Risk and Vulnerability Analysis of Critical Infrastructures

This chapter presents an approach for a cross-sector risk and vulnerability analysis (RVA) of critical infrastructures. The RVA is an extended version of a preliminary hazard analysis (PHA) and can be applied to any complex system with only minor adaptati

  • PDF / 481,173 Bytes
  • 11 Pages / 439.37 x 666.142 pts Page_size
  • 69 Downloads / 209 Views

DOWNLOAD

REPORT


Risk and Vulnerability Analysis of Critical Infrastructures Per Hokstad, Ingrid Bouwer Utne and Jørn Vatn

Abstract This chapter presents an approach for a cross-sector risk and vulnerability analysis (RVA) of critical infrastructures. The RVA is an extended version of a preliminary hazard analysis (PHA) and can be applied to any complex system with only minor adaptations. The analysis has three phases described below: (1) analysis preparation, (2) preliminary risk analysis and (3) detailed risk analyses. The objective of the RVA is to identify hazardous events related to the activity/ system as thorough as reasonably practicable. In phase 2, risk is assessed by the analysis group from direct assessments of probabilities and consequences on a semi-quantitative scale, such as low (L), medium (M) and high (H). This is in line with a standard PHA, which aims to identify and assess all major risks, and provide risk-reducing measures, without including detailed risk calculations or analyses. The preliminary risk analysis is then used for screening, and the most critical events are investigated further for various detailed analyses and quantifications. The RVA described here intends to give a complete overview of all risks elements related to the systems under investigation.

P. Hokstad (&) SINTEF Safety Research, Trondheim, Norway e-mail: [email protected] I. B. Utne Department of Marine Technology, NTNU, Trondheim, Norway J. Vatn Department of Production and Quality Engineering, Norwegian University of Science and Technology, Trondheim, Norway

P. Hokstad et al. (eds.), Risk and Interdependencies in Critical Infrastructures, Springer Series in Reliability Engineering, DOI: 10.1007/978-1-4471-4661-2_3,  Springer-Verlag London 2012

23

24

P. Hokstad et al.

3.1 Phases of Analysis The first phase is to clarify analysis objectives. The main purpose of a cross-sector risk and vulnerability analysis (RVA) is to provide authorities with decision support regarding identification of risks and vulnerabilities, prioritization of riskreducing measures and planning of emergency preparedness related to a number of infrastructures for which they are responsible. Phase 2 of the RVA is to provide a preliminary risk analysis similar to a preliminary hazard analysis (PHA), which includes identification and risk assessment of undesired events (UEs). The bow-tie diagram introduced in Chap. 2 constitutes a useful conceptual framework for the analysis, where the undesired (hazardous) events are in focus, investigating both causes and various (undesired) consequences. However, the RVA includes an evaluation of a wider set of consequences, for example, also looking into consequences of other infrastructures. Finally, the third phase allows for more detailed analyses. The main phases of the RVA are outlined below and are further elaborated in the next sections: 1. Risk analysis preparation • Clarify objectives and stakeholders • Determine system boundaries and consequence categories • Establish forum/meeting place for relevant stakehold