Towards a comparable cross-sector risk analysis: RAMCAP revisited

Abstract

The search for a uniform risk analysis approach for critical infrastructures has prompted a reexamination of the Risk Analysis and Management for Critical Asset Protection (RAMCAP) methodology to see if it can accommodate emerging threats from climate change, aging infrastructure and cyber attacks. This chapter examines the challenges involved in taking a site-specific formulation and turning it into a general model capable of analyzing performance under a full range of simulated conditions. The AWWA J100-10 standard provides the blueprint for a basic RAMCAP model that calculates risk as an attenuation of consequences via probability estimates of vulnerability, threat, resilience and countermeasures. The RAMCAP model was subjected to varying scenario loads in deterministic simulations that examined all hypothetical conditions and probabilistic simulations that examined likely conditions. RAMCAP performance was measured by the average net benefit and represented by the distribution of component values. Contrary to expectations, RAMCAP performance did not improve as the number of scenarios increased in the simulations. The methods and results of this study may hold implications for other critical infrastructure risk methodologies that are based on consequence, threat and vulnerability.