PMBOK 6 v3

international journal of critical infrastructure protection 6 (2013) 197–216
Available online at www.sciencedirect.com
www.elsevier.com/locate/ijcip
Using interconnected risk maps to assess the threats

faced by electricity infrastructures
Gabriel J. Correa-Henaoa, Jose M. Yustab,n, Roberto Lacal-Aránteguic

a
Faculty of Engineering, Fundación Universitaria Luis Amigó, C/51A # 67B90, Medellín, Colombia
b
Department of Electrical Engineering, Universidad de Zaragoza, C/María de Luna 3, Zaragoza 50018, Spain
c
JRC-Institute for Energy, European Commission, P.O. Box 2, 1755 ZG Petten, the Netherlands
art i cle i nfo ab st rac t
Article history: This paper describes a methodology for risk identification and risk assessment in
Received 13 December 2011 electricity infrastructures. The approach leverages risk maps and can be applied to general
Received in revised form infrastructure networks. A semi-quantitative assessment strategy that incorporates the
6 September 2013 creation of risk charts within a risk management framework is also presented. This
Accepted 6 October 2013 strategy engages an intuitive graphical representation to identify the most significant
Available online 9 October 2013 threats affecting infrastructure networks. As a result, it is possible to conduct risk analyses
Keywords: of energy supply (and other) infrastructures within a region or country by engaging
Electricity infrastructure interconnected risk maps. The application of the methodology is demonstrated using a
Risk assessment case study of a Colombian electricity infrastructure, which includes an estimation of the
Interconnected risk maps risk components.

& 2013 Elsevier B.V. All rights reserved.
1. Introduction This paper is divided into two parts. The first part reviews
risk identification as it relates to the electricity sector. It
An integrated risk management cycle must adhere to the includes a brief description of state-of-the-art risk assess-
infrastructure protection guidelines specified in the United ment strategies for electricity infrastructure owners and
States National Infrastructure Protection Plan [1] or the operators, with an emphasis on electricity transmission and
European Programme for Critical Infrastructure Protection [2]. distribution. Key concepts such as infrastructure protection
The frameworks established by these protection plans can be plans, enterprise resources, risk maps and risk matrices are
summarized in terms of a risk management plan that involves also described.
six steps: (i) establishment of safety goals; (ii) identification of The second part of the paper describes the application of
resources and risks; (iii) assessment of risks; (iv) prioritization interconnected risk maps as the first step to implementing a
of actions; (v) implementation of protection programs; and risk management framework. A case study involving a
(vi) measurement of effectiveness [3]. This paper proposes a Colombian electricity infrastructure is used to demonstrate
conceptual framework for risk management in electricity the identification and assessment steps via the construction
infrastructures, which specifically addresses the various risks and validation of an interconnected risk map. A semi-
that affect electricity infrastructures, especially those related quantitative technique involving risk charts is presented as
to electricity transmission and distribution. The methodology a rapid and highly effective risk evaluation strategy that can
focuses on risk identification as well as risk evaluation, and be used within a risk management framework. The evalua-
also incorporates semi-quantitative assessments. tion methodology is broad enough to cover short-term,
n
Corresponding author. Tel.: þ34 976 761 922; fax: þ34 976 762 226.
E-mail address: jmyusta@unizar.es (J.M. Yusta).
1874-5482/$ - see front matter & 2013 Elsevier B.V. All rights reserved.
http://dx.doi.org/10.1016/j.ijcip.2013.10.002
198 international journal of critical infrastructure protection 6 (2013) 197 –216
medium-term and long-term threats and risks in the techni-

Goal Security
cal and non-technical categories. This facilitates the analysis
Definitions
of structural vulnerabilities in electricity infrastructures and
the identification of situations that impact infrastructure
protection more accurately than existing methods. Monitoring Risk
Effectiveness Identification
The paper also provides an inventory of risk components
related to the electricity infrastructure. The inventory covers
the nature of the risks and their components, origins, classi-
fication and assessment. The inventory is useful for validat-
ing the methodology presented in this paper and serves as a
good reference source for critical infrastructure protection Program Risk
planning. Implementation Assessment
Prioritization of
2. Risk management framework for electricity Actions
infrastructures
Fig. 1 – Risk management plan for critical infrastructure
The critical infrastructure comprises the assets that are
protection.
required for the functioning of a society and its economy,
i.e., assets whose sudden non-availability could result in the
loss of life or seriously impact health, economic systems or
public security. This definition also applies to energy infra- networks in the infrastructure value chain. The step also
structures, including those related to electricity generation, involves the identification of risks affecting system resi-
transmission and distribution. lience, which requires the development and maintenance
of an inventory of physical infrastructure assets that
2.1. Infrastructure protection plans includes property, information systems and considers
technical and non-technical threats.
In 2005, a “green paper” entitled “European Programme for Risk assessment: The most widely used and accepted
Critical Infrastructure Protection” was released by the technique involves qualitative risk assessment using risk
European Commission [4]. In 2008, the European Council assessment matrices that take into account the likelihood
adopted Directive 2008/114/EC [2], which created the European and the consequences of each risk [8–10]. The risk
Programme for Critical Infrastructure Protection (EPCIP). In 2009, matrices are created with input from domain experts
the United States National Infrastructure Protection Plan (through interviews and Delphi techniques). Quantitative
(NIPP) [1] was launched, following the release of several frame- risk assessment is performed using data and variables
works established by the U.S. Department of Homeland Security that allow statistical modeling. Quantitative risk assess-
[5–7]. Both EPCIP and NIPP clearly define the critical areas in ment is typically focused on specific risks, especially the
which efforts must be focused in order to develop plans for risks that could produce serious consequences.
threat prevention and infrastructure protection. Meanwhile, the Prioritization of actions and program implementation:
governments of several countries have launched similar initia- This step involves the comparison of the relative levels
tives for critical infrastructure protection [3]. of risk, along with options to achieve the safety goals.
The frameworks established by Directive 2008/114/EC and Protection measures are applied where possible to reduce
NIPP can be summarized in terms of a risk management plan security risks in a cost-effective manner.
that involves six steps: (i) establishment of safety goals; Monitoring effectiveness: This step incorporates monitoring
(ii) identification of resources and risks; (iii) assessment of activities as a means to achieve regular supervision, e.g., by
risks; (iv) prioritization of actions; (v) implementation of creating performance indicators. Many opportunities for
protection programs; and (vi) measurement of effectiveness. change and improvement can be recognized during this step.
Feedback and continuous improvement are also part of the
frameworks. Fig. 1 presents a risk management plan for
critical infrastructure protection that conforms to the 2.2. Electricity infrastructure value chain
frameworks.
Infrastructure protection plans promote the use of risk The risks to the population and to the environment from
management models that incorporate strategies for reducing energy systems arise from energy production as well as from
uncertainty by exhaustively compiling and taking into the components in the value chain. In the case of electricity
account infrastructure asset data and infrastructure interre- infrastructures, this includes power generation, high and
lationships. Infrastructure protection plans also suggest medium voltage transmission, medium and low voltage
approaches for reaching the various stakeholders in the distribution, power marketing and the provision of services
critical infrastructure value chain. to energy consumers (Fig. 2).
Specifying the value chain in electricity infrastructures is
Identification of risks and resources: This step involves the the first step to defining the objectives and policies for secure
creation of an inventory of resources, assets, systems and energy supply. The majority of critical infrastructure assets in
international journal of critical infrastructure protection 6 (2013) 197 –216 199
OECD countries are privately owned. In fact, as much as 80%

of the critical infrastructure may be owned or operated by
private sector entities [11]. In addition to the large-scale
networks, the hundreds of thousands of small nodes and
private networks also require attention. The protection tasks
should be performed to the extent that they are economically
and technically feasible [12]. Some infrastructure assets,
especially those at military installations and other mission-
critical facilities, usually incorporate alternative and autono-
mous power facilities that guarantee backup supply in the
event of power failures. Although this paper explores most of
the stages within the value chain, more emphasis is placed
on electricity transmission and distribution.
2.3. Enterprise resources
The definition of the set of resources possessed by electricity Fig. 2 – Electricity infrastructure value chain.
infrastructure asset owners and operators is required before
risk identification and risk assessment can be performed [13,14].
The resources include the assets and expertise that are essen-
tial to satisfactory operations. In general, these include mate- people, systems and procedures that negatively impact
rial, human, technical and economic resources [15–17]. the infrastructure.
Non-technical threats: These threats induce environmen-
Material resources: Material resources include assets such tal risks, strategic risks and resource allocation risks.
Other non-technical threats are posed by external factors
as installations (e.g., buildings, machinery, transmission
such as natural disasters, socio-political situations, third-
lines, control centers, dispatch centers and generation
party actions, and policies and regulations.
plants) and materials (e.g., primary fuels, nuclear, hybrid,
solar and wind resources).
Human resources: Human resources are essential to any
organization. The resources include the entire labor force – A risk map simplifies the identification of the risk compo-
employees, contractors and third-party workers – involved nents by grouping them into categories (e.g., technical and
in the operation and maintenance of the electricity infra- non-technical). The methodology, which allows for a better
structure. Human resources may be established in hier- representation of the interrelationships among the various
archical levels within an organization. risks, is widely used for threat identification in the electric
Technical resources: Technical resources relate to the set power sector. Some of the popular risk map approaches are:
of auxiliary instruments and tools that are essential to the
construction, operation, maintenance of the infrastructure COSO audit maps: These risk maps [13,14] facilitate the
value chain (e.g., information systems, design plans, monitoring and auditing of risks.
project management know-how and procedures). Holistic schemes: These schemes are specifically adapted
Economic resources: Economic resources include equity (e.g., to project management [9]; however, they do not
cash and shares) and debt (e.g., loans, credit and bonds). categorize risks.
Radar maps: These risk maps are widely used in the
financial sector [21–23]. They are constructed based on
interviews conducted with strategic business managers.
2.4. Threat identification using risk maps
Enterprise risk maps: These risk maps facilitate the
categorization of enterprise risk into the defined risk types
The threat identification step focuses on discovering the
[15,16,18,19].
major types of risk that exist within an infrastructure
[18,19]. It provides qualitative descriptions of all the risks
and their components applicable to the value chain and the
life-cycle of the infrastructure [8]. 2.4.1. Risk categorization
Risk categorization can be performed in several ways. One In general, the risks facing an electric power company may be
approach is to categorize and analyze the technical and non- divided into the following categories [24]:
technical threats [20]. Threats arising from malicious indivi-
duals (involving inherent risks to the operation of the value Compliance: This category includes the risks related to
chain) are different from the threats posed by natural policies, laws, regulations and their economic and social
phenomena. impact to the region in which the infrastructure asset
operates.
Technical threats: These threats induce financial and Assets and finance: This category includes risks arising
operational risks. Other technical threats are caused by from market volatility and the economy that impact the
Fig. 3 – Risk component breakdown structure.
operation and expansion of electricity infrastructures. 2.5. Risk assessment matrices

This category also includes risks associated with debt
collection and the acquisition of funds to cover upgrades In the risk assessment phase, each risk is evaluated by
and expansion of the electricity infrastructure. measuring it against the probability of occurrence and the
Environmental: This category includes risks related to severity of the consequences according to a predefined
regulatory issues and political, social, natural phenomena scale [19]. An effective risk assessment should include the
that impact electricity infrastructure operations. vulnerabilities of the system, the magnitudes and types of
Operational: This category includes the risks that affect threats, and estimates of the consequences. The following
the activities, systems, people and value chain within an sections discuss two broad risk assessment strategies.
electricity infrastructure. They reveal failures in the
execution of activities, lack or absence of procedures,
insufficient human capital, lack of technological and 2.5.1. Qualitative and semi-quantitative assessment
administrative management, etc. strategies
Risk classification may be followed by a qualitative strategy
Finally, documenting the origins of technical and that incorporates the probability of occurrence (likelihood)
non-technical risks can help determine how they are to be and the impact (severity) of each risk according to a descrip-
treated [20]. tive scale [8]. This process takes into account risk indicators
such as the lack of energy supply, equipment failures in the
2.4.2. Establishing risk components network infrastructure and interdependence with other sec-
The risk identification phase of a risk management frame- tors. The “qualitative variables” cannot be measured numeri-
work seeks to determine (to the extent possible) all the events cally; instead, they are assigned “linguistic” values (e.g.,
that affect the resources required to achieve the infrastruc- probability is high, medium or low) [8].
ture operation objectives. A detailed investigation of each risk In general, risk may be computed as
must be conducted to identify its components.
Risk ¼ likelihood severity ð1Þ
Risk component definition ensures a uniform level of
detail, and contributes to the effectiveness and quality of The likelihood (L) is allocated by experts who determine the
risk identification. A risk component breakdown structure most likely outcome of each of the identified risks. It also
(Fig. 3), in which risk scenarios facilitate the definition of risk includes the possibility of occurrence of a vulnerability in the
components, may be used to assist this activity. In particular, system. The severity (S) can be minor when an incident
it supports the logical and systematic identification of risks breach results in a small financial loss. In other cases, the
and their impact on the value chain of an electricity severity can be significant, resulting in a long-term service
infrastructure. outage or perhaps even loss of life.
The risk map and the risk components become part of the Risk matrix elements are organized according to the like-
corporate knowledge base of critical infrastructure asset lihood and severity assigned to each risk. The assessments of
owners and operators. Some risks may affect the value chain likelihood and severity are assigned from five-level scales
as well as infrastructure assets and sub-systems. The that range from 1 to 9 as suggested in [25]. The range assigned
abstraction of a risk map varies from the strategic level to to a scale depends on the infrastructure circumstances,
the operational level depending on the specific situation country situation, company policies and company strategies
being considered. among other criteria.
Table 1 – Likelihood (L) scales for semi-quantitative risk assessment.
Likelihood (L) Remote Unlikely Credible Probable True
Scale 1 3 5 7 9
Frequency One event every One event every One event every One event every One or more events every 1 year
10 years or more 7–10 years 3–7 years 1–3 years
Table 2 – Severity (S) scales for semi-quantitative risk assessment.
Severity Low Moderate Medium High Critical

(S)
Scale 1 3 5 7 9
Economic Losses less than Losses between 1M € Losses between 3M € and Losses between 10M € Losses more than
resources 1M € and 3M € 10M € and 20M € 20M €
Technical No services are No services are No services are affected. Some services are Some services are
resources affected. affected. Enterprise Enterprise information is affected. Enterprise affected. Enterprise
Enterprise information may be lost but can be recovered information is also information is lost
information is somewhat compromised and cannot be
not compromised recovered
compromised
Human No effects on Integrity of Integrity of employees or Integrity of employees Loss of human life
resources employees or employees or stakeholders may be or stakeholders may
stakeholders stakeholders may be temporarily affected, but be permanently
temporarily affected, intervention is required affected. Intervention
but no intervention is for recovery without is strongly required
required for recovery consequences for recovery
Material No effect on Effect on service Effect on service Service operations Service operations
resources service operations is evident. operations is evident. have collapsed. have crashed.
operations. Relationships with Relationships with energy Relationships with Relationships with
Relationships energy consumers consumers are somewhat energy consumers energy consumers
with energy are not affected affected have deteriorated and market
consumers are regulators are
not affected shattered
The scales presented in Tables 1 and 2 take into account Tolerable risks: These risks require actions to be designed
common concepts established by electric utilities in Colombia for purposes of risk management. However, they may
[15–17]. The risk likelihood (L) can be determined based on the have lower priority and can be executed in the medium
number of events that trigger the occurrence of a particular term (valuation rank: 10–27).
risk using the scale presented in Table 1. Table 2 shows the Acceptable risks: These risks are not particularly significant
scale used for severity (S) assessments, which are required to and do not require additional actions to be executed in
produce valuations of the relative importance of the four addition to those that are already implemented (valuation
enterprise resources described in Section 2.3. rank: 1–9).
A risk matrix facilitates the understanding of threat
valuation because it contains values computed using Eq. (1). Considerable expert knowledge underlies the risk matrices
As shown in Fig. 3, It is possible to rank the risks according to that are used to create critical infrastructure protection plans.
the following judgment-based categories: Although, it is difficult to rank terms such as “terrorism” and
“corruption” when performing quantitative risk assessments,
Critical risks: These risks require high priority attention to they can, nevertheless, be evaluated in a convenient manner
reduce their scores. The prioritization of actions must be using Eq. (1).
considered and implemented urgently in order to elim-
inate the threats in the short term (valuation rank: 50–81). 2.5.2. Quantitative assessment techniques
Important risks: These risks require the implementation of The use of quantitative techniques requires deeper mathe-
short-term priority actions due to their high impact on matical and/or statistical understanding of the various vari-
infrastructure operations, despite the fact that their imple- ables involved in risk analysis. In addition to traditional risk
mentation may not require as many resources as those maps and risk matrices, several quantitative approaches
required to attend to critical risks (valuation rank: 28–49). have been developed to perform threat evaluations for
electricity infrastructures. Well-known approaches include Risk disposal, which involves the termination of the
Monte Carlo simulation [26], agent-based simulation and activity that generates the risk or changing the resource
system dynamics [3,27], as well as statistical analysis [28], allocation procedure, among other options.
graph theoretical modeling [29–31] and geographic informa- Risk management, which involves the implementation of
tion systems [32]. Several tools and techniques have been preventive measures that decrease the risk likelihood and/
applied to electricity infrastructures to determine their sus- or protection measures that reduce disturbances to
ceptibility to risks and threats; these include Athena [33], mission-critical systems.
CASCADE [34], CEEESA [35], CIMS [36], COMM-ASPEN [37],
DEW [38], EMCAS [39], FAIT [40], Fort Future [41], GoRAF [42],
MIA [43], modular dynamic modeling [44] and HAZOP meth- 3.1. Interconnected risk maps
odologies [46]. Although risk matrices are widely accepted,
the particular application of graph theory has become a An interconnected risk map is a useful construct for decision
useful methodology for performing quantitative assessments making because it simplifies the perception of risk in an
of electric network vulnerabilities and the interdependencies integrated manner. The approach assists in the discovery and
between the electricity infrastructure and other critical infra- analysis of the various threats to infrastructures, including
structures [29,31,45]. the threats that are the most critical.
The approaches listed above are used for a variety of Fig. 4 shows an interconnected risk map created for the
purposes. Key applications include: electricity infrastructure value chain. The risk map is also
applicable to electricity transmission networks. The risk map
Evaluation of the interdependencies between infrastruc- takes into account the requirements discussed in Section 2.3. It
ture assets (e.g., electricity infrastructure and banking describes the technical and non-technical threats to the infra-
systems). structure of interest. The construction of the risk map requires
Evaluation of the indicators defined for emergency the use of descriptive and analytical instruments to collect data
response (e.g., regions impacted by natural phenomena, from primary and secondary sources at electricity infrastructure
disconnected users, contingency time response, and asset owners and operators (transmission and distribution). The
restoration and evacuation strategies). Delphi method may be used to obtain information from domain
Evaluation of the impact of policies and regulations on experts via open questions and interviews, supplemented with
infrastructure performance. reviews of proprietary information.
Measurement of compliance with infrastructure perfor- The risk map incorporates 21 risks that are classified into
mance indicators. four categories. The risks constitute the basis for the further
Estimation of asset failure probabilities. identification of the risk components in the value chain. Risk
Assessment of the impact of fuel supply on electricity maps can be also applied to entities that are vertically
generation. integrated (i.e., the same entity is involved the generation,
Evaluation of electric power grid stability indicators. transmission, distribution and marketing of electricity).
The information provided by the interconnected risk map
in Fig. 4 considers the likelihood of occurrence (L) and the
Generally, the evaluation guidelines suggested by generic severity of consequences (S) for each risk, including the
proposals such as HAZOP [46], NIPP [1] and Directive 2008/ economic and social aspects. The results are graphically
114/EC [2] provide an objective basis for risk management and represented using the node diameter to express severity
subsequent security decisions. They require qualitative and and the line thickness to express the likelihood. The thick-
quantitative interpretations of concepts provided by domain ness of the link between two nodes indicates the extent of the
experts. Despite their strictness, implementations of the interconnected risk between the nodes.
guidelines are often limited by the need to perform a deep
and comprehensive study of all the nodes, circuits and 3.2. Risk components
electrical network assets, along with market indicators.
In practical terms, organizations that own or operate electricity
infrastructures characterize each risk in terms of components
3. Risk identification and assessment in [19,26]. The 21 major risks presented in the interconnected risk
electricity infrastructures map in Section 3.1 produce more than 142 risk components
classified into four categories (see Appendix A).
Although risk identification processes seek a comprehensive Determining the risk components required analytical–
list of risks and their components, it is not possible to identify descriptive research. Data was collected from experts at
all the risks; in fact, even if this were possible, it would be of electricity infrastructure owners and operators (transmission
little help [24]. After the risks in a critical infrastructure have and distribution) using open questions and interviews, sup-
been identified, it is necessary to conduct a detailed assess- plemented with reviews of proprietary data and technical
ment in order to prioritize actions for decision making. The documentation [15–17,24,47–53].
decisions can be broadly categorized as: Fig. 5 shows the number of risk components associated
with each of the 21 risks along with a summary of the risk
Risk acceptance, which means that no measures are taken categorization. Note the existence of technical and non-
to mitigate the risk. technical threats. However, some risks arise from both types
Fig. 4 – Interconnected risk map for a Colombian electricity infrastructure.
of threats (e.g., risks related to vulnerabilities in the supply The case study involving a Colombian electricity infra-
chain and those related to non-compliance of electricity structure is used to demonstrate the prioritization of actions
supply indicators). in order to mitigate risks. This step requires clear and
In order to validate that the risk components are deter- consistent information about the nature of the threats and
mined accurately, it is necessary to examine how they affect the strategies for mitigating the threats.
the electricity infrastructure value chain, as shown in Fig. 6.
Note that a risk component can affect all the stages in the
value chain (i.e., technical perturbations in the system). 3.3.1. Risk component assessment
Most risk components that affect the value chain belong to An evaluation of the interconnected risk map must consider
the category of environmental and operational risks. Electricity all four enterprise resources (material, human, technical and
generation, transmission and distribution sub-systems have economic). When processing the data for each enterprise
greater exposure to risk components because they have large resource, a particular risk i with n risk components is
numbers of assets, greater geographical coverage and more evaluated using the equation:
!
interrelationships with other social and economic systems. 1
ðRiskÞi ¼ ∑ ðLikelihood SeverityÞn ð2Þ
n nAi
i
3.3. Semi-quantitative risk assessment The average evaluation of each risk component after using
expert knowledge and judgment is presented in Appendix A.
Identifying threats using interconnected risk maps is applic- A risk matrix is then constructed for each resource (as shown
able to the entire electricity infrastructure value chain, in Fig. 4) by plotting the likelihood of each risk valuation on the
primarily due to their simplicity and their adaptability to horizontal axis and its severity on the vertical axis. The scales
different processes. The assessment may be performed using provided in Tables 1 and 2 are used for the risk matrix axes.
risk matrices, which is a commonly-used technique because We illustrate the risk assessment calculations using Table 3,
it allows for the use of expert knowledge and judgment. in which the analysis of Risk 1 (non-payable billing extension –
Furthermore, the technique can be used to quickly perform overdue) uses expert judgment for each enterprise resource.
semi-quantitative assessments and it is easily combined with Table 3 shows that Risk 1 has an average score of 7.1 and is,
other methodologies. therefore, categorized as an “acceptable risk.” Similar
Fig. 5 – Risk components in an electricity infrastructure.
Fig. 6 – Risk components affecting the electricity infrastructure value chain.
calculations are performed for the other identified risks in the each enterprise resource in the risk matrix: acceptable range
interconnected risk map shown in Fig. 4. (green) for material, human and technical resources, and
Fig. 7 shows the score ranges of the risks identified in tolerable range (yellow) for economic resources.
Section 3.1 according to the rating scales. In case of Risk 1 Fig. 7 helps discern the risks that may demand short-term
(analyzed in Table 3), it is possible to estimate the location of prioritization of actions; these risks are rated as important
Table 3 – Semi-quantitative assessments for the components of Risk 1.
Risk components Material Human Technical Economic Risk

resources resources resources resources average
Non-payment and non-performing loan recovery from agents who L¼ 1; L¼1; L ¼1; L¼ 5; 9.5
use the transmission grid network S¼ 1; S¼ 1; S ¼1; S¼ 7;
Risk ¼1 Risk¼ 1 Risk¼ 1 Risk ¼35
Non-payment and non-performing loan recovery for service L¼ 1; L¼1; L ¼1; L¼ 5; 9.5
connections to the electricity infrastructure (transmission) S¼ 1; S¼ 1; S ¼1; S¼ 7;
Non-payment and non-performing loan recovery for associated L¼ 1; L¼1; L ¼1; L¼ 5; 9.5
services and for non-operational services and facilities S¼ 1; S¼ 1; S ¼1; S¼ 7;
Credit risk: lack of compliance by third parties with financial L¼ 1; L¼1; L ¼1; L¼ 3; 3.5
obligations S¼ 3; S¼ 1; S ¼1; S¼ 3;
High prices in regulated tariffs (transmission, distribution) or L¼ 1; L¼1; L ¼1; L¼ 3; 3.5

marketing S¼ 3; S¼ 1; S ¼1; S¼ 3;
Fig. 7 – Semi-quantitative risk maps for enterprise resources. (For interpretation of the references to color in this figure, the
reader is referred to the web version of this article.)
(orange) or critical (red). Special attention should focus on using Eq. (2) with the associated values, acceptable, tolerable,
Risk 8 (Terrorism and vandalism), which is rated as important important and critical.
with respect to material, technical and economic resources 3.3.2. Risk matrix calculation
and critical with respect to human resources. A semi-quantitative assessment of each risk i is obtained by
Appendix A contains the results of averaging the expert averaging the judgments for each enterprise resource over all
judgments for the entire set of risk components obtained n risk components:
Table 4 – Semi-quantitative assessments of the risks in the interconnected risk map.
No Description of risk Risk Judgment
1 Non-payable billing extension (overdue) 7.1 Acceptable

2 Insufficient financing 4.4 Acceptable
3 Regulatory changes, political and legal processes 4.8 Acceptable
4 Changes in national public policy 12.0 Tolerable
5 Adverse weather conditions 19.1 Tolerable
6 Adverse natural phenomena 36.0 Important
7 Misunderstanding and opposition of the population 18.1 Tolerable
8 Terrorism and vandalism 50.0 Critical
9 Volatility of macroeconomic variables 18.3 Tolerable
10 Corruption, fraud, mismanagement 34.4 Important
11 Gaps in information and knowledge management 24.3 Tolerable
12 Growth challenges of the infrastructure system 6.0 Acceptable
13 Human or procedural failures 35.9 Important
14 Failures of equipment, materials and hardware 20.1 Tolerable
15 Inadequate manpower education and training 27.2 Tolerable
16 Technical disturbances in power grid and generation plants 34.6 Important
17 Vulnerability of ICT systems 33.9 Important
18 Non-compliance or low quality of electricity supply indicators 33.5 Important
19 Reputation and public image 8.3 Acceptable
20 Deficiencies of suppliers and subcontractors 29.4 Important
21 Vulnerability of the supply chain 33.5 Important

1 Risk 10 (Corruption, fraud and mismanagement) also
ðRiskÞi ¼ ∑ ðL S Þ ð3Þ
4 Resources i i n emerges as an important risk, especially due to the financial
impact on electricity infrastructure asset owners and opera-
where Li is the likelihood of occurrence of risk i, Si is the
tors. This is because resources are drawn away from infra-
severity of consequences, and Resources include the material,
structure assets, which ultimately impacts infrastructure
human, technical and economic resources. Table 4 shows the
performance. Special attention should also be given to Risk
assessments of the risks identified in the interconnected risk
13 (Human or procedural failures), which is a big concern to
map of Fig. 4.
electricity infrastructure asset owners and operators.
Risk 17 (Vulnerability of ICT systems) is related to manage-
ment technologies, supervisory control systems and data
3.3.3. Risk chart representation
acquisition (SCADA) systems, power transmission and dis-
A better understanding of risk assessment can be provided by
tribution control systems, programmable logic controllers
introducing a representation of risk matrices that includes
(PLCs), etc., which are interconnected through networks and
semi-quantitative results. A practical method is to associate
accessible remotely and are, therefore, exposed to viruses,
the judgment of each risk as a distinct color in a radar chart
malware and computer attacks.
[54], which we call a “risk chart.” Fig. 8 shows how the risk
Given the amount of organizational resources devoted to
assessments of the items identified in the interconnected risk
planning, execution and maintenance of the components and
map may be visualized. The values in Table 4 are indicated in
physical assets, technical risks such as Risk 16 (Technical
the scale of the risk chart. The risks that are scored as
important or critical are placed in the orange or red regions, disturbances in power grid and generation plants) and Risk 14
respectively, while tolerable and acceptable risks are located in (Failures of equipment, materials and hardware) should have
yellow or green regions, respectively. As noted in Section 1, high scores because they are associated with unexpected
semi-quantitative assessments of risk are of great importance blackouts. However, Risk 14 is rated as “tolerable” because
to electricity distribution and transmission infrastructures. some electrical system components have very low failure
Fig. 8 indicates that the most important item relates to rates; this is common for assets that have no moving parts
Risk 8 (Terrorism and vandalism). This means that electricity such as lightning arresters, instrument transformers, reactors
networks have become targets because successful attacks can and capacitors. On the other hand, Risk 18 (Non-compliance
compromise the security of the energy supply, which impacts or low quality of electricity supply indicators) is important
homeland security, the national economy and the daily lives because it could lead to political and social consequences in a
of citizens. Risk 6 (Adverse natural phenomena) is also a region or country.
concern, requiring preparation against the possible destruc- Risk 21 (Vulnerability of the supply chain) focuses on
tion of infrastructures (or assets) by floods, earthquakes, energy supply to electricity generation plants (e.g., natural
avalanches, all of which would impact energy supply. These gas, fuel and coal, as well as industrial operations related to
risks and others have such a significant impact on national nuclear plants). Governments and energy companies attempt
security and society that they have contributed to the devel- to manage this risk by designating uninterrupted energy
opment and implementation of national infrastructure supply as an important policy goal. Interested readers are
protection plans. referred to Appendix A for additional information about the
1 Non-payable billing …
21 Vulnerability of the… 2 Insufficient financing
20 Deficiencies of…
19 Reputation and… 4 Changes in national…
18 Non-compliance or … 5 Adverse weather…
17 Vulnerability of ICT… 6 Adverse natural…

0
16 Technical… 7 Misunderstanding…
8 Terrorism and…
14 Failures of… 9 Volatility of…
10 Corruption, fraud,…
12 Growth challenges…
Fig. 8 – Visualization of the 21 risks. (For interpretation of the references to color in this figure, the reader is referred to the web
version of this article.)
1
139141 3 5 7
135137 9
133 60 11
131 13
129 15
127 17
125 19
123 21
40
121 23
119 25
117 27
115 20
29
113 31
111 33
109 35
107 0 37
105 39
103 41
101 43
99 45
97 47
95 49
93 51
91 53
89 55
87 57
85 59
83 61
81 79 63
77 75 73 71 69 67 65
OPERATIONAL ENVIRONMENTAL COMPLIANCE OF INDICATORS ASSETS & FINANCING
Fig. 9 – Radar chart created for the critical and important risk components. (For interpretation of the references to color in this
figure, the reader is referred to the web version of this article.)
risk components related to the generation phase in the (Risk 19) and misunderstanding and opposition of the popula-
electricity infrastructure value chain. tion (Risk 7). A properly implemented risk management frame-
The risks rated as tolerable or acceptable are usually less work should be able to control and manage these threats.
noticeable and may overcome difficulties arising from social
opposition, which can significantly impact the execution of 3.3.4. Risk component chart
planned infrastructure projects. They are associated with The identification of vulnerabilities in an electricity (or other)
national policy and regulations (Risks 3 and 4), infrastructure infrastructure is carried out through a detailed analysis of the
growth challenges (Risk 12), loss of reputation and public image risk components shown in Appendix A. Fig. 9 presents the
Table A1
Notation
NT Non-technical risk type
T Technical risk type
AF Assets and financing risk category
EN Environmental risk category
OP Operational risk category
CI Compliance of indicators risk category
++ Critical risk
+ Important risk
− Tolerable risk
−− Acceptable risk
No. Type Category Risk Risk Component Score Range

Non-payment and non-performing loan recovery
1 NT AF
1 - Non-payable billing
extension (overdue)
from agents who use the transmission grid 9.5 --
network
2 NT AF
extension (overdue)
for service connections to the electricity 9.5 --
infrastructure (transmission)
3 NT AF
extension (overdue)
for associated services and for non-operational 9.5 --
services and facilities
4 NT AF
extend (overdue)
Credit risk: Lack of compliance by third parties
to financial obligations
3.5 --
5 NT AF
extension (overdue)
High prices in regulated tariffs (transmission,
distribution) or marketing
3.5 --
6 NT AF 2 - Insufficient financing
Rising expected conditions to achieve financial
resources
9.5 --
Impossibility of achieving timely financial
resources
6.0 --
Contractual commitments that limit or hinder the
achievement of new debt
6.0 --
Complexity, delay and heterogeneity of business
9 NT AF 2 - Insufficient financing processes (internal or external) for approving and 6.0 --
obtaining financial resources
Market risk associated with arrangements in the
energy pool market
3.0 --
Market risks associated with variations in
currency conversion rates
3.0 --
Market risks associated with variations in interest
rates and debt renewal
3.0 --
13 NT AF 2 - Insufficient financing Untimely payment of taxes and contributions 3.0 --
Less market share (transactions and contracts) in
the energy pool market
3.0 --
Inadequate budget projections and cash flows in
the short, medium and long terms
1.5 --
Increased competition and market strategies
16 NT AF 2 - Insufficient financing among agents in the chain value (generation, 4.5 --
transmission, distribution, marketing)
Expected return is less than the cost of capital
employed
4.5 --
Changes or gaps in regulation policies that
3 - Regulatory changes,
18 NT EN political and legal
increase the requirements regarding quality,
safety and reliability levels in the provision of
4.5 --
processes
energy transport services
Table A1 – (continued)

19 NT EN political and legal Changes in rules and case law (legal uncertainty) 4.5 --
processes
Differences of opinion and interpretation of rules
between administrative and judicial authorities
4.5 --
processes
3 - Regulatory changes, Changes or gaps in regulations that affect
21 NT EN political and legal revenue or expenses associated with energy 4.5 --
processes transport businesses
3 - Regulatory changes, Improper application of rules or improper
22 NT EN political and legal evaluation of evidence by administrative or 4.5 --
processes judicial authorities
23 NT EN political and legal process
Reduction or loss of compensation tariffs for
reliability and subsidies
3.0 --
in infrastructure systems
3 - Regulatory changes, Regulations are inconsistent with the
24 NT EN political and legal technological realities in generation plants 5.0 --
processes (thermal, hydroelectric, wind, nuclear, solar, etc.)
Partial or total failure and/or increased
environmental regulation requirements
7.5 --
processes
26 NT EN
4 - Changes in national
public policy
Expropriation, confiscation or nationalization of
company assets
13.3 --
27 NT EN
public policy
Restrictions on currency conversion and transfer 13.3 --
28 NT EN
public policy
Restrictions on foreign investment in a particular
country
13.3 --
Failure of the governments of the contractually
29 NT EN
public policy
agreed obligations with electricity infrastructure 8.3 --
owners and operators
30 NT EN
5 - Adverse weather
conditions
Ice storms and/or snow 6.0 --
31 NT EN
5 - Adverse weather
conditions
Wind gusts 25.0 -
32 NT EN
5 - Adverse weather
conditions
Environmental pollution 11.0 -
33 NT EN
5 - Adverse weather
conditions
Excess salinity 11.5 -
34 NT EN
5 - Adverse weather
conditions
Cold waves 1.5 --
35 NT EN
5 - Adverse weather
conditions
Heat waves 18.8 -
36 NT EN
5 - Adverse weather
conditions
Solar radiation 18.8 -
37 NT EN
5 - Adverse weather
conditions
Strong storms 35.0 +
38 NT EN
5 - Adverse weather
conditions
Lightning 44.0 +
39 NT EN
6 - Adverse natural
phenomena
Earthquakes 31.3 +
40 NT EN
6 - Adverse natural
phenomena
Landslides 49.0 +
41 NT EN
6 - Adverse natural
phenomena
Avalanches or sudden rises of river levels 64.8 ++
42 NT EN
6 - Adverse natural
phenomena
Flood or flooding 64.8 ++
43 NT EN
6 - Adverse natural
phenomena
Volcanic eruptions 14.3 -
44 NT EN
6 - Adverse natural
phenomena
Forest fires 37.0 +
45 NT EN
6 - Adverse natural
phenomena
Solar magnetic disturbances 2.0 --
46 NT EN
6 - Adverse natural
phenomena
Vegetation protruding into easement area of the
electricity infrastructure
25.0 +

7 - Misunderstanding and
47 NT EN opposition of the
Peaceful demonstrations, marches or work
stoppages
7.5 --
population
48 NT EN opposition of the Riots 25.0 +
population
49 NT EN opposition of the Lockdowns or peaceful occupation of facilities 31.3 +
population
Theft, damage or sabotage of property or
equipment
27.5 +
population
51 NT EN opposition of the Invasion of easements for socioeconomic reasons 27.5 +
population
52 NT EN opposition of the Conflict with landowners in easement areas 4.5 --
population
7 - Misunderstanding and Rejection by the community of normal
53 NT EN opposition of the development of activities related to infrastructure 17.5 -
population operation
Deinstitutionalization of the local state
authorities
15.0 -
population
Transmission line rights of way shared with other
key infrastructures
27.5 +
population
Opposition to the development of electricity
infrastructure networks
9.5 -
population
57 NT EN
8 - Terrorism and
vandalism
Armed attacks or seizure of facilities, including
generation plants
6.0 --
58 NT EN
8 - Terrorism and
vandalism
Attacks on the electricity transmission
infrastructure
60.0 ++
59 NT EN
8 - Terrorism and
vandalism
Kidnapping of employees and collaborators 62.5 ++
60 NT EN
8 - Terrorism and
vandalism
Minefields 55.0 ++
61 NT EN
8 - Terrorism and
vandalism
Extortion 62.5 ++
62 NT EN
8 - Terrorism and
vandalism
Lockdowns or armed strikes 55.0 ++
63 NT EN
8 - Terrorism and
vandalism
Crossfire 34.5 +
64 NT EN
8 - Terrorism and
vandalism
Armed attacks on transmission towers,
substations and generation facilities
55.0 ++
65 NT EN
8 - Terrorism and
vandalism
Easements or land invasion of forced
displacement
29.0 +
66 NT EN
8 - Terrorism and
vandalism
Assault 62.5 ++
67 NT EN
8 - Terrorism and
vandalism
Illicit crops that constrain access to infrastructure
assets
17.5 -
Actions by contractors outside the law or
68 NT EN
8 - Terrorism and
vandalism
contrary to the interests of the infrastructure 40.0 +
owner or operator
69 NT EN
8 - Terrorism and
vandalism
Armed attacks (including thrown explosives) 40.0 +
Adverse movements in price indices that affect
70 T/ NT EN
9 - Volatility of
macroeconomic variables
the revenue or the costs of infrastructure
operation, currency conversions that affect
18.3 --
income statements and cash flow
71 T/ NT EN
9 - Volatility of
Adverse movements in interest rates that affect
local and international debt costs
18.3 --
72 T/ NT EN
9 - Volatility of
Volatility of commodity prices that affect the
profitability of projects or operating costs
18.3 --

73 NT OP
10 - Corruption, fraud,
mismanagement
Forgery or manipulation of information 37.8 +
Deviation of resources, includes misuse of
company property, misappropriation of funds,
74 NT OP
mismanagement
payments to suppliers, phantom double 32.8 +
payments, handling of cash surpluses,
misappropriation of company funds, etc.
Corruption, in the form of bribes, gratuities,
extortion and collusion for purposes such as
access to confidential information, procurement,
75 NT OP
mismanagement
testing or fault handling, legal and administrative 32.5 +
processes; includes clear conflicts of interest
involving employees or managers, and money
laundering
Theft or damage to tangible assets (equipment,
76 NT OP
mismanagement
cash, inventory, etc.) or intangible (intellectual
property, know-how, best practices, information,
38.8 +
etc.)
Crimes involving information systems such as
inappropriate use of computer tools to cause loss
77 NT OP
mismanagement
or destruction of data, affecting the integrity, 15.0 -
availability and confidentiality of information
(viruses, hacking, phishing, etc.)
Incorrect or unfavorable contract management
78 NT OP
mismanagement
decisions that lead to economic losses, image, 49.8 +
penalties or local control requirements
11 - Gaps in information
79 NT OP and knowledge
Inadequate identification and classification of
information
15.0 -
management
Gaps in knowledge management at the
organizational level
31.0 +
management
11 - Gaps in information Inadequate definition and implementation of
81 NT OP and knowledge security authorizations for the use of information 23.5 -
management and organizational knowledge
Ignorance or lack of mechanisms for the proper
handling of information
18.5 -
management
11 - Gaps in information Impairment or obsolescence of components,
83 NT OP and knowledge services and security infrastructure associated 10.0 --
management with the information life-cycle
Misuse of privileged information and knowledge
of the organization
29.3 +
management
No information is available for studies and
analysis with the requisite accuracy; can lead to
under or overvaluation of technical
26.0 -
management
specifications, errors in design, etc.
High administrative costs due to the absence of
comprehensive risk management
41.3 +
management
12 - Growth challenges Inability of the operational, financial or
87 T AF of the infrastructure administrative authority to deal with or support 6.0 --
system growth
12 - Growth challenges Growth without value or not aligned with a
88 T AF of the infrastructure strategy that commits resources and limits 6.0 --
system participation in other important activities
Decisions or actions of third parties (partners,
12 - Growth challenges
89 T AF of the infrastructure
bankers or other advisors) that hinder the
implementation of the strategy or adversely
6.0 --
system
affect the execution of business plans
90 T OP
13 - Human or procedural
failures
Lack or failures in the definitions of procedures 55.0 ++
Errors and omissions, including non-compliance
91 T OP
failures
with the requirements for quality assurance 37.5 +
procedures and processes

92 T OP
failures
Poor design of operating procedures,
maintenance or assembly
42.8 +
93 T OP
failures
Accidents during maintenance or project
implementation
15.8 -
94 T OP
failures
Poor operational management 38.8 +
14 - Failures of
95 T OP equipment, materials and
Inadequate management of accounting standards,
taxation, customs, currency and financial
25.8 -
hardware
14 - Failures of
Sudden or unexpected accidental damage,
including damage to IT hardware
18.5 -
hardware
Obsolescence, loss of the operating
14 - Failures of characteristics of equipment, systems or
97 T OP equipment, materials and materials that make them unsuitable for the tasks 6.0 --
hardware at hand (including inadequate or inappropriate
technological solutions)
14 - Failures of
98 T OP equipment, materials and No hidden defects notified by the manufacturer 19.0 -
hardware
14 - Failures of
99 T OP equipment, materials and Fire 37.0 +
hardware
14 - Failures of
Machinery breakdown and poor endurance of
civil construction
42.5 +
hardware
14 - Failures of
101 T OP equipment, materials and Design errors 9.0 --
hardware
14 - Failures of
Location of primary energy equipment and
backup equipment reliability and electrical safety
9.0 --
hardware
Poor management in developing human
15 - Inadequate
103 T OP manpower education and
resources, includes improper employee retention
practices, performance management, planning
32.0 +
training
and training
15 - Inadequate Missing, inappropriate or inadequate decision-
104 T OP manpower education and making related to human resources; tasks 37.5 +
training executed by untrained people
15 - Inadequate
105 T OP manpower education and Loss of manpower or retirement of key personnel 30.0 +
training
15 - Inadequate
Inadequate management of skills, experience and
knowledge of workers
37.5 +
training
15 - Inadequate
107 T OP manpower education and Legal restrictions on disengagement processes 1.8 --
training
15 - Inadequate
Demoralized staff, poor teamwork and corporate
commitment
24.3 -
training
16 - Technical
109 T OP disturbances in power Impaired infrastructure (e.g., shaft vibration) 22.5 -
grid and generation plants
16 - Technical
110 T OP disturbances in power
Failure to provide ancillary services in a plant or
facility
62.8 ++
16 - Technical
Interruption in the supply of energy and primary
fuels
62.8 ++
Hazards to operating personnel; during critical
16 - Technical
conditions, the amount of work to be done is
much more than can be performed by the
24.0 -
available employees

16 - Technical
113 T OP disturbances in power Control personnel are not be available 24.0 -
16 - Technical
Inadequate incorporation of new generation
plants and new production facilities
18.0 -
16 - Technical
115 T OP disturbances in power Obsolete technology in power plants 28.5 +
16 - Technical
116 T OP disturbances in power Computer attacks on the control center 38.8 +
117 T OP
17 - Vulnerability of ICT
systems
Loss of computer system data 38.8 +
118 T OP
systems
Confidentiality and integrity of information are
compromised
38.8 +
Non-availability of ICT systems
119 T OP
systems
(telecommunications, Internet, intranets, SCADA 26.5 -
systems, etc.)
Deficiency in the telecommunications
120 T OP
systems
infrastructure (border routers, intranets, Internet, 26.5 -
extranets, SCADA systems, etc.)
18 - Non-compliance or Balance between generation and demand, which
121 T/ NT CI low quality of electricity can lead to imbalances in other parts of the 32.5 +
supply indicators system causing cascading phenomena
18 - Non-compliance or
122 T/ NT CI low quality of electricity
Difficulties in controlling the release of
renewable electricity
20.5 -
supply indicators
18 - Non-compliance or Risk of failure in power plants; the loss of one or
123 T/ NT CI low quality of electricity more generators results in a greater or lesser 34.0 +
supply indicators impact throughout the network
124 T/ NT CI low quality of electricity Operating conditions or faults within a plant 40.3 +
supply indicators
Operational failures in the power grid due to
125 T/ NT CI low quality of electricity
primary regulation, secondary regulation,
tertiary regulation, or voltage control at the
40.3 +
supply indicators
power grid
126 T/ NT CI
19 - Reputation and
public image
Improper conduct or omissions by internal staff
or external agents
8.3 --
127 T/ NT CI
19 - Reputation and
public image
Leadership owns and operates the infrastructure
asset
8.3 --
Performance outside the corporate governance
128 T/ NT CI
19 - Reputation and
public image
model; non-implementation of directives,
guidelines and practices defined in business
8.3 --
models and government requirements
Deficiencies in the procurement process,
including gaps in information requirements,
20 - Deficiencies of
129 T/ NT EN suppliers and
inaccuracies in defining the scope of contracts,
delays in the internal process of recruitment, lack
42.5 +
subcontractors
of clarity of the grounds for termination, failure
or deficiency in monitoring supplier performance
Untimely payment of contractual obligations
with suppliers and subcontractors
32.5 +
subcontractors
Breach of agreements (e.g., delays in delivering
documentation to start a project)
13.3 --
subcontractors
Failures in the supply chain (e.g., technical
132 NT EN
21 - Vulnerability of the
supply chain
inability, financial or administrative action of a
provider that impede or impact the operation of
59.5 ++
the infrastructure system)
133 NT EN
supply chain
Deficiencies in the supply of natural gas to
operate power plants
31.5 +

134 NT EN
supply chain
Deficiencies in the supply of coal to operate
power plants
31.5 +
135 NT EN
supply chain
Deficiencies in the supply of petroleum and
petroleum products to power generation plants
31.5 +
136 NT EN
supply chain
Deficiencies in the treatment and rework required
in nuclear power plants
12.0 -
137 NT EN
supply chain
Divergent trends in oil prices (including fuel oil
and diesel)
22.3 -
138 NT EN
supply chain
Divergent trends in natural gas prices 22.3 -
139 NT EN
supply chain
Lack of infrastructure, dual fuels in power plants 52.8 +
140 NT EN
supply chain
Reduction of generation capacity due to a fuel
supply failure
35.3 +
141 NT EN
supply chain
Reduction of generation capacity due to the
inability to operate hydroelectric plants
35.3 +
142 NT EN
supply chain
Reduction of generation capacity due to adverse
conditions with regard to renewable resources
35.3 +
assessment results using a radar chart, in which critical and Conducting a risk map based assessment enhances the
important risk components are placed in red and orange detection of vulnerabilities in organizations and infrastruc-
colored bands, respectively. ture systems, and facilitates the planning and implementa-
Fig. 9 shows the average rating of the risk components tion of risk mitigation activities. While the approach has been
according to their categories. The ratings are provided for a presented in the context of an electricity infrastructure, it is,
total of 142 risk components obtained from the 21 risks of course, very useful for assessing and managing risks across
identified in an electricity infrastructure (see Appendix A). the various critical infrastructure sectors.
Thirteen risks components are classified as critical (three
operational risks and ten environmental risks). A total of 49
risks are rated as important (21 operational, 24 environmen- 4. Conclusions
tal and four related to compliance of indicators). Thirty risk
components are assessed as tolerable and 50 risk compo- The proposed methodology for risk identification and risk
nents as acceptable. Note that the environmental and opera- assessment in the electricity infrastructure value chain greatly
tional risk categories have major effects on infrastructure enhances risk management efforts and electricity infrastructure
throughput (rated as critical and important), whereas the risk protection plans. The methodology is generic enough to be used
components in the assets and financing category have the by a wide variety of critical infrastructure assets.
least effect on throughput (rated as acceptable risks). Interconnected risk maps are an effective tool for risk
The risk component chart shown in Fig. 9 allows deeper management efforts. The focus has been on the identification
study of the nature of the risk components. Since the and assessment of risks arising from technical and non-
valuation was performed by Colombian companies, some of technical threats against electricity infrastructures; the
them with recorded attacks to their infrastructures, many accompanying risk classification strategy involves the break-
risk components rated as critical understandably relate to down of risks into risk components. The case study involving
terrorism and vandalism (Risk Components 58, 59, 60, 61, 62, a Colombian electricity infrastructure has identified 21 inter-
64, 68). Natural phenomena are also of great concern (Risk dependent risks and 142 risk components. The classification
Components 40, 41, 42) due to the potential destruction and considers the nature and the effects of risks, categorizing
non-availability of key assets. them as operational risks, environmental risks, assets and
Operational risks related to operations, procedures, main- financing risks, and quality compliance risks.
tenance, quality indicators (including secondary and tertiary Having identified the risks and their components, semi-
regulation procedures) as well as asset management in the quantitative ratings of the risks and risk components can be made
electricity infrastructure are (predictably) rated as the most by relying on subjective assessments, analyst opinions, and the
important risks (Risk Components 94, 100, 111, 112). specific circumstances of the electricity infrastructure, as demon-
It is important to note the potential impact of some strated by the Colombian case study. The assessment results are
administrative risks, such as corruption and interference useful for prioritizing actions in order to contain the threats and to
from third parties, on organizational performance (Risk Com- monitor the effectiveness of countermeasures (especially for the
ponents 78, 86, 129). This type of risk is a concern to risks that are classified as critical and important).
managers because of the impact that the risk components An interesting observation regarding the semi-quantitative
may have on project realization; these manifest themselves risk assessment results is that a large number of risk compo-
in terms of lower (corporate) financial performance, and nents are rated as acceptable; their effects on the electricity
inadequate infrastructure operations and maintenance. infrastructure value chain are less significant than the relatively
few risks that are rated as critical. For example, although there [11] J. Arroyo, N. Alguacil, X. Carrio, A risk-based approach for
are many risk components in the risk category of assets and transmission network expansion planning under deliberate
financing, their impact is much less than that of the risks outages, IEEE Transactions on Power Systems 25 (3) (2010)
1759–1766.
categorized as operational. Indeed, the risk assessment reveals
[12] P. Curtis, Maintaining Mission Critical Systems in a 24/7
that the operational and environmental risks, although rela-
Environment, John Wiley and Sons, Hoboken, New Jersey, 2011.
tively few in number, have a greater impact on the electricity [13] Committee of Sponsoring Organizations of the Treadway
infrastructure value chain. Commission, Enterprise Risk Management – Integrated
The risk assessment also shows that the most susceptible Framework, Chicago, Illinois, 2004, 〈http://www.coso.org/
electrical sub-systems are generation, transmission and dis- documents/coso_erm_executivesummary.pdf/〉.
tribution, which are also the most important systems and [14] Enterprise Risk Management Initiative: Strengthening
have extensive geographic coverage. Enterprise Risk Management for Strategic Advantage,
Raleigh, North Carolina, 2010, 〈http://www.poole.ncsu.edu/
In summary, the primary contribution of the paper in a
erm/index.php/articles/entry/coso-strengthening-erm/〉.
powerful and intuitively appealing methodology for risk identi- [15] Interconexión Eléctrica, Política para la gestión integral de
fication and risk identification that leverages interconnected riesgos de grupo empresarial ISA, Medellín, Colombia (bit.ly/
risk maps. While the methodology has been presented in the KTY8Et), 2012.
context of an electricity infrastructure, it is, of course, very [16] ISAGEN, Mapa de Riesgos Empresa Generadora ISAGEN,
useful for assessing and managing risks across the various Medellín, Colombia, 2012, 〈http://www.isagen.com.co/
critical infrastructure sectors. Moreover, the paper itself serves comunicados/Inventario_de_Riesgos.pdf/〉.
[17] XM, Mapa de Riesgos Expertos en Mercados, Medellín
as a useful reference for security planners and policy makers.
(Colombia), Medellín, Colombia, 2012, 〈http://www.xm.com.
co/Pages/MapadeRiesgos.aspx/〉.
[18] ICONTEC, Norma Técnica Colombiana 5254 para la Gestión
Appendix A. Risk components in electricity de Riesgos, Bogotá, Colombia, 2004.
[19] Standards Australia and Standards New Zealand, Risk
infrastructures
Management, AS/NZS 4360:2004, Sydney, Australia and
Wellington, New Zealand, 2004.
See Table A1. [20] J. Yusta, Amenazas a la Seguridad del Suministro Energético
Español, Inteligencia y Seguridad Revista de Análisis y
r e f e r e n c e s Prospectiva 6 (2009) 223–251.
[21] World Economic Forum, Global Risks 2012, Seventh edition,
Cologny, Geneva, Switzerland, 2012, 〈http://www3.weforum.
org/docs/WEF_GlobalRisks_Report_2012.pdf/〉.
[1] U.S. Department of Homeland Security, National Infra-
[22] Ernst & Young, The EY Business Risk Report: Snapshot of the
structure Protection Plan, Washington, DC, 2009.
10 Biggest Risks for Business, London, United Kingdom (bit.
[2] Council of the European Union, On the identification and
ly/17cgrwy), 2011.
designation of European critical infrastructures and the
[23] Aon, Global Enterprise Risk Management Survey 2010,
assessment of the need to improve their protection, Council
London, United Kingdom, 2010 (insight.aon.com/?
Directive 2008/114/EC, Official Journal of the European Union,
L 345/75, 2008. elqPURLPage ¼4889).
[3] J. Yusta, G. Correa, R. Lacal-Arántegui, Methodologies and [24] B. López, D. Arboleda, Integración del manejo de riesgo e
applications for critical infrastructure protection: State-of- incertidumbre en la planeación financiera de empresas de
the-art, Energy Policy 39 (10) (2011) 6100–6119. transmisión de energía, Revista CIER 54 (2010) 80–88.
[4] Commission of the European Communities, Green Paper on a [25] T. Saaty, How to make a decision: the analytic hierarchy
European Programme for Critical Infrastructure Protection, process, European Journal of Operational Research 48 (1)
COM(2005) 576 Final, Brussels, Belgium, November 17, 2005. (1990) 9–26.
[5] U.S. Department of Homeland Security, Government [26] J.P. Morgan/Reuters, Risk Metrics, Technical Document, New
Facilities: Critical Infrastructure and Key Resources Sector- York (bit.ly/17cgDMf), 1999.
Specific Plan as Input to the National Infrastructure [27] P. Pederson, D. Dudenhoeffer, S. Hartley, M. Permann,
Protection Plan, Washington, DC, 2007. Critical Infrastructure Interdependency Modeling: A Survey
[6] G. Bush, Homeland Security Presidential Directive 7: Critical of U.S. and International Research, INL/EXT-06-11464, Idaho
Infrastructure Identification, Prioritization and Protection, National Laboratory, Idaho Falls, Idaho, 2006.
The White House, Washington, DC, 2003. [28] A. Holmgren, S. Molin, Using disturbance data to assess
[7] U.S. Department of Energy, Energy Infrastructure Risk vulnerabilities of electric power delivery systems,
Management Checklists for Small and Medium Sized International Journal of Infrastructure Systems 12 (4) (2006)
Energy Facilities, Washington, DC, 2002. 243–251.
[8] A. Harnser Group, Reference Security Management Plan for [29] G. Correa, J. Yusta, Grid vulnerability analysis based on scale-
Energy Infrastructure, Prepared for the European free graphs versus power flow models, Electric Power
Commission, Norwich, United Kingdom, 2011. Systems Research 101 (2013) 71–79.
[9] Project Management Institute, A Guide to the Project [30] A. Holmgren, Quantitative vulnerability analysis of electric
Management Body of Knowledge (PMBOK Guide), Newtown power networks, Department of Transport and Economics,
Square, Pennsylvania, 2008. Royal Institute of Technology, Stockholm, Sweden, 2006
[10] E. Pruyt, D. Wijnmalen, National risk assessment in The (Doctoral thesis).
Netherlands – a multi-criteria decision analysis approach, in: [31] J. Johansson, Risk and vulnerability analysis of
M. Ehrgott, B. Naujoks, T. Stewart, J. Wallenius (Eds.), interdependent technical infrastructures: addressing socio-
Multiple Criteria Decision Making for Sustainable Energy and technical systems, Department of Measurement Technology
Transportation Systems, Springer Physica-Verlag, Berlin, and Industrial Electrical Engineering, University of Lund,
Heidelberg, Germany, 2010, pp. 133–143. Lund, Sweden, 2010 (Doctoral thesis).
[32] M. Peggion, A. Bernardini, M. Masera, Geographic [43] MIA Project, MIA: Methodology for Interdependence
Information Systems and Risk Assessment, JRC42503, Joint Assessment, Directorate General for Home Affairs, European
Research Centre of European Commission, Ispra, Italy, 2008. Commission, Brussels, Belgium, 2011, 〈http://ec.europa.eu/
[33] B. Drabble, T. Black, C. Kinzig, G. Whitted, Ontology based dgs/home-affairs/financing/fundings/projects/stories/
dependency analysis: Understanding the impacts of mia_en.htm/〉.
decisions in a collaborative environment, in: Proceedings of [44] W. Beyeler, T. Brown, S. Conrad, A modular dynamic
the International Symposium on Collaborative Technologies simulation model of infrastructure interdependencies, in:
and Systems, 2009, pp. 10–17. Proceedings of the Twentieth International Conference of
[34] D. Newman, B. Nkei, B. Carreras, I. Dobson, V. Lynch, P. the System Dynamics Society, 2002.
Gradney, Risk assessment in complex interacting [45] A. Holmgren, Using graph models to analyze the
infrastructure systems, in: Proceedings of the Thirty-Eighth vulnerability of electric power networks, Risk Analysis 26 (4)
Hawaii International Conference on System Sciences, 2005. (2006) 955–969.
[35] Argonne National Laboratory, CEEESA Natural Gas Systems [46] Isograph, What is a HAZOP Study? Irvine, 2011, California,
Analysis Tools, Argonne, Illinois, 2011, 〈http://www.dis.anl. 〈http://www.isograph-software.com/2011/software/hazop/〉.
gov/projects/NaturalGasAnalysisTools.html/〉. [47] U. Knight, Power Systems in Emergencies: From Contingency
[36] L. Perrone, F. Wiel, J. Liu, B. Lawson, D. Nicol, R. Fujimoto, D.
Planning to Crisis Management, John Wiley and Sons,
Dudenhoeffer, M. Permann, CIMS: Critical Infrastructure
Chichester, United Kingdom, 2001.
Modeling System, Idaho National Laboratories, Idaho Falls,
[48] T. Lewis, Critical Infrastructure Protection in Homeland
Idaho, 2006.
Security: Defending a Networked Nation, John Wiley and
[37] D. Barton, E. Edison, D. Schoenwald, R. Cox, R. Reinert,
Sons, Hoboken, New Jersey, 2006.
Simulating Economic Effects of Disruptions in the
[49] L. Ness, Securing Utility and Energy Infrastructures, John
Telecommunications Infrastructure, Sandia Report
Wiley and Sons, Hoboken, New Jersey, 2006.
SAND2004-0101, Sandia National Laboratory, Albuquerque,
[50] J. Sullivant, Strategies for Protecting National Critical
New Mexico, 2004, 〈http://prod.sandia.gov/techlib/access-
Infrastructure Assets: A Focus on Problem-Solving, John
control.cgi/2004/040101.pdf/〉.
Wiley and Sons, Hoboken, New Jersey, 2007.
[38] Electrical Distribution Design, DEW: Distributed Engineering
[51] T. Macaulay, Critical Infrastructure: Understanding its
Workstation, Blacksburg, Virginia, 2011, 〈http://www.edd-us.
com/〉. Component Parts, Vulnerabilities, Operating Risks and
[39] Argonne National Laboratory, Electricity Market Complex Interdependencies, CRC Press, Boca Raton, Florida, 2009.
Adaptive System (EMCAS), Argonne, Illinois, 2006, 〈http:// [52] CNA Military Advisory Board, Powering America's Defense:
www.dis.anl.gov/pubs/61084.pdf/〉. Energy and the Risks to National Security, CNA, Alexandria,
[40] T. Brown, FAIT: Fast Analysis Infrastructure Tool, Sandia Virginia, 2009.
National Laboratories, Albuquerque, New Mexico, 2005. [53] R. Radvanovsky, A. McDougall, Critical Infrastructure:
[41] M. Case, W. Smith, F. Grobler, Fort Future: modeling and Homeland Security and Emergency Preparedness, CRC Press,
simulation for collaborative multi-criteria decision support, Boca Raton, Florida, 2013.
in: Proceedings of the International Conference on [54] CCN Criptología, MARGERIT: Metodología de Análisis y
Computing in Civil Engineering, 2005. Gestión de Riesgos de los Sistemas de Información de las,
[42] P. Donzelli, R. Setola, Identifying and evaluating risks related Administraciones Públicas, Madrid, Spain, 2010, 〈http://
to enterprise dependencies: a practical goal-driven risk administracionelectronica.gob.es/pae_Home/
analysis framework, International Journal of Risk pae_Documentacion/pae_Metodolog/pae_Magerit.html#.
Assessment and Management 7 (8) (2007) 1120–1137. UimOuMbIbVE/〉.

PMBOK 6 v3

Uploaded by

Document Information

Original Description:

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

PMBOK 6 v3

Uploaded by

Copyright:

Available Formats

international journal of critical infrastructure protection 6 (2013) 197–216

Available online at www.sciencedirect.com

Using interconnected risk maps to assess the threats

Gabriel J. Correa-Henaoa, Jose M. Yustab,n, Roberto Lacal-Aránteguic

art i cle i nfo ab st rac t

Interconnected risk maps risk components.

medium-term and long-term threats and risks in the techni-

OECD countries are privately owned. In fact, as much as 80%

2.3. Enterprise resources

Fig. 3 – Risk component breakdown structure.

operation and expansion of electricity infrastructures. 2.5. Risk assessment matrices

Table 1 – Likelihood (L) scales for semi-quantitative risk assessment.

Likelihood (L) Remote Unlikely Credible Probable True

Table 2 – Severity (S) scales for semi-quantitative risk assessment.

Severity Low Moderate Medium High Critical

Fig. 4 – Interconnected risk map for a Colombian electricity infrastructure.

Fig. 5 – Risk components in an electricity infrastructure.

Fig. 6 – Risk components affecting the electricity infrastructure value chain.

Table 3 – Semi-quantitative assessments for the components of Risk 1.

Risk components Material Human Technical Economic Risk

High prices in regulated tariffs (transmission, distribution) or L¼ 1; L¼1; L ¼1; L¼ 3; 3.5

Table 4 – Semi-quantitative assessments of the risks in the interconnected risk map.

No Description of risk Risk Judgment

1 Non-payable billing extension (overdue) 7.1 Acceptable

19 Reputation and… 4 Changes in national…

18 Non-compliance or … 5 Adverse weather…

17 Vulnerability of ICT… 6 Adverse natural…

14 Failures of… 9 Volatility of…

No. Type Category Risk Risk Component Score Range

No. Type Category Risk Risk Component Score Range

No. Type Category Risk Risk Component Score Range

No. Type Category Risk Risk Component Score Range

No. Type Category Risk Risk Component Score Range

No. Type Category Risk Risk Component Score Range

No. Type Category Risk Risk Component Score Range

You might also like