA modeling and simulation technologies conference and exhibit. California, USA
Lempert R (2004) Robust decision making. HDGC Seminar, February 2004
Lieshout FV, Cornelissen F, Neuteboom J (2008) Simulating rail traffic safety systems using HLA 1516, Atos origin technical automation
Lyons M, Adams S, Woloshynowych M (2004) Ch. Vincent, human reliability analysis in healthcare: a review of techniques. Int J Risk Saf Med 16:223–237
Macal CM, North MJ (2005) Tutorial on agent-based modeling and simulations. In: Proceedings of the 2005 winter simulation conference. Orlando FL, USA
Macwan A (2004) Approach for identification and analysis of human vulnerabilities in protecting telecommunications infrastructure. Bell Labs Tech J 2:85–89
Michaud D, Apostolakis GE (2006) Screening vulnerabilities in water supply networks. J Infrastruct Syst 12:230–242
Möller B, Löfstrand B, Lindqvist J, Backlund A, Waller B, Virding R (2005) Gaming and HLA 1516 interoperability within the Swedish defense. In: Proceedings of the 2005 fall simulation interoperability workshop
Möller B, Morse KL, Lightner M, Little R, Lutz R (2008) HLA evolved: a summary of major technical improvements
Moore AD (2006) Application of the API/NPRA SVA methodology to transportation security issues. J Hazard Mater 130:107–121
Morse KL, Lightner M, Little R, Lutz B, Scrudder R (2006) Enabling simulation interoperability. Computer 39:115–117
Motter AE (2004) Cascade control and defense in complex networks. Phys Rev Lett 93(9):098701 (1–4)
Motter AE, Lai YC (2002) Cascade-based attacks on complex networks. Phys Rev E 66:065102 (1–4)
Nan C, Eusgeld I (2011) Adopting HLA standard for interdependency study. Reliab Eng Syst Safe 96(1):149–159
Newman MEJ, Girvan M (2004) Finding and evaluating community structure in networks. Phys Rev E 69(2):026113
Newman DE, Nkei B, Carreras BA, Dobson I, Lynch VE, Gradney P (2005) Risk assessment in complex interacting infrastructure systems. In: Proceedings of the 38th Hawaii international conference on system sciences
Nieminen J (1974) On the centrality in a graph. Scand J Psychol 15(1):332–336
Paté-Cornell ME, Guikema S (2002) Probabilistic modeling of terrorist threats: a systems analysis approach to setting priorities among countermeasures. Mil Oper Res 7:5–20
Patterson SA, Apostolakis GE (2007) Identification of critical locations across multiple infrastructures for terrorist actions. Reliab Eng Syst Safe 92:1183–1203
Pederson P, Dudenhoeffer D, Hartly S, Permann M (2006) Critical infrastructure interdependency modeling: a survey of US and international research. Idaho National Laboratory
Piwowar J, Chatelet E, Laclemence P (2009) An efficient process to reduce infrastructure vulnerabilities facing malevolence. Reliab Eng Syst Safe 94:1869–1877
Rehtanz C (2003) Autonomous systems and intelligent agents in power system control and operation. Springer, Berlin
Robles RJ, Choi M-K, Coh E-S, Kim S-S, Park G-C, Lee J-H (2008) Common threats and vulnerabilities of critical infrastructures. International Journal of Control and Automation (1) 17–22.
Rosato V, Bologna S, Tiriticco F (2007) Topological properties of high-voltage electrical transmission networks. Electr Pow Syst Res 77:99–105
Rosato V et al (2008) A complex system’s view of critical infrastructures. In: Helbing D (ed) Understanding complex systems. Springer, Berlin, Heidelberg, pp 241–260
Ross TJ (2004) Fuzzy logic with engineering applications, 2nd edn. Wiley, New York
Sabidussi G (1966) The centrality index of graphs. Psychometrika 31(4):581–603
Schläpfer M, Kessler T, Kröger W (2008) Reliability analysis of electric power systems using an object-oriented hybrid modeling approach. In: Proceedings of the 16th power systems computation conference, Glasgow
Stanton N, Hedge A, Brookhuis K, Salas E, Hendrick H (eds) (2005) Handbook of human factors and ergonomics methods. CPC Press, New York
Strogatz SH (2001) Exploring complex networks. Nature 410:268–276
Swain AD, Guttmann HE (1983) Handbook of human reliability analysis with emphasis on nuclear power plant applications. United States Nuclear Regulatory Commission
TERNA (2002) Dati statistici sull’energia elettrica in Italia. Technical report. Terna S.p.A.—Rete Elettrica Nazionale (in Italian) http://www.terna.it/LinkClick.aspx?fileticket=PUvAU57MlBY%3d&tabid=418&mid=2501. Accessed 08/06/2011
US Department of Defense (1998) High level architecture interface specification. DOD
US Department of Defense (2000) High level architecture run-time interface programmers guide. DOD
US Department of Defense (2007) DOD Directive 4603.05: interoperability and supportability of information technology (IT) and national security systems. DOD
Vespignani A (2009) Predicting the behaviour of techno-social systems. Science 325:425–428
VSE-AES Statistik (2005) Statistik 2500 über die Verfügbarkeit der Elektrizitätsversorgung der Schweiz
Wasserman S, Faust K (1994) Social networks analysis. Cambridge University Press, Cambridge
Watts DJ (1999) Networks, dynamics, and the small‐world phenomenon. Am J Sociol 105(2):493–527
Watts DJ (2002) A simple model of global cascades on random networks. PNAS 99(9):5766–5771
Watts DJ, Strogatz SH (1998) Collective dynamics of ‘small-world’ networks. Nature 393:440–442
Wreathall J, Nemeth C (2004) Assessing risk: the role of probabilistic assessment (PRA) in patient safety improvement. Qual Saf Health Care 13:206–212
Wreathall J, Roth E, Bley D, Multer J (2003) Human reliability analysis in support of risk assessment for positive train control. United States Department of Transportation
Zacharewicz G, Alix T, Vallespir B (2009) Services modeling and distributed simulation DEVS/HLA supported. In: Proceedings of the 2009 winter simulation conference (WSC), 13–16 December 2009, pp 3023–3035
Zhao Z, Albada DV, Sloot P (2005) Agent-based flow control for HLA components. Simulation 81:487–501
Zimmermann R (2001) Social implications of infrastructure network interactions. J Urban Technol 8(3):97–119
Zimmermann R (2004) Decision-making and the vulnerability of interdependent critical infrastructure. In: Proceedings of the IEEE international conference on systems, man, and cybernetics, the Hague, Netherlands
Zio E (2007a) From complexity science to reliability efficiency: a new way of looking at complex network systems and critical infrastructures. Int J Critical Infrastructures 3:488–508
Zio E (2007b) An introduction to the basics of reliability and risk analysis, vol 13., Series on quality, reliability and engineering statisticsWorld Scientific, Singapore
Zio E, Golea LR (2010) Analyzing the topological, electrical and reliability characteristics of a power transmission system for identifying its critical elements. Reliab Eng Syst Safe(submitted)
Zio E, Sansavini G (2007) A systematic procedure for analyzing network systems. Int J Critical Infrastructures 4(1–2):172–184
Zio E, Sansavini G (2008) Modeling failure cascades in networks systems due to distributed random disturbances and targeted intentional attacks. In: Martorell et al. (eds) Safety, reliability and risk analysis: theory, methods and applications. Proceedings of ESREL 2008 and 17th SRA Europe annual conference, Valencia, Spain, Taylor & Francis Group, London, 22–25 September 2008
Zio E, Sansavini G (2011a) Component criticality in failure cascade processes of network systems. Risk Anal. doi:10.1111/j.1539-6924.2011.01584.x
Zio E, Sansavini G (2011b) Modeling interdependent network systems for identifying cascade-safe operating margins. IEEE Trans Reliab 60(1):94–101
Zio E, Sansavini G, Maja R, Marchionni G (2008) An analytical approach to the safety of road networks. Int J Reliab Qual Saf Eng 15(1):67–76
Kardes E (2005) Robust Stochastic Games and Applications to Counter-Terrorism Strategies. Center for Risk and Economic Analysis of Terrorism Events, University of Southern California, Los Angeles CA.
Subotic B (2007) Framework for the analysis of controller recovery from equipment failures in air traffic control, Civil and Environmental Engineering, Imperial College, London
Author information
Authors and Affiliations
Corresponding author
Rights and permissions
Copyright information
© 2011 Springer-Verlag London Limited
About this chapter
Cite this chapter
Kröger, W., Zio, E. (2011). Methods of Analysis. In: Vulnerable Systems. Springer, London. https://doi.org/10.1007/978-0-85729-655-9_6
Download citation
DOI: https://doi.org/10.1007/978-0-85729-655-9_6
Published:
Publisher Name: Springer, London
Print ISBN: 978-0-85729-654-2
Online ISBN: 978-0-85729-655-9
eBook Packages: EngineeringEngineering (R0)