1. SUBPROJECT PROPOSAL TO RISKMAN
Subproject full title:
VITAL INFRASTRUCTURE VULNERABILITY ASSESSMENT
AND RISK MANAGEMENT
Subproject Acronym: VIVA-RIMA
RISKMAN Research Area: RA5, RA6
2. PROPOSER PARTICULARS
Proposing Organization: NCSR “DEMOKRITOS”
Contact Person Name: Ioannis A. Papazoglou
Address: National Center for Scientific Research “DEMOKRITOS” ,
Aghia Paraskevi 153 10 , Greece
Tel: +30 210 6503742
Fax: +30 210 6540926
E-mail: yannisp@ipta.demokritos.gr
Web site:
Participating Organizations and companies, name and country
3. PROPOSAL SUMMARY:
Vital European infrastructure incorporates a number of networks of manmade systems
and processes that function collaboratively and synergistically to produce and
distribute a continuous flow of essential goods and services to the European society
as: Transportation, energy (oil, gas, electricity), Telecommunication (information and
communication) water supply, Emergency services, Government services and
Banking and Finance. These infrastructure systems are tightly intertwined to a great
extent, each one depending on several others for its reliable and safe operation. As a
result, failures in one of these networks can propagate through the interdependences
to other networks and to different geographic regions. The proposed project will
identify specific weaknesses (vulnerabilities) of the systems and of their components
to a series of threats, particularly those owing to the interdependences and complexity.
Furthermore, it will provide a risk management framework for reducing the risk of
infrastructure failure through specific measures aiming at preventing and mitigating
consequences.
Natural
Gas
Oil
ELECTRIC
POWER
Transportation
Government
Water Supply
Information &
Communication
Banking &
Finance
Threats
Vulnerabilities
Inter
dependences
Risk
Management
116108260
1/12/
4. OBJECTIVES
Suitable models incorporating all types of interdependences among the various
infrastructure networks will be developed. Three classes of interdependences will be
incorporated namely, functional, spatial and organizational. Vulnerabilities of the
combined infrastructure systems under a series of threats (hardware/software failures,
natural phenomena, cyber attacks) will be identified and will be prioritized with
respect to their probability of occurrence and the severity of the resulting
consequences. Specific measures for reducing the vulnerabilities and thus increasing
the level of safety for the infrastructure networks will be determined and evaluated
with respect to their efficiency and cost.
The generic models and results will be applied into a number of specific networks in
specific geographical areas.
The objectives will be further fine tuned once the scope of the project will be further
defined.
5. DELIVERABLES.
These will be specialized once it is decided which infrastructure networks and which
threats will be included.





Models of various infrastructure networks able to simulate their response to a
wide range of threats and incorporating the various interdependences.
Rigorous vulnerability assessments using new methods tools and techniques.
Identification and characterization infrastructure components, first order
dependences and degree of coupling among infrastructures
Advanced Computational Algorithms for simulating large scale systems and
complexity
Advanced visualization techniques, expert systems for information handling
6. JUSTIFICATION AND POTENTIAL IMPACT
Will be added later.
7. DESCRIPTION OF THE WORK
The work description that follows addresses a narrower objective than that described
under section 3 above. In particular the description that follows refers to a project
with emphasis on the energy networks of oil and gas and the incorporation of all the
dependences on other networks (like electrical power and telecommunications) and on
soil and structural elements that can be affected by a seismic event.
Should a broader or different scope be adopted by the consortium partners the
description will be adopted accordingly For example, floods would require a number
of additional tasks..
This model will exhibit all functional, organizational and spatial interrelations of the
infrastructures and will enable the assessment of then risk from earthquakes of the
corresponding infrastructure. Assessment of the risk means the identification of all
important combinations of component structural failures that can lead to various
levels of service denial (dependability-unreliability) of the system and/or severe
consequences to public health and the environment (safety). Specific models for the
116108260
2/12/
seismic vulnerability of the various components and/or combinations of components
to an envelop of seismic induced stresses will be developed along with a
geographically dependent seismic event generation and propagation model. The
various sub-models will be integrated in a GIS environment that would allow the user
to assume a particular earthquake with specific geographic origin and obtain the
possible damage states of the desired network and the associated probabilities.
Risk management will be aided through the development and evaluation of a number
of generic and network specific risk reduction measure aiming both at prevention and
mitigation of the consequences.
RISK MANAGEMENT PHASE I: RISK ASSESSMENT
The first phase of risk management consists in the assessment of risk that is in the
assessment of the combination of events that can lead to the undesirable
consequences, here service interruption by the infrastructure networks, and the
relative likelihood that these events will occur.
WP.1. DEVELOPMENT OF INFRASTRUCTURE-SYSTEM MODEL WITH
INTERDEPENDENCES
A model of the energy system networks (oil and gas) will be developed
capable to incorporate all functional and organizational interdependences of these
networks to the transportation, electrical power and telecommunication networks.
This model will be tuned to emphasized structural and spatial /geographical
characteristics of the systems.
T.1.1.
MODEL OF NATURAL GAS SYSTEM
A model of the natural gas system network will be developed including all major
components in the three major sectors i.e.: Storage, Transmission and Distribution.
Items to be included are: storage & compression facility, pipelines, meters valves,
receipt points, delivery points, city gates, consumption points & distribution networks.
Dependence on other infrastructure networks will be identified as electric power,
communication and information systems. The Supervisory Control and Data
Acquisition (SCADA) system will be included along with its dependences on electric
power and telecommunication networks.
The model should allow for the geographical characterization of each component (e.g.
exact location) so that stresses induced by a given earthquake could be assessed (see
WP.3). Potential proximity of other structures should be also identifiable and
document able so that secondary failures of elements of gas network owing to primary
failures of such structures can be accounted for.
T.1.2.
MODEL OF OIL SYSTEM
A model of the oil system network will be developed including all major components
in the four major sectors i.e.: Refineries & Storage, Transmission, Distribution and
local storage. Both liquid fuels and Liquefied Petroleum Gas will be considered. Items
to be included are: Refineries, receiving facilities, Tank farms, pipelines, meters
valves, local storage facilities, secondary distribution centers (gas stations LPG bottle
filling facilities etc. Dependence on other infrastructure networks as electric power,
116108260
3/12/
communication and information systems will be identified. The road network with
associated infrastructure might be of interest here owing to the distribution mode
through road tankers. The Supervisory Control and Data Acquisition (SCADA)
system will be included along with its dependences on electric power and
telecommunication networks.
The model should allow for the geographical characterization of each component (e.g.
exact location) so that stresses induced by a given earthquake could be assessed (see
WP.3). Potential proximity of other structures should be also identifiable and
document able so that secondary failures of elements of the oil network owing to
primary failures of such structures can be accounted for.
T.1.3.
MODEL OF ELECTRIC POWER SYSTEM
A model of the electric power system will be developed including all major
components in the three major sectors of the Greek system i.e.: Power Generation,
Transmission, Distribution. Items to be included are: Generating stations (including
fuel supply),High and medium Voltage Transmission lines, Substations, distribution
centers Dependence on other infrastructure networks as communication and
information systems will be identified. Particular emphasis will be given in “closed
loop dependences” as natural gas fed electrical power generating stations. The
SCADA and Load Management system will be included along with its dependences
on electric power and telecommunication networks.
The model should allow for the geographical characterization of each component (e.g.
exact location) so that stresses induced by a given earthquake could be assessed (see
WP.3)..
T.1.4.
MODEL OF INFORMATION &COMMUNICATIONS SYSTEM
The Information And Communication system includes the Public
Telecommunications Network(PTN), and the Internet. The PTN includes the landline
networks, the cellular networks and the satellite service. Important elements for the
landline network are switches and the land-based wirelines, control and signaling subnetworks. For cellular networks important components are the switching centers, the
relaying stations and antennas and associated control and signaling sub-networks (if
any). For Internet major router centers, landlines (usually common with PTN) and
important national gateways should be included. The model will also include any
dependence on the electrical system. System failure might also be caused by heavy
traffic following a seismic event.
The model should allow for the geographical characterization of each component (e.g.
exact location) so that stresses induced by a given earthquake could be assessed (see
WP.3)
T.1.5.
MODEL OF WATER SYSTEM
A model of the water supply network will be developed. Important components of this
system typically include: Water sources –surface waters in impoundments such as
lakes and reservoirs or flowing waters in rivers or ground waters in aquifers-treatment
facilities, transmission system –aqueducts, tunnels, reservoirs, pumps-, distribution
system to final users, Waste water collection and treatment system. Dependences on
other networks as electric power and Information and Communication will be
identified and included in the model. Of particular importance to this project is the
116108260
4/12/
required availability of water for fire fighting purposes following a failure of the oil
and or natural gas networks, release of fluid and ignition.
The model should allow for the geographical characterization of each component (e.g.
exact location) so that stresses induced by a given earthquake could be assessed (see
WP.3)
T.1.6.
DEVELOPMENT OF GIS-BASED INTEGRATED MODEL
The models developed in tasks T.1.1 to T.1.5 will be incorporated on an GIS basis to
fully develop their geographical dimension. The purpose of this is threefold: First the
connection of each and every component of the infrastructure networks with a
particular type of soil and ground environment will be greatly facilitated; secondly the
association of each and every component with a particular level of ground motion
characteristic following an earthquake will be greatly facilitated; and thirdly it will be
possible to use information already existing in GIS format of other structures that
could threaten through their structural failure components of the networks under
analysis.
WP.2. SPECIALIZATION TO SPECIFIC GEOGRAPHICAL REGIONS
All models developed under WP1. will be specialized into particular geographical
regions.
WP.3. DEVELOPMENT OF INITIATING SEISMIC EVENTS
This work page will develop a model that will map, on a regional basis, all the
important seismic faults and the associated possible earthquakes. Earthquake initiating
events will be characterized by those parameters necessary for further determination
of seismic wave characteristics. Propagation models will be developed/added so that
the intensity of the seismic wave at any point of the area of interest (country, region)
would be determined. All models will be integrated in a GIS system. Level of
resolution to be determined.
T.3.1.
To be added
REGION WIDE MAPPING OF FAULTS
T.3.2.
CLASSIFICATION OF POSSIBLE EARTHQUAKES
To be added. Should include probabilities of occurrence
T.3.3.
To be added
SEISMIC WAVE PROPAGATION
T.3.4.
To be added
MOUNTING ON THE GIS
116108260
5/12/
WP.4. DEVELOPMENT OF INFRASTRUCTURE LOGICAL MODEL
A logical model of the basic energy network (oil &gas) will be developed depicting
the logical dependence of the various components. This dependence will be such that
failure of one or of a combination of components would determine the failure of
another component. Development of this model will stop at a level of resolution
where all structural and support dependences will be identified. Specific types of
interdependences requiring timing and sequence failure considerations will be
included.
INTEGRATION OF INFRASTRUCTURES TO A FUNCTIONAL –
LOGICAL INTEGRATED MODEL
Models developed in Tasks T.1.1 to T.1.5 represent the corresponding networks and
their components in generic form (and in WP.2 as a specializations to specific
European regions). In this task the partial models of the infrastructures will be
interconnected in an overall model. This will be accomplished by examining each
component of a network (e.g. the natural gas network) and connecting it to the
specific component of the other networks (e.g. electrical system) that it depends on.
Use of functional blocks will be made where each functional block will represent a
specific part of a network (e.g. natural gas pipeline from point A to point B)
associated with specific outputs and inputs. Internal property of the functional block
will be the logical combination of the required inputs and the state of the block itself
to produce successful output(s).Specific research will address particular timing and
sequencing problems and develop appropriate simulation models.
T.4.1.
T.4.2.
INTEGRATION OF SPATIAL DEPENDENCES IN A GIS MODEL
The GIS based networks of infrastructures will be interconnected through the
functional integrated model of task T.4.1. As a result of this task it would be possible
to have on the GIS basis the integrated Infrastructure model for a specific region.
Given a network component on a specific geographic location it will be possible to
identify (through the underlying model of task T.4.1) all functional dependences to
other parts of the network (e.g. upstream pressure regulating station of the natural gas
network) and to other networks (e.g. electric power) at any level of desired detail (e.g.
electric power substation or main high voltage transmission line). Furthermore,
through the GIS framework the component would be associated with the specific type
of soil it is built on (other seismic characteristics?). Additional spatial dependences as
collocating and common utility corridors will be included here.
INTEGRATION OF ORGANIZATIONAL – LOGICAL
DEPENDENCES
Some control and command functions in a network performed by humans are based
on visual and other information transmitted and depending on other networks (
telecommunications, electric power). Also accessibility of certain locations by
emergency personnel of a particular network will depend on the integrity of the
transportation network. This task will model this kind of dependences.
T.4.3.
116108260
6/12/
T.4.4.
IDENTIFICATION OF COMPONENTS BY TYPE OF
INFRASTRUCTURE AND SOIL
The components constituting the networks modeled in tasks T.1.1toT.1.6 and T.4.1
will be classified into classes or types according to their specific functional
characteristics (e.g. pumps, valves piping) and structural characteristics (e.g. seismic
qualification class, piping strength). Additional criterion of classification and/or of
grouping of elements into supercomponents will be based on potential common
vulnerability to seismic events (e.g mounted on the same structure, housed in the
same building). Further classification of components will be based on the type of soil
they are founded on. The objective of this classification is the streamlining of the
fragility development of T.5.1.
Check correctness from the seismic point of view. Possible break to 5 tasks per
infrastructure network.
WP.5. STRUCTURAL VULNERABILITY MODEL
Given the list of components identified as necessary for modeling the networks, their
fragility will be calculated for a series (envelope) of potential seismic challenges (eg.
Peak ground acceleration). Possible structural interactions under seismic loading of
specific combinations of components identified as critical will be also considered.
T.5.1.
To be added
STRUCTURAL FRAGILITY MODEL FOR EACH COMPONENT
T.5.2.
INTEGRATION OF STRUCTURAL VULNERABILITY MODEL WITH
GIS SOFTWARE
Given the integrated functional infrastructure model and its GIS connection (tasks
T.1.6, T.3.4, and T.4.2) and the results of task T.5.1, each component in the integrated
model would be associated with a fragility function ie. with a function giving the
probability of failure given a level of stress (e.g. peak ground acceleration).
WP.6. MODEL INTEGRATION
In this package the models developed in WP1-WP4 will be integrated in one overall
model. Processing of this model would develop accident sequences that is, a seismic
initiating event and component failures that would lead to various levels of servicedenial and or unsafe states.
T.6.1.
SEISMIC-DEPENDANT ACCIDENT SEQUENCE DELINEATION
A Logic model for the integrated functional system model (see task T.4.1) will be
developed. A series of system unavailabilities corresponding to various levels of
service denial (geographical or capacity reduction) for each infrastructure system will
be developed. These failed system stated would drive the development of the logic
model. The latter after appropriate processing will yield the accident sequences (i.e.
combinations of component failures) that following a seismic initiator would lead to
116108260
7/12/
one of the infrastructures’ failed states. Each and every accident sequence will be
further examined and analyzed for seismic commonalities not already incorporated in
the integrated model. Finally a screening of the set of accident sequences will retain
only those that consist of an initiating event (an earthquake of specific epicenter and
magnitude) and a series of structural failures and potentially one or two non-structural
failures (mechanical failure or human errors).
T.6.2.
STRUCTURAL FRAGILITY MODELS FOR EACH ACCIDENT
SEQUENCE
On the basis of the results of tasks in WP.5 and T.6.1 the overall fragility of each
accident sequence will be developed. This is the probability that given a specific
earthquake the resulting soil wave will cause the failure of such a combination of
network components that these failures in themselves or in combination of one or two
additional failures will cause the failure of one or more infrastructure networks.
T.6.3.
RISK ASSESSMENT PRESENTATION
The assessed risk will be presented in various formats, including i) probability of
service interruption for each and every level of interruption and each and every
infrastructure network owing to an earthquake regardless of origin and magnitude;
ii) probability of service interruption for each and every level of interruption and each
and every infrastructure network owing to a specific earthquake (location and
magnitude). Furthermore, the results of task T.6.2 will incorporated to the GIS so that
the user will be able to postulate a particular earthquake at a specific geographical
location and obtain as a result, on the screen, the parts of the infrastructure network(s)
that will become unavailable (at different probability levels) and the associated levels
of service denial.
RISK MANAGEMENT II: RISK REDUCTION MEASURES– PREVENTION
Following the assessment of risk, the second phase of risk management consists in the
identification of measures that could prevent the loss of an infrastructure network. In
the risk management formulation this means reduction of the probability of loosing a
network following an earthquake. This in turn its achieved by strengthening the
seismic design of components so that given accident sequence will have lower
probability of occurrence, remove common dependences from parts of networks or
relocate parts of them so that are not amenable to certain earthquakes ( the latter in the
design phase).
WP.7. MEASURES TO REDUCE PROBABILITY OF FAILURE
Once the phase of risk assessment is completed, measures of risk management can be
defined. One major class of risk reduction measures consist of those measures aiming
at prevention of accident sequences that is at the reduction of the probability with
which an accident is expected to occur.
116108260
8/12/
T.7.1.
RANKING OF COMPONENTS IN TERMS OF HEIR RISK-
IMPORTANCE
The components of the overall system of infrastructures will be ranked with respect to
their contribution to the overall risk. Various measures of importance will be used
including the elasticity of the risk to the failure probability of the component.
T.7.2.
DEVELOPMENT OF LIST OF GENERIC MEASURES FOR
STRENGTHENING INFRASTRUCTURE-SYSTEM RELIABILITY SAFETY
Given the results of tasks T.4.4 and T.7.1 a number of measures aiming at the
reduction of the probability of failure of the most important components or nodes of
the infrastructure networks will be developed. The use of the importance ranking of
task T.7.1 will allow the optimization of the proposed measures with respect to their
impact on reducing the probability of system failure and the relative importance of
this failure. This will be first done on a generic basis so that the results will be valid
independently to a large extent of the specific system under analysis. These measures
can be distinguished into four classes.




Structural strengthening
Structural/spatial decoupling of redundant components.
Increase redundancy of components/system
Increased diversity
SYSTEM –SPECIFIC MEASURES AGAINST CRITICAL FAILURE
T.7.3.
COMBINATIONS
All the measures identified in task T.7.2 will be specialized to the particular Greek
system of infrastructures under analysis, and will be reexamined in the light of the
specific accident sequences in which the various components appear. Alternative
structural design might be different for a component on a generic basis than on as
built specific component in a particular location and in relation of additional
components and structures present in that location. Furthermore, addition of
redundancy might not be particularly effective in a specific case where for example if
two balk high voltage transmission lines are passing through or near the same fault
and are subject to simultaneous failure given the right earthquake.
RISK MANAGEMENT III: RISK REDUCTION MEASURES–MITIGATION
A second class of risk reduction measures comprises measures aiming at reducing the
magnitude and severity of consequences. Loss of vital infrastructures can have severe
consequences for the socioeconomic well being of our society. It is beyond the scope
of the proposed project to calculate direct or indirect consequences of loss of service
from a particular infrastructure network. Consequently for the purposes of this project
consequences will be measured by the extent of the loss of service and its duration.
Mitigation measures will therefore aim at: i) reducing he extent of loss service
following a seismic event (e.g. partial reduced flow instead of total loss of flow in the
natural gas transmission system, partial blackouts or browning instead of total
blackouts in the electric power network); and ii) reducing the duration of the loss of
service of one or more infrastructure networks following a seismic event.
116108260
9/12/
WP.8. OPTIMIZATION OF EMERGENCY RESPONSE
In the context of the proposed project, emergency response following an earth quake
comprises those actions that aim at the restoration of the integrity and level of services
of the failed infrastructure networks. This work package will develop the
methodology for assessing the repair/recovery actions that would restore as much as
possible of the capacity of certain network at the shorter possible time. “As much as
possible” will include a consideration of the criticality of the restored service. Special
attention will be given to the identification of actions hat will restore services of one
network to another ( e.g. restore communication lines for the SCADA of the natural
gas network).
T.8.1.
GIS-BASED MODEL FOR ALMOST REAL-TIME DAMAGE
ASSESSMENT
This task assumes that some if not all infrastructure networks are equipped with a
system (is SCADA doing this?) that returns to a Control center a signal from which
the availability of some sub-networks or components can be directly or indirectly
assessed. This almost real-time information about the state of the network will be
combined with the information provided by tasks T.6.3and T.7.1 will form the basis
for a methodology for almost real –time signal processing for “knowledge –discovery
–data mining” approach to the identification of the state of the system. This method
will combine information from the signals of the various SCADA systems, the
characteristics of the earthquake and the possible failure modes of the networks
compatible with the earthquake, to derive a fast assessment of the state of the
infrastructure system. This information will be incorporated and depicted on the GIS
system.
T.8.2.
REPAIR-RELIEF OPTIMIZATION
For each and every typical or system specific component of the various infrastructure
systems and the failure modes identified and included in the model developed in
WP.1and WP.5 a repair and/or remedy action will be defined, including location of
required manpower and hardware. This information will be stored in a database.
Based on the results of tasks T.8.1 and T.6.3 a set of possible repair actions will be
generated ranked with respect the level of service restore and the time required to
complete this repair, and subject to the manpower and hardware constraints. Both
short term restoration and long term recovery will be considered.
RISK MANAGEMENT IV: MEASURE PRIORITIZATION
Details to be added
WP.9. MULTICRITERIA EVALUATION OF EACH PROPOSED MEASURE
Details to be added
T.9.1.
Details to be added
116108260
DEVELOPMENT OF SAFETY-RELATED CRITERIA
10/12/
T.9.2.
Details to be added
DEVELOPMENT OF COST-RELATED CRITERIA
T.9.3.
EVALUATION OF EACH RISK REDUCING ALTERNATIVE TO ALL
CRITERIA
Details to be added
T.9.4.
Details to be added
COMPARISON OF ALTERNATIVES
WP.10. PROJECT MANAGEMENT
116108260
11/12/
8. PARTNERS INVOLVED
Partners are invited to declare technological area of competence and/or interest (e.g.
electrical, gas, transportation, information and telecommunication ) as well as
methodology area of interest / competence (e.g. large scale simulation, seismic fragility,
flood vulnerability, GIS, information security)
9. RESOURCES FOR TOTAL SUBPROJECT
Estimated 3 person years per network to be modeled plus 10 person years per threat. This
means 25 to 30 person years for five networks and two threats,
10. DURATION
Three to four years depending on manpower
11. FINANCIAL PLAN
12. OTHER ISSUES
116108260
12/12/