Professional Documents
Culture Documents
Risk Assessment Methodologies For CI PDF
Risk Assessment Methodologies For CI PDF
Marianthi Theocharidou
marianthi.theocharidou@ec.europa.eu
3000 staff
Almost 75% are scientists
and researchers.
Headquarters in Brussels
and research facilities
located in
5 Member States.
Risk
• effect of uncertainty on objectives (ISO 31000)
Likelihood Consequences
Critical Infrastructure
Risk Management at EU level
Risk Assessment
•National assets (all hazards) •Measures of
•European CI protection
•Organizational •Measures of
level Resilience
•Dependencies! •Sector level
•National level
•European level
CI Identification Risk Treatment
In the world …
5
NRA guidelines (DG-ECHO)
• Based on ISO31000
Top Hazards in EU
2016 update: Several countries include scenarios on loss of CI, including power
outage.
Political/social consequences
Performance
Original
State
Cost
Recovered
State
Disrupted Recovery
State Action
16
Common steps
Threat and
Risk Scenario Vulnerability Consequence
Hazard
Identification Assessment Assessment
Assessment
Critical Infrastructure Risk Management
Framework
Better
Infrastructure
Risk and
Resilience
• Argonne National
Laboratory
• 18 sectors
• Vulnerability Index
• Protective Measures
Index
• Resilience Index
• Relies on operators for
the asset assessment
CARVER2
20
CIP Decision Support System
• High level
systems of
infrastructures
• 1-st order of
dependencies
• Common
metrics for
impact
• Alternative risk
mitigation
options
CIPMA
(Australia)
RAMCAP-Plus
1. Asset characterisation
2. Threat characterisation
3. Consequence analysis
• Most critical assets in a facility
4. Vulnerability analysis • Higher level analysis
5. Threat assessment • Cross-Sectoral risk
6. Risk and Resilience assessment comparison
• Resilience is central
7. Risk and Resilience Management
SRA tool
Summary
• Large set of methods and tools
• Cover various stages of the risk management process and various needs
• Resilience is not included in several tools explicitly
• Data input is a challenge
• For consequence analysis: Aggregated impact or Scoring
Cross-
Sector National
Operator level border
level level
level
Organisations exist
within a
community/system
Resilience is
needed at all levels
of this system
CIPedia©
A multi-disciplinary glossary
www.cipedia.eu
Stay in touch
•Twitter: @EU_ScienceHub