Professional Documents
Culture Documents
PMBOK 6 v3
PMBOK 6 v3
www.elsevier.com/locate/ijcip
Article history: This paper describes a methodology for risk identification and risk assessment in
Received 13 December 2011 electricity infrastructures. The approach leverages risk maps and can be applied to general
Received in revised form infrastructure networks. A semi-quantitative assessment strategy that incorporates the
6 September 2013 creation of risk charts within a risk management framework is also presented. This
Accepted 6 October 2013 strategy engages an intuitive graphical representation to identify the most significant
Available online 9 October 2013 threats affecting infrastructure networks. As a result, it is possible to conduct risk analyses
Keywords: of energy supply (and other) infrastructures within a region or country by engaging
Electricity infrastructure interconnected risk maps. The application of the methodology is demonstrated using a
Risk assessment case study of a Colombian electricity infrastructure, which includes an estimation of the
1. Introduction This paper is divided into two parts. The first part reviews
risk identification as it relates to the electricity sector. It
An integrated risk management cycle must adhere to the includes a brief description of state-of-the-art risk assess-
infrastructure protection guidelines specified in the United ment strategies for electricity infrastructure owners and
States National Infrastructure Protection Plan [1] or the operators, with an emphasis on electricity transmission and
European Programme for Critical Infrastructure Protection [2]. distribution. Key concepts such as infrastructure protection
The frameworks established by these protection plans can be plans, enterprise resources, risk maps and risk matrices are
summarized in terms of a risk management plan that involves also described.
six steps: (i) establishment of safety goals; (ii) identification of The second part of the paper describes the application of
resources and risks; (iii) assessment of risks; (iv) prioritization interconnected risk maps as the first step to implementing a
of actions; (v) implementation of protection programs; and risk management framework. A case study involving a
(vi) measurement of effectiveness [3]. This paper proposes a Colombian electricity infrastructure is used to demonstrate
conceptual framework for risk management in electricity the identification and assessment steps via the construction
infrastructures, which specifically addresses the various risks and validation of an interconnected risk map. A semi-
that affect electricity infrastructures, especially those related quantitative technique involving risk charts is presented as
to electricity transmission and distribution. The methodology a rapid and highly effective risk evaluation strategy that can
focuses on risk identification as well as risk evaluation, and be used within a risk management framework. The evalua-
also incorporates semi-quantitative assessments. tion methodology is broad enough to cover short-term,
n
Corresponding author. Tel.: þ34 976 761 922; fax: þ34 976 762 226.
E-mail address: jmyusta@unizar.es (J.M. Yusta).
1874-5482/$ - see front matter & 2013 Elsevier B.V. All rights reserved.
http://dx.doi.org/10.1016/j.ijcip.2013.10.002
198 international journal of critical infrastructure protection 6 (2013) 197 –216
Prioritization of
2. Risk management framework for electricity Actions
infrastructures
Fig. 1 – Risk management plan for critical infrastructure
The critical infrastructure comprises the assets that are
protection.
required for the functioning of a society and its economy,
i.e., assets whose sudden non-availability could result in the
loss of life or seriously impact health, economic systems or
public security. This definition also applies to energy infra- networks in the infrastructure value chain. The step also
structures, including those related to electricity generation, involves the identification of risks affecting system resi-
transmission and distribution. lience, which requires the development and maintenance
of an inventory of physical infrastructure assets that
2.1. Infrastructure protection plans includes property, information systems and considers
technical and non-technical threats.
In 2005, a “green paper” entitled “European Programme for Risk assessment: The most widely used and accepted
Critical Infrastructure Protection” was released by the technique involves qualitative risk assessment using risk
European Commission [4]. In 2008, the European Council assessment matrices that take into account the likelihood
adopted Directive 2008/114/EC [2], which created the European and the consequences of each risk [8–10]. The risk
Programme for Critical Infrastructure Protection (EPCIP). In 2009, matrices are created with input from domain experts
the United States National Infrastructure Protection Plan (through interviews and Delphi techniques). Quantitative
(NIPP) [1] was launched, following the release of several frame- risk assessment is performed using data and variables
works established by the U.S. Department of Homeland Security that allow statistical modeling. Quantitative risk assess-
[5–7]. Both EPCIP and NIPP clearly define the critical areas in ment is typically focused on specific risks, especially the
which efforts must be focused in order to develop plans for risks that could produce serious consequences.
threat prevention and infrastructure protection. Meanwhile, the Prioritization of actions and program implementation:
governments of several countries have launched similar initia- This step involves the comparison of the relative levels
tives for critical infrastructure protection [3]. of risk, along with options to achieve the safety goals.
The frameworks established by Directive 2008/114/EC and Protection measures are applied where possible to reduce
NIPP can be summarized in terms of a risk management plan security risks in a cost-effective manner.
that involves six steps: (i) establishment of safety goals; Monitoring effectiveness: This step incorporates monitoring
(ii) identification of resources and risks; (iii) assessment of activities as a means to achieve regular supervision, e.g., by
risks; (iv) prioritization of actions; (v) implementation of creating performance indicators. Many opportunities for
protection programs; and (vi) measurement of effectiveness. change and improvement can be recognized during this step.
Feedback and continuous improvement are also part of the
frameworks. Fig. 1 presents a risk management plan for
critical infrastructure protection that conforms to the 2.2. Electricity infrastructure value chain
frameworks.
Infrastructure protection plans promote the use of risk The risks to the population and to the environment from
management models that incorporate strategies for reducing energy systems arise from energy production as well as from
uncertainty by exhaustively compiling and taking into the components in the value chain. In the case of electricity
account infrastructure asset data and infrastructure interre- infrastructures, this includes power generation, high and
lationships. Infrastructure protection plans also suggest medium voltage transmission, medium and low voltage
approaches for reaching the various stakeholders in the distribution, power marketing and the provision of services
critical infrastructure value chain. to energy consumers (Fig. 2).
Specifying the value chain in electricity infrastructures is
Identification of risks and resources: This step involves the the first step to defining the objectives and policies for secure
creation of an inventory of resources, assets, systems and energy supply. The majority of critical infrastructure assets in
international journal of critical infrastructure protection 6 (2013) 197 –216 199
The definition of the set of resources possessed by electricity Fig. 2 – Electricity infrastructure value chain.
infrastructure asset owners and operators is required before
risk identification and risk assessment can be performed [13,14].
The resources include the assets and expertise that are essen-
tial to satisfactory operations. In general, these include mate- people, systems and procedures that negatively impact
rial, human, technical and economic resources [15–17]. the infrastructure.
Non-technical threats: These threats induce environmen-
Material resources: Material resources include assets such tal risks, strategic risks and resource allocation risks.
Other non-technical threats are posed by external factors
as installations (e.g., buildings, machinery, transmission
such as natural disasters, socio-political situations, third-
lines, control centers, dispatch centers and generation
party actions, and policies and regulations.
plants) and materials (e.g., primary fuels, nuclear, hybrid,
solar and wind resources).
Human resources: Human resources are essential to any
organization. The resources include the entire labor force – A risk map simplifies the identification of the risk compo-
employees, contractors and third-party workers – involved nents by grouping them into categories (e.g., technical and
in the operation and maintenance of the electricity infra- non-technical). The methodology, which allows for a better
structure. Human resources may be established in hier- representation of the interrelationships among the various
archical levels within an organization. risks, is widely used for threat identification in the electric
Technical resources: Technical resources relate to the set power sector. Some of the popular risk map approaches are:
of auxiliary instruments and tools that are essential to the
construction, operation, maintenance of the infrastructure COSO audit maps: These risk maps [13,14] facilitate the
value chain (e.g., information systems, design plans, monitoring and auditing of risks.
project management know-how and procedures). Holistic schemes: These schemes are specifically adapted
Economic resources: Economic resources include equity (e.g., to project management [9]; however, they do not
cash and shares) and debt (e.g., loans, credit and bonds). categorize risks.
Radar maps: These risk maps are widely used in the
financial sector [21–23]. They are constructed based on
interviews conducted with strategic business managers.
2.4. Threat identification using risk maps
Enterprise risk maps: These risk maps facilitate the
categorization of enterprise risk into the defined risk types
The threat identification step focuses on discovering the
[15,16,18,19].
major types of risk that exist within an infrastructure
[18,19]. It provides qualitative descriptions of all the risks
and their components applicable to the value chain and the
life-cycle of the infrastructure [8]. 2.4.1. Risk categorization
Risk categorization can be performed in several ways. One In general, the risks facing an electric power company may be
approach is to categorize and analyze the technical and non- divided into the following categories [24]:
technical threats [20]. Threats arising from malicious indivi-
duals (involving inherent risks to the operation of the value Compliance: This category includes the risks related to
chain) are different from the threats posed by natural policies, laws, regulations and their economic and social
phenomena. impact to the region in which the infrastructure asset
operates.
Technical threats: These threats induce financial and Assets and finance: This category includes risks arising
operational risks. Other technical threats are caused by from market volatility and the economy that impact the
200 international journal of critical infrastructure protection 6 (2013) 197 –216
Scale 1 3 5 7 9
Frequency One event every One event every One event every One event every One or more events every 1 year
10 years or more 7–10 years 3–7 years 1–3 years
Scale 1 3 5 7 9
Economic Losses less than Losses between 1M € Losses between 3M € and Losses between 10M € Losses more than
resources 1M € and 3M € 10M € and 20M € 20M €
Technical No services are No services are No services are affected. Some services are Some services are
resources affected. affected. Enterprise Enterprise information is affected. Enterprise affected. Enterprise
Enterprise information may be lost but can be recovered information is also information is lost
information is somewhat compromised and cannot be
not compromised recovered
compromised
Human No effects on Integrity of Integrity of employees or Integrity of employees Loss of human life
resources employees or employees or stakeholders may be or stakeholders may
stakeholders stakeholders may be temporarily affected, but be permanently
temporarily affected, intervention is required affected. Intervention
but no intervention is for recovery without is strongly required
required for recovery consequences for recovery
Material No effect on Effect on service Effect on service Service operations Service operations
resources service operations is evident. operations is evident. have collapsed. have crashed.
operations. Relationships with Relationships with energy Relationships with Relationships with
Relationships energy consumers consumers are somewhat energy consumers energy consumers
with energy are not affected affected have deteriorated and market
consumers are regulators are
not affected shattered
The scales presented in Tables 1 and 2 take into account Tolerable risks: These risks require actions to be designed
common concepts established by electric utilities in Colombia for purposes of risk management. However, they may
[15–17]. The risk likelihood (L) can be determined based on the have lower priority and can be executed in the medium
number of events that trigger the occurrence of a particular term (valuation rank: 10–27).
risk using the scale presented in Table 1. Table 2 shows the Acceptable risks: These risks are not particularly significant
scale used for severity (S) assessments, which are required to and do not require additional actions to be executed in
produce valuations of the relative importance of the four addition to those that are already implemented (valuation
enterprise resources described in Section 2.3. rank: 1–9).
A risk matrix facilitates the understanding of threat
valuation because it contains values computed using Eq. (1). Considerable expert knowledge underlies the risk matrices
As shown in Fig. 3, It is possible to rank the risks according to that are used to create critical infrastructure protection plans.
the following judgment-based categories: Although, it is difficult to rank terms such as “terrorism” and
“corruption” when performing quantitative risk assessments,
Critical risks: These risks require high priority attention to they can, nevertheless, be evaluated in a convenient manner
reduce their scores. The prioritization of actions must be using Eq. (1).
considered and implemented urgently in order to elim-
inate the threats in the short term (valuation rank: 50–81). 2.5.2. Quantitative assessment techniques
Important risks: These risks require the implementation of The use of quantitative techniques requires deeper mathe-
short-term priority actions due to their high impact on matical and/or statistical understanding of the various vari-
infrastructure operations, despite the fact that their imple- ables involved in risk analysis. In addition to traditional risk
mentation may not require as many resources as those maps and risk matrices, several quantitative approaches
required to attend to critical risks (valuation rank: 28–49). have been developed to perform threat evaluations for
202 international journal of critical infrastructure protection 6 (2013) 197 –216
electricity infrastructures. Well-known approaches include Risk disposal, which involves the termination of the
Monte Carlo simulation [26], agent-based simulation and activity that generates the risk or changing the resource
system dynamics [3,27], as well as statistical analysis [28], allocation procedure, among other options.
graph theoretical modeling [29–31] and geographic informa- Risk management, which involves the implementation of
tion systems [32]. Several tools and techniques have been preventive measures that decrease the risk likelihood and/
applied to electricity infrastructures to determine their sus- or protection measures that reduce disturbances to
ceptibility to risks and threats; these include Athena [33], mission-critical systems.
CASCADE [34], CEEESA [35], CIMS [36], COMM-ASPEN [37],
DEW [38], EMCAS [39], FAIT [40], Fort Future [41], GoRAF [42],
MIA [43], modular dynamic modeling [44] and HAZOP meth- 3.1. Interconnected risk maps
odologies [46]. Although risk matrices are widely accepted,
the particular application of graph theory has become a An interconnected risk map is a useful construct for decision
useful methodology for performing quantitative assessments making because it simplifies the perception of risk in an
of electric network vulnerabilities and the interdependencies integrated manner. The approach assists in the discovery and
between the electricity infrastructure and other critical infra- analysis of the various threats to infrastructures, including
structures [29,31,45]. the threats that are the most critical.
The approaches listed above are used for a variety of Fig. 4 shows an interconnected risk map created for the
purposes. Key applications include: electricity infrastructure value chain. The risk map is also
applicable to electricity transmission networks. The risk map
Evaluation of the interdependencies between infrastruc- takes into account the requirements discussed in Section 2.3. It
ture assets (e.g., electricity infrastructure and banking describes the technical and non-technical threats to the infra-
systems). structure of interest. The construction of the risk map requires
Evaluation of the indicators defined for emergency the use of descriptive and analytical instruments to collect data
response (e.g., regions impacted by natural phenomena, from primary and secondary sources at electricity infrastructure
disconnected users, contingency time response, and asset owners and operators (transmission and distribution). The
restoration and evacuation strategies). Delphi method may be used to obtain information from domain
Evaluation of the impact of policies and regulations on experts via open questions and interviews, supplemented with
infrastructure performance. reviews of proprietary information.
Measurement of compliance with infrastructure perfor- The risk map incorporates 21 risks that are classified into
mance indicators. four categories. The risks constitute the basis for the further
Estimation of asset failure probabilities. identification of the risk components in the value chain. Risk
Assessment of the impact of fuel supply on electricity maps can be also applied to entities that are vertically
generation. integrated (i.e., the same entity is involved the generation,
Evaluation of electric power grid stability indicators. transmission, distribution and marketing of electricity).
The information provided by the interconnected risk map
in Fig. 4 considers the likelihood of occurrence (L) and the
Generally, the evaluation guidelines suggested by generic severity of consequences (S) for each risk, including the
proposals such as HAZOP [46], NIPP [1] and Directive 2008/ economic and social aspects. The results are graphically
114/EC [2] provide an objective basis for risk management and represented using the node diameter to express severity
subsequent security decisions. They require qualitative and and the line thickness to express the likelihood. The thick-
quantitative interpretations of concepts provided by domain ness of the link between two nodes indicates the extent of the
experts. Despite their strictness, implementations of the interconnected risk between the nodes.
guidelines are often limited by the need to perform a deep
and comprehensive study of all the nodes, circuits and 3.2. Risk components
electrical network assets, along with market indicators.
In practical terms, organizations that own or operate electricity
infrastructures characterize each risk in terms of components
3. Risk identification and assessment in [19,26]. The 21 major risks presented in the interconnected risk
electricity infrastructures map in Section 3.1 produce more than 142 risk components
classified into four categories (see Appendix A).
Although risk identification processes seek a comprehensive Determining the risk components required analytical–
list of risks and their components, it is not possible to identify descriptive research. Data was collected from experts at
all the risks; in fact, even if this were possible, it would be of electricity infrastructure owners and operators (transmission
little help [24]. After the risks in a critical infrastructure have and distribution) using open questions and interviews, sup-
been identified, it is necessary to conduct a detailed assess- plemented with reviews of proprietary data and technical
ment in order to prioritize actions for decision making. The documentation [15–17,24,47–53].
decisions can be broadly categorized as: Fig. 5 shows the number of risk components associated
with each of the 21 risks along with a summary of the risk
Risk acceptance, which means that no measures are taken categorization. Note the existence of technical and non-
to mitigate the risk. technical threats. However, some risks arise from both types
international journal of critical infrastructure protection 6 (2013) 197 –216 203
of threats (e.g., risks related to vulnerabilities in the supply The case study involving a Colombian electricity infra-
chain and those related to non-compliance of electricity structure is used to demonstrate the prioritization of actions
supply indicators). in order to mitigate risks. This step requires clear and
In order to validate that the risk components are deter- consistent information about the nature of the threats and
mined accurately, it is necessary to examine how they affect the strategies for mitigating the threats.
the electricity infrastructure value chain, as shown in Fig. 6.
Note that a risk component can affect all the stages in the
value chain (i.e., technical perturbations in the system). 3.3.1. Risk component assessment
Most risk components that affect the value chain belong to An evaluation of the interconnected risk map must consider
the category of environmental and operational risks. Electricity all four enterprise resources (material, human, technical and
generation, transmission and distribution sub-systems have economic). When processing the data for each enterprise
greater exposure to risk components because they have large resource, a particular risk i with n risk components is
numbers of assets, greater geographical coverage and more evaluated using the equation:
!
interrelationships with other social and economic systems. 1
ðRiskÞi ¼ ∑ ðLikelihood SeverityÞn ð2Þ
n nAi
i
3.3. Semi-quantitative risk assessment The average evaluation of each risk component after using
expert knowledge and judgment is presented in Appendix A.
Identifying threats using interconnected risk maps is applic- A risk matrix is then constructed for each resource (as shown
able to the entire electricity infrastructure value chain, in Fig. 4) by plotting the likelihood of each risk valuation on the
primarily due to their simplicity and their adaptability to horizontal axis and its severity on the vertical axis. The scales
different processes. The assessment may be performed using provided in Tables 1 and 2 are used for the risk matrix axes.
risk matrices, which is a commonly-used technique because We illustrate the risk assessment calculations using Table 3,
it allows for the use of expert knowledge and judgment. in which the analysis of Risk 1 (non-payable billing extension –
Furthermore, the technique can be used to quickly perform overdue) uses expert judgment for each enterprise resource.
semi-quantitative assessments and it is easily combined with Table 3 shows that Risk 1 has an average score of 7.1 and is,
other methodologies. therefore, categorized as an “acceptable risk.” Similar
204 international journal of critical infrastructure protection 6 (2013) 197 –216
calculations are performed for the other identified risks in the each enterprise resource in the risk matrix: acceptable range
interconnected risk map shown in Fig. 4. (green) for material, human and technical resources, and
Fig. 7 shows the score ranges of the risks identified in tolerable range (yellow) for economic resources.
Section 3.1 according to the rating scales. In case of Risk 1 Fig. 7 helps discern the risks that may demand short-term
(analyzed in Table 3), it is possible to estimate the location of prioritization of actions; these risks are rated as important
international journal of critical infrastructure protection 6 (2013) 197 –216 205
Non-payment and non-performing loan recovery from agents who L¼ 1; L¼1; L ¼1; L¼ 5; 9.5
use the transmission grid network S¼ 1; S¼ 1; S ¼1; S¼ 7;
Risk ¼1 Risk¼ 1 Risk¼ 1 Risk ¼35
Non-payment and non-performing loan recovery for service L¼ 1; L¼1; L ¼1; L¼ 5; 9.5
connections to the electricity infrastructure (transmission) S¼ 1; S¼ 1; S ¼1; S¼ 7;
Risk ¼1 Risk¼ 1 Risk¼ 1 Risk ¼35
Non-payment and non-performing loan recovery for associated L¼ 1; L¼1; L ¼1; L¼ 5; 9.5
services and for non-operational services and facilities S¼ 1; S¼ 1; S ¼1; S¼ 7;
Risk ¼1 Risk¼ 1 Risk¼ 1 Risk ¼35
Credit risk: lack of compliance by third parties with financial L¼ 1; L¼1; L ¼1; L¼ 3; 3.5
obligations S¼ 3; S¼ 1; S ¼1; S¼ 3;
Risk ¼3 Risk¼ 1 Risk¼ 1 Risk ¼9
Fig. 7 – Semi-quantitative risk maps for enterprise resources. (For interpretation of the references to color in this figure, the
reader is referred to the web version of this article.)
(orange) or critical (red). Special attention should focus on using Eq. (2) with the associated values, acceptable, tolerable,
Risk 8 (Terrorism and vandalism), which is rated as important important and critical.
with respect to material, technical and economic resources 3.3.2. Risk matrix calculation
and critical with respect to human resources. A semi-quantitative assessment of each risk i is obtained by
Appendix A contains the results of averaging the expert averaging the judgments for each enterprise resource over all
judgments for the entire set of risk components obtained n risk components:
206 international journal of critical infrastructure protection 6 (2013) 197 –216
1 Risk 10 (Corruption, fraud and mismanagement) also
ðRiskÞi ¼ ∑ ðL S Þ ð3Þ
4 Resources i i n emerges as an important risk, especially due to the financial
impact on electricity infrastructure asset owners and opera-
where Li is the likelihood of occurrence of risk i, Si is the
tors. This is because resources are drawn away from infra-
severity of consequences, and Resources include the material,
structure assets, which ultimately impacts infrastructure
human, technical and economic resources. Table 4 shows the
performance. Special attention should also be given to Risk
assessments of the risks identified in the interconnected risk
13 (Human or procedural failures), which is a big concern to
map of Fig. 4.
electricity infrastructure asset owners and operators.
Risk 17 (Vulnerability of ICT systems) is related to manage-
ment technologies, supervisory control systems and data
3.3.3. Risk chart representation
acquisition (SCADA) systems, power transmission and dis-
A better understanding of risk assessment can be provided by
tribution control systems, programmable logic controllers
introducing a representation of risk matrices that includes
(PLCs), etc., which are interconnected through networks and
semi-quantitative results. A practical method is to associate
accessible remotely and are, therefore, exposed to viruses,
the judgment of each risk as a distinct color in a radar chart
malware and computer attacks.
[54], which we call a “risk chart.” Fig. 8 shows how the risk
Given the amount of organizational resources devoted to
assessments of the items identified in the interconnected risk
planning, execution and maintenance of the components and
map may be visualized. The values in Table 4 are indicated in
physical assets, technical risks such as Risk 16 (Technical
the scale of the risk chart. The risks that are scored as
important or critical are placed in the orange or red regions, disturbances in power grid and generation plants) and Risk 14
respectively, while tolerable and acceptable risks are located in (Failures of equipment, materials and hardware) should have
yellow or green regions, respectively. As noted in Section 1, high scores because they are associated with unexpected
semi-quantitative assessments of risk are of great importance blackouts. However, Risk 14 is rated as “tolerable” because
to electricity distribution and transmission infrastructures. some electrical system components have very low failure
Fig. 8 indicates that the most important item relates to rates; this is common for assets that have no moving parts
Risk 8 (Terrorism and vandalism). This means that electricity such as lightning arresters, instrument transformers, reactors
networks have become targets because successful attacks can and capacitors. On the other hand, Risk 18 (Non-compliance
compromise the security of the energy supply, which impacts or low quality of electricity supply indicators) is important
homeland security, the national economy and the daily lives because it could lead to political and social consequences in a
of citizens. Risk 6 (Adverse natural phenomena) is also a region or country.
concern, requiring preparation against the possible destruc- Risk 21 (Vulnerability of the supply chain) focuses on
tion of infrastructures (or assets) by floods, earthquakes, energy supply to electricity generation plants (e.g., natural
avalanches, all of which would impact energy supply. These gas, fuel and coal, as well as industrial operations related to
risks and others have such a significant impact on national nuclear plants). Governments and energy companies attempt
security and society that they have contributed to the devel- to manage this risk by designating uninterrupted energy
opment and implementation of national infrastructure supply as an important policy goal. Interested readers are
protection plans. referred to Appendix A for additional information about the
international journal of critical infrastructure protection 6 (2013) 197 –216 207
1 Non-payable billing …
21 Vulnerability of the… 2 Insufficient financing
20 Deficiencies of…
16 Technical… 7 Misunderstanding…
8 Terrorism and…
10 Corruption, fraud,…
12 Growth challenges…
Fig. 8 – Visualization of the 21 risks. (For interpretation of the references to color in this figure, the reader is referred to the web
version of this article.)
1
139141 3 5 7
135137 9
133 60 11
131 13
129 15
127 17
125 19
123 21
40
121 23
119 25
117 27
115 20
29
113 31
111 33
109 35
107 0 37
105 39
103 41
101 43
99 45
97 47
95 49
93 51
91 53
89 55
87 57
85 59
83 61
81 79 63
77 75 73 71 69 67 65
OPERATIONAL ENVIRONMENTAL COMPLIANCE OF INDICATORS ASSETS & FINANCING
Fig. 9 – Radar chart created for the critical and important risk components. (For interpretation of the references to color in this
figure, the reader is referred to the web version of this article.)
risk components related to the generation phase in the (Risk 19) and misunderstanding and opposition of the popula-
electricity infrastructure value chain. tion (Risk 7). A properly implemented risk management frame-
The risks rated as tolerable or acceptable are usually less work should be able to control and manage these threats.
noticeable and may overcome difficulties arising from social
opposition, which can significantly impact the execution of 3.3.4. Risk component chart
planned infrastructure projects. They are associated with The identification of vulnerabilities in an electricity (or other)
national policy and regulations (Risks 3 and 4), infrastructure infrastructure is carried out through a detailed analysis of the
growth challenges (Risk 12), loss of reputation and public image risk components shown in Appendix A. Fig. 9 presents the
208 international journal of critical infrastructure protection 6 (2013) 197 –216
Table A1
Notation
NT Non-technical risk type
T Technical risk type
AF Assets and financing risk category
EN Environmental risk category
OP Operational risk category
CI Compliance of indicators risk category
++ Critical risk
+ Important risk
− Tolerable risk
−− Acceptable risk
Table A1 – (continued)
Table A1 – (continued)
Table A1 – (continued)
Table A1 – (continued)
Table A1 – (continued)
Table A1 – (continued)
assessment results using a radar chart, in which critical and Conducting a risk map based assessment enhances the
important risk components are placed in red and orange detection of vulnerabilities in organizations and infrastruc-
colored bands, respectively. ture systems, and facilitates the planning and implementa-
Fig. 9 shows the average rating of the risk components tion of risk mitigation activities. While the approach has been
according to their categories. The ratings are provided for a presented in the context of an electricity infrastructure, it is,
total of 142 risk components obtained from the 21 risks of course, very useful for assessing and managing risks across
identified in an electricity infrastructure (see Appendix A). the various critical infrastructure sectors.
Thirteen risks components are classified as critical (three
operational risks and ten environmental risks). A total of 49
risks are rated as important (21 operational, 24 environmen- 4. Conclusions
tal and four related to compliance of indicators). Thirty risk
components are assessed as tolerable and 50 risk compo- The proposed methodology for risk identification and risk
nents as acceptable. Note that the environmental and opera- assessment in the electricity infrastructure value chain greatly
tional risk categories have major effects on infrastructure enhances risk management efforts and electricity infrastructure
throughput (rated as critical and important), whereas the risk protection plans. The methodology is generic enough to be used
components in the assets and financing category have the by a wide variety of critical infrastructure assets.
least effect on throughput (rated as acceptable risks). Interconnected risk maps are an effective tool for risk
The risk component chart shown in Fig. 9 allows deeper management efforts. The focus has been on the identification
study of the nature of the risk components. Since the and assessment of risks arising from technical and non-
valuation was performed by Colombian companies, some of technical threats against electricity infrastructures; the
them with recorded attacks to their infrastructures, many accompanying risk classification strategy involves the break-
risk components rated as critical understandably relate to down of risks into risk components. The case study involving
terrorism and vandalism (Risk Components 58, 59, 60, 61, 62, a Colombian electricity infrastructure has identified 21 inter-
64, 68). Natural phenomena are also of great concern (Risk dependent risks and 142 risk components. The classification
Components 40, 41, 42) due to the potential destruction and considers the nature and the effects of risks, categorizing
non-availability of key assets. them as operational risks, environmental risks, assets and
Operational risks related to operations, procedures, main- financing risks, and quality compliance risks.
tenance, quality indicators (including secondary and tertiary Having identified the risks and their components, semi-
regulation procedures) as well as asset management in the quantitative ratings of the risks and risk components can be made
electricity infrastructure are (predictably) rated as the most by relying on subjective assessments, analyst opinions, and the
important risks (Risk Components 94, 100, 111, 112). specific circumstances of the electricity infrastructure, as demon-
It is important to note the potential impact of some strated by the Colombian case study. The assessment results are
administrative risks, such as corruption and interference useful for prioritizing actions in order to contain the threats and to
from third parties, on organizational performance (Risk Com- monitor the effectiveness of countermeasures (especially for the
ponents 78, 86, 129). This type of risk is a concern to risks that are classified as critical and important).
managers because of the impact that the risk components An interesting observation regarding the semi-quantitative
may have on project realization; these manifest themselves risk assessment results is that a large number of risk compo-
in terms of lower (corporate) financial performance, and nents are rated as acceptable; their effects on the electricity
inadequate infrastructure operations and maintenance. infrastructure value chain are less significant than the relatively
international journal of critical infrastructure protection 6 (2013) 197 –216 215
few risks that are rated as critical. For example, although there [11] J. Arroyo, N. Alguacil, X. Carrio, A risk-based approach for
are many risk components in the risk category of assets and transmission network expansion planning under deliberate
financing, their impact is much less than that of the risks outages, IEEE Transactions on Power Systems 25 (3) (2010)
1759–1766.
categorized as operational. Indeed, the risk assessment reveals
[12] P. Curtis, Maintaining Mission Critical Systems in a 24/7
that the operational and environmental risks, although rela-
Environment, John Wiley and Sons, Hoboken, New Jersey, 2011.
tively few in number, have a greater impact on the electricity [13] Committee of Sponsoring Organizations of the Treadway
infrastructure value chain. Commission, Enterprise Risk Management – Integrated
The risk assessment also shows that the most susceptible Framework, Chicago, Illinois, 2004, 〈http://www.coso.org/
electrical sub-systems are generation, transmission and dis- documents/coso_erm_executivesummary.pdf/〉.
tribution, which are also the most important systems and [14] Enterprise Risk Management Initiative: Strengthening
have extensive geographic coverage. Enterprise Risk Management for Strategic Advantage,
Raleigh, North Carolina, 2010, 〈http://www.poole.ncsu.edu/
In summary, the primary contribution of the paper in a
erm/index.php/articles/entry/coso-strengthening-erm/〉.
powerful and intuitively appealing methodology for risk identi- [15] Interconexión Eléctrica, Política para la gestión integral de
fication and risk identification that leverages interconnected riesgos de grupo empresarial ISA, Medellín, Colombia (bit.ly/
risk maps. While the methodology has been presented in the KTY8Et), 2012.
context of an electricity infrastructure, it is, of course, very [16] ISAGEN, Mapa de Riesgos Empresa Generadora ISAGEN,
useful for assessing and managing risks across the various Medellín, Colombia, 2012, 〈http://www.isagen.com.co/
critical infrastructure sectors. Moreover, the paper itself serves comunicados/Inventario_de_Riesgos.pdf/〉.
[17] XM, Mapa de Riesgos Expertos en Mercados, Medellín
as a useful reference for security planners and policy makers.
(Colombia), Medellín, Colombia, 2012, 〈http://www.xm.com.
co/Pages/MapadeRiesgos.aspx/〉.
[18] ICONTEC, Norma Técnica Colombiana 5254 para la Gestión
Appendix A. Risk components in electricity de Riesgos, Bogotá, Colombia, 2004.
[19] Standards Australia and Standards New Zealand, Risk
infrastructures
Management, AS/NZS 4360:2004, Sydney, Australia and
Wellington, New Zealand, 2004.
See Table A1. [20] J. Yusta, Amenazas a la Seguridad del Suministro Energético
Español, Inteligencia y Seguridad Revista de Análisis y
r e f e r e n c e s Prospectiva 6 (2009) 223–251.
[21] World Economic Forum, Global Risks 2012, Seventh edition,
Cologny, Geneva, Switzerland, 2012, 〈http://www3.weforum.
org/docs/WEF_GlobalRisks_Report_2012.pdf/〉.
[1] U.S. Department of Homeland Security, National Infra-
[22] Ernst & Young, The EY Business Risk Report: Snapshot of the
structure Protection Plan, Washington, DC, 2009.
10 Biggest Risks for Business, London, United Kingdom (bit.
[2] Council of the European Union, On the identification and
ly/17cgrwy), 2011.
designation of European critical infrastructures and the
[23] Aon, Global Enterprise Risk Management Survey 2010,
assessment of the need to improve their protection, Council
London, United Kingdom, 2010 (insight.aon.com/?
Directive 2008/114/EC, Official Journal of the European Union,
L 345/75, 2008. elqPURLPage ¼4889).
[3] J. Yusta, G. Correa, R. Lacal-Arántegui, Methodologies and [24] B. López, D. Arboleda, Integración del manejo de riesgo e
applications for critical infrastructure protection: State-of- incertidumbre en la planeación financiera de empresas de
the-art, Energy Policy 39 (10) (2011) 6100–6119. transmisión de energía, Revista CIER 54 (2010) 80–88.
[4] Commission of the European Communities, Green Paper on a [25] T. Saaty, How to make a decision: the analytic hierarchy
European Programme for Critical Infrastructure Protection, process, European Journal of Operational Research 48 (1)
COM(2005) 576 Final, Brussels, Belgium, November 17, 2005. (1990) 9–26.
[5] U.S. Department of Homeland Security, Government [26] J.P. Morgan/Reuters, Risk Metrics, Technical Document, New
Facilities: Critical Infrastructure and Key Resources Sector- York (bit.ly/17cgDMf), 1999.
Specific Plan as Input to the National Infrastructure [27] P. Pederson, D. Dudenhoeffer, S. Hartley, M. Permann,
Protection Plan, Washington, DC, 2007. Critical Infrastructure Interdependency Modeling: A Survey
[6] G. Bush, Homeland Security Presidential Directive 7: Critical of U.S. and International Research, INL/EXT-06-11464, Idaho
Infrastructure Identification, Prioritization and Protection, National Laboratory, Idaho Falls, Idaho, 2006.
The White House, Washington, DC, 2003. [28] A. Holmgren, S. Molin, Using disturbance data to assess
[7] U.S. Department of Energy, Energy Infrastructure Risk vulnerabilities of electric power delivery systems,
Management Checklists for Small and Medium Sized International Journal of Infrastructure Systems 12 (4) (2006)
Energy Facilities, Washington, DC, 2002. 243–251.
[8] A. Harnser Group, Reference Security Management Plan for [29] G. Correa, J. Yusta, Grid vulnerability analysis based on scale-
Energy Infrastructure, Prepared for the European free graphs versus power flow models, Electric Power
Commission, Norwich, United Kingdom, 2011. Systems Research 101 (2013) 71–79.
[9] Project Management Institute, A Guide to the Project [30] A. Holmgren, Quantitative vulnerability analysis of electric
Management Body of Knowledge (PMBOK Guide), Newtown power networks, Department of Transport and Economics,
Square, Pennsylvania, 2008. Royal Institute of Technology, Stockholm, Sweden, 2006
[10] E. Pruyt, D. Wijnmalen, National risk assessment in The (Doctoral thesis).
Netherlands – a multi-criteria decision analysis approach, in: [31] J. Johansson, Risk and vulnerability analysis of
M. Ehrgott, B. Naujoks, T. Stewart, J. Wallenius (Eds.), interdependent technical infrastructures: addressing socio-
Multiple Criteria Decision Making for Sustainable Energy and technical systems, Department of Measurement Technology
Transportation Systems, Springer Physica-Verlag, Berlin, and Industrial Electrical Engineering, University of Lund,
Heidelberg, Germany, 2010, pp. 133–143. Lund, Sweden, 2010 (Doctoral thesis).
216 international journal of critical infrastructure protection 6 (2013) 197 –216
[32] M. Peggion, A. Bernardini, M. Masera, Geographic [43] MIA Project, MIA: Methodology for Interdependence
Information Systems and Risk Assessment, JRC42503, Joint Assessment, Directorate General for Home Affairs, European
Research Centre of European Commission, Ispra, Italy, 2008. Commission, Brussels, Belgium, 2011, 〈http://ec.europa.eu/
[33] B. Drabble, T. Black, C. Kinzig, G. Whitted, Ontology based dgs/home-affairs/financing/fundings/projects/stories/
dependency analysis: Understanding the impacts of mia_en.htm/〉.
decisions in a collaborative environment, in: Proceedings of [44] W. Beyeler, T. Brown, S. Conrad, A modular dynamic
the International Symposium on Collaborative Technologies simulation model of infrastructure interdependencies, in:
and Systems, 2009, pp. 10–17. Proceedings of the Twentieth International Conference of
[34] D. Newman, B. Nkei, B. Carreras, I. Dobson, V. Lynch, P. the System Dynamics Society, 2002.
Gradney, Risk assessment in complex interacting [45] A. Holmgren, Using graph models to analyze the
infrastructure systems, in: Proceedings of the Thirty-Eighth vulnerability of electric power networks, Risk Analysis 26 (4)
Hawaii International Conference on System Sciences, 2005. (2006) 955–969.
[35] Argonne National Laboratory, CEEESA Natural Gas Systems [46] Isograph, What is a HAZOP Study? Irvine, 2011, California,
Analysis Tools, Argonne, Illinois, 2011, 〈http://www.dis.anl. 〈http://www.isograph-software.com/2011/software/hazop/〉.
gov/projects/NaturalGasAnalysisTools.html/〉. [47] U. Knight, Power Systems in Emergencies: From Contingency
[36] L. Perrone, F. Wiel, J. Liu, B. Lawson, D. Nicol, R. Fujimoto, D.
Planning to Crisis Management, John Wiley and Sons,
Dudenhoeffer, M. Permann, CIMS: Critical Infrastructure
Chichester, United Kingdom, 2001.
Modeling System, Idaho National Laboratories, Idaho Falls,
[48] T. Lewis, Critical Infrastructure Protection in Homeland
Idaho, 2006.
Security: Defending a Networked Nation, John Wiley and
[37] D. Barton, E. Edison, D. Schoenwald, R. Cox, R. Reinert,
Sons, Hoboken, New Jersey, 2006.
Simulating Economic Effects of Disruptions in the
[49] L. Ness, Securing Utility and Energy Infrastructures, John
Telecommunications Infrastructure, Sandia Report
Wiley and Sons, Hoboken, New Jersey, 2006.
SAND2004-0101, Sandia National Laboratory, Albuquerque,
[50] J. Sullivant, Strategies for Protecting National Critical
New Mexico, 2004, 〈http://prod.sandia.gov/techlib/access-
Infrastructure Assets: A Focus on Problem-Solving, John
control.cgi/2004/040101.pdf/〉.
Wiley and Sons, Hoboken, New Jersey, 2007.
[38] Electrical Distribution Design, DEW: Distributed Engineering
[51] T. Macaulay, Critical Infrastructure: Understanding its
Workstation, Blacksburg, Virginia, 2011, 〈http://www.edd-us.
com/〉. Component Parts, Vulnerabilities, Operating Risks and
[39] Argonne National Laboratory, Electricity Market Complex Interdependencies, CRC Press, Boca Raton, Florida, 2009.
Adaptive System (EMCAS), Argonne, Illinois, 2006, 〈http:// [52] CNA Military Advisory Board, Powering America's Defense:
www.dis.anl.gov/pubs/61084.pdf/〉. Energy and the Risks to National Security, CNA, Alexandria,
[40] T. Brown, FAIT: Fast Analysis Infrastructure Tool, Sandia Virginia, 2009.
National Laboratories, Albuquerque, New Mexico, 2005. [53] R. Radvanovsky, A. McDougall, Critical Infrastructure:
[41] M. Case, W. Smith, F. Grobler, Fort Future: modeling and Homeland Security and Emergency Preparedness, CRC Press,
simulation for collaborative multi-criteria decision support, Boca Raton, Florida, 2013.
in: Proceedings of the International Conference on [54] CCN Criptología, MARGERIT: Metodología de Análisis y
Computing in Civil Engineering, 2005. Gestión de Riesgos de los Sistemas de Información de las,
[42] P. Donzelli, R. Setola, Identifying and evaluating risks related Administraciones Públicas, Madrid, Spain, 2010, 〈http://
to enterprise dependencies: a practical goal-driven risk administracionelectronica.gob.es/pae_Home/
analysis framework, International Journal of Risk pae_Documentacion/pae_Metodolog/pae_Magerit.html#.
Assessment and Management 7 (8) (2007) 1120–1137. UimOuMbIbVE/〉.