Security Risk Assessment and Mitigation...
Transcript of Security Risk Assessment and Mitigation...
![Page 1: Security Risk Assessment and Mitigation Prioritizationsites.nationalacademies.org/cs/groups/depssite/...Security Risk Assessment • Key elements and terminology • Basic methods](https://reader035.fdocuments.net/reader035/viewer/2022070111/605142ed98c0e67ab73f2195/html5/thumbnails/1.jpg)
Security Risk Assessment and
Mitigation Prioritization
Stephanie King, PhD, PEWeidlinger Associates, Inc.
FFC Committee on Physical Security and Hazard Mitigation
July 15, 2008
www.wai.comNew York • Massachusetts • Washington DC • New Jersey • California • New Mexico • Edinburgh UK
![Page 2: Security Risk Assessment and Mitigation Prioritizationsites.nationalacademies.org/cs/groups/depssite/...Security Risk Assessment • Key elements and terminology • Basic methods](https://reader035.fdocuments.net/reader035/viewer/2022070111/605142ed98c0e67ab73f2195/html5/thumbnails/2.jpg)
2
Outline• Introduction• Security Risk Assessment
• Key elements and terminology• Basic methods (screening)• Critical issues
• Mitigation Prioritization• Quantified benefit-cost analysis• Critical issues
• Examples
![Page 3: Security Risk Assessment and Mitigation Prioritizationsites.nationalacademies.org/cs/groups/depssite/...Security Risk Assessment • Key elements and terminology • Basic methods](https://reader035.fdocuments.net/reader035/viewer/2022070111/605142ed98c0e67ab73f2195/html5/thumbnails/3.jpg)
3
Introduction• Limited resources + competing priorities
• Where are the risks?• Which risks are acceptable?• What should be mitigated first?• Which mitigation options are best?
• Specific to security• Electronic v. Operational v. Hardening?• How much protection is enough?• “Rational defense against irrational acts”
![Page 4: Security Risk Assessment and Mitigation Prioritizationsites.nationalacademies.org/cs/groups/depssite/...Security Risk Assessment • Key elements and terminology • Basic methods](https://reader035.fdocuments.net/reader035/viewer/2022070111/605142ed98c0e67ab73f2195/html5/thumbnails/4.jpg)
4
Risk Components and TerminologyGeneral
Components of Risk Management
Threat Assessment
Vulnerability Assessment
Criticality/Consequences
Risk = P[Event] x E[Consequences|Event]Risk = Vulnerability x CriticalityRisk = Threat x Vulnerability x ConsequencesRisk = Occurrence x Vulnerability x Importance
![Page 5: Security Risk Assessment and Mitigation Prioritizationsites.nationalacademies.org/cs/groups/depssite/...Security Risk Assessment • Key elements and terminology • Basic methods](https://reader035.fdocuments.net/reader035/viewer/2022070111/605142ed98c0e67ab73f2195/html5/thumbnails/5.jpg)
5
Risk Assessment Methods
Outcome if Event OccursMinor CatastrophicLo
wH
igh
Like
lihoo
d of
Occ
urre
nce
Threat Assessment Criticality or
Importance Assessment
Slope of boundaries and definitions depend on risk tolerance
Vulnerability Assessment
![Page 6: Security Risk Assessment and Mitigation Prioritizationsites.nationalacademies.org/cs/groups/depssite/...Security Risk Assessment • Key elements and terminology • Basic methods](https://reader035.fdocuments.net/reader035/viewer/2022070111/605142ed98c0e67ab73f2195/html5/thumbnails/6.jpg)
6
Risk Assessment Methods
Quadrant IV
Low criticality and high vulnerability
Quadrant III
Low criticality and low vulnerability
Quadrant I
High criticality and high vulnerability
Quadrant II
High criticality and low vulnerability
0 1000
50
100
50
Criticality (X)
Vuln
erab
ility
(Y)
Quadrant IV
Low criticality and high vulnerability
Quadrant III
Low criticality and low vulnerability
Quadrant I
High criticality and high vulnerability
Quadrant II
High criticality and low vulnerability
0 1000
50
100
50
Criticality (X)
Vuln
erab
ility
(Y)
EXAMPLE:AASHTO Guide for Bridges & Tunnels (2002)
•Visibility and Attendance•Access to the Asset•Site-specific Hazards
•Defer/Defend Factors•Loss and Damage Consequences•Consequences to Public Services•Consequences to the General Public
![Page 7: Security Risk Assessment and Mitigation Prioritizationsites.nationalacademies.org/cs/groups/depssite/...Security Risk Assessment • Key elements and terminology • Basic methods](https://reader035.fdocuments.net/reader035/viewer/2022070111/605142ed98c0e67ab73f2195/html5/thumbnails/7.jpg)
7
Risk Assessment Methods
EXAMPLE:DHS ODP State Homeland Security Assessment and Strategy Program: Special Needs Jurisdiction Tool Kit (2003)
High Risk Threshold
![Page 8: Security Risk Assessment and Mitigation Prioritizationsites.nationalacademies.org/cs/groups/depssite/...Security Risk Assessment • Key elements and terminology • Basic methods](https://reader035.fdocuments.net/reader035/viewer/2022070111/605142ed98c0e67ab73f2195/html5/thumbnails/8.jpg)
8
Risk Assessment Methods
![Page 9: Security Risk Assessment and Mitigation Prioritizationsites.nationalacademies.org/cs/groups/depssite/...Security Risk Assessment • Key elements and terminology • Basic methods](https://reader035.fdocuments.net/reader035/viewer/2022070111/605142ed98c0e67ab73f2195/html5/thumbnails/9.jpg)
9
Risk Assessment Methods
Risk=
Asset ValueX
Threat RatingX
Vulnerability Rating
EXAMPLE:Results from FEMA 452 (2005)
![Page 10: Security Risk Assessment and Mitigation Prioritizationsites.nationalacademies.org/cs/groups/depssite/...Security Risk Assessment • Key elements and terminology • Basic methods](https://reader035.fdocuments.net/reader035/viewer/2022070111/605142ed98c0e67ab73f2195/html5/thumbnails/10.jpg)
10
Risk Assessment Methods
Event A Event A1
Response 3
Response 4
UnacceptableOutcome
Response 5
4K blast in city
Collapse
At location 1No Collapse
Glazing = high hazard
Loss ≥ X
Event A Event A14K blast in city At location 1
OR
AND AND
Vuln
erab
ility
Ass
essm
ent
Thre
atA
sses
smen
tC
onse
quen
ceA
sses
smen
tFault-tree / Consequence-based Assessment
Useful for multi-hazard risk assessment
![Page 11: Security Risk Assessment and Mitigation Prioritizationsites.nationalacademies.org/cs/groups/depssite/...Security Risk Assessment • Key elements and terminology • Basic methods](https://reader035.fdocuments.net/reader035/viewer/2022070111/605142ed98c0e67ab73f2195/html5/thumbnails/11.jpg)
11
Critical Issues: Assessment
• Definition of Risk Metric• Stakeholders input and buy-in
• Subjectivity, Uncertainty, Quantification• Transparent, rational, unbiased • Consistency among assessors• Simplifying assumptions• Limitations on results
• Snapshot in Time = Re-Assess
![Page 12: Security Risk Assessment and Mitigation Prioritizationsites.nationalacademies.org/cs/groups/depssite/...Security Risk Assessment • Key elements and terminology • Basic methods](https://reader035.fdocuments.net/reader035/viewer/2022070111/605142ed98c0e67ab73f2195/html5/thumbnails/12.jpg)
12
Mitigation Prioritization
VulnerabilityModeling
ComputePre-Mitigation
Risk
ComputePost-Mitigation
Risk
Estimate Mitigation
Costs & Benefits
DevelopMitigation
Project Priority
Repeat for all Mitigation Projects
for Facility or System
Repeat for all Facilities and
Systems
Hazard Modeling
Consequence Modeling
![Page 13: Security Risk Assessment and Mitigation Prioritizationsites.nationalacademies.org/cs/groups/depssite/...Security Risk Assessment • Key elements and terminology • Basic methods](https://reader035.fdocuments.net/reader035/viewer/2022070111/605142ed98c0e67ab73f2195/html5/thumbnails/13.jpg)
13
Mitigation Prioritization
VulnerabilityModeling
ComputePre-Mitigation
Risk
ComputePost-Mitigation
Risk
Estimate Mitigation
Costs & Benefits
DevelopMitigation
Project Priority
Repeat for all Mitigation Projects
for Facility or System
Repeat for all Facilities and
Systems
Hazard Modeling
Consequence Modeling
Risk = O x V x IOccurrence (O)
V
Importance (I)
Reduction in O, V, and/or I
![Page 14: Security Risk Assessment and Mitigation Prioritizationsites.nationalacademies.org/cs/groups/depssite/...Security Risk Assessment • Key elements and terminology • Basic methods](https://reader035.fdocuments.net/reader035/viewer/2022070111/605142ed98c0e67ab73f2195/html5/thumbnails/14.jpg)
14
Mitigation Prioritization
• Threat scenario-based assessment
i=1
nRisk = Σ [Oi × Vi ] × I
threat scenarios
• Similar to earthquake insurance loss estimation methods
• Transparent impact of mitigation (hardening v. operational v. electronic)
![Page 15: Security Risk Assessment and Mitigation Prioritizationsites.nationalacademies.org/cs/groups/depssite/...Security Risk Assessment • Key elements and terminology • Basic methods](https://reader035.fdocuments.net/reader035/viewer/2022070111/605142ed98c0e67ab73f2195/html5/thumbnails/15.jpg)
15
Example I: Gravity Dam(HYPOTHETICAL)
Spillways
Powerhouse C
Upstream Face
Abutment A
Abutment BPowerhouse A
Downstream FacePowerhouse B
Outlet System
![Page 16: Security Risk Assessment and Mitigation Prioritizationsites.nationalacademies.org/cs/groups/depssite/...Security Risk Assessment • Key elements and terminology • Basic methods](https://reader035.fdocuments.net/reader035/viewer/2022070111/605142ed98c0e67ab73f2195/html5/thumbnails/16.jpg)
16
Threat Scenario DefinitionGravity Dam A
Abutment A
Abutment B
Powerhouse A
Powerhouse B
Powerhouse C
Upstream Face
Downstream Face
Spillways
Pedestrian Water Borne Vehicle Borne
Pedestrian Water Borne Vehicle Borne
Pedestrian Vehicle Borne
Pedestrian Vehicle Borne
Pedestrian Vehicle Borne
Pedestrian Water Borne
Pedestrian Vehicle Borne
Outlet System
Pedestrian Water Borne
Pedestrian Water Borne Vehicle Borne
i = 1 to 21
![Page 17: Security Risk Assessment and Mitigation Prioritizationsites.nationalacademies.org/cs/groups/depssite/...Security Risk Assessment • Key elements and terminology • Basic methods](https://reader035.fdocuments.net/reader035/viewer/2022070111/605142ed98c0e67ab73f2195/html5/thumbnails/17.jpg)
17
• Computed for each threat:
• Weighted sum of pseudo-utility values:
• Attributes mapped to quantitative scale• Access for attack• Security against attack• Attractiveness as a target• Capability of aggressor
Gravity Dam AAbutment A
Vehicle Borne
Oi=Σxjwjj=1
4
Occurrence i
nΣ[Oi × Vi] × I
![Page 18: Security Risk Assessment and Mitigation Prioritizationsites.nationalacademies.org/cs/groups/depssite/...Security Risk Assessment • Key elements and terminology • Basic methods](https://reader035.fdocuments.net/reader035/viewer/2022070111/605142ed98c0e67ab73f2195/html5/thumbnails/18.jpg)
18
Example Utility Value Mapping
![Page 19: Security Risk Assessment and Mitigation Prioritizationsites.nationalacademies.org/cs/groups/depssite/...Security Risk Assessment • Key elements and terminology • Basic methods](https://reader035.fdocuments.net/reader035/viewer/2022070111/605142ed98c0e67ab73f2195/html5/thumbnails/19.jpg)
19
• Computed for each threat:
• Weighted sum of pseudo-utility values:
• Attributes mapped to quantitative scale• Expected damage• Expected closure• Expected casualties
Gravity Dam AAbutment A
Vehicle Borne
Vulnerability
Vi=Σxjwjj=1
3
i
nΣ[Oi × Vi] × I
![Page 20: Security Risk Assessment and Mitigation Prioritizationsites.nationalacademies.org/cs/groups/depssite/...Security Risk Assessment • Key elements and terminology • Basic methods](https://reader035.fdocuments.net/reader035/viewer/2022070111/605142ed98c0e67ab73f2195/html5/thumbnails/20.jpg)
20
Example Utility Value Mapping
![Page 21: Security Risk Assessment and Mitigation Prioritizationsites.nationalacademies.org/cs/groups/depssite/...Security Risk Assessment • Key elements and terminology • Basic methods](https://reader035.fdocuments.net/reader035/viewer/2022070111/605142ed98c0e67ab73f2195/html5/thumbnails/21.jpg)
21
• Computed once for the facility• Weighted sum of pseudo-utility values:
• Attributes mapped to quantitative scale• Exposed population• Historical/symbolic importance• Replacement value• Importance to regional economy• Importance to irrigation system• Importance for power generation• Importance to transportation network• Annual revenue
Importance
I=Σxjwjj=1
8
i
nΣ[Oi × Vi] × I
![Page 22: Security Risk Assessment and Mitigation Prioritizationsites.nationalacademies.org/cs/groups/depssite/...Security Risk Assessment • Key elements and terminology • Basic methods](https://reader035.fdocuments.net/reader035/viewer/2022070111/605142ed98c0e67ab73f2195/html5/thumbnails/22.jpg)
22
Importance Modeling Example
Historical significance (HS)Evacuation route (EV)Regional economy (RE)Transportation network (TN)Replacement value (BV)Revenue value (RV)Attached utilities (AU)Military importance (MI)Exposed population (EP)
Importance to the Regional Economy:•Insignificant = 0•Highly critical = 1
![Page 23: Security Risk Assessment and Mitigation Prioritizationsites.nationalacademies.org/cs/groups/depssite/...Security Risk Assessment • Key elements and terminology • Basic methods](https://reader035.fdocuments.net/reader035/viewer/2022070111/605142ed98c0e67ab73f2195/html5/thumbnails/23.jpg)
23
Pre-Mitigation Risk Scores(HYPOTHETICAL EXAMPLE)
![Page 24: Security Risk Assessment and Mitigation Prioritizationsites.nationalacademies.org/cs/groups/depssite/...Security Risk Assessment • Key elements and terminology • Basic methods](https://reader035.fdocuments.net/reader035/viewer/2022070111/605142ed98c0e67ab73f2195/html5/thumbnails/24.jpg)
24
Post-Mitigation Risk Scores(HYPOTHETICAL EXAMPLE)
![Page 25: Security Risk Assessment and Mitigation Prioritizationsites.nationalacademies.org/cs/groups/depssite/...Security Risk Assessment • Key elements and terminology • Basic methods](https://reader035.fdocuments.net/reader035/viewer/2022070111/605142ed98c0e67ab73f2195/html5/thumbnails/25.jpg)
25
Example II: Existing Building(HYPOTHETICAL EXAMPLE)
Interior Column
Exterior Column
Facade
Car Parking
![Page 26: Security Risk Assessment and Mitigation Prioritizationsites.nationalacademies.org/cs/groups/depssite/...Security Risk Assessment • Key elements and terminology • Basic methods](https://reader035.fdocuments.net/reader035/viewer/2022070111/605142ed98c0e67ab73f2195/html5/thumbnails/26.jpg)
26
Example III: New Design(HYPOTHETICAL EXAMPLE)
Example: truck explosive at curbside
![Page 27: Security Risk Assessment and Mitigation Prioritizationsites.nationalacademies.org/cs/groups/depssite/...Security Risk Assessment • Key elements and terminology • Basic methods](https://reader035.fdocuments.net/reader035/viewer/2022070111/605142ed98c0e67ab73f2195/html5/thumbnails/27.jpg)
27
Critical Issues: Prioritization
• Based on rational, rigorous, and unbiased risk assessment
• Assumptions and limitations• Benefits and costs• Objectives and constraints• Time frame• Decision support
![Page 28: Security Risk Assessment and Mitigation Prioritizationsites.nationalacademies.org/cs/groups/depssite/...Security Risk Assessment • Key elements and terminology • Basic methods](https://reader035.fdocuments.net/reader035/viewer/2022070111/605142ed98c0e67ab73f2195/html5/thumbnails/28.jpg)
28
Example IV: Existing Tunnel• Single deterministic threat• Prioritize on all benefits and costs
Benefits:• Expected Performance
(Reliability)• Ease of Tunnel Repair • Benefit to Emergency
Response• Secondary/Other
Benefits
Costs:• Construction Cost • Construction Risk • Construction Duration • Impact on Operations
During Construction • Impact on Operations
Long Term
![Page 29: Security Risk Assessment and Mitigation Prioritizationsites.nationalacademies.org/cs/groups/depssite/...Security Risk Assessment • Key elements and terminology • Basic methods](https://reader035.fdocuments.net/reader035/viewer/2022070111/605142ed98c0e67ab73f2195/html5/thumbnails/29.jpg)
29
Benefit-Cost Comparison
![Page 30: Security Risk Assessment and Mitigation Prioritizationsites.nationalacademies.org/cs/groups/depssite/...Security Risk Assessment • Key elements and terminology • Basic methods](https://reader035.fdocuments.net/reader035/viewer/2022070111/605142ed98c0e67ab73f2195/html5/thumbnails/30.jpg)
30
Concluding Remarks
• Security risk assessment• Components, basis, terminology• Screening methods• Assumptions and limitations
• Mitigation prioritization• Risk-based, quantitative benefit/cost• Rational unbiased approach• Several other influences
• Economic, social, legal, political• Rational assessment provides data