MORGESON-A consistent approach for security risk assessments-ID1432-IDRC2014_b

410 views
349 views

Published on

5th International Disaster and Risk Conference IDRC 2014 Integrative Risk Management - The role of science, technology & practice 24-28 August 2014 in Davos, Switzerland

0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total views
410
On SlideShare
0
From Embeds
0
Number of Embeds
208
Actions
Shares
0
Downloads
0
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide

MORGESON-A consistent approach for security risk assessments-ID1432-IDRC2014_b

  1. 1. Security Risk Assessment of Dams and Related Critical Infrastructure James D. Morgeson, Institute for Defense Analyses, USA Yazmin Seda-Sanabria, U.S. Army Corps of Engineers, USA 5th International Disaster and Risk Conference IDRC 2014 ‘Integrative Risk Management - The role of science, technology & practice‘ • 24-28 August 2014 • Davos • Switzerland www.grforum.org Yevgeniy Kirpichevsky, IDA, USA Jason Dechant, IDA, USA Enrique E. Matheu, Department of Homeland Security, USA
  2. 2. 5th International Disaster and Risk Conference IDRC 2014 ‘Integrative Risk Management - The role of science, technology & practice‘ • 24-28 August 2014 • Davos • Switzerland www.grforum.org Lessons and Actions Following 9/11 • Vigilance is imperative – security consciousness, security monitoring and security improvements at every dam • Security is a shared responsibility – Federal, State, Local, and Owners/Operators • The US Government must prioritize security investments for critical infrastructure – the Common Risk Model for Dams (CRM-D) is the focus of the briefing  The CRM-D objective is to quantify security risk in order to support return on investment (ROI) and funding decisions for security enhancements.
  3. 3. Total Risk Conditional Risk 5th International Disaster and Risk Conference IDRC 2014 ‘Integrative Risk Management - The role of science, technology & practice‘ • 24-28 August 2014 • Davos • Switzerland www.grforum.org What is Risk? • Risk is the possibility of loss or harm. • The definition implies “uncertainty” and “consequences”. • CRM-D uses “probability” to quantify “uncertainty”. • CRM-D defines “consequences” as the predicted loss of lives and economic costs given that a successful attack occurs RiskAsset = Consequences * P(S|A) * P(A) Consequences Vulnerability Threat
  4. 4. 5th International Disaster and Risk Conference IDRC 2014 ‘Integrative Risk Management - The role of science, technology & practice‘ • 24-28 August 2014 • Davos • Switzerland www.grforum.org Layered Defense Model
  5. 5. 5th International Disaster and Risk Conference IDRC 2014 ‘Integrative Risk Management - The role of science, technology & practice‘ • 24-28 August 2014 • Davos • Switzerland www.grforum.org A Notional Dam with Layered Defenses
  6. 6. 5th International Disaster and Risk Conference IDRC 2014 ‘Integrative Risk Management - The role of science, technology & practice‘ • 24-28 August 2014 • Davos • Switzerland www.grforum.org Probability of Success
  7. 7. 5th International Disaster and Risk Conference IDRC 2014 ‘Integrative Risk Management - The role of science, technology & practice‘ • 24-28 August 2014 • Davos • Switzerland www.grforum.org CRM-D Conditional Risk Synthesis
  8. 8. 5th International Disaster and Risk Conference IDRC 2014 ‘Integrative Risk Management - The role of science, technology & practice‘ • 24-28 August 2014 • Davos • Switzerland www.grforum.org Conclusions • Because CRM-D is implemented using expert judgments tabulated in tables, the vulnerability of many critical infrastructure threat scenarios can be analyzed quickly and objectively • Risk can be computed and used for Return on Investment Decisions across a portfolio of multiple dams to support annual budget cycles for resource decisions Rc’ = Risk. Graph shows risk for an undefended dam in red, the same dam with existing defenses in blue, and the same dam with proposed risk mitigation measures (RMO) in green. The difference in the height of the bars shows the return on investment.

×