Critical infrastructures risk management : case study

• Autorzy: Białas A.

Identyfikatory

DOI

10.20904/281-2013

• Języki publikacji: EN

Abstrakty

EN

The paper concerns a risk assessment and management methodology in critical infrastructures. The aim of the paper is to present researches on risk management within the experimentation tool based on the OSCAD software. The researches are focused on interdependent infrastructures where the specific phenomena, like escalating and cascading effects, may occur. The objective of the researches is to acquire knowledge about risk issues within interdependent infrastructures, to assess the usefulness of the OSCAD-based risk manager in this application domain, and to identify directions for further R&D works. The paper contains a short introduction to risk management in critical infrastructures, presents the state of the art, and the context, plan and scenarios of the performed validation experiments. Next, step by step, the validation is performed. It encompasses two collaborating infrastructures (railway, energy). It is shown how a hazardous event impacts the given infrastructure (primary and secondary eects) and the neighbouring infrastructure. In the conclusions the experiments are summarized, the OSCAD software assessed and directions of the future works identified.

Słowa kluczowe

EN

critical infrastructure; risk assessment; risk management; interdependencies; tools for risk management

• Wydawca: Instytut Informatyki Teoretycznej i Stosowanej Polskiej Akademii Nauk
• Czasopismo: Theoretical and Applied Informatics
• Rocznik: 2016
• Tom: Vol. 28, No. 1-2
• Strony: 13--36
• Opis fizyczny: Bibliogr. 39 poz., rys.

Twórcy

autor

Białas A.

• Institute of Innovative Technologies EMAG ul. Leopolda 31, Katowice, Poland

Bibliografia

• [1] A. Białas. Research on critical infrastructures risk management. In Internet in the information Society 2015 - 10th International Conference Proceedings, pages 93-108. Scientific Publishing University of Dąbrowa Górnicza, 2015.
• [2] M. Rausand. Risk assessment: theory, methods, and applications. J. Wiley & Sons, 2011.
• [3] I. Eusgeld, C. Nan, and S. Dietz. “System-of-systems” approach for interdependent critical infrastructures. Reliability Engineering & System Safety, 96(6):679-686, 2011. DOI:10.1016/j.ress.2010.12.010.
• [4] EU Commission. COUNCIL DIRECTIVE 2008/114/EC of 8 December 2008 on the identification and designation of European critical infrastructures and the assessment of the need to improve their protection. O cial Journal of the European Union, 2008.
• [5] EU Commission. Commission Staff Working Document on a new approach to the European Programme for Critical Infrastructure Protection Making European Critical Infrastructures more secure. SWD (2013) 318, 2013.
• [6] A. Białas. Critical infrastructures risk manager - the basic requirements elaboration. In W. Zamojski, J. Mazurkiewicz, J. Sugier, T. Walkowiak, and J. Kacprzyk, editors, Theory and Engineering of Complex Systems and Dependability: Proceedings of the Tenth International Conference on Dependability and Complex Systems DepCoS-RELCOMEX, June 29 -July 3 2015, Brunów, Poland, pages 11-24. Springer International Publishing, 2015. DOI:10.1007/978-3-319-19216-1_2.
• [7] A. Białas. Experimentation tool for critical infrastructures risk management. In Proceedings of the 2015 Federated Conference on Computer Science and Information Systems. Polish Information Processing Society PTI, 2015. DOI: 10.15439/2015f77.
• [8] OSCAD project website. http://www.oscad.eu. Accessed: 22.05.2016.
• [9] A. Białas. Risk assessment aspects in mastering the value function of security measures. In New Results in Dependability and Computer Systems, pages 25-39. Springer International Publishing, 2013. DOI: 10.1007/978-3-319-00945-2_3.
• [10] A. Białas. Computer support for the railway safety management system first validation results. In W. Zamojski, J. Mazurkiewicz, J. Sugier, T. Walkowiak, and J. Kacprzyk, editors, Proceedings of the Ninth International Conference on Dependability and Complex Systems DepCoS-RELCOMEX. June 30 - July 4, 2014, Brunów, Poland, pages 81-91. Springer International Publishing, 2014. DOI: 10.1007/978-3-319-07013-1_8.
• [11] A Białas. Business continuity management, information security and assets management in mining. Mechanizacja i Automatyzacja Górnictwa, 8:125-138, 2013.
• [12] CIRAS project website. http://www.cirasproject.eu. Accessed: 22.05.2016.
• [13] ValueSec FP7 project website. http://www.valuesec.eu. Accessed: 22.05.2016.
• [14] S. M. Rinaldi, J. P. Peerenboom, and T. K. Kelly. Identifying, understanding, and analyzing-critical infrastructure interdependencies. IEEE Control Systems, 21(6):11-25, 2001. DOI: 10.1109/37.969131.
• [15] P. Hokstad, I. B. Utne, and J. Vatn. Risk and Interdependencies in Critical Infrastructures. Springer London, 2012. DOI: 10.1007/978-1-4471-4661-2.
• [16] G. Giannopoulos and R. Filippini. Risk assessment and resilience for critical infrastructures: Workshop proceedings 25-26 April 2012 Ranco, Italy. Publications O ce, 2012. DOI: 10.2788/35914.
• [17] J. Bagi«ski, A. Białas, D. Rogowski, and et al. D1.1-State of the Art of Methods and Tools. CIRAS Deliverable. Responsible: Institute of Innovative Technologies EMAG, Dissem. level: RE/CO, 2015. Available for: beneficiaries, stakeholders, Europ. Commission.
• [18] G. Giannopoulos, R. Filippini, and M. Schimmer. Risk assessment methodologies for critical infrastructure protection. Publications O ce, Luxembourg, 2012. DOI: 10.2788/22260.
• [19] Deliverable D2.1. Common areas of Risk Assessment Methodologies, 2007.
• [20] IEC 31010:2009. Risk Management Risk Assessment Techniques, IEC/ISO.
• [21] ENISA. http://www.rm-inv.enisa.europa.eu/methods. Accessed: 22.05.2016.
• [22] I. Charters. A practical approach to business impact analysis: understanding the organization through business continuity management. BSI British Standards, 2011. DOI: 10.3403/9780580731013.
• [23] Analysis techniques for dependability. event tree analysis (ETA). IEC 62502:2010.
• [24] Procedures for performing a Failure Mode, Effects and Criticality Analysis. Department of Defence of the USA, 1980.
• [25] IEC IEC. Fault Tree Analysis (FTA). IEC 61025:2007, 2006.
• [26] J.S. Dodgson, M. Spackman, A. Pearman, and L.D. Phillips. Multi-criteria analysis: a manual. 2009.
• [27] Free Web-based FTA project website. http://www.fault-tree-analysis-software.com. Accessed: 07.05.2016.
• [28] Expert Choice project website. http://www.expertchoice.com. Accessed: 13.05.2016.
• [29] Open FTA project website. http://www.openfta.com. Accessed: 13.05.2016.
• [30] GeNIe project website. http://www.dslpitt.org/genie. Accessed: 05.05.2016.
• [31] CAFTA project website. http://www.epri.com. Accessed: 21.05.2016.
• [32] BowTieXP project website. http://www.cgerisk.com/software. Accessed: 20.05.2016.
• [33] Ram Commander project website. http://www.aldservice.com/en/fmea/fmea-andfmeca. html. Accessed: 17.05.2016.
• [34] HAZOP Manager project website. http://www.lihoutech.com. Accessed: 18.05.2016.
• [35] InfraRisk project website. http://www.infrarisk.com. Accessed: 09.05.2016.
• [36] PHAWorks project website. http://www.primatech.com/software/phaworks. Accessed:19.05.2016.
• [37] Reliability Workbench project website. http://www.isograph.com/software/reliabilityworkbench.Accessed: 20.05.2016.
• [38] THESIS project website BowTie. http://www.absconsulting.com/thesis. Accessed:12.05.2016.
• [39] Xfmea project website. http://www.xfmea.reliasoft.com. Accessed: 22.05.2016.