Upload
nguyendiep
View
216
Download
2
Embed Size (px)
Citation preview
MODELING FOR CRITICAL INFRASTRUCTURES
PROTECTION AND RESILIENCEEnrico Zio
Chair on Systems Science and the Energy Challenge
CentraleSupelec, Fondation Electricité de France (EDF), France
Energy Department, Politecnico di Milano, Italy
2
Content
2
• Critical infrastructures• Modeling reasons• Modeling issues• Modeling methods• Conclusions
3
Content
3
• Critical infrastructures• Modeling reasons• Modeling issues• Modeling methods• Conclusions
11
Complex (technical) systems
• Network of many interacting components• Components of heterogeneous type• Hierarchy of subsystems• Interactions across multiple scales of space and/or time
Dependences (uni-directional) and interdependences (bi-directional)
17
Critical Infrastructures: complexity
• Structural complexity• Heterogeneity
• Scale and dimensionality (interdependences)
• Decomposability
• Dynamic complexity• Emergent behavior
• Adaptive learning
• Evolution and growth mechanisms
18
Critical Infrastructures: structural complexity
• Heterogeneity of components across different technological domains due to increased integration among systems.
� Physical hard components (road, railways, pipelines, …)
� Soft components (SCADA, information and telecommunication systems)
� Human and organizational components
21
Critical Infrastructures: structural complexity
21
Example of infrastructures interdependencies[Rinaldi et al. 2001]
(systems of systems )
22
Critical Infrastructures: structural complexity
Examples of nth-order interdependencies and effects.
23
Critical Infrastructures: dynamic complexity
23
Emergent behavior refers to actions of a system as a whole that are not simple combinations of the actions of the individual constituents of the system. It emerges in response to changes in the environmental and operational conditions of parts of the system.
Examples:• Internet: social bookmarking leads to an emergent effect in which
information resources are reorganized according to users priorities.
• Electric power grids: local failures can evolve into unexpected cascade failure patterns with transnational, cross-industry effects.
• Smart grids: large amount of information exchanged within technologies at a period of high electricity demand can lead to a vulnerable condition of the system.
• Road transportation congestion: slow movement of the traffic.
24
Critical Infrastructures: dynamic complexity
Emergent behavior: Traffic
It is not due to specific actions of individual vehicles � no individual vehicle plays a critical role. If some subset of the vehicles acted differently in their local actions (within certain boundaries), the global effect of slow-moving traffic would be unchanged.
It arises from the cumulative effects of the actions and interactions of all individual vehicles. The global effects depend on the general activities of sufficiently many of them, within the context of that highway.
Global system property that emerges: slow movement of the traffic
27
Content
27
• Critical infrastructures• Modeling reasons• Modeling issues• Modeling methods• Conclusions
32
Relevance of the problem: non-negligible probabilit y
“heavy tail” region
Cascading failures
are not ‘rare’!
(Weron et al., 2006)
e��
33
Relevance of the problem
Cascading failures
Cascading failures
Large consequence
Large consequence
Non-negligible probability
Non-negligible probability
Critical infrastructure protection and resilience (CIPR)
Critical infrastructure protection and resilience (CIPR)
34
Content
34
• Critical infrastructures• Modeling reasons• Modeling issues• Modeling methods• Conclusions
35
Resilience
Resilience : ability of the system to sustain or restore its basic functionality following a risk source or event (even unknown events) [SRA, Glossary, Aven, Sept. 2014]. It includes technical (physical), organizational, social and economic aspects [Bruneau et al. 2003]
37
Vulnerability and resilience
37
Time
Susceptibility Resilience
RecoverCoping Capacity
Vulnerability
Service Disruption
Not
Fun
ctio
nal
Low Susceptibility
High Susceptibility
No cascading effects
?Cascading
effects
Sys with LOW vulnerability
Sys with HIGH vulnerability
Time
Susceptibility Resilience
RecoverCoping Capacity
Vulnerability
Service Disruption
Not
Fun
ctio
nal
Low Susceptibility
High Susceptibility
No cascading effects
?Cascading
effects
Sys with LOW vulnerability
Sys with HIGH vulnerability
No cascading effects
Cascading effects
39
Oil & GasCommunica-
tionsWater Transp. Emergency
ServicesElectric
Power
(Networked) CIs protection
Safety Safety Vulnerability Vulnerability
Dependency Dependency Structural complexity Structural complexity
Dynamic complexity Dynamic
complexity
Resilience Resilience
Protection and resilience of critical infrastructur es: scientific and technical issues
40
CI vulnerability assessment
CI resilience assessment
Optimal designOptimal resilience
Modelling & Simulation
Data/event-driven study
Protection and resilience of critical infrastructur es: ways to go
41
Resilience of critical infrastructures
Cascading failure model
System restoration
model
mitigation
Optimal design for cascading
failure mitigation resilience
Optimal restoration for
system resilience
• Multi-objective evolutionary optimization, e.g., NSGA-II, NSBDE…
• Network theory-based
• Physical (power) flow
• Flow
• Heuristic searching and project scheduling
• Mixed integer programming
42
Content
42
• Critical infrastructures• Modeling reasons• Modeling issues• Modeling methods• Conclusions
43
System analysis:
- hazards and threats identification
- physical and logical structure identification
- dependencies and interdependences identification and modeling
- dynamic analysis (cascading failures)
Quantification of system safety
indicators
Identification of critical elements
Application for system improvements (optimization):
- design
- operation
- interdiction/protectionW. Kroger and E. Zio, “Vulnerable
Systems”, Springer, 2011
Protection and resilience of critical infrastructur es: the analysis
44
Modeling for critical infrastructures protection and resilience
e.g., Agent Based Modeling and Simulation, System Dynamic Model, Economic-Based Approaches, …
e.g., Topology-based approaches
e.g., Flow-based approaches (maximum flow model, …)
Phenomenological/Functional methods
Structural/Topological
methods
Flowmethods
e.g., Risk Analysis (fault/event trees, …), Probabilistic Modeling (Markov Chains, Bayesian network, …)
Logical methods
Vulnerability and Resilienceassessment of CIs
45
Modeling for critical infrastructures protection and resilience:
the Dual Analysis
Direct Problem
Evaluating Global
Indicators
Detail
• Critical Infrastructures are engineered complex systems: structure + failure
dynamics + resilience process
Computational cost
Aggregation
Challenge
Inverse Problem
Identifying
Vulnerabilities at
the Components
Level
Disaggregation
Challenge
• Critical Infrastructures modeling: topological, flow, phenomenological, logic
46
1) System(-of-systems) representation2) System(-of-systems) modeling3) System-(of-systems) simulation with
uncertainty propagation
Uncertainty:• Aleatory• Epistemic
Systems (of systems) modeling: The issues
49
System susceptibility to intentional hazards:
Evaluation by Sorting / Classification
System S1
System S2
…
System S9
Sorting / Classification model
51
87%
38%
103%
105%93%
70%
48%
106%
101%
100%
61%
65%
Spreading rules:
• fixed load (5%) transferred after a failure to neighboring nodes
• fixed load, I, (10%) transferred after a failure to interdependent nodes
87%
21%
49%
67%96%
58%
22%
106%
32%
91%
105%
85%
Propagation
follows until no
more working
component can
fail 100% = component relative limit capacity
Initiating event: uniform disturbance (10%)
Modeling for critical infrastructures protection and resilience
52
0.5 0.55 0.6 0.65 0.7 0.75 0.8 0.85 0.9 0.95 10
5
10
15
20
25
Average initial load, L
Ave
rage
Ca
sca
de S
ize
, S
Scr = 15%
Lcr = 0.8662Lcr = 0.7266E. Zio and G. Sansavini, "Modeling Interdependent Network Systems for Identifying Cascade-Safe Operating
Margins", IEEE Transactions on Reliability, 60(1), pp. 94-101, March 2011
Modeling for critical infrastructures protection and resilience
53
1 1.2 1.4 1.6 1.8 2 2.2 2.4 2.6 2.8 30
0.1
0.2
0.3
0.4
0.5
0.6
0.7
0.8
0.9
1
α
failu
re lo
ss (
effic
ienc
y lo
ss)
original networkPareto solution #3Pareto solution #17
2
131519
38
45
51
606267 73
74
85
95
104
108
116
118
127
138
155156
158160
162
167
134 5
678
9 101112 14
161718
20 212223242526272829
303132
33
343536 37 3940
4142
4344
46
47484950
52
5354
55 5657585961
63
64
6566686970 71
7275
7677
78
79
80 818283
84 86 87
88
89909192
93 94 96
9798 99100
101102
103105
106
107
109
110111
112
113114
115117
119120 121 122
123
124
125126
128 129
130
131132
133134
135
136137139140141
142143144145146147
148
149150151152
153
154157159
161163
164 165166
168169170
171
0 0.2
0.4
0.6 0.8 1.0 1.2 1.4 1.6 1.8 2 0 0.2 0.4 0.6 0.8 1 1.2 1.4 1.6
0
0.1
0.2
0.3
0.4
0.5
α
Fai
lure
loss
(lo
ad s
hedd
ing)
original networkPareto solution #3Pareto solution #17
53
Technical result: failure mitigation by adding redundant links at relatively light loading
The methods & application
02/02/2015
Methodological/Conceptual result: results are consistent between the ML and OPA models: topologically robust network is physically robust
Optimal design for cascading failure mitigation (top ology)
Application to the FPTN400
554
(Nozick et al., 2005)
• With the dynamics of system states:(on the buffers and the links)
�� � �� � � �
� � � � �
• Taking into consideration the constraints/capacities of nodes and links
• The outputs of system are states of users:
� � ��, ���, ���, ���, ���
→ ��� , ��� , ��� , ���
• Solve the optimization problem in order to ensure the users demands:
� � ������� �� ��� � ��� ��� ��� � ��� ��� ��� � ���|��� � ��� ��� |#,
where ��� , ��� , ��� , ��� are the weighting parameters of the users.
Case study: Gas-Power interconnected infrastructures
Integration of Control Theory and Reliability Theory for the Resilience Analysis of Complex Systems
Gas distribution system
Power system
56
Resilience region
Parameter space $ % &'� % ()
$
()&'�
Integration of Control Theory and Reliability Theory for The Resilience Analysis of Complex Systems
$ � 20
&'�
()
$ � 0
&'�
()
* : Resilience region
* : Non-resilience region
6
Case study: Gas-Power interconnected infrastructures
57
57The methods & application
(a) Scheduling algorithm (b) MIP
02/02/2015
Technical result: similar restoration plans by heuristic scheduling algorithm & MIP
Optimal restoration for system resilience: Application to the FPTN400
58
Content
58
• Critical infrastructures• Modeling reasons• Modeling issues• Modeling methods• Conclusions
60
Structural complexity : heterogeneity, dimensionality, connectivity
Dynamic complexity : emergent behavior
Uncertainty : aleatory, epistemic, perfect storms, black swans
The complexity of analyzing the Vulnerability and Resilience of
Critical Infrastructures for their Protection
62
)()(1
tRtRN
ii∏
=
=
(Complex) Systems
Series
[ ]1
( ) 1 1 ( )N
ii
R t tR=
= − −∏
Parallel
Standby
66
System analysis:
- hazards and threats identification
- physical and logical structure identification
- dependencies and interdependences identification and modeling
- failure/resilience dynamics analysis (cascades)
Quantification of system safety
indicators
Identification of critical elements
Application for system improvements:
- design
- operation
- interdiction/protection
W. Kroger and E. Zio, “Vulnerable
Systems”, Springer, 2011
Systems of systems
Modeling
Critical
Infrastructures
PhenomenologicalLogical
Topological
APPROACHES
System indicators
Critical elements
OUTPUTS
Flow
dynamics
Modeling for critical infrastructures protection and resilience
67
1. System(-of-systems) representation2. System(-of-systems) modeling3. System(-of-systems) behavior quantification (by
simulation) accounting for the presence of uncertainty (aleatory and epistemic)
Object Analysis Why
Conclusions: Modeling for critical infrastructures protection and resilience
68
Modeling, Simulation, Optimization and Computationa l Challenges
Detail Computational cost
Integrated Approach
Topological
Logic
Detail Computational cost
Flow dynamicsDetail Computational cost
Structural Complexity + Dynamic Complexity
Uncertainty
Detail Computational cost
Phenomenological
The complexity of analyzing the Vulnerability and Resilience of
Critical Infrastructures