Empirical Risk Analysis Methodology for Adversarial Threats against Critical Infrastructure

The increase in foreign and domestic threats mandates a serious reevaluation of existing security methodologies, standards, and vulnerability assessments. A comprehensive defense strategy with quantitative and qualitative measurements is presented on how the water sector can optimize the application...

Ausführliche Beschreibung

Gespeichert in:
Bibliographische Detailangaben
Veröffentlicht in:Journal of infrastructure systems 2024-03, Vol.30 (1)
Hauptverfasser: Wallace, David W., Foster, Lloyd, Schartau, Kris, Lewin, David, Keyes, Conrad G.
Format: Artikel
Sprache:eng
Schlagworte:
Online-Zugang:Volltext
Tags: Tag hinzufügen
Keine Tags, Fügen Sie den ersten Tag hinzu!
Beschreibung
Zusammenfassung:The increase in foreign and domestic threats mandates a serious reevaluation of existing security methodologies, standards, and vulnerability assessments. A comprehensive defense strategy with quantitative and qualitative measurements is presented on how the water sector can optimize the application and placement of physical security countermeasures to improve resilience based on known parameters in a cost effective way. This study reviews the history and original intent of these methodologies that were adopted from the atomic and nuclear segments of the energy sector. These methodologies served as a starting point for the risk assessment documents that govern water sector security. The current American National Standards Institute (ANSI) risk models used by the water sector, based on design basis threat (DBT) and risk analysis and management for critical asset protection (RAMCAP), are rooted in the traditional risk formula of threat multiplied by vulnerability multiplied by consequence. This paper concludes that due to the inability to define who the adversary is, along with their objectives, motives, and capabilities, and the lack of statistically valid datasets or available intelligence of malevolent threats, the requirements listed in these methodologies are not achievable and will remain as unknowns in water/wastewater/stormwater systems. Therefore, the risk models used for mitigating adversarial threats have fundamental errors that should be replaced by an alternate risk model capable of measuring what can be known about facility resilience to malevolent attacks. By treating risk as a vector quantity consisting of known parameters, the probability of success of a given threat can be calculated using the mathematical analysis of defense strategy and countermeasures (MADSC) methodology. Once these parameters are established, the MADSC methodology can be used to determine the degree of difficulty in compromising existing countermeasures and provide guidance for physical security improvements and budgeting based on quantitative results.
ISSN:1076-0342
1943-555X
DOI:10.1061/JITSE4.ISENG-2291