by Enrico Zio
Chair on Systems Science and the Energy Challenge – Ecole Centrale Paris and Supelec, European Foundation for New Energy-Electricité de Franc e Energy Department, Politecnico di Milano, Italy
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Modeling the Complexity of Critical Infrastructures
1. MODELING THE COMPLEXITY OF CRITICAL
INFRASTRUCTURES
Enrico Zio
Chair on Systems Science and the Energy Challenge – Ecole Centrale Paris and Supelec,
European Foundation for New Energy-Electricité de France
Energy Department, Politecnico di Milano, Italy
3. Complex Systems
•Network of many interacting components
•Components of heterogeneous type
•Hierarchy of subsystems
•Interactions across multiple scales of space and/or time
Dependences (uni-directional) and
interdependences (bi-directional)
3
5. Critical Infrastructures are Engineered Complex Systems:
Structural complexity
Structural complexity :
• heterogeneity of components across different technological
domains due to increased integration among systems
• dimensionality: large number of nodes highly interconnected also
with other systems (dependences and interdependences)
• scale of connectivity demands for increased amount and quality of
information to describe the state of the system.
5
6. Critical Infrastructures are Engineered Complex Systems:
Dynamic complexity
Dynamic complexity :
• emergence of system behavior in response to changes in the
environmental and operational conditions of parts of the system.
6
7. Statement 2:
To protect Critical Infrastructures, we must
model them to know their behavior
7
8. Modeling Engineered Complex Systems
system logic representation
system mathematical model
system model quantification
uncertainty analysis and quantification
8
9. Modeling Engineered Complex Systems
physical attributes
{structure, dynamics, dependencies and interdependencies, …}
operation and management attributes
{communication, control, human and organizational factors, logistics…}
performance and safety attributes
{reliability, availability, maintainability, risk, vulnerability, …}
economic attributes
{life-cycle costs, costs-benefits, market drivers…}
social attributes
{supply-demand, active players, …}
environmental attributes
{pollution, sustainability, …}
9
11. Systems of Systems
Power transmission
Railway
Communication
Physical Dependency
Physical Dependency
Cyber Dependency, pcp
Cyber Dependency, pcr
11
12. Corollary to statement 2:
To protect Critical Infrastructures, we must
model their response to hazards, failures and
threats to analyze their
Reliability/Risk/Vulnerability/Resilience/…
characteristics
12
14. Reliability/Risk/Vulnerability/Resilience/… analysis
System analysis:
-
hazards and threats identification
-
physical and logical structure identification
- dependencies and interdependences
identification and modeling
- dynamic analysis (cascading failures)
Quantification of
system indicators
Identification of
critical elements
Application for system improvements (optimization):
W. Kroger and E. Zio, “Vulnerable
Systems”, Springer, 2011
design
-
operation
- protection
14
15. Statement 3:
To model the (engineered) complex systems (of
systems) which make our Critical
Infrastructures, there is not one single modeling
approach that “captures it all”
15
16. Modeling the complexity of Critical Infrastructures
Modeling
Critical
Infrastructures
APPROACHES
Topological
Flow
Phenomenological
Logical
OUTPUTS
System
indicators
Critical
elements
16
17. Modeling the complexity of Critical Infrastructures:
The Dual Analysis
• Critical Infrastructures are engineered complex systems: structure + dynamics+
failure/recovery process
Inverse Problem
Direct Problem
Disaggregation
Challenge
Aggregation
Challenge
Identifying
Vulnerabilities at
the Components
Level
Evaluating Global
Indicators
• Critical Infrastructures modeling: topological, flow, phenomenological, logic
Detail
Computational cost
17
18. Modeling the complexity of Critical Infrastructures
Modeling
Critical
Infrastructures
APPROACHES
Topological
Flow
Phenomenological
Logical
OUTPUTS
System
indicators
Critical
elements
18
19. Modeling the complexity of Critical Infrastructures
Hierarchical network representation framework and vulnerability analysis
34
30
23
59 31
60
40
61
76
62
64
78
71
83
79
86
110
112
111
107
114
109
119
Criticality of the inter-cluster components
Multi-level reliability analysis based on the hierarchical network representation
Fang Y.-P., Zio E. “Unsupervised spectral clustering for hierarchical modelling and criticality analysis of complex
networks,” Reliability Engineering & System Safety, Volume 116, 2013, Pages 64-74.
19
20. Modeling the complexity of Critical Infrastructures
Modeling
Critical
Infrastructures
APPROACHES
Topological
Flow
Phenomenological
Logical
OUTPUTS
System
indicators
Critical
elements
20
21. Modeling the complexity of Critical Infrastructures
Modelling the cascading failure (topological method)
Node load:
1
Lk =
N N
S C
n (k )
ij
∑ j ∈V , j ∈V , k ∈V , i ≠ j ≠ k
n
S
C
ij
Initialize load, capacity
Initial failure
Node capacity:
C k = (1 + α ) L k
n
ij
number of shortest paths between
generators and distributors
n (k ) number of shortest paths between
ij
generators and distributors passing
load redistribution
YES
more failures
occur?
NO
cascading end
NS, NC
through node k
number of generator, distributor
VS, VC
set of generator, distributor
loss evaluation
α
Network tolerance (robustness)
betweenness–based cascading failure model
21
23. Modeling the complexity of Critical Infrastructures
Spreading rules:
• fixed load (5%) transferred after a failure to neighboring nodes
• fixed load, I, (10%) transferred after a failure to interdependent nodes
61%
105%
87%
65%
103%
87%
101%
106%
85%
49%
32%
106%
70%
58%
105%
93%
67%
96%
48%
100%
Propagation
follows until no
more working
component can
fail
38%
22%
91%
21%
100% = component relative limit capacity
Initiating event: uniform disturbance (10%)
23
24. Modeling the complexity of Critical Infrastructures
25
Average Cascade Size, S
20
15
10
5
0
0.5
Scr = 15%
0.55
0.6
0.65
0.7
0.75
Average initial load,
Lcr = 0.7266
0.8
0.85
0.9
0.95
1
L
Lcr = 0.8662
E. Zio and G. Sansavini, "Modeling Interdependent Network Systems for Identifying Cascade-Safe Operating
Margins", IEEE Transactions on Reliability, 60(1), pp. 94-101, March 2011
24
25. Modeling the complexity of Critical Infrastructures
Modeling
Critical
Infrastructures
APPROACHES
Topological
Flow
Phenomenological
Logical
OUTPUTS
System
indicators
Critical
elements
25
26. Modeling the complexity of Critical Infrastructures
Main inputs:
• Main Feedwater system
Internal barriers:
• Water systems:
- High Pressure Coolant
Injection (HPCI) System
- Low Pressure Coolant
Injection (LPCI) System
• Depressurization system:
- Automatic Depressurization
system (ADS)
• Power system:
- Diesel Generator (DG)
External supports:
• Water system:
- Water from the river
• Power system:
- Offsite power
Recovery supporting
elements:
• Road transportation system:
- Road access (R)
26
27. Modeling the complexity of Critical Infrastructures
system logic representation
system mathematical model
system model quantification
uncertainty analysis and quantification
27
29. Modeling the complexity of Critical Infrastructures
system logic representation
system mathematical model
system model quantification
uncertainty analysis and quantification
29
30. System mathematical model: multistate
Function
Structure
At component level
3: No damages
2: Slight damages
Combinations of
structural and
functional
multistates
considered
2: Partialy working
1: Strong damages
Structure
3: Fully working
1: Not working
Function
Structure
Function
3
3
3
2
2
2
1
1
1
3
2
1
Structural
Functional
damage[%]
output [gpm]
0
5000
0 ÷ 10 (small
4625
/intermediate leaks)
> 10
< 4625
3
3
3
1
1
1
e.g., power pole
e.g., water pipe
State
Function
Structure
State
3
2
1
Structural
damage[%]
0
0 ÷ 12
> 10
e.g., automatic
depressurization system
Functional
output [%]
State
100
0
3
1
Structural
damage[%]
0
>0
Functional
output [%]
100
0
At system level
State 3 (Healthy): Safety of the Nuclear Power Plant (NPP) given by two water systems: one of
them is in state 3 and the other one is at least in state 2.
State 2 (Marginal): Safety of the NPP given by one water system that is at least in state 2.
State 1 (At Risk): No safety of the NPP: all the water systems are in state 1.
30
31. Modeling the complexity of Critical Infrastructures
system logic representation
system mathematical model
system model quantification
uncertainty analysis and quantification
31
32. Quantitative evaluation: procedural steps
Probabilistic Seismic Hazard Analysis: Ground motion at a site of interest for any magnitude
Fragility evaluation: Conditional probability of exceeding a level of damage, given a ground motion level
Safety
Resilience
1. Evaluate the structural (and
corresponding functional) state of
each component by MC simulation
2. Compute the functional state of the
NPP by GTST – DMLD
1. Sample the recovery time (RT) of the state 2 and/or 3 of
each component from the corresponding pdfs
2. Determine the next structural state that will be reached
3. Sort the RT in increasing order and carry out the analysis
from the smallest RT
4. Evaluate the occurrence of aftershocks before the
restoration of the component with smallest RT
5. If the component with the smallest RT is not affected by
aftershocks (i.e., it reaches the next state determined at step
2.), evaluate the functional state of the NPP; otherwise
sample a new RT for the components affected by the
aftershocks and go to step 3.
6. if the NPP is in state 3, stop the algorithm; else, proceed with
the analysis of the component with the next smallest RT
Repeat steps 1 – 2 n times
Estimated probability of
the NPP to be in the
functional state 1, 2 or 3
Repeat steps 1 – 6 k times
Probability density function of the RT of
the safety of the NPP (states 2 and 3)
32
33. Analyzing Vulnerability and Failures in Systems of
Systems: Safety and Resilience Analysis
Resilience
Probability density functions (PDFs) of the time necessary to restore the marginal (2) and
healthy (3) states of the NPP from a risk state (1), after the occurrence of an earthquake and
its aftershocks, in the case of multistate and binary state model.
• From state 1 to state 2
• From state 1 to state 3
0.3
0.3
0.25
0.25
PDF
0.35
PDF
0.35
0.2
μ = 2.6 d
0.15
μ = 4.3 d
0.2
μ = 72.9 d
0.15
0.1
0.1
Multistate
Binary state
0.05
0
Multistate
Binary state
0
20
40
60
80
μ = 22.5 d
0.05
100
Recovery time [d]
0
0
20
40
60
80
100
Recovery time [d]
Multistate model shows that a faster recovery to a marginal state is
possible, but a longer time is needed to reach a healthy state
33
35. Modeling the complexity of Critical Infrastructures
Consider a system of 2 interconnected
systems where the system response is
described by the switching dynamics:
Mode 1:
,
Mode 2:
,
Mode 3:
,
Mode 4:
,
35
36. Modeling the complexity of Critical Infrastructures
Steps for describing the resilience region:
Find the geometric locus of the equilibrium point ‘ ’.
Describe the invariant set which contains the equilibrium point.
Find the reachable regions for the invariant set (i.e. the invariant
set is a basin of attraction for the resilience region).
36
38. The complexity of analyzing the Reliability/Risk/ Vulnerability/
Resilience/… in Critical Infrastructures
Structural complexity: heterogeneity, dimensionality, connectivity
Dynamic complexity : emergent behavior
Uncertainty: aleatory, epistemic, perfect storms, black swans
38
39. The complexity of analyzing the Reliability/Risk/ Vulnerability/
Resilience/… in Critical Infrastructures
System analysis:
-
hazards and threats identification
-
physical and logical structure identification
-
dependencies and interdependences
identification and modeling
Modeling
Critical
Infrastructures
-
dynamic analysis (cascading failures)
APPROACHES
Quantification of
system safety
indicators
Identification
of critical
elements
Topological
Flow
Phenomenological
Application for system improvements:
-
design
-
OUTPUTS
operation
-
Logical
interdiction/protection
System
indicators
Critical
elements
Systems of systems
W. Kroger and E. Zio, “Vulnerable
Systems”, Springer, 2011
39
40. The complexity of analyzing the Reliability/Risk/ Vulnerability/
Resilience/… in Critical Infrastructures
Structural Complexity + Dynamic Complexity
Modeling, Simulation, Optimization and Computational Challenges
Phenomenological
Topological
Detail
Computational cost
Detail
Computational cost
Uncertainty
Logic
Detail
Flow
Detail
Computational cost
Risk + Control Theory
Computational cost
Integrated Approach
40
41. Acknowledgments
Chair SSDE (ECP+Supelec, EDF): Yiping Fang, Elisa Ferrario, Elizaveta Kuznetzova, Yanfu Li,
Rodrigo Mena, Nicola Pedroni
Politecnico di Milano (ex): Giovanni Sansavini
41