Professional Documents
Culture Documents
Management of Complex
Interdependent Systems
(ENMA 771/871)
Module 1: Complex
Interdependent Systems
Dr. Adrian V. Gheorghe
Department of Engineering
Management & Systems
Engineering
©2009 A. Gheorghe All Rights Reserved
Dealing with Complex
and Interdependent
Systems
Critical
Topics Infrastructures
Infranomics - A New
Dimension of Complex and
Interdependent Vital
Systems
©2009 A. Gheorghe All Rights Reserved
Module 1 Objectives
1. Introduce and formulate contemporary systems of
high interdependency addressing vital societal needs;
featuring risks, vulnerability/resiliency,
sustainability and governance.
2. Discuss the advent of critical infrastructure systems;
need for a coherent approach to their complexity
and inter-dependencies in relationship to systems
analysis and systems engineering.
engineering
3. What is infranomics;
infranomics understand rules of
interactions, dependability, complexity and their
implications for complex critical infrastructure
systems and their problem solving.
"Good teachers never teach anything. What they do is create the conditions under
which learning takes place" S.I.Hayakawa
Information as a
Common Denominator
Information/Knowledge
Digitalization
Electricity
Critical Infrastructures made by People. They do carry
beliefs, values, art, vision, „ideology“
©2009 A. Gheorghe All Rights Reserved
A Real Story
load [GW]
Duration
Blackout
affected
People
causes
Loss of
Main
[h]
Aug. 14, Great Lakes, NYC ~60 ~16 50 mio Inadequate right-of-way maintenance, EMS failure,
2003 poor coordination among neighboring TSOs
Aug. 28, London 0,72 1 500´000 Incorrect line protection device setting
2003
Sept. 23, Denmark / 6,4 ~7 4,2 mio Two independent component failures (not covered
2003 Sweden by N-1rule)
Sept. 28, Italy ~30 up to 56 mio High load flow CH-IT, line flashovers, poor
2003 18 coordination among neighboring TSOs
July 12, Athens ~9 ~3 5 mio Voltage collapse
2004
May 25, Moscow 2,5 ~4 4 mio Transformer fire, high demand leading to overload
2005 conditions
June 22, Switzerland 0.2 ~3 200´000 Non-fulfillment of the N-1rule, wrong
2005 (railway supply) passengers documentation of line protection settings,
inadequate alarm processing
Aug. 14, Tokyo ? ~5 0.8 mio Damage of a main line due to construction work
2006 households
Nov. 4, Western Europe ~14 ~2 15 mio High load flow DE-NL, violation of the N-1rule, poor
2006 (UCTE) households inter TSO- coordination
Business
Threats
Government
Business services
Citizens
Electro -mech .
parts/systems
…
Technical services
RCS, ICS
Data
Energy
Vulnerabilities
ICSInterdependencies
consumers
large
power
exchange bilateral
market
distribution economic
integrated utility company consumers subsystem producers
retail companies
companies
consumers
small
interconnector
balancing congestion
market management
transmission distribution
generators load system
network networks
operator
transmission distribution
network network
managers managers
TSO
on
Health Trans- Com- Public
Energy Banks
System portation unication Security
Vulnerability
of
Power Infrastructure Users
Power + information
Market Supplier Critical Infrastructures
Distribution
Transmission
Operators / Brokers Industry
Generation
Business Government
Business services Energy
Electro-mech.
Citizens
parts/systems
…
Technical services RCS, ICS
Refineries &
Nuclear Hydro
Petrochemical
power plants power plants
©2009 A. Gheorghe All Rights Reserved plants
Interdependencies – A
Homeland Security Issue
Rafinery
Rail
NPP System
Oil Delivery
Incapacity of Interruption of
Scram Oil Processing
Operation Goods Delivery
Cyber Insurance
Threat Hospitals Liability
© Jody R. Westby
Global Cyber Risk LLC
©2009 A. Gheorghe All Rights Reserved February 24, 2006
Asymmetrical Cyber
Realities
Expert opinions:
• Vulnerability is the degree of the loss to a given element or set of elements at risk
resulting from the occurrence of a natural phenomenon of a given magnitude
(UNDRO, 1982).
• Human vulnerability is function of the costs and benefits of inhabiting areas at risk
of natural disaster (Alexander, 1993).
• Vulnerability are those circumstances that place people at risk while reducing their
means of response or denying them available protection (Comfort et al., 1999).
©2009 A. Gheorghe All Rights Reserved
Differences Between Vulnerability
and Resiliency
Vulnerability Resiliency
Resistance Recovery
Force bound Time bound
Safety Bounce back
Mitigation Adaptation
Institutional Community-based
System Network
Engineering Culture
Risk assessment Vulnerability and capacity
analysis
Outcome Process
Standards Institution
• Both the probability that a scenario will take place and its consequence
has been estimated. The consequences are estimated as a result of many
factors such as deaths, damage, costs as well as recovery time. The final
product is a matrix that shows all the consequences of a specific scenario
as well as the probability that it will happen. Risk matrixes according to
the Swiss concept should perhaps be most useful in order to show the
total risk scenario in a specific area.
Please look at Reference 1 for Risk Matrix – A case of chemical risk acceptability assessment (pages 64-66).
Cascading failures in the North American electricity grid have been more common than
one might expect. Forty-six of the events between 1984 and 2000, or nearly three per
year, involved losses of > 1,000 MW. The probability of smaller power losses follows
an exponential curve, while for losses >500 MW is described by a power law typical for
self-organized systems.
©2009 A. Gheorghe All Rights Reserved
• The political framework, institutions and actor networks became market-
focused; security of supply must become a new overarching principle.
• The initial design and operation criteria (e.g. N-1) need to be aligned with
the current use and practice („evolutionary unsuitability“).
• Digitalized non-dedicated control systems are becoming increasingly
ubiquituous; unsecured the public internet should not be used for vital
operation and control functions.
• Compiance with the growing need for real time based data acquisition
and management systems (SCADA), mandatory rules including
contingency procedures and improved coordination (TSOs), etc. needed.
• Development of risk / vulnerability awareness and intellectual
modeling capabilities to be promoted.
2. Mitigation actions
Medium
Reducing the impact of
the risk before, during
and after it
Low Acceptable appears/occurs
Risk Area
3. Recovery actions
“Emergency actions”
Low Medium High Reduction of the impact
after the risk occurs
Impact
Total Cost
Cost
Cost of Security
Minimum of
Total Cost
Vulnerability
Susceptibility Resilience
Time
Service Disruption
©2009 A. Gheorghe All Rights Reserved
Vulnerability Scenarios
Low Susceptibility No cascading effects
l anoit c nu F
Sys with HIGH vulnerability
?
Cascading
effects
High Susceptibility
l anoit c nu Ft o N
Time
Vulnerability
Susceptibility Resilience
Coping Capacity Recover
Service Disruption
©2009 A. Gheorghe All Rights Reserved
Vulnerability induced
Complexity
• Vulnerability Assessment
Checklists
• Actor-Based Modeling and
Simulation
• Aggregate Supply and Demand
Tools
• Dynamic Simulations
• Physics Based Models
• Population Mobility Models
• Leontief Input-Output Models
• Network Topology Design
Theories
• Critical Infrastructure
Interdependencies Integrator
(CI3)
©2009 A. Gheorghe All Rights Reserved • Hybrid Approaches
Criticality and security: a
complementary approach
Infrastructure
“if “is
disrupted required
will lead in case
to…” of…”
CRISIS
`
Political socio-economic
system
and political
systems and the
interactions
amongst all these
Subsystem of CI 3… elements”
e.g. Transport
Subsystem of CI 2
©2009 A. Gheorghe All Rights Reserved
Structure of Guidelines
Vulnerability analysis
Definition of the SRVA
Process 5.Direct vulnerability
1.Objectives and scope assessment for the
relevant scenarios
2.Involved stakeholders
and responsibilities 6.Cascading vulnerability
assessment for the
relevant scenarios
Criticality assessment
1.Definition of
criticality criteria Relevant scenarios
2.Identification and definition Define Vulnerability
ranking of CI at regional reduction strategies
level 4.Definition and
ranking of scenario of 7.Definition of
3.Characterization of service disruptions of acceptable level of
the MOST critical the most critical vulnerability
system and of system
priority exposed 8. Define actions
elements to be taken
©2009 A. Gheorghe All Rights Reserved
Critical Infrastructures
Issues of Homeland
Security
An International
Perspective
Traditional one-
e.g. dimensional perspective of
Armeni
a
security policy:
Georgia
„Maslow Pyramid“ Military threats, power
(revised) politics
Broadening scope of
Austria security policy
Norway recognized, partly
Switzerland analyzed
Sweden
U.S.A Comprehensive risk
analysis:
Interdependency
analysis of threats and
Broadening
©2009 A. Gheorghe All Rights Reserved
critical infrastructures
Need for Integrative
Approach
Risk
Vulnerability
Sustainability
Governance
Sustainability Governance
Complexity
Vitality
Ubiquity of Digitalization
and
Risks/Vulnerability of
Interdependent
Infrastructures
©2009 A. Gheorghe All Rights Reserved
Ubiquity of Digitalization
• According to authoritative definitions on ubiquity, one
can conclude that two of them are relevant to the
further work within this Project.
• Definition 1: “The capacity of being everywhere or in
all places at the same time” (Oxford English
Dictionary)
• Definition 2: “ Presence everywhere or in many places
especially simultaneously” (Merriam Webster
Dictionary)
• Definition 3: By digitalization we mean the process
automation related activities, as well as the intensive
use of various kind of computers, associated with
operational, tactical, as well as the strategic phase of a
given infrastructure
Incapacity of Interruption of
Scram Oil Processing
Operation Goods Delivery
Cyber Insurance
Threat Hospitals Liability
Power Water
Agriculture
Grid Supply
Socionomics
System
of
Systems
Infranomics Economics
• In 1995 Haimes published another paper on use of HHM for risk identification in complex
systems. HHM has been applied elsewhere to software project development (Chittister and
Haimes 1993)and global sustainable development (Haimes 1992).More recent application
of HHM into risk and vulnerability can be found in Ezell’s works (Ezell 2000).The two papers
serve to introduce the probabilistic Infrastructure Risk Analysis Model (IRAM) developed for
a small community's water supply and treatment system in the United States. The paper
adopts a holistic approach to model a water infrastructure system's interconnectedness
and interdependencies.
• The IRAM consists of four phases. In phase I, one identifies the risks to the infrastructure by
decomposing the system. Borrowing from the HHM philosophy, the authors take a "system
perspective", decomposing the infrastructure with respect to
– Components
– Hierarchical structure
– Function
– State
– Vulnerability
– U: Risk-featuring factors,
– V: Management response-featuring factors,
• Since no analytic solution for the equation of the cusp line is readily available,
distance D is actually evaluated up to the Bezier interpolation of a sufficient
number of (U, V) knots on the cusp
Figure: Relative
Vulnerability
for Earthquakes,
1980–2000
HVSR model
shows
relationship
between
Risk and
vulnerability
©2009 A. Gheorghe All Rights Reserved
Differences Between Risk
and Vulnerability (1)
• Difference in analysis object:
Risk assessment, as an impact assessment, selects a particular stress (or threat, hazard) of concern, and
seeks to identify its important consequences for a variety of system properties. Vulnerability analysis and
assessment, in contrast, select a particular system or component of concern, and seek to examine why
specific adverse outcomes comes to that system (component) in the face of variety of stressor (or threats,
hazards) and to identify a range of factors that may affect response capacity and adaptation to stressor ( or
threats, hazards). It is obvious, the risk focus on hazard analysis, but the main analysis object of vulnerability
is system per se. Vulnerability describes inherent characteristics of a system that create the potential for
harm but are independent of the risk of occurrence of any particular hazard.
• Difference in emphasis:
The focal point of vulnerability analysis is the survivability of the system. The goal of risk
analysis is to investigate and understand all concerned risks and provide information for
decision-making about resource allocation. In fact, if system can survive the hazards there
are no much risk any more. Proper resource allocation can reduce system vulnerability;
correspondently, reducing system vulnerability can reduce system risk.