Critical Infrastructure System Security and Resiliency

Security protections for critical infrastructure nodes are intended to minimize the risks resulting from an initiating event, whether it is an intentional malevolent act or a natural hazard. With an emphasis on protecting an infrastructure's ability to perform its mission or function, Critical Infrastructure System Security and Resiliency presents a practical methodology for developing an effective protection system that can either prevent undesired events or mitigate the consequences of such events.

Developed at Sandia National Labs, the authors? analytical approach and methodology enables decision-makers and security experts to perform and utilize risk assessments in a manner that extends beyond the theoretical to practical application. These protocols leverage expertise in modeling dependencies?optimizing system resiliency for effective physical protection system design and consequence mitigation.

The book begins by focusing on the design of protection strategies to enhance the robustness of the infrastructure components. The authors present risk assessment tools and necessary metrics to offer guidance to decision-makers in applying sometimes limited resources to reduce risk and ensure operational resiliency.

Our critical infrastructure is vast and made up of many component parts. In many cases, it may not be practical or affordable to secure every infrastructure node. For years, experts?as a part of the risk assessment process?have tried to better identify and distinguish higher from lower risks through risk segmentation. In the second section of the book, the authors present examples to distinguish between high and low risks and corresponding protection measures. In some cases, protection measures do not prevent undesired events from occurring. In others, protection of all infrastructure components is not feasible. As such, this section describes how to evaluate and design resilience in these unique scenarios to manage costs while most effectively ensuring infrastructure system protection.

With insight from the authors? decades of experience, this book provides a high-level, practical analytical framework that public and private sector owners and operators of critical infrastructure can use to better understand and evaluate infrastructure security strategies and policies. Strengthening the entire homeland security enterprise, the book presents a significant contribution to the science of critical infrastructure protection and resilience.

Security Risk Assessment. Introduction to Security Risk Assessment. Undesired Events, Associated Critical Assets, and Available Resources. Threat Analysis. Likelihood of Initiating Events. Assess Consequences and Responses for Undesired Event. Assessment of Protection System Effectiveness. Estimate Security Risk. Evaluation and Design of Resilient Systems. Motivating Infrastructure Resilience Analysis. Current State of Resilience Assessment. Infrastructure Resilience Analysis Methodology. Case Studies Using the Infrastructure Resilience Analysis Framework. Future Directions. Appendix A: Example Use of Fault Trees to Identify Critical Assets. Appendix B: Physical Protection Features Performance Data. Index.

Betty E. Biringer is a mathematician currently conducting specialized technical assessments and research in the national interest as a distinguished member of the technical staff at Sandia National Laboratories. As the former manager of the Security Risk Assessment Department, she provided oversight and technical guidance for Sandia’s modeling and simulation tools for physical security vulnerability analyses and risk assessments. Ms. Biringer was actively involved in the development and implementation of most of Sandia’s service-marked Risk Assessment Methodology (RAM) tools for critical infrastructure elements, including dams, high-voltage electric power transmission, chemical facilities, communities, and energy. She has served as a subject matter expert for security risk on review panels for the Department of Homeland Security’s National Centers of Excellence. Her other primary research area is the development of methodologies for the assessment and mitigation of the insider threat.

Dr. Eric D. Vugrin is currently a distinguished member of the technical staff in the Resilience and Regulatory Effects Department at Sandia National Laboratories. His primary research interest is the development of analytical tools and methods for infrastructure analysis. Most recently, his research has focused on capability development for vulnerability, consequence, and resilience analysis of chemical supply chains, transportation networks, electrical power systems, and other infrastructure networks. These efforts provided support and guidance to the U.S. Department of Homeland Security’s Infrastructure Protection, Science and Technology, and Policy programs. Prior to his work in the area of infrastructure analysis, he performed risk analyses for complex systems as Sandia’s technical lead for Total Systems Performance Assessment at the Waste Isolation Pilot Plant, the world’s only certified, deep-underground repository for nuclear waste.

Dr. Drake E.