This chapter presents an approach for a cross-sector risk and vulnerability analysis (RVA) of critical infrastructures. The RVA is an extended version of a preliminary hazard analysis (PHA) and can be applied to any complex system with only minor adaptations. The analysis has three phases described below: (1) analysis preparation, (2) preliminary risk analysis and (3) detailed risk analyses. The objective of the RVA is to identify hazardous events related to the activity/system as thorough as reasonably practicable. In phase 2, risk is assessed by the analysis group from direct assessments of probabilities and consequences on a semi-quantitative scale, such as low (L), medium (M) and high (H). This is in line with a standard PHA, which aims to identify and assess all major risks, and provide risk-reducing measures, without including detailed risk calculations or analyses. The preliminary risk analysis is then used for screening, and the most critical events are investigated further for various detailed analyses and quantifications. The RVA described here intends to give a complete overview of all risks elements related to the systems under investigation.
[1]
James P. Peerenboom,et al.
Identifying, understanding, and analyzing critical infrastructure interdependencies
,
2001
.
[2]
Eric A. M. Luiijf,et al.
Protecting a nation's critical infrastructure: the first steps
,
2004,
2004 IEEE International Conference on Systems, Man and Cybernetics (IEEE Cat. No.04CH37583).
[3]
Daniel E. Geer,et al.
Information Security: Why the Future Belongs to the Quants
,
2003,
IEEE Secur. Priv..
[4]
Marvin Rausand,et al.
Risk Assessment: Rausand/Risk Assessment
,
2011
.
[5]
Marvin Rausand,et al.
Risk Assessment: Theory, Methods, and Applications
,
2011
.
[6]
K. Uhlen,et al.
Vulnerability analysis of the Nordic power system
,
2006,
IEEE Transactions on Power Systems.