59
MODELING FOR CRITICAL INFRASTRUCTURES PROTECTION AND RESILIENCE Enrico Zio Chair on Systems Science and the Energy Challenge CentraleSupelec, Fondation Electricité de France (EDF), France Energy Department, Politecnico di Milano, Italy

MODELING FOR CRITICAL INFRASTRUCTURES ... - ERNCIP Project · MODELING FOR CRITICAL INFRASTRUCTURES ... and project scheduling • Mixed integer programming. 42 Content 42 ... Uncertainty

Embed Size (px)

Citation preview

MODELING FOR CRITICAL INFRASTRUCTURES

PROTECTION AND RESILIENCEEnrico Zio

Chair on Systems Science and the Energy Challenge

CentraleSupelec, Fondation Electricité de France (EDF), France

Energy Department, Politecnico di Milano, Italy

2

Content

2

• Critical infrastructures• Modeling reasons• Modeling issues• Modeling methods• Conclusions

3

Content

3

• Critical infrastructures• Modeling reasons• Modeling issues• Modeling methods• Conclusions

4

Critical infrastructures

5

What?

Critical

infrastructures

(CIs)

6

Statement (obvious):Critical Infrastructures are

(Engineered) Complex Systems

7

Complex Systems

8

Complex Systems

9

Complex Systems

11

Complex (technical) systems

• Network of many interacting components• Components of heterogeneous type• Hierarchy of subsystems• Interactions across multiple scales of space and/or time

Dependences (uni-directional) and interdependences (bi-directional)

12

Characteristics of complex systems

[New England Complex Systems Institute, 2005]

15

Critical infrastructures =

complex systems

What?

17

Critical Infrastructures: complexity

• Structural complexity• Heterogeneity

• Scale and dimensionality (interdependences)

• Decomposability

• Dynamic complexity• Emergent behavior

• Adaptive learning

• Evolution and growth mechanisms

18

Critical Infrastructures: structural complexity

• Heterogeneity of components across different technological domains due to increased integration among systems.

� Physical hard components (road, railways, pipelines, …)

� Soft components (SCADA, information and telecommunication systems)

� Human and organizational components

21

Critical Infrastructures: structural complexity

21

Example of infrastructures interdependencies[Rinaldi et al. 2001]

(systems of systems )

22

Critical Infrastructures: structural complexity

Examples of nth-order interdependencies and effects.

23

Critical Infrastructures: dynamic complexity

23

Emergent behavior refers to actions of a system as a whole that are not simple combinations of the actions of the individual constituents of the system. It emerges in response to changes in the environmental and operational conditions of parts of the system.

Examples:• Internet: social bookmarking leads to an emergent effect in which

information resources are reorganized according to users priorities.

• Electric power grids: local failures can evolve into unexpected cascade failure patterns with transnational, cross-industry effects.

• Smart grids: large amount of information exchanged within technologies at a period of high electricity demand can lead to a vulnerable condition of the system.

• Road transportation congestion: slow movement of the traffic.

24

Critical Infrastructures: dynamic complexity

Emergent behavior: Traffic

It is not due to specific actions of individual vehicles � no individual vehicle plays a critical role. If some subset of the vehicles acted differently in their local actions (within certain boundaries), the global effect of slow-moving traffic would be unchanged.

It arises from the cumulative effects of the actions and interactions of all individual vehicles. The global effects depend on the general activities of sufficiently many of them, within the context of that highway.

Global system property that emerges: slow movement of the traffic

27

Content

27

• Critical infrastructures• Modeling reasons• Modeling issues• Modeling methods• Conclusions

28

The problem

29

What problem?

cascading failurescascading failures

30

Italian Blackout, September 28, 2003

31

Relevance of the problem: large consequence

Italian Blackout, September 28, 2003

32

Relevance of the problem: non-negligible probabilit y

“heavy tail” region

Cascading failures

are not ‘rare’!

(Weron et al., 2006)

e��

33

Relevance of the problem

Cascading failures

Cascading failures

Large consequence

Large consequence

Non-negligible probability

Non-negligible probability

Critical infrastructure protection and resilience (CIPR)

Critical infrastructure protection and resilience (CIPR)

34

Content

34

• Critical infrastructures• Modeling reasons• Modeling issues• Modeling methods• Conclusions

35

Resilience

Resilience : ability of the system to sustain or restore its basic functionality following a risk source or event (even unknown events) [SRA, Glossary, Aven, Sept. 2014]. It includes technical (physical), organizational, social and economic aspects [Bruneau et al. 2003]

36

Features of system’s resilience

37

Vulnerability and resilience

37

Time

Susceptibility Resilience

RecoverCoping Capacity

Vulnerability

Service Disruption

Not

Fun

ctio

nal

Low Susceptibility

High Susceptibility

No cascading effects

?Cascading

effects

Sys with LOW vulnerability

Sys with HIGH vulnerability

Time

Susceptibility Resilience

RecoverCoping Capacity

Vulnerability

Service Disruption

Not

Fun

ctio

nal

Low Susceptibility

High Susceptibility

No cascading effects

?Cascading

effects

Sys with LOW vulnerability

Sys with HIGH vulnerability

No cascading effects

Cascading effects

39

Oil & GasCommunica-

tionsWater Transp. Emergency

ServicesElectric

Power

(Networked) CIs protection

Safety Safety Vulnerability Vulnerability

Dependency Dependency Structural complexity Structural complexity

Dynamic complexity Dynamic

complexity

Resilience Resilience

Protection and resilience of critical infrastructur es: scientific and technical issues

40

CI vulnerability assessment

CI resilience assessment

Optimal designOptimal resilience

Modelling & Simulation

Data/event-driven study

Protection and resilience of critical infrastructur es: ways to go

41

Resilience of critical infrastructures

Cascading failure model

System restoration

model

mitigation

Optimal design for cascading

failure mitigation resilience

Optimal restoration for

system resilience

• Multi-objective evolutionary optimization, e.g., NSGA-II, NSBDE…

• Network theory-based

• Physical (power) flow

• Flow

• Heuristic searching and project scheduling

• Mixed integer programming

42

Content

42

• Critical infrastructures• Modeling reasons• Modeling issues• Modeling methods• Conclusions

43

System analysis:

- hazards and threats identification

- physical and logical structure identification

- dependencies and interdependences identification and modeling

- dynamic analysis (cascading failures)

Quantification of system safety

indicators

Identification of critical elements

Application for system improvements (optimization):

- design

- operation

- interdiction/protectionW. Kroger and E. Zio, “Vulnerable

Systems”, Springer, 2011

Protection and resilience of critical infrastructur es: the analysis

44

Modeling for critical infrastructures protection and resilience

e.g., Agent Based Modeling and Simulation, System Dynamic Model, Economic-Based Approaches, …

e.g., Topology-based approaches

e.g., Flow-based approaches (maximum flow model, …)

Phenomenological/Functional methods

Structural/Topological

methods

Flowmethods

e.g., Risk Analysis (fault/event trees, …), Probabilistic Modeling (Markov Chains, Bayesian network, …)

Logical methods

Vulnerability and Resilienceassessment of CIs

45

Modeling for critical infrastructures protection and resilience:

the Dual Analysis

Direct Problem

Evaluating Global

Indicators

Detail

• Critical Infrastructures are engineered complex systems: structure + failure

dynamics + resilience process

Computational cost

Aggregation

Challenge

Inverse Problem

Identifying

Vulnerabilities at

the Components

Level

Disaggregation

Challenge

• Critical Infrastructures modeling: topological, flow, phenomenological, logic

46

1) System(-of-systems) representation2) System(-of-systems) modeling3) System-(of-systems) simulation with

uncertainty propagation

Uncertainty:• Aleatory• Epistemic

Systems (of systems) modeling: The issues

47

CI Vulnerability Assessment

48

System susceptibility to intentional hazards:

Criteria identification by hierarchical modeling

49

System susceptibility to intentional hazards:

Evaluation by Sorting / Classification

System S1

System S2

System S9

Sorting / Classification model

50

CI Cascading Failures Modeling

51

87%

38%

103%

105%93%

70%

48%

106%

101%

100%

61%

65%

Spreading rules:

• fixed load (5%) transferred after a failure to neighboring nodes

• fixed load, I, (10%) transferred after a failure to interdependent nodes

87%

21%

49%

67%96%

58%

22%

106%

32%

91%

105%

85%

Propagation

follows until no

more working

component can

fail 100% = component relative limit capacity

Initiating event: uniform disturbance (10%)

Modeling for critical infrastructures protection and resilience

52

0.5 0.55 0.6 0.65 0.7 0.75 0.8 0.85 0.9 0.95 10

5

10

15

20

25

Average initial load, L

Ave

rage

Ca

sca

de S

ize

, S

Scr = 15%

Lcr = 0.8662Lcr = 0.7266E. Zio and G. Sansavini, "Modeling Interdependent Network Systems for Identifying Cascade-Safe Operating

Margins", IEEE Transactions on Reliability, 60(1), pp. 94-101, March 2011

Modeling for critical infrastructures protection and resilience

53

1 1.2 1.4 1.6 1.8 2 2.2 2.4 2.6 2.8 30

0.1

0.2

0.3

0.4

0.5

0.6

0.7

0.8

0.9

1

α

failu

re lo

ss (

effic

ienc

y lo

ss)

original networkPareto solution #3Pareto solution #17

2

131519

38

45

51

606267 73

74

85

95

104

108

116

118

127

138

155156

158160

162

167

134 5

678

9 101112 14

161718

20 212223242526272829

303132

33

343536 37 3940

4142

4344

46

47484950

52

5354

55 5657585961

63

64

6566686970 71

7275

7677

78

79

80 818283

84 86 87

88

89909192

93 94 96

9798 99100

101102

103105

106

107

109

110111

112

113114

115117

119120 121 122

123

124

125126

128 129

130

131132

133134

135

136137139140141

142143144145146147

148

149150151152

153

154157159

161163

164 165166

168169170

171

0 0.2

0.4

0.6 0.8 1.0 1.2 1.4 1.6 1.8 2 0 0.2 0.4 0.6 0.8 1 1.2 1.4 1.6

0

0.1

0.2

0.3

0.4

0.5

α

Fai

lure

loss

(lo

ad s

hedd

ing)

original networkPareto solution #3Pareto solution #17

53

Technical result: failure mitigation by adding redundant links at relatively light loading

The methods & application

02/02/2015

Methodological/Conceptual result: results are consistent between the ML and OPA models: topologically robust network is physically robust

Optimal design for cascading failure mitigation (top ology)

Application to the FPTN400

54

CI Resilience Assessment

554

(Nozick et al., 2005)

• With the dynamics of system states:(on the buffers and the links)

�� � �� � � �

� � � � �

• Taking into consideration the constraints/capacities of nodes and links

• The outputs of system are states of users:

� � ��, ���, ���, ���, ���

→ ��� , ��� , ��� , ���

• Solve the optimization problem in order to ensure the users demands:

� � ������� �� ��� � ��� ��� ��� � ��� ��� ��� � ���|��� � ��� ��� |#,

where ��� , ��� , ��� , ��� are the weighting parameters of the users.

Case study: Gas-Power interconnected infrastructures

Integration of Control Theory and Reliability Theory for the Resilience Analysis of Complex Systems

Gas distribution system

Power system

56

Resilience region

Parameter space $ % &'� % ()

$

()&'�

Integration of Control Theory and Reliability Theory for The Resilience Analysis of Complex Systems

$ � 20

&'�

()

$ � 0

&'�

()

* : Resilience region

* : Non-resilience region

6

Case study: Gas-Power interconnected infrastructures

57

57The methods & application

(a) Scheduling algorithm (b) MIP

02/02/2015

Technical result: similar restoration plans by heuristic scheduling algorithm & MIP

Optimal restoration for system resilience: Application to the FPTN400

58

Content

58

• Critical infrastructures• Modeling reasons• Modeling issues• Modeling methods• Conclusions

59

Conclusions

60

Structural complexity : heterogeneity, dimensionality, connectivity

Dynamic complexity : emergent behavior

Uncertainty : aleatory, epistemic, perfect storms, black swans

The complexity of analyzing the Vulnerability and Resilience of

Critical Infrastructures for their Protection

61

Complexity

62

)()(1

tRtRN

ii∏

=

=

(Complex) Systems

Series

[ ]1

( ) 1 1 ( )N

ii

R t tR=

= − −∏

Parallel

Standby

63

64

time

complexity, reliability

Complexity and reliability

65

Complexity

?

Surprises

Complexity and vulnerability/risk/resilience: surprises

66

System analysis:

- hazards and threats identification

- physical and logical structure identification

- dependencies and interdependences identification and modeling

- failure/resilience dynamics analysis (cascades)

Quantification of system safety

indicators

Identification of critical elements

Application for system improvements:

- design

- operation

- interdiction/protection

W. Kroger and E. Zio, “Vulnerable

Systems”, Springer, 2011

Systems of systems

Modeling

Critical

Infrastructures

PhenomenologicalLogical

Topological

APPROACHES

System indicators

Critical elements

OUTPUTS

Flow

dynamics

Modeling for critical infrastructures protection and resilience

67

1. System(-of-systems) representation2. System(-of-systems) modeling3. System(-of-systems) behavior quantification (by

simulation) accounting for the presence of uncertainty (aleatory and epistemic)

Object Analysis Why

Conclusions: Modeling for critical infrastructures protection and resilience

68

Modeling, Simulation, Optimization and Computationa l Challenges

Detail Computational cost

Integrated Approach

Topological

Logic

Detail Computational cost

Flow dynamicsDetail Computational cost

Structural Complexity + Dynamic Complexity

Uncertainty

Detail Computational cost

Phenomenological

The complexity of analyzing the Vulnerability and Resilience of

Critical Infrastructures