User Tools

Site Tools


An efficient process to reduce infrastructure vulnerabilities facing malevolence

Julien Piwowar, Eric Châtelet, Patrick Laclémence

Protection and Anticipation for Critical Infrastructure Facing Human Aggressions (PACIFHA) is a step-by-step process and its framework approximately looks similar to Quantitative Risk Assessment (QRA) (original overview given by Garrick). Chronological steps of the methodological process are:

1. Systemic analysis

According to the four criteria of the systemic approach (objectives, geographical situation, constitution and temporal situation (Le Moigne), the system is defined (system itself and its surroundings):

1.1. Objectives of the system. Definition of the constraints within the system.

1.2. Geographical situation (geographic: suburbs + constraints):

a. Determination of the boundaries of the system;

b. Identification of the environment beyond previous boundaries;

c. Identification of external interactions and associated constraints.

1.3. Constitution (nature, particularities, activities and organisation of the system):

a. Identification of all under-systems;

b. Identification of internal interactions with associated constraints.

1.4. Situation (temporal). Dynamic of the system:

a. Diachronic: where it comes from? What it will become?

b. Synchronic: what is the system doing? What is it?

On systemic analysis useful tool is table of vulnerabilities (FEMA, chapter 1)

2. Interactions between aggressors’ profiles and systems

Six main categories of targets for a terrorist act (described by Branscomb):

2.1. People who are vulnerable to disease, agriculture, animal husbandry, and food distribution systems.

2.2. Communications and information services, command and control centres.

2.3. Energy systems (e.g., power plants, refineries, and both fuel and energy distribution).

2.4. Transportation systems (air, sea, and land).

2.5. Cities and fixed infrastructures (buildings, water supply, tunnels, dikes, and bridges).

2.6. People congregated in large numbers (e.g., athletic venues, theatres).

3. Vulnerabilities assessment and determination of key places

On base of BC Ezell’s theory developed multicriteria decision model for assessment of vulnerabilities was used. The main aim of multicriteria decision model is to compare the ideal system with the real system. It is suggested that the assessment could be calculated on the whole system, or only concerned an under-system or a component. Because some under-systems could be linked by retrospective effect or could belong to causal modes, in the article is suggested to represent a system in a critical layers decomposition (also suggested by Kosmowski et al. [21,17]). In particular article the main consideration is that “an attack could hit the system on every part of it and maybe at the same time on different levels”. By carrying out this study, it is possible to determine key places of the system and the weaknesses of the system according to the performed vulnerabilities assessment, and mark the different ways to go. In the next step of the PACIFHA, by taking into account results of the vulnerability study, scenarios of ways how to hit the system were elaborated.

4. Building of scenarios

It is suggested for building scenarios to use both methodologies, classical ones (Bayesian theories or probabilistic ones (event or causal trees, bow tie diagrams, etc.)) and non-predictive ones (possibility theories based on belief/plausibility, fuzzy logics (by Ross), meta-heuristics (by Hansen) or any non-predictive methods such as ‘Robust Decision Making’ [24]). In the article is claimed that such approach allows to “discuss a broad scope of eventualities in order to update the security systems”. With help of classical methodologies it is possible to “define a huge part of malevolence acts scenarios and predict where it would be the most efficient to enforce the security system in order to anticipate and be protected to face attacks”. But if non- probabilistic methodologies are included, the predictions become less “transparent”. In the paper, on base of an example, has been explained the use of “meta-heuristics to elaborate scenarios and particularly the use of Genetic Programming”. The authors believe that the results of expected scenarios will give a “new idea of the infrastructure’s criticity”.

5. Updating the security systems

The security systems should be updated by taking into account the results of all the previous studies.

Advantages and inconveniences

The authors provide list of inconveniences related to the approach:

1) all the quantifications to assess vulnerabilities on a given system are based on human subjectivity ([…] how can we anticipate human thinking better than using human brains?);

2) it is crucial to choose competent people to lead the assessments;

3) the methodology needs to be updated, because “it works not only with the evolving geopolitics but also with introductions of new factors in the whole system”. It causes two constraints: a person needs to be trained to manage the applied methodology and the process should not become easy to manage (in order to keep being “unknown” for potential attackers).


1) using ‘subject matter experts’ to assess vulnerabilities is an advantage because to predict human acts, similar way of thinking is needed;

2) layer decomposition provides “[…] the possibility of linking parts of the system that could not be obvious with linear decomposition”;

3) several profiles of aggressors are considered.

kritis/new_methodology-pacifha.txt · Last modified: 2015/03/24 15:32 (external edit)