1. Risk Assessment Methodologies for Critical Infrastructures.

Setting the scene

Threat: a suggestion that something unpleasant or violent will happen, especially if a particular
action or order is not followed.
Vulnerability refers to the inability (of a system or a unit) to withstand the effects of a hostile
environment.
A window of vulnerability (WoV) is a time frame within which defensive measures are
diminished, compromised or lacking.
Risk: A probability or threat of damage, injury, liability, loss, or any other negative occurrence that
is caused by external or internal vulnerabilities, and that may be avoided through preemptive action.
The definition of preemptive is something done in anticipation of another action or done to prevent
something from happening. When the military takes action against forces they believe intend to do harm
to them, this is an example of a preemptive strike.
The nation’s health, wealth, and security rely on the production and distribution of certain goods
and services. The array of physical assets, functions, and systems across which these goods and services
move are called critical infrastructures (e.g., electricity, the power plants that generate it, and the
electric grid upon which it is distributed).

Effective risk assessment methodologies are the cornerstone of a successful Critical Infrastructure
Protection (CIP) program. The extensive number of risk assessment methodologies for critical
infrastructures clearly supports this argument. Risk assessment is indispensable in order to identify
threats, assess vulnerabilities and evaluate the impact on assets, infrastructures or systems taking into
account the probability of the occurrence of these threats. This is a critical element that differentiates a
risk assessment from a typical impact assessment methodology.
There is a significant number of risk assessment methodologies for critical infrastructures. In
general the approach that is used is rather common and linear, consisting of some main elements:
 identification and classification of threats,
 identification of vulnerabilities, and
 evaluation of impact.
This is a well known and established approach for evaluating risk and it is the backbone of almost
all risk assessment methodologies.
However, there is a huge differentiation of risk assessment methodologies based on the scope of the
methodology, the audience to which it is addressed (policy makers, decision makers, research institutes)
and their domain of applicability (asset level, infrastructure/system level, system of systems level). These
attributes are not mutually exclusive, in the sense that the domain of applicability defines to a certain
extent the target group of the methodology. For example, a risk assessment methodology that is applicable
to system of systems at national or even supranational level is mostly addressed to policy makers and
relevant authorities and less to operators or to asset managers at local level.
Methodologies developed for certain assets are well defined, tested and validated and the vast
majority follows the linear approach already mentioned. However, methodologies that aim at assessing
risks at a higher level, e.g. networked systems require further refinement. Detailed risk assessment is not
applicable any more and a certain level of abstraction is necessary. Representing all assets of a networked
system at the highest level of detail (mostly an operator’s approach) leads to unprecedented complexity
that is out of the scope for policy and decision makers. This target group requires simplified solutions that
can provide results even in real time.
The second important parameter, which is entering the stage for the risk assessment methodologies
of networked infrastructures is the element of interdependencies. Four types of interdependencies are
identified for critical infrastructures:
 Physical: The operation of one infrastructure depends on the material output of the other.
 Cyber: Dependency on information transmitted through the information infrastructure.
 Geographic: Dependency on local environmental effects that affects simultaneously several
infrastructures.
 Logical: Any kind of dependency not characterized as Physical, Cyber or Geographic.
Besides cross-sectoral interdependencies (e.g. ICT and Electricity, Satellite navigation and
Transport), at European level one can identify intra-sectoral interdependencies of national infrastructures
that form European infrastructures. As a concrete example we can mention the high voltage electricity
grid that is composed by the interconnected national high-voltage electricity grids.
As mentioned before, the domain of applicability of a risk assessment methodology may be the
most important attribute. According to this attribute, CIP risk assessment methodologies can be divided in
two major categories:
 Sectoral methodologies, when each sector is treated separately with its own risks, and
 Ranking and systems approach that assess the critical infrastructures as an interconnected
network.
Methodologies that have been initially conceptualized to fit in the second category are rather
limited.
The vast majority of the existing work has been sectoral and mostly at asset level. These
methodologies have been then extended to cope with networked systems. This reflects the natural
evolution of risk assessment methodologies existing already at organizational level to address issues at
sectoral level. These methodologies reveal their limitations when cross-sectoral issues have to be
addressed.
(Source: Risk assessment methodologies for Critical Infrastructure Protection. Part I: A state of the
art, by Georgios Giannopoulos, Roberto Filippini and Muriel Schimmer)
EUR 25286 EN – 2012
ISBN 978-92-79-23839-0
ISSN 1831-9424
Luxembourg: Publications Office of the European Union, 2012
© European Union, 2012

to withstand = to resist
damage vs. damages
to damage = to harm
liability = raspundere
preemptive vs. preventive
array = retea, gama
grid = retea, grila
cornerstone = piatra de temelie
scope = domeniul de aplicare/aplicabilitate/referinta
asset = bunuri, active
to cope with = to deal with, to face, to meet

1. Which are the three main reasons that make risk assessment highly important?
2. Explain in your own words what an impact assessment methodology is.
3. What factors determine the choice of a certain risk assessment methodology?
4. What is the relationship between the scope of the methodology and the target group? Give an
example.
5. Find in the text a paraphrase of ‘scope’.
6. Identify the two types of interdependencies mentioned in the text.