Publications

17 Results
Skip to search filters

A total risk assessment methodology for security assessment

Wyss, Gregory D.; Otero, Consuelo J.; Pless, Daniel J.; Rhea, Ronald E.; Kaplan, Paul G.

Sandia National Laboratories performed a two-year Laboratory Directed Research and Development project to develop a new collaborative risk assessment method to enable decision makers to fully consider the interrelationships between threat, vulnerability, and consequence. A five-step Total Risk Assessment Methodology was developed to enable interdisciplinary collaborative risk assessment by experts from these disciplines. The objective of this process is promote effective risk management by enabling analysts to identify scenarios that are simultaneously achievable by an adversary, desirable to the adversary, and of concern to the system owner or to society. The basic steps are risk identification, collaborative scenario refinement and evaluation, scenario cohort identification and risk ranking, threat chain mitigation analysis, and residual risk assessment. The method is highly iterative, especially with regard to scenario refinement and evaluation. The Total Risk Assessment Methodology includes objective consideration of relative attack likelihood instead of subjective expert judgment. The 'probability of attack' is not computed, but the relative likelihood for each scenario is assessed through identifying and analyzing scenario cohort groups, which are groups of scenarios with comparable qualities to the scenario being analyzed at both this and other targets. Scenarios for the target under consideration and other targets are placed into cohort groups under an established ranking process that reflects the following three factors: known targeting, achievable consequences, and the resources required for an adversary to have a high likelihood of success. The development of these target cohort groups implements, mathematically, the idea that adversaries are actively choosing among possible attack scenarios and avoiding scenarios that would be significantly suboptimal to their objectives. An adversary who can choose among only a few comparable targets and scenarios (a small comparable target cohort group) is more likely to choose to attack the specific target under analysis because he perceives it to be a relatively unique attack opportunity. The opposite is also true. Thus, total risk is related to the number of targets that exist in each scenario cohort group. This paper describes the Total Risk Assessment Methodology and illustrates it through an example.

More Details

Modeling threat assessments of water supply systems using markov latent effects methodology

Otero, Consuelo J.

Recent amendments to the Safe Drinking Water Act emphasize efforts toward safeguarding our nation's water supplies against attack and contamination. Specifically, the Public Health Security and Bioterrorism Preparedness and Response Act of 2002 established requirements for each community water system serving more than 3300 people to conduct an assessment of the vulnerability of its system to a terrorist attack or other intentional acts. Integral to evaluating system vulnerability is the threat assessment, which is the process by which the credibility of a threat is quantified. Unfortunately, full probabilistic assessment is generally not feasible, as there is insufficient experience and/or data to quantify the associated probabilities. For this reason, an alternative approach is proposed based on Markov Latent Effects (MLE) modeling, which provides a framework for quantifying imprecise subjective metrics through possibilistic or fuzzy mathematics. Here, an MLE model for water systems is developed and demonstrated to determine threat assessments for different scenarios identified by the assailant, asset, and means. Scenario assailants include terrorists, insiders, and vandals. Assets include a water treatment plant, water storage tank, node, pipeline, well, and a pump station. Means used in attacks include contamination (onsite chemicals, biological and chemical), explosives and vandalism. Results demonstrated highest threats are vandalism events and least likely events are those performed by a terrorist.

More Details

An integrated approach to vulnerability assessment

Tidwell, Vincent C.; Otero, Consuelo J.

How might the quality of a city's delivered water be compromised through natural or malevolent causes? What are the consequences of a contamination event? What water utility assets are at greatest risk to compromise? Utility managers have been scrambling to find answers to these questions since the events of 9/11. However, even before this date utility mangers were concerned with the potential for system contamination through natural or accidental causes. Unfortunately, an integrated tool for assessing both the threat of attack/failure and the subsequent consequence is lacking. To help with this problem we combine Markov Latent Effects modeling for performing threat assessment calculations with the widely used pipe hydraulics/transport code, EPANET, for consequences analysis. Together information from these models defines the risk posed to the public due to natural or malevolent contamination of a water utility system. Here, this risk assessment framework is introduced and demonstrated within the context of vulnerability assessment for water distribution systems.

More Details
17 Results
17 Results