Modeling the Complexity of Critical Infrastructures

MODELING THE COMPLEXITY OF CRITICAL

INFRASTRUCTURESEnrico Zio

Chair on Systems Science and the Energy Challenge – Ecole Centrale Paris and Supelec,

European Foundation for New Energy-Electricité de France

Energy Department, Politecnico di Milano, Italy

2

Statement 1:Critical Infrastructures are

(Engineered) Complex Systems

3

•Network of many interacting components

•Components of heterogeneous type

•Hierarchy of subsystems

•Interactions across multiple scales of space and/or time

Complex Systems

Dependences (uni-directional) and interdependences (bi-directional)

4

Critical Infrastructures are Engineered Complex Systems

5

Structural complexity :• heterogeneity of components across different technological domains due to increased integration among systems

• dimensionality: large number of nodes highly interconnected also with other systems (dependences and interdependences)

• scale of connectivity demands for increased amount and quality of information to describe the state of the system.

Critical Infrastructures are Engineered Complex Systems:

Structural complexity

6

Dynamic complexity :• emergence of system behavior in response to changes in the environmental and operational conditions of parts of the system.

Critical Infrastructures are Engineered Complex Systems:

Dynamic complexity

7

Statement 2:To protect Critical Infrastructures, we must

model them to know their behavior

8

system logic representation

system mathematical model

system model quantification

uncertainty analysis and quantification

Modeling Engineered Complex Systems

9

physical attributes{structure, dynamics, dependencies and interdependencies, …}

operation and management attributes{communication, control, human and organizational factors, logistics…}

performance and safety attributes{reliability, availability, maintainability, risk, vulnerability, …}

economic attributes{life-cycle costs, costs-benefits, market drivers…}

social attributes{supply-demand, active players, …}

environmental attributes{pollution, sustainability, …}

Modeling Engineered Complex Systems

10

Systems of Systems

11

Power transmission

Railway

Communication

Cyber Dependency, pcr

Physical Dependency

Physical Dependency

Cyber Dependency, pcp

Systems of Systems

12

Corollary to statement 2:To protect Critical Infrastructures, we must

model their response to hazards, failures and

threats to analyze their

Reliability/Risk/Vulnerability/Resilience/…

characteristics

13

Reliability/Risk/Vulnerability/Resilience/…

analysis

14

System analysis:

- hazards and threats identification

- physical and logical structure identification

- dependencies and interdependences identification and modeling

- dynamic analysis (cascading failures)

Quantification of system indicators

Identification of critical elements

Application for system improvements (optimization):

- design

- operation

- protection

W. Kroger and E. Zio, “Vulnerable

Systems”, Springer, 2011

Reliability/Risk/Vulnerability/Resilience/… analysis

15

Statement 3:To model the (engineered) complex systems (of

systems) which make our Critical

Infrastructures, there is not one single modeling

approach that “captures it all”

16

Modeling

Critical

Infrastructures

Phenomenological LogicalTopological

APPROACHES

System indicators

Critical elements

OUTPUTS

Modeling the complexity of Critical Infrastructures

Flow

17

Modeling the complexity of Critical Infrastructures:

The Dual Analysis

Direct Problem

Evaluating Global

Indicators

Detail

• Critical Infrastructures are engineered complex systems: structure + dynamics+

failure/recovery process

Computational cost

Aggregation

Challenge

Inverse Problem

Identifying

Vulnerabilities at

the Components

Level

Disaggregation

Challenge

• Critical Infrastructures modeling: topological, flow, phenomenological, logic

18


APPROACHES

System indicators

Critical elements

OUTPUTS


Flow

Modeling

Critical

Infrastructures

19

Hierarchical Hierarchical Hierarchical Hierarchical network representation framework network representation framework network representation framework network representation framework and vulnerability analysis and vulnerability analysis and vulnerability analysis and vulnerability analysis

30

31

34

59

60 61 62 64

7176 78

7983

107 109

110

111

112114

86

119

2340

� Criticality of the inter-cluster components

� Multi-level reliability analysis based on the hierarchical network representation

Fang Y.-P., Zio E. “Unsupervised spectral clustering for hierarchical modelling and criticality analysis of complex networks,” Reliability Engineering & System Safety, Volume 116, 2013, Pages 64-74.


20


APPROACHES

System indicators

Critical elements

OUTPUTS

Flow


Modeling

Critical

Infrastructures

21

Modelling the Modelling the Modelling the Modelling the ccccascading failure (topological method)ascading failure (topological method)ascading failure (topological method)ascading failure (topological method)

betweenness–based cascading failure model

∑ ≠≠∈∈∈= kjiVkC

VjS

Vjij

n

kij

n

CN

SN

Lk ,,,

)(1

kLkC )1( α+=

Node load:

Node capacity:

)(kij

n

number of shortest paths between generators and distributorsij

n

number of shortest paths between generators and distributors passing through node k

NS, NC number of generator, distributor

VS, VC set of generator, distributor

α Network tolerance (robustness)

Initialize load, capacity

Initial failure

load redistribution

more failures occur?

YESYESYESYES

NONONONO

cascading end

loss evaluation


22

Optimal network design against cascading failureOptimal network design against cascading failureOptimal network design against cascading failureOptimal network design against cascading failure

Objectives: maximize the resilience of the network in resisting to cascading failures with limited construction cost

{ }

∈∀>

∈∀>

∑

∑

∑

∈

∈

∈∈

0

0

s.t.

)(min

min,

SVj

ij

CVi

ij

VjViij

ViX

VjX

GVul

X

C

CS

ϕ Network cost

Cascading failure loss0.0

0.1

0.2

0.3

0.4

0.5

0.6

0.7

0.8

0.00 2000.00 4000.00 6000.00 8000.00

casc

adin

g vu

lner

abili

ty

cost

0 0.2 0.4 0.6 0.8 1 1.2 1.4 1.6 1.8 20

0.1

0.2

0.3

0.4

0.5

0.6

0.7

0.8

0.9

1

α

casc

adin

g vu

lner

abili

ty

original networkPareto solution 3 Pareto solution 5

2

131519

38

45

51

6062

67 7374

85

95

104

108

116

118

127

138155

156

158160

162

167

134 5

678

9 101112 14

16171820 2122232425

262728293031

3233

343536 37 3940

41424344

46

47484950

52

5354

55 5657585961

63

64

6566686970 71

7275

7677

78

79

80 818283

84 86 87

88

89909192

93 94 96

9798 99

100101

102

103105

106

107

109

110111

112

113114

115117

119120 121122

123

124

125126

128 129

130

131132

133134

135

136137139140141

142143144

145146147148

149150151152

153

154157159

161163

164 165166

168169170

171

Improve network resilience by adding redundant links in a suitable way

Tradeoff between cost and gained network resilience

Variables: generator distributor links ijX

Fang Y.-P., Zio E., “Optimal Production Facility Allocation for Failure Resilient Critical Infrastructures,” ESREL 2013.


23

87%

38%

103%

105%93%

70%

48%

106%

101%

100%

61%

65%

Spreading rules:

• fixed load (5%) transferred after a failure to neighboring nodes

• fixed load, I, (10%) transferred after a failure to interdependent nodes

87%

21%

49%

67%96%

58%

22%

106%

32%

91%

105%

85%

Propagation

follows until no

more working

component can

fail 100% = component relative limit capacity

Initiating event: uniform disturbance (10%)


24

0.5 0.55 0.6 0.65 0.7 0.75 0.8 0.85 0.9 0.95 10

5

10

15

20

25

Average initial load, L

Ave

rage

Ca

sca

de S

ize

, S

Scr = 15%

Lcr = 0.8662Lcr = 0.7266E. Zio and G. Sansavini, "Modeling Interdependent Network Systems for Identifying Cascade-Safe Operating

Margins", IEEE Transactions on Reliability, 60(1), pp. 94-101, March 2011


25


APPROACHES

System indicators

Critical elements

OUTPUTS

Flow


Modeling

Critical

Infrastructures

26

Main inputs:• Main Feedwater system

Internal barriers:• Water systems:

- High Pressure Coolant Injection (HPCI) System - Low Pressure Coolant Injection (LPCI) System

• Depressurization system:- Automatic Depressurization system (ADS)

• Power system: - Diesel Generator (DG)

External supports:• Water system:

- Water from the river• Power system:

- Offsite power

Recovery supporting elements:

• Road transportation system: - Road access (R)


27






28

System logic representation: GTST-DMLD

29






30

At component level

At system level

Combinations of structural and functionalmultistatesconsidered

Structure

1: Strong damages

2: Slight damages

3: No damages

Function

1: Not working

2: Partialy working

3: Fully working

Structure

1

2

3

1

2

3

Function Structure

1

3

1

2

3

Function Structure

1

3

1

3

Function

StateStructural

damage[%]Functional

output [gpm]3 0 5000

20 ÷ 10 (small

/intermediate leaks)4625

1 > 10 < 4625

StateStructural

damage[%]Functionaloutput [%]

3 0100

2 0 ÷ 12

1 > 10 0

StateStructural

damage[%]Functionaloutput [%]

3 0 1001 > 0 0

e.g., water pipe e.g., power pole e.g., automaticdepressurization system

State 3 (Healthy): Safety of the Nuclear Power Plant (NPP) given by two water systems: one of them is in state 3 and the other one is at least in state 2.

State 2 (Marginal): Safety of the NPP given by one water system that is at least in state 2.

State 1 (At Risk): No safety of the NPP: all the water systems are in state 1.

System mathematical model: multistate

31






32

Quantitative evaluation: procedural steps

1. Evaluate the structural (and corresponding functional) state of each component by MC simulation

2. Compute the functional state of the NPP by GTST – DMLD

Safety

Probability density function of the RT of the safety of the NPP (states 2 and 3)

Probabilistic Seismic Hazard Analysis: Ground motion at a site of interest for any magnitudeFragility evaluation: Conditional probability of exceeding a level of damage, given a ground motion level

1. Sample the recovery time (RT) of the state 2 and/or 3 of each component from the corresponding pdfs

2. Determine the next structural state that will be reached3. Sort the RT in increasing order and carry out the analysis

from the smallest RT4. Evaluate the occurrence of aftershocks before the

restoration of the component with smallest RT5. If the component with the smallest RT is not affected by

aftershocks (i.e., it reaches the next state determined at step 2.), evaluate the functional state of the NPP; otherwise sample a new RT for the components affected by the aftershocks and go to step 3.

6. if the NPP is in state 3, stop the algorithm; else, proceed with the analysis of the component with the next smallest RT

Resilience

Estimated probability of the NPP to be in the

functional state 1, 2 or 3

Repeat steps 1 – 2 n times

Repeat steps 1 – 6 k times

33

Analyzing Vulnerability and Failures in Systems of

Systems: Safety and Resilience Analysis

ResilienceProbability density functions (PDFs) of the time necessary to restore the marginal (2) and healthy (3) states of the NPP from a risk state (1), after the occurrence of an earthquake and its aftershocks, in the case of multistate and binary state model.

• From state 1 to state 2 • From state 1 to state 3

0 20 40 60 80 1000

0.05

0.1

0.15

0.2

0.25

0.3

0.35

PD

F

Recovery time [d]

μ = 2.6 d

Multistate

Binary state

0 20 40 60 80 1000

0.05

0.1

0.15

0.2

0.25

0.3

0.35

Recovery time [d]

Multistate

Binary state

μ = 4.3 d

μ = 22.5 d

μ = 72.9 d

PD

F

Multistate model shows that a faster recovery to a marginal state is possible, but a longer time is needed to reach a healthy state

34


APPROACHES

System indicators

Critical elements

OUTPUTS

Reliability analysis

Flow

Modeling

Critical

Infrastructures

35

Mode 1: �� , ��

Mode 2: �� , ��

Mode 3: �� , ��

Mode 4: �� , ��

Consider a system of 2 interconnectedsystems where the system response isdescribed by the switching dynamics:


36

� Find the geometric locus of the equilibrium point ‘��’.� Describe the invariant set which contains the equilibrium point.� Find the reachable regions for the invariant set (i.e. the invariant

set is a basin of attraction for the resilience region).

Steps for describing the resilience region:


37

Conclusions

38

Structural complexity: heterogeneity, dimensionality, connectivity

Dynamic complexity : emergent behavior

Uncertainty: aleatory, epistemic, perfect storms, black swans

The complexity of analyzing the Reliability/Risk/ Vulnerability/

Resilience/… in Critical Infrastructures

39

System analysis:

- hazards and threats identification

- physical and logical structure identification

- dependencies and interdependences identification and modeling

- dynamic analysis (cascading failures)

Quantification of system safety

indicators

Identification of critical elements

Application for system improvements:

- design

- operation

- interdiction/protection

W. Kroger and E. Zio, “Vulnerable

Systems”, Springer, 2011

Systems of systems

Modeling

Critical

Infrastructures

PhenomenologicalLogical

Topological

APPROACHES

System indicators

Critical elements

OUTPUTS

Flow



40

Modeling, Simulation, Optimization and Computational Challenges

Detail Computational cost

Integrated Approach

Topological

Logic


FlowDetail Computational cost

Structural Complexity + Dynamic Complexity

Uncertainty

Risk + Control Theory


Phenomenological



41

Acknowledgments

Chair SSDE (ECP+Supelec, EDF): Yiping Fang, Elisa Ferrario, Elizaveta Kuznetzova, Yanfu Li, Rodrigo Mena, Nicola Pedroni

Politecnico di Milano (ex): Giovanni Sansavini

42

Research

www.ssde.fr (Ecole Centrale Paris and Supelec)

lasar.cesnef.polimi.it (Politecnico di Milano)

Application

www.aramis3d.com

More info

Technology

Modeling the Complexity of Critical Infrastructures