Modeling the Complexity of Critical Infrastructures

MODELING THE COMPLEXITY OF CRITICAL
INFRASTRUCTURES
Enrico Zio
Chair on Systems Science and the Energy Challenge – Ecole Centrale Paris and Supelec,
European Foundation for New Energy-Electricité de France
Energy Department, Politecnico di Milano, Italy

Statement 1:
Critical Infrastructures are
(Engineered) Complex Systems

2

Complex Systems

•Network of many interacting components
•Components of heterogeneous type
•Hierarchy of subsystems
•Interactions across multiple scales of space and/or time

Dependences (uni-directional) and
interdependences (bi-directional)

3

Critical Infrastructures are Engineered Complex Systems

4

Critical Infrastructures are Engineered Complex Systems:
Structural complexity

Structural complexity :
• heterogeneity of components across different technological
domains due to increased integration among systems
• dimensionality: large number of nodes highly interconnected also
with other systems (dependences and interdependences)
• scale of connectivity demands for increased amount and quality of
information to describe the state of the system.

5

Critical Infrastructures are Engineered Complex Systems:
Dynamic complexity

Dynamic complexity :
• emergence of system behavior in response to changes in the
environmental and operational conditions of parts of the system.

6

Statement 2:
To protect Critical Infrastructures, we must
model them to know their behavior

7

Modeling Engineered Complex Systems

system logic representation
system mathematical model
system model quantification
uncertainty analysis and quantification

8

Modeling Engineered Complex Systems

physical attributes
{structure, dynamics, dependencies and interdependencies, …}

operation and management attributes
{communication, control, human and organizational factors, logistics…}

performance and safety attributes
{reliability, availability, maintainability, risk, vulnerability, …}

economic attributes
{life-cycle costs, costs-benefits, market drivers…}

social attributes
{supply-demand, active players, …}

environmental attributes
{pollution, sustainability, …}

9

Systems of Systems
Power transmission
Railway
Communication

Physical Dependency
Physical Dependency
Cyber Dependency, pcp
Cyber Dependency, pcr
11

Corollary to statement 2:
To protect Critical Infrastructures, we must
model their response to hazards, failures and
threats to analyze their
Reliability/Risk/Vulnerability/Resilience/…
characteristics

12

Reliability/Risk/Vulnerability/Resilience/…
analysis

13

Reliability/Risk/Vulnerability/Resilience/… analysis

System analysis:
-

hazards and threats identification

-

physical and logical structure identification

- dependencies and interdependences
identification and modeling
- dynamic analysis (cascading failures)

Quantification of
system indicators

Identification of
critical elements

Application for system improvements (optimization):
W. Kroger and E. Zio, “Vulnerable
Systems”, Springer, 2011

design

-

operation

- protection

14

Statement 3:
To model the (engineered) complex systems (of
systems) which make our Critical
Infrastructures, there is not one single modeling
approach that “captures it all”

15

Modeling the complexity of Critical Infrastructures

Modeling
Critical
Infrastructures

APPROACHES

Topological

Flow

Phenomenological

Logical

OUTPUTS

System
indicators

Critical
elements

16

Modeling the complexity of Critical Infrastructures:
The Dual Analysis
• Critical Infrastructures are engineered complex systems: structure + dynamics+
failure/recovery process

Inverse Problem

Direct Problem

Disaggregation
Challenge

Aggregation
Challenge

Identifying
Vulnerabilities at
the Components
Level

Evaluating Global
Indicators

• Critical Infrastructures modeling: topological, flow, phenomenological, logic
Detail

Computational cost

17


Modeling
Critical
Infrastructures

APPROACHES

Topological

Flow

Phenomenological

Logical

OUTPUTS

System
indicators

Critical
elements

18

Hierarchical network representation framework and vulnerability analysis
34
30
23

59 31
60

40
61
76

62

64
78

71
83

79
86

110
112
111
107

114

109
119

Criticality of the inter-cluster components
Multi-level reliability analysis based on the hierarchical network representation
Fang Y.-P., Zio E. “Unsupervised spectral clustering for hierarchical modelling and criticality analysis of complex
networks,” Reliability Engineering & System Safety, Volume 116, 2013, Pages 64-74.

19


Modeling
Critical
Infrastructures

APPROACHES

Topological

Flow

Phenomenological

Logical

OUTPUTS

System
indicators

Critical
elements

20

Modelling the cascading failure (topological method)
Node load:
1
Lk =
N N
S C

n (k )
ij
∑ j ∈V , j ∈V , k ∈V , i ≠ j ≠ k
n
S
C
ij

Initialize load, capacity
Initial failure

Node capacity:
C k = (1 + α ) L k

n
ij

number of shortest paths between
generators and distributors

n (k ) number of shortest paths between
ij
generators and distributors passing

load redistribution
YES

more failures
occur?
NO

cascading end

NS, NC

through node k
number of generator, distributor

VS, VC

set of generator, distributor

loss evaluation

α

Network tolerance (robustness)

betweenness–based cascading failure model

21

Optimal network design against cascading failure

S

C

0.8

cascading vulnerability

Objectives: maximize the resilience of the
network in resisting to cascading failures with
limited construction cost



min  ∑ ϕX ij 
Network cost

i∈V , j∈V 

 min { (G )}
Cascading failure loss
Vul


∑ X ij > 0 ∀j ∈ VC
 i∈V
s.t. 
 ∑ X ij > 0 ∀i ∈ VS
 j∈V
Variables: generator distributor links X ij

0.5
0.4
0.3
0.2
0.1
2000.00

4000.00

6000.00

8000.00

cost

1
0.9

original network
Pareto solution 3
Pareto solution 5

0.8

cascading vulnerability

Tradeoff between cost and gained network
resilience

0.6

0.0
0.00

C

Improve network resilience by adding
redundant links in a suitable way

0.7

0.7
0.6

1

2

8
34 5
6
46
7
9
11 10
45
14 44
15 13 12
43
87
16
33
8485 86
19 18
42
17
252432
83 88
41
47
23 31
20 21 2630
82
22 27
81
28
80
34 29
92
89
35
52
38
91
54
36
90
37 3940
79
93
94 96
53
70 71
76
63
95
56
77
69
97
55
67 73
68 72
99
6566
74
57
75
100 98
62
78
61 6058
59
128 129
101
102
135
148
104 105
147
130
103
146
132
145
149
106
133138 144
134
131
139 142
109
136
137
143
154
150
140
155
141 152
108
127
157151
107
110
159 156
153
125
126
111
158
160
116
115
112
161
162
171
163 166
117
165 170
164
118
167 169
113 120
121
168
114
122
119
123
50
51
49
48

64

0.5
0.4

124

0.3
0.2
0.1

Fang Y.-P., Zio E., “Optimal Production Facility Allocation for Failure
Resilient Critical Infrastructures,” ESREL 2013.

0
0

0.2

0.4

0.6

0.8

1

α

1.2

1.4

1.6

1.8

2

22


Spreading rules:
• fixed load (5%) transferred after a failure to neighboring nodes
• fixed load, I, (10%) transferred after a failure to interdependent nodes

61%

105%
87%

65%

103%

87%
101%

106%

85%

49%

32%
106%

70%

58%

105%
93%

67%
96%

48%

100%

Propagation
follows until no
more working
component can
fail

38%

22%

91%
21%

100% = component relative limit capacity
Initiating event: uniform disturbance (10%)

23


25

Average Cascade Size, S

20

15

10

5

0
0.5

Scr = 15%
0.55

0.6

0.65

0.7

0.75
Average initial load,

Lcr = 0.7266

0.8

0.85

0.9

0.95

1

L

Lcr = 0.8662

E. Zio and G. Sansavini, "Modeling Interdependent Network Systems for Identifying Cascade-Safe Operating
Margins", IEEE Transactions on Reliability, 60(1), pp. 94-101, March 2011

24


Modeling
Critical
Infrastructures

APPROACHES

Topological

Flow

Phenomenological

Logical

OUTPUTS

System
indicators

Critical
elements

25

Main inputs:
• Main Feedwater system

Internal barriers:
• Water systems:
- High Pressure Coolant
Injection (HPCI) System
- Low Pressure Coolant
Injection (LPCI) System

• Depressurization system:
- Automatic Depressurization
system (ADS)

• Power system:
- Diesel Generator (DG)

External supports:
• Water system:
- Water from the river

• Power system:
- Offsite power

Recovery supporting
elements:
• Road transportation system:
- Road access (R)

26



27

System logic representation: GTST-DMLD

28



29

System mathematical model: multistate
Function

Structure

At component level

3: No damages
2: Slight damages

Combinations of
structural and
functional
multistates
considered

2: Partialy working

1: Strong damages

Structure

3: Fully working

1: Not working

Function

Structure

Function
3

3

3

2

2

2

1

1

1

3
2
1

Structural
Functional
damage[%]
output [gpm]
0
5000
0 ÷ 10 (small
4625
/intermediate leaks)
> 10
< 4625

3

3

3

1

1

1

e.g., power pole

e.g., water pipe
State

Function

Structure

State
3
2
1

Structural
damage[%]
0
0 ÷ 12
> 10

e.g., automatic
depressurization system

Functional
output [%]
State
100
0

3
1

Structural
damage[%]
0
>0

Functional
output [%]
100
0

At system level
State 3 (Healthy): Safety of the Nuclear Power Plant (NPP) given by two water systems: one of
them is in state 3 and the other one is at least in state 2.
State 2 (Marginal): Safety of the NPP given by one water system that is at least in state 2.
State 1 (At Risk): No safety of the NPP: all the water systems are in state 1.

30



31

Quantitative evaluation: procedural steps

Probabilistic Seismic Hazard Analysis: Ground motion at a site of interest for any magnitude
Fragility evaluation: Conditional probability of exceeding a level of damage, given a ground motion level
Safety

Resilience

1. Evaluate the structural (and
corresponding functional) state of
each component by MC simulation
2. Compute the functional state of the
NPP by GTST – DMLD

1. Sample the recovery time (RT) of the state 2 and/or 3 of
each component from the corresponding pdfs
2. Determine the next structural state that will be reached
3. Sort the RT in increasing order and carry out the analysis
from the smallest RT
4. Evaluate the occurrence of aftershocks before the
restoration of the component with smallest RT
5. If the component with the smallest RT is not affected by
aftershocks (i.e., it reaches the next state determined at step
2.), evaluate the functional state of the NPP; otherwise
sample a new RT for the components affected by the
aftershocks and go to step 3.
6. if the NPP is in state 3, stop the algorithm; else, proceed with
the analysis of the component with the next smallest RT

Repeat steps 1 – 2 n times

Estimated probability of
the NPP to be in the
functional state 1, 2 or 3

Repeat steps 1 – 6 k times

Probability density function of the RT of
the safety of the NPP (states 2 and 3)

32

Analyzing Vulnerability and Failures in Systems of
Systems: Safety and Resilience Analysis

Resilience
Probability density functions (PDFs) of the time necessary to restore the marginal (2) and
healthy (3) states of the NPP from a risk state (1), after the occurrence of an earthquake and
its aftershocks, in the case of multistate and binary state model.
• From state 1 to state 2

• From state 1 to state 3

0.3

0.3

0.25

0.25

PDF

0.35

PDF

0.35

0.2

μ = 2.6 d

0.15

μ = 4.3 d
0.2

μ = 72.9 d

0.15

0.1

0.1

Multistate
Binary state

0.05

0

Multistate
Binary state

0

20

40

60

80

μ = 22.5 d

0.05

100

Recovery time [d]

0

0

20

40

60

80

100

Recovery time [d]

Multistate model shows that a faster recovery to a marginal state is
possible, but a longer time is needed to reach a healthy state
33

Reliability analysis

Modeling
Critical
Infrastructures

APPROACHES

Topological

Flow

Phenomenological

Logical

OUTPUTS

System
indicators

Critical
elements

34


Consider a system of 2 interconnected
systems where the system response is
described by the switching dynamics:
Mode 1:

,

Mode 2:

,

Mode 3:

,

Mode 4:

,

35


Steps for describing the resilience region:
Find the geometric locus of the equilibrium point ‘ ’.
Describe the invariant set which contains the equilibrium point.
Find the reachable regions for the invariant set (i.e. the invariant
set is a basin of attraction for the resilience region).

36

The complexity of analyzing the Reliability/Risk/ Vulnerability/
Resilience/… in Critical Infrastructures

Structural complexity: heterogeneity, dimensionality, connectivity
Dynamic complexity : emergent behavior
Uncertainty: aleatory, epistemic, perfect storms, black swans

38

System analysis:
-

hazards and threats identification

-

physical and logical structure identification

-

dependencies and interdependences
identification and modeling

Modeling
Critical
Infrastructures

-

dynamic analysis (cascading failures)
APPROACHES

Quantification of
system safety
indicators

Identification
of critical
elements

Topological

Flow

Phenomenological

Application for system improvements:
-

design

-

OUTPUTS

operation

-

Logical

interdiction/protection

System
indicators

Critical
elements

Systems of systems
W. Kroger and E. Zio, “Vulnerable
Systems”, Springer, 2011

39


Structural Complexity + Dynamic Complexity
Modeling, Simulation, Optimization and Computational Challenges
Phenomenological

Topological
Detail

Computational cost

Detail

Computational cost

Uncertainty

Logic
Detail

Flow
Detail

Computational cost

Risk + Control Theory
Computational cost

Integrated Approach
40

Acknowledgments

Chair SSDE (ECP+Supelec, EDF): Yiping Fang, Elisa Ferrario, Elizaveta Kuznetzova, Yanfu Li,
Rodrigo Mena, Nicola Pedroni
Politecnico di Milano (ex): Giovanni Sansavini

41

More info

Research
www.ssde.fr (Ecole Centrale Paris and Supelec)
lasar.cesnef.polimi.it (Politecnico di Milano)
Application
www.aramis3d.com

42

Modeling the Complexity of Critical Infrastructures

Recommandé

Recommandé

Contenu connexe

En vedette

En vedette (9)

Similaire à Modeling the Complexity of Critical Infrastructures

Similaire à Modeling the Complexity of Critical Infrastructures (20)

Plus de Community Protection Forum

Plus de Community Protection Forum (20)

Dernier

Dernier (20)

Modeling the Complexity of Critical Infrastructures