5th International Disaster and Risk Conference IDRC 2014 Integrative Risk Management - The role of science, technology & practice 24-28 August 2014 in Davos, Switzerland
A Holistic Approach Towards International Disaster Resilient Architecture by ...
MORGESON-A consistent approach for security risk assessments-ID1432-IDRC2014_b
1. Security Risk Assessment of Dams
and Related Critical Infrastructure
James D. Morgeson, Institute for Defense Analyses, USA
Yazmin Seda-Sanabria, U.S. Army Corps of Engineers, USA
5th International Disaster and Risk Conference IDRC 2014
‘Integrative Risk Management - The role of science, technology & practice‘ • 24-28 August 2014 • Davos • Switzerland
www.grforum.org
Yevgeniy Kirpichevsky, IDA, USA
Jason Dechant, IDA, USA
Enrique E. Matheu, Department of Homeland Security, USA
2. 5th International Disaster and Risk Conference IDRC 2014
‘Integrative Risk Management - The role of science, technology & practice‘ • 24-28 August 2014 • Davos • Switzerland
www.grforum.org
Lessons and Actions Following 9/11
• Vigilance is imperative – security consciousness, security
monitoring and security improvements at every dam
• Security is a shared responsibility – Federal, State, Local, and
Owners/Operators
• The US Government must prioritize security investments for
critical infrastructure – the Common Risk Model for Dams
(CRM-D) is the focus of the briefing
The CRM-D objective is to quantify security risk in order to
support return on investment (ROI) and funding decisions
for security enhancements.
3. Total Risk
Conditional Risk
5th International Disaster and Risk Conference IDRC 2014
‘Integrative Risk Management - The role of science, technology & practice‘ • 24-28 August 2014 • Davos • Switzerland
www.grforum.org
What is Risk?
• Risk is the possibility of loss or harm.
• The definition implies “uncertainty” and “consequences”.
• CRM-D uses “probability” to quantify “uncertainty”.
• CRM-D defines “consequences” as the predicted loss of lives
and economic costs given that a successful attack occurs
RiskAsset = Consequences * P(S|A) * P(A)
Consequences Vulnerability Threat
4. 5th International Disaster and Risk Conference IDRC 2014
‘Integrative Risk Management - The role of science, technology & practice‘ • 24-28 August 2014 • Davos • Switzerland
www.grforum.org
Layered Defense Model
5. 5th International Disaster and Risk Conference IDRC 2014
‘Integrative Risk Management - The role of science, technology & practice‘ • 24-28 August 2014 • Davos • Switzerland
www.grforum.org
A Notional Dam with Layered Defenses
6. 5th International Disaster and Risk Conference IDRC 2014
‘Integrative Risk Management - The role of science, technology & practice‘ • 24-28 August 2014 • Davos • Switzerland
www.grforum.org
Probability of Success
7. 5th International Disaster and Risk Conference IDRC 2014
‘Integrative Risk Management - The role of science, technology & practice‘ • 24-28 August 2014 • Davos • Switzerland
www.grforum.org
CRM-D Conditional Risk Synthesis
8. 5th International Disaster and Risk Conference IDRC 2014
‘Integrative Risk Management - The role of science, technology & practice‘ • 24-28 August 2014 • Davos • Switzerland
www.grforum.org
Conclusions
• Because CRM-D is implemented using expert judgments
tabulated in tables, the vulnerability of many critical
infrastructure threat scenarios can be analyzed quickly and
objectively
• Risk can be computed and used for Return on Investment
Decisions across a portfolio of multiple dams to support
annual budget cycles for resource decisions
Rc’ = Risk. Graph shows risk for an undefended
dam in red, the same dam with existing defenses
in blue, and the same dam with proposed risk
mitigation measures (RMO) in green. The
difference in the height of the bars shows the
return on investment.