Time-based critical infrastructure dependency analysis for large-scale and cross-sectoral failures

Dependency analysis of critical infrastructures is a computationally intensive problem when dealing with large-scale, cross-sectoral, cascading and common-cause failures. The problem intensifies when attempting a dynamic, time-based dependency analysis. This paper extends a previous graph-based risk analysis methodology to dynamically assess the evolution of cascading failures over time. Various growth models are employed to capture slow, linear and rapidly evolving effects, but instead of using static projections, the evolution of each dependency is “objectified” by a fuzzy system that also considers the effects of nearby dependencies. To achieve this, the impact (and, eventually, risk) of each dependency is quantified on the time axis into a form of many-valued logic. In addition, the methodology is extended to analyze major failures triggered by concurrent common-cause cascading events. A critical infrastructure dependency analysis tool, CIDA, that implements the extended risk-based methodology is described. CIDA is designed to assist decision makers in proactively analyzing dynamic and complex dependency risk paths in two ways: (i) identifying potentially underestimated low risk dependencies and reclassifying them to a higher risk category before they are realized; and (ii) simulating the effectiveness of alternative mitigation controls with different reaction times. Thus, the CIDA tool can be used to evaluate alternative defense strategies for complex, large-scale and multi-sectoral dependency scenarios and to assess their resilience in a cost-effective manner.