Functional quantitative security risk analysis (QSRA) to assist in protecting critical process infrastructure

This article proposes a quantitative security risk assessment methodology that can assist management in the decision-making process where and when to protect critical assets of a chemical facility. An improvement upon previous work is the approach of conducting concurrent Threat and Vulnerability Assessments, as opposed to a sequential approach. Furthermore, this method introduces a Bow Tie risk model mapped into a Bayesian Network model that allows for various logical relaxation assumptions to be applied. Different uncertainty relaxation approaches such as “Noisy-OR” and “Leaky Noisy-OR” and “Noisy-AND” are tested to improve Threat and Vulnerability likelihood. Finally, integrating threat/vulnerability likelihood with potential losses, the security risk is quantified. The potential security countermeasures are characterized into either decreasing vulnerability or decreasing threat likelihood and are reassessed considering a cost analysis. A theoretical case study is conducted to exemplify the execution and application of the proposed method.