Abstract
The search for a uniform risk analysis approach for critical infrastructures has prompted a reexamination of the Risk Analysis and Management for Critical Asset Protection (RAMCAP) methodology to see if it can accommodate emerging threats from climate change, aging infrastructure and cyber attacks. This chapter examines the challenges involved in taking a site-specific formulation and turning it into a general model capable of analyzing performance under a full range of simulated conditions. The AWWA J100-10 standard provides the blueprint for a basic RAMCAP model that calculates risk as an attenuation of consequences via probability estimates of vulnerability, threat, resilience and countermeasures. The RAMCAP model was subjected to varying scenario loads in deterministic simulations that examined all hypothetical conditions and probabilistic simulations that examined likely conditions. RAMCAP performance was measured by the average net benefit and represented by the distribution of component values. Contrary to expectations, RAMCAP performance did not improve as the number of scenarios increased in the simulations. The methods and results of this study may hold implications for other critical infrastructure risk methodologies that are based on consequence, threat and vulnerability.
Chapter PDF
Similar content being viewed by others
References
Adar, E., Wuchner, A.: Risk management for critical infrastructure protection challenges, best practices and tools, Proceedings of the First IEEE International Workshop on Critical Infrastructure Protection, pp. 90–100 (2005)
American Water Works Association, Risk and Resilience Management of Water and Wastewater Systems. Denver, Colorado (2010)
Carreras, B., Newman, D., Gradney, P., Lynch, V., Dobson, I.: Interdependent risk in interacting infrastructure systems, Proceedings of the Fortieth Annual Hawaii International Conference on System Sciences (2007)
Cooke, R., Goossens, L.: Expert judgment elicitation for risk assessments of critical infrastructures, Journal of Risk Research, vol. 7(6), pp. 643–656 (2004)
Cox, L.: What’s wrong with risk matrices? Risk Analysis, vol. 28(2), pp. 497–512 (2008)
Cox, L., Babayev, D., Huber, W.: Some limitations of qualitative risk rating systems, Risk Analysis, vol. 25(3), pp. 651–662 (2005)
Creese, S., Goldsmith, M., Adetoye, A.: A logical high-level framework for critical infrastructure resilience and risk assessment, Proceedings of the Third Workshop on Cyberspace Safety and Security, pp. 7–14 (2011)
Daniels, D., Ware, B.: State/local CIP risk analysis: First results and emerging trends in the data, Proceedings of the IEEE Conference on Technologies for Homeland Security, pp. 393–400 (2009)
Ghazel, M.: Using stochastic Petri nets for level-crossing collision risk assessment, IEEE Transactions on Intelligent Transportation Systems, vol. 10(4), pp. 668–677 (2009)
Giannopoulos, G., Filippini, R., Schimmer, M.: Risk AssessmentMethodologies for Critical Infrastructure Protection, Part 1: A State of the Art, JRC 70046, European Commission Joint Research Centre, Ispra, Italy (2012)
Lee, S.: Probabilistic risk assessment for security requirements: A preliminary study, Proceedings of the Fifth International Conference on Secure Software Integration and Reliability Improvement, pp. 11–20 (2011)
Lewis, T., Darken, R., Mackin, T., Dudenhoeffer, D.: Model-based risk analysis for critical infrastructures, WIT Transactions on State-of-the-Art in Science and Engineering, vol. 54, pp. 3–19 (2012)
Masse, T., O’Neil, S., Rollins, J.: The Department of Homeland Security’s Risk Assessment Methodology: Evolution, Issues and Options for Congress, CRS Report for Congress, RL33858, Congressional Research Service, Washington, DC (2007)
McGill, W., Ayyub, B., Kaminskiy, M.: Risk analysis for critical asset protection, Risk Analysis, vol. 27(5), pp. 1265–1281 (2007)
Moteff, J.: Critical Infrastructures: Background, Policy and Implementation, CRS Report for Congress, RL30153, Congressional Research Service, Washington, DC (2015)
National Research Council, Review of the Department of Homeland Security’s Approach to Risk Analysis, National Academies Press, Washington, DC (2010)
Newman, D., Nkei, B., Carreras, B., Dobson, I., Lynch, V., Gradney, P.: Risk assessment in complex interacting infrastructure systems, Proceedings of the Thirty-Eighth Annual Hawaii International Conference on System Sciences (2005)
Pederson, P., Dudenhoeffer, D., Hartley, S., Permann, M.: Critical Infrastructure Interdependency Modeling: A Survey of U.S. and International Research, INL/EXT-06-11464, Idaho National Laboratory, Idaho Falls, Idaho (2006)
Resurreccion, J., Santos, J.: Stochastic modeling of manufacturing-based interdependent inventory for formulating sector prioritization strategies in reinforcing disaster preparedness, Proceedings of the IEEE Systems and Information Engineering Design Symposium, pp. 134–139 (2012)
Schechtman, E.: Odds ratio, relative risk, absolute risk reduction and the number needed to treat - Which of these should we use? Value in Health, vol. 5(5), pp. 431–436 (2002)
Stamatelatos, M.: Probabilistic Risk Assessment: What is it and Why is it Worth Performing it? NASA Office of Safety and Mission Assurance, National Aeronautics and Space Administration, Washington, DC (2000)
U.S. Department of Homeland Security, National Infrastructure Protection Plan, Washington, DC (2006)
U.S. Department of Homeland Security, National Infrastructure Protection Plan: Partnering for Critical Infrastructure Security and Resilience, Washington, DC (2013)
Volkanovski, A., Cepin, M., Mavko, B.: Application of fault tree analysis for assessment of power system reliability, Reliability Engineering and System Safety, vol. 94(6), pp. 1116–1127 (2009)
Woo, G.: The evolution of terrorism risk modeling, Journal of Reinsurance, vol. 10(3), pp. 1–9 (2003)
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2016 IFIP International Federation for Information Processing
About this paper
Cite this paper
White, R., Burkhart, A., Boult, T., Chow, E. (2016). Towards a Comparable Cross-Sector Risk Analysis: RAMCAP Revisited. In: Rice, M., Shenoi, S. (eds) Critical Infrastructure Protection X. ICCIP 2016. IFIP Advances in Information and Communication Technology, vol 485. Springer, Cham. https://doi.org/10.1007/978-3-319-48737-3_13
Download citation
DOI: https://doi.org/10.1007/978-3-319-48737-3_13
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-48736-6
Online ISBN: 978-3-319-48737-3
eBook Packages: Computer ScienceComputer Science (R0)