An efficient process to reduce infrastructure vulnerabilities facing malevolence

https://doi.org/10.1016/j.ress.2009.06.009Get rights and content

Abstract

In daily life, we are all used to frequent ‘systems’: public transports, industrial parks, shopping areas, stadiums or many others. And with the exponential increase of technologies, we are now living in a kind of ‘open World’ within which goods, persons or information are moving increasingly faster. The consequence is an amazing new way of life and also a number of new threats for our society. To insure the security of all citizens, and also of infrastructures, national skills or anything else, we need to secure our systems efficiently. To do so, we need appropriate tools to accurately analyze vulnerabilities in order to counter all kinds of malevolence. After giving an overview of different methods linked to that problem, we will explain our process to analyze the vulnerabilities of a complex infrastructure and what points are fundamental to take into account facing human aggressions.

Introduction

In the last century, the main target concerning the security of infrastructures was the viability of components and the focus on security was almost exclusively fire protection and evacuation due to incidents or arson. Today, owners and managers of infrastructures tend to protect their site from a bigger scope of malevolent acts. Perpetual expansion of flux exchanges (goods, people, economics, knowledge, etc.) and also geopolitical contexts with more inequalities between people and a radicalisation of some ways of thinking have led to new threats that have to be taken into account by a safety/security manager. The awful show of 09/11 was a clinched event for several decision makers to protect all kinds of infrastructures from terrorism and more generally from malevolence. We now have to satisfy an increasing demand for the protection of many types of infrastructure.

A number of specialists have developed methodologies or concepts that could be used to protect a system from malevolence.

First of all, the notion of ‘safety’ appeared with the first measure of reliability in the 1960s. Then, reliability, availability and maintainability have been englobed in the global term of ‘dependability’ [1]. And in the 1990s, two subjects were distinguished and added as entire matters to this global term: integrity and safety [2].

We could define ‘safety’ as the absence of catastrophic damages on users and the environment. To measure it, safety engineers divide it into two operations: failure and fault [3]. But with our preoccupation, which is to counteract a human aggression, we could not stop at these two concepts, because malevolence is an intentional act by nature and that act goes beyond the ideas of fault and failure. So we need to introduce the notion of ‘security’.

To take security into account, we are going to use some methodologies of dependability studies such as fault tree analysis or probabilistic risk assessment and also several processes coming from various horizons.

In the hypothetic case of malevolence, to assess the vulnerabilities and reduce them, we shall use, or at least take as a basis, methods called multicriteria such as Analytic Hierarchy Process (AHP) [4] itself based onMulti Attribute Utility Theory (MAUT) [5]. It would allow us to measure the importance of different criteria according to the aim of our assessment. One methodology developed by Barry C. Ezell directly applies MAUT for an infrastructure vulnerabilities assessment [6]. We have used his work as a basis for one part of our own methodology (we will explain later what points we have changed in it to obtain something closer to our problem).

To elaborate scenarios, we also need more than classical dependability studies (even if in simple cases, event or causal trees are efficient enough). We could consider John Darby's work about the possibility theory [7] applied to terrorism, or fuzzy logics [8], which could be very useful to take the main characteristic of malevolence into account: that is to say, willingness. Actually, it would be fanciful to think about only using probabilistic methods to predict an attack on a given system, because we could not exactly guess how a human brain is going to react or face barriers of protection or in such other cases. Those kinds of processes are very much required in order to allow us to cover a wide scope of eventualities.

Furthermore regarding the act itself, we have to include many parameters in our assessment, such as the geopolitical context, the environment, economics, networks, etc. and to encompass all of that, we shall employ a systemic approach.

Section snippets

A systemic approach

When we start to analyze an infrastructure or a complex system, we need to consider all the things that could interact with the system at any moment on the time scale. Particularly because of the characteristics of a complex system, which are as follows:

  • Holism: the whole system is different from the addition of all parts of the system.

  • Retrospective effect: the system could adapt itself to its own evolution or to its environment.

  • No determinist: the system behavior could not be explained only by

When geopolitics acts as a clinched fact

We need to be careful with geopolitics, because obviously it influences the potential threat on a given system but it is not obligatory that it is the most important feature leading to an act of malevolence. However, it is often an initiator or a consolidator event.

There are several levels where geopolitics could be a key event. For example, a dismissal plan could lead labourers to think differently, we could be faced with organized manifestations or localized acts. So to anticipate that, we

Ranking systems, an important step to assess vulnerabilities

Some of the systems are critical by nature (refinery, nuclear plant, etc.) and it is obvious to organise good protection against malevolence inside them. But it is not the case for all the systems, some could appear without risks or with a very moderate hazards’ scope and this prejudice is perhaps a big mistake. Hence, it is essential to clearly define a system with a systemic approach in the way we explained before and also to add potential aggressors in relation to possible evolving

Description of our methodology – PACIFHA – through a concrete application

It is a step-by-step process whose framework (Fig. 4) approximately looks similar to QRA – Quantitative Risk Assessment – of which a good overview is given by Garrick [19] but within different contents.

Actually, it follows the way we have voluntary decided to write this article because the five chronological steps of our methodological process are:

  • 1.

    Systemic analysis.

  • 2.

    Interactions between aggressors’ profiles and systems: ranking system.

  • 3.

    Vulnerabilities assessment and determination of key places.

  • 4.

Advantages and inconveniences of our method compared to other ones

We have provided a wide overview about the framework of the security process we are establishing. It provides a new approach dedicated to complex systems for a global study concerning malevolence. However, despite the numerous advantages, there were some inconveniences that need to be described:

Inconveniences: There are some aspects of our methodology that could annoy people: currently, all the quantifications to assess vulnerabilities on a given system are based on human subjectivity, as has

Conclusion and perspectives

Our methodology can be very useful to prevent or mitigate the effects of a potential attack. It has been created to answer the amazing increase of international threats. It takes into account several parameters to be as exhaustive and efficient as possible. As a consequence, the process is quite long and complex but in order to counter a malevolent act, it appears a necessity. We believe that in the near future it is going to be useful to add to our study an ‘overall value’, which could explain

Acknowledgements

We thank Région Champagne-Ardennes, Institut Carnot and UTT – University of Technology of Troyes – for supporting our projects.

References (29)

  • A.V. Gheorghe et al.

    Risk assessment of regional systems

    Reliab Eng Syst Safety

    (2000)
  • L. Branscomb

    Protecting civil society from terrorism: the search for a sustainable strategy

    Technol Soc

    (2004)
  • A.M. Koonce et al.

    Bulk power risk analysis: ranking infrastructure elements according to their risk significance

    Electric Power Energy Syst

    (2008)
  • Laprie JC. Dependable computing and fault tolerance: concepts and terminology. In: Proceedings of the 15th IEEE...
  • Randell B. Software dependability: a personal view. In: Proceeding of the 25th international symposium on...
  • Modugno F, Leveson NG, Reese JD, Partridge K. Integrated safety analysis of requirements specifications. In Proceedings...
  • T.L. Saaty

    The analytic hierarchy process

    (1990)
  • B. Munier et al.

    Choix multicritères dans le risque et variables multidimensionnelles : proposition de méthode et application aux réseaux de transport et d’énergie

    RAIRO Oper Res

    (1999)
  • Ezell BC. Infrastructure vulnerability assessment model (I-VAM),...
  • J. Darby

    Evaluation of terrorist risk using belief and plausibility. PSAM8

    (2006)
  • Ross TJ. Fuzzy logic with engineering applications, 2nd ed. New York: Wiley; June...
  • Lemoigne JL. La théorie du système général : Théorie de la modélisation. Presses Universitaires de France,...
  • Perilhon P. MOSAR: Présentation de la méthode. Technique de l’Ingénieur, traité, sécurité et gestion des risques, SE 4...
  • FEMA, Reference manual to mitigate potential terrorist attacks against buildings, Risk management series, FEMA 426, ch1...
  • Cited by (14)

    • Safety integrity level verification for safety-related functions with security aspects

      2018, Process Safety and Environmental Protection
      Citation Excerpt :

      Sources of damage like computer viruses, trojan and spy software, hacking or denial of service attacks have become nowadays more danger and sophisticated. All those aspects should be included in the risk analyses (ISO/IEC 17779, 2000; ISO 31000, 2009; Mahan et al., 2011; MUP, 2001; Piwowar et al., 2009). The role of protecting the main valuable assets, including information, is still increasing.

    • Determining and verifying the safety integrity level of the safety instrumented systems with the uncertainty and security aspects

      2016, Reliability Engineering and System Safety
      Citation Excerpt :

      The black one means that some parts of communication channel are not designed, implemented and validated according to IEC 61508. In that case, communication interfaces should be implemented according to the railway applications communication, signaling and processing systems IEC 62280 standard (safety-related communication in closed transmission systems) [1,2,27,40]. One of the main purpose of the functional safety analysis is the determination of safety integrity level (SIL) for a given safety-related function, which is to be implemented by the control and/or protection systems that are usually based on programmable electronic systems.

    • A framework and case study for the resilience of infrastructures

      2017, Performance-Based Seismic Design of Concrete Structures and Infrastructures
    • Quantification and enhancement of the resilience of infrastructure networks

      2017, Journal of Pipeline Systems Engineering and Practice
    View all citing articles on Scopus
    View full text