SlideShare a Scribd company logo

WCRR 2016 paper 392

T
tonylancia
1 of 6
Download to read offline
1 Risk analysis and consequence modelling methodology for improving the resilience of railway stations to terrorist attacks Antonio Lancia 1 *, Gilad Rafaeli 2 , Paul Abbott 2 , Jonathan Paragreen 3 , David Fletcher 3 , Emma Carter 3 , Emiliano Costa 4 , Stefano Porziani 4 and Giulio Valfré 4 . 1 Heuristics GmbH. Capriasca. Switzerland 2 MTRS3 Solutions and Services Ltd. Tel Aviv. Israel. 3 University of Sheffield. Sheffield. United Kingdom. 4 D’Appolonia SpA. Genova. Italy. *Contact: tony.lancia@heuristics.ch Abstract The SECURESTATION project has been executed within the European Union FP7 framework programme, aiming to develop specific tools, models and design guidelines to improve the resilience to terror attacks on railway stations. This paper addresses the research work related to tools and methods for estimating the risks associated with diverse attack scenarios, with different alternate countermeasures and architectural solutions. The developed SECURESTATION Risk Analysis Methodology (“SEST-RAM”) includes methods and procedures for defining the reference attack scenarios and, for each of them, assessing the probability of occurrence, the vulnerability (probability that the attack is successful) and consequences (harm to persons and economic loss). SEST-RAM can be applied in the early stages of railway station design for a risk-based selection of general design and then for a more refined quantitative assessment, limited to the selected design. Guidelines are also given for the challenging task of estimating the probability that a certain attack tactic is selected by the terrorist adversaries. SEST-RAM and the models below have been used in the project for a demonstrative example of risk analysis applied to an ideal “model station” involving most of the safety and security challenges posed by modern large intermodal railway stations. A methodology was defined for evaluating the source terms and for applying Computational Fluid Dynamics (CFD) modelling to predict the dispersion of toxic chemicals in a railway station environment. Different toxic materials and spreading methods were simulated. For each scenario the impact in terms of human harm was assessed, based on toxicity data. The simulations also allowed the formulation of recommendations for building and ventilation system design. A methodology was also defined for modelling the blast effects for diverse types of explosive devices, e.g. IED (Improvised Explosive Device), VBIED (Vehicle Borne IED), etc., at railway stations, principally by Finite Element Method (FEM) computing. Several blast simulations were conducted to demonstrate how the methodology may be used to evaluate the effectiveness of certain architectural solutions in reducing the consequences of blast scenarios. Modelling of fire, smoke spread and passenger evacuation was also included in the project work, using state of the art tools that are already in use for the fire safety evaluation of railway station design but this not discussed in this paper.
2 A further computational tool, SARA, has been designed and demonstrated for simulation of the cascade degradation of safety functions in a railway station following certain initial events corresponding to the terror attack. Its use within risk analysis is particularly important for intermodal and underground railway stations where the safe evacuation of the passengers depends on diverse technological systems (fire extinguishing, power supply, ventilation, lighting, etc.) that may be damaged by an attack and that are partly interdependent. 1. Introduction The resilience of a railway station in the case of terrorist attack provides for the protection of passengers and workers lives and the prompt restoration of public transportation services. Designing and building a new railway station, or refurbishment of an existing railway station, to make them resilient while keeping them economically sustainable is not a trivial task. This paper addresses the risk analyses and modelling solutions developed by a multidisciplinary team of European experts from 2011 to 2014 within the SECURESTATION project, funded under the European Union 7th Framework Programme, project reference 266202. 2. Description Risk Analysis Methodology The SEST-RAM methodology was developed as an upgrade of protocols that were previously used by the same authors in modelling risk for terrorist attacks to various kinds of ground transportation systems. A set of attack scenarios are initially defined as ways in which the considered threats (IEDs, arson, dispersion of toxic substances, etc.) may be applied in diverse parts of the whole station (e.g. mezzanine, shopping area, bus platforms, train platforms, etc.). For each scenario, a “relative risk” value is evaluated as the product of “relative probability of occurrence”, vulnerability (probability that the attack is successful) and consequences (harm to persons and economic loss). “Relative risk” values for individual scenarios are “conditional risk” estimations proportional to actual risk values by a scalar “renormalisation factor” that includes the probability that some form of terrorist attack occurs at a particular railway station over a certain time period. The renormalisation factor is computed only when needed because it generally has a high uncertainty and it widely varies over time due to drifts or sudden changes in socio-political circumstances (demographic variation, insurgences, a new law, peace talks, a change in foreign policy, the arrest of terrorists, etc.). Guidelines are however given within the methodology to compute a reference value for the renormalisation factor and thus to express results as risk values or risk “ranks” (instead of relative risk). The SEST-RAM formal approach also includes rules to obtain representative overall risk values (relative or “absolute”) for a whole railway station from the pool of scenarios, including sets of similar cases whose risk should not be simply summed. Rating the relative probability of attack for a certain scenario is the most difficult and questionable procedure within the evaluation of relative risk because it reflects the preference of a terrorist decision maker for a certain attack plan vs. other alternative ones. Some general guidelines are given on assessing this value, and a method is provided to compute the value in the specific (but common) case of radical fundamentalist groups, using a computation procedure that was calibrated by the risk ratings assigned by a panel of experts to a set of different scenarios.
3 A set of alternative methods are specified for the estimation of vulnerability, including the use of event trees to model the probability that attackers may be successful in the presence of a set of technical and organisational countermeasures. Consequences assessment may be performed for a set of damage classes of interest (e.g. human and economic, direct and indirect, losses) with a level of accuracy varying from coarse parametric or “educated guesses” up to sophisticated computational models such as the ones that were refined and applied in the project, as described below in this paper. The SEST-RAM methodology was defined for integrating an analytical approach to security with the architectural and engineering design activities along the development of the project for new railway stations or for their revamping. The SEST-RAM risk model may be setup and risk computed in a few weeks for one or for a few alternative basic designs, using simple preliminary estimates for vulnerability and losses. In this way risk may be taken into account early in the decision making before the project is adopted and further developed up to construction plans for building and technological systems. The model may then be refined, running more accurate time consuming computations for consequences assessment and by evaluating critical dependencies in the functional availability of technological systems that contribute to the resilience of the railway station, aiming for safe evacuation and the prompt restoration of station operation. Modelling the dispersion of toxic chemicals and the consequences A methodology for simulating chemical dispersions within a railway station environment was developed for the SECURESTATION project with the aim of evaluating the impacts of such attack modes and to produce recommendations for the design of railway stations and their ventilation systems. A general-purpose computational fluid dynamics solver, ANSYS Fluent, was used. To enable a large number of scenarios to be simulated it was necessary to balance solution time with accuracy and therefore the realisable k-epsilon model for turbulence was used in conjunction with unsteady Reynolds-average Navier-Stokes equations as it has been demonstrated to provide a good correlation with experimental simulations, but without requiring excessive processing. Different toxic materials and dispersion methods were simulated. The toxic agents simulated included materials used in the past as chemical weapons such as choking agents, blood gases, blister and nerve agents. From these, materials were selected with different physical properties and densities to enable different dispersion methods and diffusion characteristics to be displayed. The materials selected also ranged from extremely toxic nerve agents where very low concentrations result in serious injury or fatalities, but are controlled materials and therefore more difficult to obtain, to choking agents and blood gases which require higher concentrations to be effective, but are also common industrial chemicals. The dispersion methods simulated depended upon the physical properties of the materials, so the compressed gases were simulated as being dispersed from a pressurized gas cylinder, whilst the volatile liquids were simulated being dispersed as an aerosol and also as evaporating from a pool of liquid by natural vapourisation in the air, as with the 1995 attack on the Tokyo subway. The rate of vapourisation from the pool of liquid was calculated using a similar methodology to Edvard Karlsson et al. and allowed the vapourising liquid to be simulated as a gaseous flow. Similarly for the aerosol dispersion of the volatile liquid it was assumed that the aerosol droplets would rapidly vapourise and could therefore be approximated to a gaseous flow of the toxic material with the carrier gas.
4 The impact of the toxic material dispersions on humans could be evaluated using exposure limit data which are published for chemical safety purposes and present the impact on human health at different concentration levels. These limits can therefore define contours within the concentration plots from the simulations and define the size of the zones where persons within that area would suffer serious injury or receive a fatal dose of toxic material. a) b) Figure 1: a) 3D concentration plot showing the dispersion of HCN gas with strong extraction flows and b) the contours demonstrating the areas of different levels of human harm In general the simulations demonstrated that for the materials with the greatest toxicity, such as the volatile liquid nerve agents, the strongest air ventilation flows diluted them spreading them over a greater area causing increased levels of harm. Whereas, for the materials with reduced toxicity such as the blood gases and choking agents, the dilution effect from the ventilation system rapidly diluted the gases reducing the levels of harm. This demonstrates the need to be able to control the ventilation flow rate and direction to respond depending upon the attack scenario in order to minimise harm. Modelling of Blasts and their Consequences Among the available methods to perform a blast study, in the SECURESTATION Project both empirical methods and numerical techniques have been employed to assess the railway station structural resilience to an attack involving explosive devices. Specifically the empirical approach was based on an extensive experimental database built up after performing a large number of explosion tests by detonating various charges of a reference explosive (typically TNT). The numerical approach involved the numerical resolution of the mathematical system describing the physical phenomena to be studied (mass, momentum and energy conservation equations) and also taking account of the physical behaviour of materials involved in the study which is described by means of proper constitutive relationships. Considering the historical background of terrorist attacks in the EU as well as the suggestions from stakeholders and experts in the railway transport field, different typologies of blast attack, e.g. Person Borne Improvised Explosive Device (PBIED), VBIED and IED, have been assumed to occur at several locations inside and outside the reference station buildings considered for such studies. In the case of open environment scenarios, the empirical models were used to obtain reliable results with limited computational effort, whereas for occluded environment analyses the numerical approach was adopted. Serious injury Fatality
5 Figure 2: Occluded environment PBIED: pressure contours evolution at different instants after bomb detonation The results obtained for the selected scenarios have been used to evaluate structural loading and damage, people harm (survival percentage) and the number of casualties and the effectiveness of mitigation measures. With regard to structures, well-established methods such as the Single Degree Of Freedom (SDOF) for dynamic analyses was used. Harm to people was evaluated by means of both the pressure-impulse diagrams available in literature and an in-house code calculating a projectiles’ lethality as a function of people density distribution around a detonation. Figure 3: Example of monitored pressure profiles and SDOF model applied to a structural column Determination of the efficiency of some of the mitigation countermeasures comes from the critical analysis of simulation results. Some of those include the introduction of passive (fixed) and active (operated) vehicle barriers to enlarge the so called standoff distance and of partitions and protected spaces. Modelling Functional Resilience following an Attack The aim of the SARA (SECURESTATION Attack Resilience Assessment) Tool is the implementation of a systematic framework to evaluate the vulnerability of equipment in railway stations to security threats. Ideally, application of the methodology enables designers and security experts to analyze a given railway station from a security point of view, focusing on the functional behaviour of each individual piece of equipment (e.g., ventilation, communication, power supply, etc.) installed in the railway station. The results of the analyses of vulnerability and availability, aimed at identifying the critical components and ranking their importance, enable the definition, evaluation, ranking and selection of possible mitigation measures to be applied to the equipment of the railway station in order to improve its resilience from terrorist threats. The equipment considered is related to the functioning of the station building (allowing passengers to access and leave the transport operation) rather than the operation of the transport service itself, which is usually subject to other types of safety and security analyses during design, construction, commissioning and operation. 50 70 90 110 130 150 170 190 210 230 250 0 20 40 60 80 100 120 140 160 180 P re ssu re [kP a] Time [ms] Gauge# 1 Gauge# 2 Gauge# 3 Gauge# 4 Gauge# 5 Structural element SDOF K M Blast Wave F(t) x(t) x(t)
6 In the tool the station building is investigated from a physical and functional point of view representing and linking together both of these aspects. The model adopted also allows remedial options and cross- correlation aspects between the different equipment to be considered. Figure 4: flow diagram of the SARA tool for modelling the functional resilience of a station A structural analysis aimed to represent the topological structure of the station and the network of the equipment that allows the functioning of the station to be assessed, and a functional analysis aimed to define the main functions of the station to be considered to define an appropriate way of measuring them, are performed. The physical and functional models of the station building and its equipment, provide the basis for defining the critical elements of the equipment and the necessary mitigation measures, and also to select a sub-set of these under specific constraints. A set of attack scenarios are chosen defining a particular type of threat. For each scenario a set of user cases is defined specifying the position of the threat inside the building, its magnitude and defining the effects in terms of damage to the structure of the station and to each element of equipment. Furthermore, a set of mitigation measures are defined on the basis of the experience of railway station operators and from the identification of the critical parts of equipment. All the defined countermeasures are applied to the user cases during the phase of ranking and selection of the specific measure that best enhances the functionality of the station within defined constraints (i.e. limited budget) or targeting a degree of system resilience to be eventually achieved. The SARA Tool has been demonstrated by applying it to the general ‘model station’ adopted within the SECURESTATION project - an interchange node constituted by a railway station, a metro station and a bus station. 3. Conclusion The SECURESTATION project has delivered a comprehensive set of risk assessment and consequences modelling methods for the design of an economically sustainable railway station which is resilient to terrorist attacks. The methodology has been successfully tested for a ‘model station’ and already applied to a few real sites.

Recommended

Img 20160427 0010
Img 20160427 0010Img 20160427 0010
Img 20160427 0010sambrazier23
 
Nitin Gupta_Resume
Nitin Gupta_ResumeNitin Gupta_Resume
Nitin Gupta_ResumeNitin Gupta
 
Densímetro. Balanza de Seeligmann
Densímetro. Balanza de SeeligmannDensímetro. Balanza de Seeligmann
Densímetro. Balanza de Seeligmannsebastian_seeligmann
 
Media work celador Sam Brazier
Media work celador Sam BrazierMedia work celador Sam Brazier
Media work celador Sam Braziersambrazier23
 
Severay descent
Severay descentSeveray descent
Severay descentsambrazier23
 
21 84-1-pb
21 84-1-pb21 84-1-pb
21 84-1-pbsandra saldaña
 
Triple media game industy work
Triple media game industy work Triple media game industy work
Triple media game industy work sambrazier23
 
21 84-1-pb
21 84-1-pb21 84-1-pb
21 84-1-pbsandra saldaña
 

Recommended

Img 20160427 0010
Img 20160427 0010Img 20160427 0010
Img 20160427 0010sambrazier23
 
Nitin Gupta_Resume
Nitin Gupta_ResumeNitin Gupta_Resume
Nitin Gupta_ResumeNitin Gupta
 
Densímetro. Balanza de Seeligmann
Densímetro. Balanza de SeeligmannDensímetro. Balanza de Seeligmann
Densímetro. Balanza de Seeligmannsebastian_seeligmann
 
Media work celador Sam Brazier
Media work celador Sam BrazierMedia work celador Sam Brazier
Media work celador Sam Braziersambrazier23
 
Severay descent
Severay descentSeveray descent
Severay descentsambrazier23
 
21 84-1-pb
21 84-1-pb21 84-1-pb
21 84-1-pbsandra saldaña
 
Triple media game industy work
Triple media game industy work Triple media game industy work
Triple media game industy work sambrazier23
 
21 84-1-pb
21 84-1-pb21 84-1-pb
21 84-1-pbsandra saldaña
 
Audience profile2
Audience profile2Audience profile2
Audience profile2sambrazier23
 
Unit 19
Unit 19 Unit 19
Unit 19 sambrazier23
 
Makalah metode transformasi
Makalah metode transformasiMakalah metode transformasi
Makalah metode transformasimnssatrio123
 
Lo2 mood board
Lo2 mood board Lo2 mood board
Lo2 mood board sambrazier23
 
Audience profile2
Audience profile2Audience profile2
Audience profile2sambrazier23
 
Script for unit 11 exported vison
Script for unit 11 exported visonScript for unit 11 exported vison
Script for unit 11 exported visonsambrazier23
 
2nd European Conference on Earthquake Engineering and Seismology. 24-29 Augus...
2nd European Conference on Earthquake Engineering and Seismology. 24-29 Augus...2nd European Conference on Earthquake Engineering and Seismology. 24-29 Augus...
2nd European Conference on Earthquake Engineering and Seismology. 24-29 Augus...Infra Risk
 
An overarching process to evaluate risks associated with infrastructure netwo...
An overarching process to evaluate risks associated with infrastructure netwo...An overarching process to evaluate risks associated with infrastructure netwo...
An overarching process to evaluate risks associated with infrastructure netwo...Infra Risk
 
InfraRisk Brochure
InfraRisk BrochureInfraRisk Brochure
InfraRisk BrochureInfra Risk
 
A Comprehensive Literature Review On Transportation System Risk Analysis
A Comprehensive Literature Review On Transportation System Risk AnalysisA Comprehensive Literature Review On Transportation System Risk Analysis
A Comprehensive Literature Review On Transportation System Risk AnalysisLori Moore
 
Fire risk analysis of structures and infrastructures: theory and application ...
Fire risk analysis of structures and infrastructures: theory and application ...Fire risk analysis of structures and infrastructures: theory and application ...
Fire risk analysis of structures and infrastructures: theory and application ...Franco Bontempi Org Didattica
 
Available online at www.sciencedirect.comComputers & Industr.docx
Available online at www.sciencedirect.comComputers & Industr.docxAvailable online at www.sciencedirect.comComputers & Industr.docx
Available online at www.sciencedirect.comComputers & Industr.docxrock73
 
Quantified Risk Assessment as a decision support for the protection of the Cr...
Quantified Risk Assessment as a decision support for the protection of the Cr...Quantified Risk Assessment as a decision support for the protection of the Cr...
Quantified Risk Assessment as a decision support for the protection of the Cr...Community Protection Forum
 
A fuzzy ahp model in risk ranking
A fuzzy ahp model in risk rankingA fuzzy ahp model in risk ranking
A fuzzy ahp model in risk rankingAlexander Decker
 
A fuzzy ahp model in risk ranking
A fuzzy ahp model in risk rankingA fuzzy ahp model in risk ranking
A fuzzy ahp model in risk rankingAlexander Decker
 
Ijciet 10 02_001
Ijciet 10 02_001Ijciet 10 02_001
Ijciet 10 02_001IAEME Publication
 
16 r10014
16 r1001416 r10014
16 r10014mohamed Amri
 
Towards an innovative systemic approach of risk management
Towards an innovative systemic approach of risk managementTowards an innovative systemic approach of risk management
Towards an innovative systemic approach of risk managementLuxembourg Institute of Science and Technology
 
Towards an innovative systemic approach of risk management
Towards an innovative systemic approach of risk managementTowards an innovative systemic approach of risk management
Towards an innovative systemic approach of risk managementchristophefeltus
 
Critis08 Q Ra
Critis08 Q RaCritis08 Q Ra
Critis08 Q RaFrancesco Flammini
 
Risk analysis for fire: the case of civil structures
Risk analysis for fire: the case of civil structuresRisk analysis for fire: the case of civil structures
Risk analysis for fire: the case of civil structuresKonstantinos Gkoumas
 
Don t go_that_way__risk_aware_decision_making_for_autonomous_vehicles
Don t go_that_way__risk_aware_decision_making_for_autonomous_vehiclesDon t go_that_way__risk_aware_decision_making_for_autonomous_vehicles
Don t go_that_way__risk_aware_decision_making_for_autonomous_vehiclesKasra Mokhtari
 

More Related Content

Viewers also liked

Makalah metode transformasi
Makalah metode transformasiMakalah metode transformasi
Makalah metode transformasimnssatrio123
 
Script for unit 11 exported vison
Script for unit 11 exported visonScript for unit 11 exported vison
Script for unit 11 exported visonsambrazier23
 

Viewers also liked (6)

Audience profile2
Audience profile2Audience profile2
Audience profile2
 
Unit 19
Unit 19 Unit 19
Unit 19
 
Makalah metode transformasi
Makalah metode transformasiMakalah metode transformasi
Makalah metode transformasi
 
Lo2 mood board
Lo2 mood board Lo2 mood board
Lo2 mood board
 
Audience profile2
Audience profile2Audience profile2
Audience profile2
 
Script for unit 11 exported vison
Script for unit 11 exported visonScript for unit 11 exported vison
Script for unit 11 exported vison
 

Similar to WCRR 2016 paper 392

2nd European Conference on Earthquake Engineering and Seismology. 24-29 Augus...
2nd European Conference on Earthquake Engineering and Seismology. 24-29 Augus...2nd European Conference on Earthquake Engineering and Seismology. 24-29 Augus...
2nd European Conference on Earthquake Engineering and Seismology. 24-29 Augus...Infra Risk
 
An overarching process to evaluate risks associated with infrastructure netwo...
An overarching process to evaluate risks associated with infrastructure netwo...An overarching process to evaluate risks associated with infrastructure netwo...
An overarching process to evaluate risks associated with infrastructure netwo...Infra Risk
 
InfraRisk Brochure
InfraRisk BrochureInfraRisk Brochure
InfraRisk BrochureInfra Risk
 
A Comprehensive Literature Review On Transportation System Risk Analysis
A Comprehensive Literature Review On Transportation System Risk AnalysisA Comprehensive Literature Review On Transportation System Risk Analysis
A Comprehensive Literature Review On Transportation System Risk AnalysisLori Moore
 
Fire risk analysis of structures and infrastructures: theory and application ...
Fire risk analysis of structures and infrastructures: theory and application ...Fire risk analysis of structures and infrastructures: theory and application ...
Fire risk analysis of structures and infrastructures: theory and application ...Franco Bontempi Org Didattica
 
Available online at www.sciencedirect.comComputers & Industr.docx
Available online at www.sciencedirect.comComputers & Industr.docxAvailable online at www.sciencedirect.comComputers & Industr.docx
Available online at www.sciencedirect.comComputers & Industr.docxrock73
 
Quantified Risk Assessment as a decision support for the protection of the Cr...
Quantified Risk Assessment as a decision support for the protection of the Cr...Quantified Risk Assessment as a decision support for the protection of the Cr...
Quantified Risk Assessment as a decision support for the protection of the Cr...Community Protection Forum
 
A fuzzy ahp model in risk ranking
A fuzzy ahp model in risk rankingA fuzzy ahp model in risk ranking
A fuzzy ahp model in risk rankingAlexander Decker
 
A fuzzy ahp model in risk ranking
A fuzzy ahp model in risk rankingA fuzzy ahp model in risk ranking
A fuzzy ahp model in risk rankingAlexander Decker
 
Towards an innovative systemic approach of risk management
Towards an innovative systemic approach of risk managementTowards an innovative systemic approach of risk management
Towards an innovative systemic approach of risk managementchristophefeltus
 
Risk analysis for fire: the case of civil structures
Risk analysis for fire: the case of civil structuresRisk analysis for fire: the case of civil structures
Risk analysis for fire: the case of civil structuresKonstantinos Gkoumas
 
Don t go_that_way__risk_aware_decision_making_for_autonomous_vehicles
Don t go_that_way__risk_aware_decision_making_for_autonomous_vehiclesDon t go_that_way__risk_aware_decision_making_for_autonomous_vehicles
Don t go_that_way__risk_aware_decision_making_for_autonomous_vehiclesKasra Mokhtari
 
INFRARISK. Novel Indicators for identifying critical INFRAstructure at RISK f...
INFRARISK. Novel Indicators for identifying critical INFRAstructure at RISK f...INFRARISK. Novel Indicators for identifying critical INFRAstructure at RISK f...
INFRARISK. Novel Indicators for identifying critical INFRAstructure at RISK f...Infra Risk
 
Chapter Nine(1).docx
Chapter Nine(1).docxChapter Nine(1).docx
Chapter Nine(1).docxAbebaw Mamaru
 
2011 CRC Showcase - Safety & Security Theme - Safer level crossings
2011 CRC Showcase - Safety & Security Theme - Safer level crossings2011 CRC Showcase - Safety & Security Theme - Safer level crossings
2011 CRC Showcase - Safety & Security Theme - Safer level crossingsCRC for Rail Innovation
 
Preliminary Hazard Analysis (PHA): New hybrid approach to railway risk analysis
Preliminary Hazard Analysis (PHA): New hybrid approach to railway risk analysisPreliminary Hazard Analysis (PHA): New hybrid approach to railway risk analysis
Preliminary Hazard Analysis (PHA): New hybrid approach to railway risk analysisIRJESJOURNAL
 

Similar to WCRR 2016 paper 392 (20)

2nd European Conference on Earthquake Engineering and Seismology. 24-29 Augus...
2nd European Conference on Earthquake Engineering and Seismology. 24-29 Augus...2nd European Conference on Earthquake Engineering and Seismology. 24-29 Augus...
2nd European Conference on Earthquake Engineering and Seismology. 24-29 Augus...
 
An overarching process to evaluate risks associated with infrastructure netwo...
An overarching process to evaluate risks associated with infrastructure netwo...An overarching process to evaluate risks associated with infrastructure netwo...
An overarching process to evaluate risks associated with infrastructure netwo...
 
InfraRisk Brochure
InfraRisk BrochureInfraRisk Brochure
InfraRisk Brochure
 
A Comprehensive Literature Review On Transportation System Risk Analysis
A Comprehensive Literature Review On Transportation System Risk AnalysisA Comprehensive Literature Review On Transportation System Risk Analysis
A Comprehensive Literature Review On Transportation System Risk Analysis
 
Fire risk analysis of structures and infrastructures: theory and application ...
Fire risk analysis of structures and infrastructures: theory and application ...Fire risk analysis of structures and infrastructures: theory and application ...
Fire risk analysis of structures and infrastructures: theory and application ...
 
Available online at www.sciencedirect.comComputers & Industr.docx
Available online at www.sciencedirect.comComputers & Industr.docxAvailable online at www.sciencedirect.comComputers & Industr.docx
Available online at www.sciencedirect.comComputers & Industr.docx
 
Quantified Risk Assessment as a decision support for the protection of the Cr...
Quantified Risk Assessment as a decision support for the protection of the Cr...Quantified Risk Assessment as a decision support for the protection of the Cr...
Quantified Risk Assessment as a decision support for the protection of the Cr...
 
A fuzzy ahp model in risk ranking
A fuzzy ahp model in risk rankingA fuzzy ahp model in risk ranking
A fuzzy ahp model in risk ranking
 
A fuzzy ahp model in risk ranking
A fuzzy ahp model in risk rankingA fuzzy ahp model in risk ranking
A fuzzy ahp model in risk ranking
 
Ijciet 10 02_001
Ijciet 10 02_001Ijciet 10 02_001
Ijciet 10 02_001
 
16 r10014
16 r1001416 r10014
16 r10014
 
Towards an innovative systemic approach of risk management
Towards an innovative systemic approach of risk managementTowards an innovative systemic approach of risk management
Towards an innovative systemic approach of risk management
 
Towards an innovative systemic approach of risk management
Towards an innovative systemic approach of risk managementTowards an innovative systemic approach of risk management
Towards an innovative systemic approach of risk management
 
Critis08 Q Ra
Critis08 Q RaCritis08 Q Ra
Critis08 Q Ra
 
Risk analysis for fire: the case of civil structures
Risk analysis for fire: the case of civil structuresRisk analysis for fire: the case of civil structures
Risk analysis for fire: the case of civil structures
 
Don t go_that_way__risk_aware_decision_making_for_autonomous_vehicles
Don t go_that_way__risk_aware_decision_making_for_autonomous_vehiclesDon t go_that_way__risk_aware_decision_making_for_autonomous_vehicles
Don t go_that_way__risk_aware_decision_making_for_autonomous_vehicles
 
INFRARISK. Novel Indicators for identifying critical INFRAstructure at RISK f...
INFRARISK. Novel Indicators for identifying critical INFRAstructure at RISK f...INFRARISK. Novel Indicators for identifying critical INFRAstructure at RISK f...
INFRARISK. Novel Indicators for identifying critical INFRAstructure at RISK f...
 
Chapter Nine(1).docx
Chapter Nine(1).docxChapter Nine(1).docx
Chapter Nine(1).docx
 
2011 CRC Showcase - Safety & Security Theme - Safer level crossings
2011 CRC Showcase - Safety & Security Theme - Safer level crossings2011 CRC Showcase - Safety & Security Theme - Safer level crossings
2011 CRC Showcase - Safety & Security Theme - Safer level crossings
 
Preliminary Hazard Analysis (PHA): New hybrid approach to railway risk analysis
Preliminary Hazard Analysis (PHA): New hybrid approach to railway risk analysisPreliminary Hazard Analysis (PHA): New hybrid approach to railway risk analysis
Preliminary Hazard Analysis (PHA): New hybrid approach to railway risk analysis
 

WCRR 2016 paper 392

  • 1. 1 Risk analysis and consequence modelling methodology for improving the resilience of railway stations to terrorist attacks Antonio Lancia 1 *, Gilad Rafaeli 2 , Paul Abbott 2 , Jonathan Paragreen 3 , David Fletcher 3 , Emma Carter 3 , Emiliano Costa 4 , Stefano Porziani 4 and Giulio Valfré 4 . 1 Heuristics GmbH. Capriasca. Switzerland 2 MTRS3 Solutions and Services Ltd. Tel Aviv. Israel. 3 University of Sheffield. Sheffield. United Kingdom. 4 D’Appolonia SpA. Genova. Italy. *Contact: tony.lancia@heuristics.ch Abstract The SECURESTATION project has been executed within the European Union FP7 framework programme, aiming to develop specific tools, models and design guidelines to improve the resilience to terror attacks on railway stations. This paper addresses the research work related to tools and methods for estimating the risks associated with diverse attack scenarios, with different alternate countermeasures and architectural solutions. The developed SECURESTATION Risk Analysis Methodology (“SEST-RAM”) includes methods and procedures for defining the reference attack scenarios and, for each of them, assessing the probability of occurrence, the vulnerability (probability that the attack is successful) and consequences (harm to persons and economic loss). SEST-RAM can be applied in the early stages of railway station design for a risk-based selection of general design and then for a more refined quantitative assessment, limited to the selected design. Guidelines are also given for the challenging task of estimating the probability that a certain attack tactic is selected by the terrorist adversaries. SEST-RAM and the models below have been used in the project for a demonstrative example of risk analysis applied to an ideal “model station” involving most of the safety and security challenges posed by modern large intermodal railway stations. A methodology was defined for evaluating the source terms and for applying Computational Fluid Dynamics (CFD) modelling to predict the dispersion of toxic chemicals in a railway station environment. Different toxic materials and spreading methods were simulated. For each scenario the impact in terms of human harm was assessed, based on toxicity data. The simulations also allowed the formulation of recommendations for building and ventilation system design. A methodology was also defined for modelling the blast effects for diverse types of explosive devices, e.g. IED (Improvised Explosive Device), VBIED (Vehicle Borne IED), etc., at railway stations, principally by Finite Element Method (FEM) computing. Several blast simulations were conducted to demonstrate how the methodology may be used to evaluate the effectiveness of certain architectural solutions in reducing the consequences of blast scenarios. Modelling of fire, smoke spread and passenger evacuation was also included in the project work, using state of the art tools that are already in use for the fire safety evaluation of railway station design but this not discussed in this paper.
  • 2. 2 A further computational tool, SARA, has been designed and demonstrated for simulation of the cascade degradation of safety functions in a railway station following certain initial events corresponding to the terror attack. Its use within risk analysis is particularly important for intermodal and underground railway stations where the safe evacuation of the passengers depends on diverse technological systems (fire extinguishing, power supply, ventilation, lighting, etc.) that may be damaged by an attack and that are partly interdependent. 1. Introduction The resilience of a railway station in the case of terrorist attack provides for the protection of passengers and workers lives and the prompt restoration of public transportation services. Designing and building a new railway station, or refurbishment of an existing railway station, to make them resilient while keeping them economically sustainable is not a trivial task. This paper addresses the risk analyses and modelling solutions developed by a multidisciplinary team of European experts from 2011 to 2014 within the SECURESTATION project, funded under the European Union 7th Framework Programme, project reference 266202. 2. Description Risk Analysis Methodology The SEST-RAM methodology was developed as an upgrade of protocols that were previously used by the same authors in modelling risk for terrorist attacks to various kinds of ground transportation systems. A set of attack scenarios are initially defined as ways in which the considered threats (IEDs, arson, dispersion of toxic substances, etc.) may be applied in diverse parts of the whole station (e.g. mezzanine, shopping area, bus platforms, train platforms, etc.). For each scenario, a “relative risk” value is evaluated as the product of “relative probability of occurrence”, vulnerability (probability that the attack is successful) and consequences (harm to persons and economic loss). “Relative risk” values for individual scenarios are “conditional risk” estimations proportional to actual risk values by a scalar “renormalisation factor” that includes the probability that some form of terrorist attack occurs at a particular railway station over a certain time period. The renormalisation factor is computed only when needed because it generally has a high uncertainty and it widely varies over time due to drifts or sudden changes in socio-political circumstances (demographic variation, insurgences, a new law, peace talks, a change in foreign policy, the arrest of terrorists, etc.). Guidelines are however given within the methodology to compute a reference value for the renormalisation factor and thus to express results as risk values or risk “ranks” (instead of relative risk). The SEST-RAM formal approach also includes rules to obtain representative overall risk values (relative or “absolute”) for a whole railway station from the pool of scenarios, including sets of similar cases whose risk should not be simply summed. Rating the relative probability of attack for a certain scenario is the most difficult and questionable procedure within the evaluation of relative risk because it reflects the preference of a terrorist decision maker for a certain attack plan vs. other alternative ones. Some general guidelines are given on assessing this value, and a method is provided to compute the value in the specific (but common) case of radical fundamentalist groups, using a computation procedure that was calibrated by the risk ratings assigned by a panel of experts to a set of different scenarios.
  • 3. 3 A set of alternative methods are specified for the estimation of vulnerability, including the use of event trees to model the probability that attackers may be successful in the presence of a set of technical and organisational countermeasures. Consequences assessment may be performed for a set of damage classes of interest (e.g. human and economic, direct and indirect, losses) with a level of accuracy varying from coarse parametric or “educated guesses” up to sophisticated computational models such as the ones that were refined and applied in the project, as described below in this paper. The SEST-RAM methodology was defined for integrating an analytical approach to security with the architectural and engineering design activities along the development of the project for new railway stations or for their revamping. The SEST-RAM risk model may be setup and risk computed in a few weeks for one or for a few alternative basic designs, using simple preliminary estimates for vulnerability and losses. In this way risk may be taken into account early in the decision making before the project is adopted and further developed up to construction plans for building and technological systems. The model may then be refined, running more accurate time consuming computations for consequences assessment and by evaluating critical dependencies in the functional availability of technological systems that contribute to the resilience of the railway station, aiming for safe evacuation and the prompt restoration of station operation. Modelling the dispersion of toxic chemicals and the consequences A methodology for simulating chemical dispersions within a railway station environment was developed for the SECURESTATION project with the aim of evaluating the impacts of such attack modes and to produce recommendations for the design of railway stations and their ventilation systems. A general-purpose computational fluid dynamics solver, ANSYS Fluent, was used. To enable a large number of scenarios to be simulated it was necessary to balance solution time with accuracy and therefore the realisable k-epsilon model for turbulence was used in conjunction with unsteady Reynolds-average Navier-Stokes equations as it has been demonstrated to provide a good correlation with experimental simulations, but without requiring excessive processing. Different toxic materials and dispersion methods were simulated. The toxic agents simulated included materials used in the past as chemical weapons such as choking agents, blood gases, blister and nerve agents. From these, materials were selected with different physical properties and densities to enable different dispersion methods and diffusion characteristics to be displayed. The materials selected also ranged from extremely toxic nerve agents where very low concentrations result in serious injury or fatalities, but are controlled materials and therefore more difficult to obtain, to choking agents and blood gases which require higher concentrations to be effective, but are also common industrial chemicals. The dispersion methods simulated depended upon the physical properties of the materials, so the compressed gases were simulated as being dispersed from a pressurized gas cylinder, whilst the volatile liquids were simulated being dispersed as an aerosol and also as evaporating from a pool of liquid by natural vapourisation in the air, as with the 1995 attack on the Tokyo subway. The rate of vapourisation from the pool of liquid was calculated using a similar methodology to Edvard Karlsson et al. and allowed the vapourising liquid to be simulated as a gaseous flow. Similarly for the aerosol dispersion of the volatile liquid it was assumed that the aerosol droplets would rapidly vapourise and could therefore be approximated to a gaseous flow of the toxic material with the carrier gas.
  • 4. 4 The impact of the toxic material dispersions on humans could be evaluated using exposure limit data which are published for chemical safety purposes and present the impact on human health at different concentration levels. These limits can therefore define contours within the concentration plots from the simulations and define the size of the zones where persons within that area would suffer serious injury or receive a fatal dose of toxic material. a) b) Figure 1: a) 3D concentration plot showing the dispersion of HCN gas with strong extraction flows and b) the contours demonstrating the areas of different levels of human harm In general the simulations demonstrated that for the materials with the greatest toxicity, such as the volatile liquid nerve agents, the strongest air ventilation flows diluted them spreading them over a greater area causing increased levels of harm. Whereas, for the materials with reduced toxicity such as the blood gases and choking agents, the dilution effect from the ventilation system rapidly diluted the gases reducing the levels of harm. This demonstrates the need to be able to control the ventilation flow rate and direction to respond depending upon the attack scenario in order to minimise harm. Modelling of Blasts and their Consequences Among the available methods to perform a blast study, in the SECURESTATION Project both empirical methods and numerical techniques have been employed to assess the railway station structural resilience to an attack involving explosive devices. Specifically the empirical approach was based on an extensive experimental database built up after performing a large number of explosion tests by detonating various charges of a reference explosive (typically TNT). The numerical approach involved the numerical resolution of the mathematical system describing the physical phenomena to be studied (mass, momentum and energy conservation equations) and also taking account of the physical behaviour of materials involved in the study which is described by means of proper constitutive relationships. Considering the historical background of terrorist attacks in the EU as well as the suggestions from stakeholders and experts in the railway transport field, different typologies of blast attack, e.g. Person Borne Improvised Explosive Device (PBIED), VBIED and IED, have been assumed to occur at several locations inside and outside the reference station buildings considered for such studies. In the case of open environment scenarios, the empirical models were used to obtain reliable results with limited computational effort, whereas for occluded environment analyses the numerical approach was adopted. Serious injury Fatality
  • 5. 5 Figure 2: Occluded environment PBIED: pressure contours evolution at different instants after bomb detonation The results obtained for the selected scenarios have been used to evaluate structural loading and damage, people harm (survival percentage) and the number of casualties and the effectiveness of mitigation measures. With regard to structures, well-established methods such as the Single Degree Of Freedom (SDOF) for dynamic analyses was used. Harm to people was evaluated by means of both the pressure-impulse diagrams available in literature and an in-house code calculating a projectiles’ lethality as a function of people density distribution around a detonation. Figure 3: Example of monitored pressure profiles and SDOF model applied to a structural column Determination of the efficiency of some of the mitigation countermeasures comes from the critical analysis of simulation results. Some of those include the introduction of passive (fixed) and active (operated) vehicle barriers to enlarge the so called standoff distance and of partitions and protected spaces. Modelling Functional Resilience following an Attack The aim of the SARA (SECURESTATION Attack Resilience Assessment) Tool is the implementation of a systematic framework to evaluate the vulnerability of equipment in railway stations to security threats. Ideally, application of the methodology enables designers and security experts to analyze a given railway station from a security point of view, focusing on the functional behaviour of each individual piece of equipment (e.g., ventilation, communication, power supply, etc.) installed in the railway station. The results of the analyses of vulnerability and availability, aimed at identifying the critical components and ranking their importance, enable the definition, evaluation, ranking and selection of possible mitigation measures to be applied to the equipment of the railway station in order to improve its resilience from terrorist threats. The equipment considered is related to the functioning of the station building (allowing passengers to access and leave the transport operation) rather than the operation of the transport service itself, which is usually subject to other types of safety and security analyses during design, construction, commissioning and operation. 50 70 90 110 130 150 170 190 210 230 250 0 20 40 60 80 100 120 140 160 180 P re ssu re [kP a] Time [ms] Gauge# 1 Gauge# 2 Gauge# 3 Gauge# 4 Gauge# 5 Structural element SDOF K M Blast Wave F(t) x(t) x(t)
  • 6. 6 In the tool the station building is investigated from a physical and functional point of view representing and linking together both of these aspects. The model adopted also allows remedial options and cross- correlation aspects between the different equipment to be considered. Figure 4: flow diagram of the SARA tool for modelling the functional resilience of a station A structural analysis aimed to represent the topological structure of the station and the network of the equipment that allows the functioning of the station to be assessed, and a functional analysis aimed to define the main functions of the station to be considered to define an appropriate way of measuring them, are performed. The physical and functional models of the station building and its equipment, provide the basis for defining the critical elements of the equipment and the necessary mitigation measures, and also to select a sub-set of these under specific constraints. A set of attack scenarios are chosen defining a particular type of threat. For each scenario a set of user cases is defined specifying the position of the threat inside the building, its magnitude and defining the effects in terms of damage to the structure of the station and to each element of equipment. Furthermore, a set of mitigation measures are defined on the basis of the experience of railway station operators and from the identification of the critical parts of equipment. All the defined countermeasures are applied to the user cases during the phase of ranking and selection of the specific measure that best enhances the functionality of the station within defined constraints (i.e. limited budget) or targeting a degree of system resilience to be eventually achieved. The SARA Tool has been demonstrated by applying it to the general ‘model station’ adopted within the SECURESTATION project - an interchange node constituted by a railway station, a metro station and a bus station. 3. Conclusion The SECURESTATION project has delivered a comprehensive set of risk assessment and consequences modelling methods for the design of an economically sustainable railway station which is resilient to terrorist attacks. The methodology has been successfully tested for a ‘model station’ and already applied to a few real sites.