Security Risk Assessment and Mitigation Prioritization

Transcription

1 Security Risk Assessment and Mitigation Prioritization Stephanie King, PhD, PE Weidlinger Associates, Inc. FFC Committee on Physical Security and Hazard Mitigation July 15, New York Massachusetts Washington DC New Jersey California New Mexico Edinburgh UK

2 Outline Introduction Security Risk Assessment Key elements and terminology Basic methods (screening) Critical issues Mitigation Prioritization Quantified benefit-cost analysis Critical issues Examples 2

3 Introduction Limited resources + competing priorities Where are the risks? Which risks are acceptable? What should be mitigated first? Which mitigation options are best? Specific to security Electronic v. Operational v. Hardening? How much protection is enough? Rational defense against irrational acts 3

4 General Components of Risk Management Risk Components and Terminology Threat Assessment Vulnerability Assessment 4 Risk = P[Event] x E[Consequences Event] Risk = Vulnerability x Criticality Risk = Threat x Vulnerability x Consequences Risk = Occurrence x Vulnerability x Importance Criticality/ Consequences

5 Risk Assessment Methods Threat Assessment 5 Likelihood of Occurrence Low High Minor Vulnerability Assessment Catastrophic Outcome if Event Occurs Criticality or Importance Assessment Slope of boundaries and definitions depend on risk tolerance

6 Risk Assessment Methods 100 EXAMPLE: AASHTO Guide for Bridges & Tunnels (2002) Quadrant IV Low criticality and high vulnerability Quadrant I High criticality and high vulnerability Vulnerability (Y) 50 Quadrant III Low criticality and low vulnerability Quadrant II High criticality and low vulnerability Visibility and Attendance Access to the Asset Site-specific Hazards Criticality (X) 6 Defer/Defend Factors Loss and Damage Consequences Consequences to Public Services Consequences to the General Public

7 Risk Assessment Methods EXAMPLE: DHS ODP State Homeland Security Assessment and Strategy Program: Special Needs Jurisdiction Tool Kit (2003) 7 High Risk Threshold

8 8 Risk Assessment Methods

9 Risk Assessment Methods Risk = Asset Value X Threat Rating X Vulnerability Rating 9 EXAMPLE: Results from FEMA 452 (2005)

10 Risk Assessment Methods Fault-tree / Consequence-based Assessment Unacceptable Outcome Loss X Consequence Assessment Glazing = high hazard Response 5 AND OR Collapse Response 3 AND Vulnerability Assessment Event A Event A1 4K blast in city At location 1 Response 4 No Collapse Event A 4K blast in city Event A1 At location 1 Threat Assessment 10 Useful for multi-hazard risk assessment

11 Critical Issues: Assessment Definition of Risk Metric Stakeholders input and buy-in Subjectivity, Uncertainty, Quantification Transparent, rational, unbiased Consistency among assessors Simplifying assumptions Limitations on results Snapshot in Time = Re-Assess 11

12 Mitigation Prioritization Vulnerability Modeling Hazard Modeling Compute Pre-Mitigation Risk Consequence Modeling Compute Post-Mitigation Risk Repeat for all Mitigation Projects for Facility or System Estimate Mitigation Costs & Benefits Repeat for all Facilities and Systems 12 Develop Mitigation Project Priority

13 Mitigation Prioritization Occurrence (O) V Importance (I) Vulnerability Modeling Hazard Modeling Consequence Modeling Compute Pre-Mitigation Risk Compute Post-Mitigation Risk Risk = O x V x I Reduction in O, V, and/or I Repeat for all Mitigation Projects for Facility or System Estimate Mitigation Costs & Benefits Repeat for all Facilities and Systems 13 Develop Mitigation Project Priority

14 Mitigation Prioritization Threat scenario-based assessment n Risk = Σ [O i V i ] I i=1 threat scenarios Similar to earthquake insurance loss estimation methods Transparent impact of mitigation (hardening v. operational v. electronic) 14

15 Example I: Gravity Dam (HYPOTHETICAL) Upstream Face Outlet System Spillways Powerhouse A Abutment B Powerhouse B Downstream Face Abutment A Powerhouse C 15

16 Threat Scenario Definition Gravity Dam A Pedestrian Abutment A Water Borne Vehicle Borne Pedestrian Abutment B Water Borne Vehicle Borne Powerhouse A Pedestrian Vehicle Borne i = 1 to 21 Pedestrian Powerhouse B Vehicle Borne Powerhouse C Pedestrian Vehicle Borne Upstream Face Pedestrian Water Borne Downstream Face Pedestrian Vehicle Borne Spillways Pedestrian Water Borne Outlet System 16 Pedestrian Water Borne Vehicle Borne

17 Occurrence n Σ[O i V i ] I i Computed for each threat: Gravity Dam A Abutment A Vehicle Borne 17 Weighted sum of pseudo-utility values: O i =Σx j w j j=1 Attributes mapped to quantitative scale Access for attack Security against attack Attractiveness as a target Capability of aggressor 4

18 18 Example Utility Value Mapping

19 Vulnerability Computed for each threat: n Σ[O i V i ] I i Gravity Dam A Abutment A Weighted sum of pseudo-utility values: Attributes mapped to quantitative scale Expected damage Expected closure Expected casualties Vehicle Borne 3 V i =Σx j w j j=1 19

20 20 Example Utility Value Mapping

21 Importance Computed once for the facility Weighted sum of pseudo-utility values: Attributes mapped to quantitative scale Exposed population Historical/symbolic importance Replacement value Importance to regional economy Importance to irrigation system Importance for power generation Importance to transportation network Annual revenue n Σ[O i V i ] I i 8 I=Σx j w j j=1 21

22 Importance Modeling Example Historical significance (HS) Evacuation route (EV) Regional economy (RE) Transportation network (TN) Replacement value (BV) Revenue value (RV) Attached utilities (AU) Military importance (MI) Exposed population (EP) Importance to the Regional Economy: Insignificant = 0 Highly critical = 1 22

23 Pre-Mitigation Risk Scores (HYPOTHETICAL EXAMPLE) 23

24 Post-Mitigation Risk Scores (HYPOTHETICAL EXAMPLE) 24

25 Example II: Existing Building (HYPOTHETICAL EXAMPLE) Car Parking Interior Column Facade Exterior Column 25

26 Example III: New Design (HYPOTHETICAL EXAMPLE) Example: truck explosive at curbside 26

27 Critical Issues: Prioritization Based on rational, rigorous, and unbiased risk assessment Assumptions and limitations Benefits and costs Objectives and constraints Time frame Decision support 27

28 Example IV: Existing Tunnel Single deterministic threat Prioritize on all benefits and costs Benefits: Expected Performance (Reliability) Ease of Tunnel Repair Benefit to Emergency Response Secondary/Other Benefits Costs: Construction Cost Construction Risk Construction Duration Impact on Operations During Construction Impact on Operations Long Term 28

29 29 Benefit-Cost Comparison

30 Concluding Remarks Security risk assessment Components, basis, terminology Screening methods Assumptions and limitations Mitigation prioritization Risk-based, quantitative benefit/cost Rational unbiased approach Several other influences Economic, social, legal, political Rational assessment provides data 30