A process-based dependency risk analysis methodology for critical infrastructures

Abstract

This paper applies research in dependency modelling to a process-based risk assessment methodology suitable for critical infrastructures. The proposed methodology dynamically assesses the evolution of cascading failures over time between assets involved in a business process of an infrastructure. This approach can be applied by a CI operator/owner to explore how a failure in a single component (asset) affects the other assets and relevant business processes. It could also be applied in an analysis that includes multiple CI operators in the same supply chain to explore the dependencies between their assets and explore how these affect the provision of key societal services. The paper presents a proof-of-concept tool, based on business-process risk assessment and graph modelling, and a realistic case example of a rail scheduling process. The approach allows risk assessors and decision makers to analyse and identify critical dependency chains and it can reveal underestimated risks due to dependencies.