General Introduction | Module 1 - Introduction to Risk Analysis | CriticalEnergyNetworks101 Courseware

<div class="xblock xblock-public_view xblock-public_view-vertical" data-course-id="course-v1:OSCE+CriticalEnergyNetworks101+2021" data-init="VerticalStudentView" data-runtime-class="LmsRuntime" data-runtime-version="1" data-block-type="vertical" data-usage-id="block-v1:OSCE+CriticalEnergyNetworks101+2021+type@vertical+block@05b2e86ba64f4fd0af55065eb5fc8d89" data-request-token="e7724aea164f11f09c6f2afdb7906a71" data-graded="False" data-has-score="False"> <div class="vert-mod"> <div class="vert vert-0" data-id="block-v1:OSCE+CriticalEnergyNetworks101+2021+type@html+block@343442f99f014a3da49f56326af115cc"> <div class="xblock xblock-public_view xblock-public_view-html xmodule_display xmodule_HtmlBlock" data-course-id="course-v1:OSCE+CriticalEnergyNetworks101+2021" data-init="XBlockToXModuleShim" data-runtime-class="LmsRuntime" data-runtime-version="1" data-block-type="html" data-usage-id="block-v1:OSCE+CriticalEnergyNetworks101+2021+type@html+block@343442f99f014a3da49f56326af115cc" data-request-token="e7724aea164f11f09c6f2afdb7906a71" data-graded="False" data-has-score="False"> <script type="json/xblock-args" class="xblock-json-init-args"> {"xmodule-type": "HTMLModule"} </script> <style>  </style> <div> <p style="text-align: center; font-size: 20pt !important; color: #003478; font-weight: bold !important;">Introduction to Risk Analysis</p> <p style="font-size: 14pt !important; color: black; font-style: italic;"><b>“A major lesson in risk management is that a 'receding sea' is not a lucky offer of an extra piece of free beach, but the warning sign of an upcoming tsunami.”</b> – Jos Berkemeijer, Finance Executive, the Netherlands</p> <p>This module serves as an introduction to risk analysis and seeks to provide students with the basic elements of risk (threat vulnerability, and consequence), and a general introduction to related elements such as resilience and basics concepts of risk assessment and management.</p> <p style="color: #003478;">Check the following video to see why risk analysis matters.</p> </div> </div> </div> <div class="vert vert-1" data-id="block-v1:OSCE+CriticalEnergyNetworks101+2021+type@html+block@d1e606fa13614c159ce67b8120537afa"> <div class="xblock xblock-public_view xblock-public_view-html xmodule_display xmodule_HtmlBlock" data-course-id="course-v1:OSCE+CriticalEnergyNetworks101+2021" data-init="XBlockToXModuleShim" data-runtime-class="LmsRuntime" data-runtime-version="1" data-block-type="html" data-usage-id="block-v1:OSCE+CriticalEnergyNetworks101+2021+type@html+block@d1e606fa13614c159ce67b8120537afa" data-request-token="e7724aea164f11f09c6f2afdb7906a71" data-graded="False" data-has-score="False"> <script type="json/xblock-args" class="xblock-json-init-args"> {"xmodule-type": "HTMLModule"} </script> <style> </style> <p style="text-align: center"><iframe src="https://player.vimeo.com/video/575282314" width="640" height="564" frameborder="0" allow="autoplay; fullscreen" allowfullscreen></iframe></p> </div> </div> <div class="vert vert-2" data-id="block-v1:OSCE+CriticalEnergyNetworks101+2021+type@html+block@0cfcf6fd735d40c58d1e45d032360bb2"> <div class="xblock xblock-public_view xblock-public_view-html xmodule_display xmodule_HtmlBlock" data-course-id="course-v1:OSCE+CriticalEnergyNetworks101+2021" data-init="XBlockToXModuleShim" data-runtime-class="LmsRuntime" data-runtime-version="1" data-block-type="html" data-usage-id="block-v1:OSCE+CriticalEnergyNetworks101+2021+type@html+block@0cfcf6fd735d40c58d1e45d032360bb2" data-request-token="e7724aea164f11f09c6f2afdb7906a71" data-graded="False" data-has-score="False"> <script type="json/xblock-args" class="xblock-json-init-args"> {"xmodule-type": "HTMLModule"} </script> <style>  </style> <div> <p style="font-size: 13pt !important; color: #003478; font-weight: bold !important; text-decoration: underline;">Topics and Learning Objectives</p> <p>Upon completion of this module, the trainee will have a general understanding of risk analysis concepts. The following table presents an overview of the topics and learning objectives for this module.</p> <table> <thead> <tr style="border: 1px solid black; color: #003478; font-weight: bold !important; text-decoration: underline;"><th style="border: 1px solid black;">Topics</th><th style="border: 1px solid black;">Learning Objectives</th></tr> </thead> <tbody> <tr> <td style="border: 1px solid black;"> <ul> <li>Definition of Risk</li> <li>Challenges of Risk Analysis</li> <li>Basic Concepts of Threat Analysis</li> <li>Basic Concepts of Vulnerability Analysis</li> <li>Basic Concepts of Consequence Analysis</li> <li>Basics Concepts of Resilience</li> </ul> </td> <td style="border: 1px solid black;"> <ul> <li>Understand the elements of risk</li> <li>Understand threat based-risk analysis concepts</li> <li>Explain the relationship between risk, resilience, threat, vulnerability, and consequence</li> <li>Explain threat analysis formula </li> <li>Describe the dimensions of vulnerability</li> <li>Explain the types of consequences</li> <li>Provide basics on risk management</li> </ul> </td> </tr> </tbody> </table> </div> </div> </div> <div class="vert vert-3" data-id="block-v1:OSCE+CriticalEnergyNetworks101+2021+type@html+block@451538072313404c9661664cb1b45097"> <div class="xblock xblock-public_view xblock-public_view-html xmodule_display xmodule_HtmlBlock" data-course-id="course-v1:OSCE+CriticalEnergyNetworks101+2021" data-init="XBlockToXModuleShim" data-runtime-class="LmsRuntime" data-runtime-version="1" data-block-type="html" data-usage-id="block-v1:OSCE+CriticalEnergyNetworks101+2021+type@html+block@451538072313404c9661664cb1b45097" data-request-token="e7724aea164f11f09c6f2afdb7906a71" data-graded="False" data-has-score="False"> <script type="json/xblock-args" class="xblock-json-init-args"> {"xmodule-type": "HTMLModule"} </script> <style>  </style> <div> <p>To achieve these objectives, this module is subdivided into 9 sections:</p> <ul> <li><span style="color:#003478; font-weight: bold !important;">Section 1</span> presents a discussion among experts on the importance of risk analysis for the protection and resilience of critical energy infrastructure and critical infrastructure systems.</li> <li><span style="color:#003478; font-weight: bold !important;">Section 2</span> introduces the risk components (i.e., hazard, vulnerability, consequence, and resilience).</li> <li><span style="color:#003478; font-weight: bold !important;">Section 3</span> explains the differences between risk analysis, risk assessment, and risk management.</li> <li><span style="color:#003478; font-weight: bold !important;">Section 4</span> presents the basic concepts of hazard and threat analysis.</li> <li><span style="color:#003478; font-weight: bold !important;">Section 5</span> presents the basic concepts of vulnerability analysis.</li> <li><span style="color:#003478; font-weight: bold !important;">Section 6</span> presents the basic concepts of consequence analysis.</li> <li><span style="color:#003478; font-weight: bold !important;">Section 7</span> presents the basic concepts of resilience analysis.</li> <li><span style="color:#003478; font-weight: bold !important;">Section 8</span> introduces a flexible risk analysis process framework combining hazard, vulnerability, consequence, and resilience analyses.</li> <li><span style="color:#003478; font-weight: bold !important;">Section 9</span> summarizes the important concepts presented in the Introduction to Risk Analysis module.</li> </ul> <p>At the end of the module, students will find a quiz to test their knowledge and to determine whether they need to review any fundamentals of risk analysis.<br/><br/>Finally, additonal readings are also proposed to deepen their knowledge on risk analysis.</p> </div> </div> </div> </div> <script type="text/javascript"> (function (require) { require(['https://d24jp206mxeyfm.cloudfront.net/static/js/dateutil_factory.a28baef97506.js?raw'], function () { require(['js/dateutil_factory'], function (DateUtilFactory) { DateUtilFactory.transform('.localized-datetime'); }); }); }).call(this, require || RequireJS.require); </script> <script> function emit_event(message) { parent.postMessage(message, '*'); } </script> </div>

<div class="xblock xblock-public_view xblock-public_view-vertical" data-course-id="course-v1:OSCE+CriticalEnergyNetworks101+2021" data-init="VerticalStudentView" data-runtime-class="LmsRuntime" data-runtime-version="1" data-block-type="vertical" data-usage-id="block-v1:OSCE+CriticalEnergyNetworks101+2021+type@vertical+block@27ef55d29f2c43bcad3249fb116b1b97" data-request-token="e7724aea164f11f09c6f2afdb7906a71" data-graded="False" data-has-score="False"> <div class="vert-mod"> <div class="vert vert-0" data-id="block-v1:OSCE+CriticalEnergyNetworks101+2021+type@html+block@d828649de513437da7d6d7c7ac8882f3"> <div class="xblock xblock-public_view xblock-public_view-html xmodule_display xmodule_HtmlBlock" data-course-id="course-v1:OSCE+CriticalEnergyNetworks101+2021" data-init="XBlockToXModuleShim" data-runtime-class="LmsRuntime" data-runtime-version="1" data-block-type="html" data-usage-id="block-v1:OSCE+CriticalEnergyNetworks101+2021+type@html+block@d828649de513437da7d6d7c7ac8882f3" data-request-token="e7724aea164f11f09c6f2afdb7906a71" data-graded="False" data-has-score="False"> <script type="json/xblock-args" class="xblock-json-init-args"> {"xmodule-type": "HTMLModule"} </script> <style> </style> <div> <p>In the video podcast below, <span style="color: #003478; font-weight: bold !important;">Dr. Monica Cardarilli</span>, <span style="color: #003478; font-weight: bold !important;">Dr. Elisabeth Pate-Cornell</span>, <span style="color: #003478; font-weight: bold !important;">Dr. Ortwin Renn</span>, <span style="color: #003478; font-weight: bold !important;">Mr. Andrew Velasquez III</span>, and <span style="color: #003478; font-weight: bold !important;">Mr. Dave Brannegan</span> discuss the importance of risk analysis and risk assessment for the security of critical infrastructure and critical energy networks. The discussion provides insight from international experts on risk analysis applied to complex systems such as critical energy networks.</p> <p>The discussion specifically addresses the following questions:</p> <ul> <li>Why is risk analysis/assessment important for energy networks and critical infrastructure systems?</li> <li>What are the main elements to consider when developing effective risk analysis strategies?</li> <li>What are the challenges when developing risk analysis?</li> </ul> <p style="color: #003478;">Click on the video below to watch the discussion on risk analysis to critical infrastructure systems.</p> </div> </div> </div> <div class="vert vert-1" data-id="block-v1:OSCE+CriticalEnergyNetworks101+2021+type@html+block@b46211bfa86a4ade88e61690df4b9df7"> <div class="xblock xblock-public_view xblock-public_view-html xmodule_display xmodule_HtmlBlock" data-course-id="course-v1:OSCE+CriticalEnergyNetworks101+2021" data-init="XBlockToXModuleShim" data-runtime-class="LmsRuntime" data-runtime-version="1" data-block-type="html" data-usage-id="block-v1:OSCE+CriticalEnergyNetworks101+2021+type@html+block@b46211bfa86a4ade88e61690df4b9df7" data-request-token="e7724aea164f11f09c6f2afdb7906a71" data-graded="False" data-has-score="False"> <script type="json/xblock-args" class="xblock-json-init-args"> {"xmodule-type": "HTMLModule"} </script> <style> </style> <div> <p style="text-align: center"><iframe src="https://player.vimeo.com/video/646519194?h=b03f7ec4f4" width="640" height="400" frameborder="0" allow="autoplay; fullscreen" allowfullscreen></iframe></p> <p><span style="color: #003478;">Expand the accordions below to view the discussion transcript and the expert bios.</span></p> </div> </div> </div> <div class="vert vert-2" data-id="block-v1:OSCE+CriticalEnergyNetworks101+2021+type@html+block@aa2df374003d4539beb8cba63e2380b3"> <div class="xblock xblock-public_view xblock-public_view-html xmodule_display xmodule_HtmlBlock" data-course-id="course-v1:OSCE+CriticalEnergyNetworks101+2021" data-init="XBlockToXModuleShim" data-runtime-class="LmsRuntime" data-runtime-version="1" data-block-type="html" data-usage-id="block-v1:OSCE+CriticalEnergyNetworks101+2021+type@html+block@aa2df374003d4539beb8cba63e2380b3" data-request-token="e7724aea164f11f09c6f2afdb7906a71" data-graded="False" data-has-score="False"> <script type="json/xblock-args" class="xblock-json-init-args"> {"xmodule-type": "HTMLModule"} </script> <style></style> <div><button class="accordion_new" style= "font-size: 12.0pt; font-family: 'Calibri'; background-color: #003478; background-image: none;">Video Podcast Transcript</button> <div class="panel"> <div> <table> <tr> <td style="background-color:rgba(0,136,198,.30); vertical-align: middle; text-align:left;" colspan="1"><b>00:00 - General Introduction</b></td> </tr> <tr> <td style="background-color:white;">Welcome to the discussion on Risk Assessment, a component of the training “Critical Energy Networks: from Risk Analysis to Risk Management,” of the OSCE Virtual Centre for the protection of critical energy infrastructure.<br/><br/> This presentation is an informal discussion among experts on the importance of risk analysis and risk assessment for the operation, security, and resilience of critical energy networks.<br/><br/> <b>Mr. Dave Brannegan:</b> Greetings and welcome to the podcast “Critical Energy Networks from risk analysis to risk management.” The organization for Security and Cooperation in Europe (OSCE) Virtual Competency and Training center on the Protection of Critical Energy Networks, is offering this series of learning modules to support energy security stakeholders from the public and private sector, academia and civil society, in improving the resilience of critical energy networks from natural and man-made disasters. This course addresses risk analysis and risk management for critical energy networks in critical infrastructure. My name is Dave Brannegan, and I am the director of Decision and Infrastructure Sciences at Argonne National Laboratory. Argonne is one of the United States Department of Energy National Laboratories. My team supports all levels and sectors of government and the private sector in the assessment of risk to critical infrastructure. We analyze manmade and natural threats, the vulnerabilities that these threats and hazards can exploit, and the various consequences that may occur. The purpose of this course is to serve as an introduction to risk analysis and seek to provide an overview of the basic elements of risk, as I said, threat vulnerability and consequence and a general introduction to related elements such as resilience and basic concepts of risk analysis in risk management. We have an incredible group of experts available for us to provide their perspectives and expertise around the entire concept of risk and risk analysis. These wonderful experts have backgrounds in risk complexity, emergency management, sustainability, engineering, critical infrastructure, and overall safety. So, we are really fortunate that they are going to get their backgrounds and expertise to help inform us on the overall concepts of risk and risk analysis. So, without further ado, I want to introduce these panelists briefly and allow them to further introduce themselves and provide some introductory remarks to frame their follow-on conversation. So, I will first start with Dr. Monica Cardarilli, risk engineer and project officer at the European Commission Joint Research Centre. Dr. Cardarilli, would you please take the floor?<br/><br/> <b>Dr. Monica Cardarilli:</b> Good morning, thanks for the invitation. As you say, I am Monica Cardarilli, risk engineer and project officer at European Commission Joint Research Center. I work in the unit of technology innovation in security. We work on technologies, standardization and innovations to enhance the protection of European network infrastructures and to prevent natural and manmade threats, in particular the domain of CBRNE. My task consists in conducting research on threat mitigations and security aspects for improving critical infrastructure protection and resilience, and also to support guidelines and recommendations for Member States, but also for critical infrastructure operators worldwide, supporting them in decision making and strategies, in developing strategies that could be used for their daily operations and also including changing risk landscapes and emerging threats that are nowadays more and more frequent.<br/><br/> <b>Mr. Dave Brannegan:</b>Wonderful. Thank you very much and a great start to the conversation. The second introduction I want to make is Dr. Elisabeth Pate-Cornell, Professor and founding Chair of the Department of Management Science and Engineering at Stanford University. Dr. Elisabeth Pate-Cornell would you please take the floor and introduce yourself?<br/><br/> <b>Dr. Elisabeth Pate-Cornell:</b> Yes, with great pleasure and my lecture would be on the fundamentals of risk analysis in support of risk management and decisions under uncertainty in your sector. So, I am professor of Management Science and Engineering specializing in engineering risk analysis, and I have worked on the host of topics from nuclear power plants, safety of marine pipelines, decommissioning of uranium enrichment plants, management of marine systems. But more recently, cascading power failures and cyber risk analysis. So, what's risk? It's the association of prospective hazards, what can go wrong with what probability and left consequences. And we describe the result in several ways: the probability of failure of the system per time unit, the probability that the damage will exceed the different values over a given time unit. What it is not is the product of the probability by the damage, which would give you an expected value and would diminish the way to fix things for people who are risk averse. So why do we do risk analysis under uncertainty? Well, to set priorities because we are not infinitely rich, and this risk analysis is an input to the decision process. And that means the risk analysis has to be as neutral as possible regarding the preferences of the decision makers. So, it has to be the most unbiased description that one can give to a decision maker who will put his preferences and risk attitude on it. So different approaches to risk assessment: the purely qualitative risk, characterized by words such as very unlikely, most unlikely. The advantages that it is easy to understand. The problem is that the words that mean the same for everybody. The second would be what I call intuitive risk assessment, for number pulled out of a hat essentially. So, it is someone's intuitive opinion of the probability of an event. The advantage is that it may represent the opinion of a good expert. The problem is that it is generally uncheckable, and it may be influenced by what the guesses would like the people to do. So, it looks more credible than it is. The third one, which is what we use, is the quantitative risk analysis based on event scenarios: failures of the critical functions of a system or failure mode, probability of the failure modes, and consequences of these failure modes. So, we look at two different kinds of uncertainties: the randomness of things for which we know the probability, and incomplete, imperfect knowledge that truth is, for example, that the dice throwing is loaded in different ways. And that is a bit more complicated to assess. what data will we use, not only statistics, which in many cases do not exist because the system may have changed, and we may not have enough data. The information comes from all relevant sources: statistics when they exist, data from similar systems elsewhere (we call them circuit data), engineering, medical, physical models, and expert opinions. So, we represent the system by these sub systems and its architecture, and the networks by the links and the nodes, and we look at the security of the interfaces and problems of cascading failures. So, the approaches used are systems analysis, probability, and dynamics to check that the residual risk is acceptable, otherwise, what do we do? The procedure again is to look at the hazard, look at the loads and the capacities. The loads are the chances that something is applied to the system that it cannot take, and the capacity is the point where the system does not take it anymore. Additional aspects of risk analysis: software failure risk, threats by human beings, insider threat, game analysis against an adversary, financial enterprise, and environmental risk, and those response relationships, because remember, it's those that makes the poison. So, what worked in my experience on the analysis side: decomposing the problem along the right lines, finding the right experts, and establishing good communications, trust, confidentiality understanding. And on the expert side: representation of experience based, their knowledge of the given experience based, and that of their opponents (those who don't think the same way), and ability to state their basic hypothesis. Finally, conclusion, do not do a risk analysis for someone who doesn't want to know or is trying to dictate the results, be willing to challenge popular beliefs, and, above all, preserve your integrity as an analyst, as an engineer, and a risk manager. And that's my completion.<br/><br/> <b>Mr. Dave Brannegan:</b> Excellent, thank you very much. Wonderful introduction, kind of all of the major themes around risk analysis. I particularly like the concept of, especially as we're talking with folks who are introducing themselves to risk and risk analysis, how you leverage that gut feel that expertise, that intuition within our real risk analysis framework to test your hypothesis to prove your expertise to really challenge some of your preconceived notions. That's a lot of what we want to do in terms of overall assessment of risk, so. I love how you were talking about quantitative, qualitative, semi qualitative, different perspectives and assessment capabilities for risk. And I also love that you touched on the decision process. We are seeking to inform decisions, you know, with risk based, risk informed assessment. So. really important key themes that will keep pulling on the next 40 minutes or so. So, thank you very much. Third, I would like to introduce Dr. Ortwin Renn, scientific director at the Institute for Advanced Sustainability Studies in Potsdam, Germany. Dr. Renn take it away, please.<br/><br/> <b>Dr. Ortwin Renn:</b> Thank you very much David for your kind introduction. My name is Ortwin Renn, I am a social scientist. I am one of the two scientific directors of the Institute for Advanced Sustainability Studies at Potsdam, in Germany, and we have a large department, what we call systemic risk governance, and I am very strong in pointing out that risk analysis consists of different steps. One step, of course, that we just heard is risk assessment. The other one is risk management, and the third one I would really like to add is risk governance. And risk governance means that we have different institutional organizational forces that all have an impact on the context in which risk actually appears, but also on the regulatory side. So, there is a regulatory issue about risk management, but also the way that various stakeholders interact with risk managers, with risk regulators, and shape the context in which risk unfolds. So, this is an element that I also would like to include. The other point that would like to make that at this point specifically thinking about critical infrastructure, we are talking about something what we call systemic risks, and systemic risks are characterized that they cannot be analyzed by just looking at one risk in isolation, but we have risks that are cross sectoral. Very often cross boundary like the pandemic that we just experienced. That’s the first thing: they are cross-sectoral, they are not just within one sector, let's say, the safety sector or the technical sector. We have interaction between natural hazards and technological hazards like the last tsunami in Japan, where it destroyed a lot of facilities. The second major point is that we have very complex cause effect relationships which are very difficult to model and very often, that the third point, we have high uncertainty between the facts, promoters and moderators, and the impacts. Very often, we only can have stochastic models and sometimes as you said, only qualitative relationships. And the fourth thing is, that is the most problematic, that very often we have a nonlinear relationship between cause effects and specific tipping points, and that is nothing happens until the point is reached and then the system collapses. And that's very difficult for humans to do good preparations, to do good risk management, because we normally learn by trial and error and if the error doesn't occur, we repeat the same thing. We can do it, for example on climate change issues, but also very often if we do safety, everything works very well until a specific point is reached and then the whole system collapses and then we don't have any time to learn anymore because, you know, we are really confronted with disaster. So, these are the four major elements of systemic risk and a part of our activity here is to develop better instruments for risk management, but also risk governance, because we believe that inclusive risk management is very important, that we include the various stakeholders in the management process. But at the same time, it's also good to have some new risk assessment tools that help us to deal with risk cascade so that one risk develops to another or to a third to a fourth and with multi-risk situations which are very difficult, not just common mode failures, which is multi-risk, simultaneous risk happenings the same time and then to see how our system responds to it and those multiple risk situations are more likely to happen because everything seems to be interconnected right now. So, this is everything for this moment, for the introduction, and happily later I can talk a little bit about more the methods that we use, or so the types of approaches that we would like also to, you know, get people to know and learn about.<br/><br/> <b>Mr. Dave Brannegan:</b> Dr. Renn, thank you very much, really important to highlight the complexity that you just outlined. It goes back to what Dr. Pate-Cornell was talking about in terms of some of the challenges that we have, right? It's easy to oversimplify it, you know, think, be overconfident with your assessment of risk. And I think that your expertise, your intuition is enough. But once we start factoring the systemic nature of these risks, the overall complexity, the uncertainty, and the nonlinear relationships. We start to really understand how comprehensive, how complex, how challenging it is to really accurately assess risk. So, excellent introduction. Thank you very much. Last but certainly not least, I wanted to introduce Mr Andrew Velazquez the third, first Deputy Aviation Commissioner, Chicago Department of Aviation, and former regional administrator of FEMA Region V. Mr Vazquez, please, the floor is yours.<br/><br/> <b>Mr. Andrew Velasquez III:</b> Thank you very much David. I appreciate that warm introduction and as you mentioned, Andrew Velasquez, first Deputy Aviation Commissioner for the Chicago Department of Aviation, and in this capacity, I oversee all operational functions of Chicago's O'Hare and Midway International airports. And prior to serving in this capacity at the CDA, I served as the presidentially appointed administrator for the US Department of Homeland Security's Federal Emergency Management Agency, FEMA Region V, and I was responsible in that role for coordinating preparedness, response, recovery, and mitigation activities for the States of Illinois, Indiana, Michigan, Minnesota, Wisconsin, and Ohio, essentially the Midwest. And during my time at FEMA, I led the response and recovery efforts for 35 major disasters and emergencies declared by the President of the United States, some of which include Hurricane Sandy, the Flint, Michigan, water crisis and others. And so, from my perspective, I would say, as an emergency response practitioner, I think one of the biggest and most pressing challenges, you know, in today's Homeland Security environment is the protection of critical infrastructure, and I think what is most integral to that effort is risk analysis and I think on the one hand, what we're seeing is critical infrastructure that is being more and more prone to failure as it ages, right? Creating significant or cascading implications for emergency response and public safety personnel and then, on the other, we are seeing the integration of what I would say more and more information technology to create more smart technology or smart grids into our infrastructure, making it more prone to cyberattacks and more prone to those types of vulnerabilities. So, I think the need for risk analysis could not be more clear in today's threat environment as it relates to our critical infrastructure, but I would also say from an emergency planning perspective and from a risk management perspective, what I have seen less and less of what I think what we need more and more of, is the incorporation of critical infrastructure considerations into planning for catastrophic events or catastrophic incidents. I think we tend to look at these scenarios from a more traditional response perspective. Hey, we are responding to a flood or responding to a major fire, or we are responding to, you know, a hurricane event, but oftentimes we don't necessarily take the critical infrastructure considerations into the planning for that response to better understand the critical infrastructure that makes up our communities in our cities. So, incorporating that critical infrastructure consideration into planning for major incidents and catastrophic events is so crucial to protecting our critical infrastructure and having an effective, resilient framework for this infrastructure. Thank you.<br/><br/> <b>Mr. Dave Brannegan:</b> Excellent, thank you sir. It was excellent introduction. That's the first time I heard the word resilience rights and I also love the concept of introducing this risk-informed planning process. So, it's not satisfactory just for us to be prepared to respond and recover. We know as much as we can if we can get risk informed knowledge analysis capabilities baked in on the front end as we rebuild infrastructure, as we retrofit and improve our existing and aging infrastructure, it really starts to pay dividends in many different ways. So, really important part of our overall conversation. I am going to pivot a little bit and key off some of the key points you have already made. I like to turn it to the to the four of you to share some more of your ideas, views, and expertise related to the criticality, the importance of risk analysis, the importance of conducting risk assessments.</td> </tr> <tr> <td style="background-color:rgba(0,136,198,.30); vertical-align: middle; text-align:left;" colspan="1"><b>20:04 - Importance of Risk Analysis</b></td> </tr> <tr> <td style="background-color:white;"> <b>Mr. Dave Brannegan:</b> Why, in your particular fields and overall, do you think that risk analysis is so critically important? Why is it important to our energy networks to our communities, to our cities, to international relations? So, your perspectives on this matter would be really, really well appreciated and you certainly can build off some of your introductory remarks that you each hit on some of these key points already as well? Dr. Pate-Cornell, we will start with you please.<br/><br/> <b>Dr. Elisabeth Pate-Cornell:</b> Yes, we are not infinitely rich. The days have only 24 hours. And we have many requests in our lives, and requirements, and many risks to address. We cannot be terrified by everything. So, step one, we have to decide whether the risk that we are facing is acceptable or not. And if it is not, then we have to set priorities among the different risk management that we can consider. Now this risk management. We may know them, a priority. Before we do the risk analysis, we may have an idea and want to evaluate them. Sometimes we discovered during the risk analysis what needs to be addressed, which we did not know that, for example, when they did the first analysis of nuclear power plants, they found out that their feed water systems were critical. So, the question of why do we do risk analysis? Well, to set priorities and to decide whether at the end we can live with the risk result that we find.<br/><br/> <b>Mr. Dave Brannegan:</b> A wonderful start to the discussion. All risks are not created equal, right? And we can't mitigate all risks at all times with limited dollars, and limited bandwidth, and limited capabilities. So, you know, a great point in terms of prioritization, the necessity of prioritization and the understanding of the tradeoffs in the decisions that we have to make as leaders all throughout public and private life, so. Excellent start to the conversation. Dr. Renn, do you have some perspectives you like to share as well?<br/><br/> <b>Dr. Ortwin Renn:</b> Yes, sure David. I would like to emphasize, of course, what Elisabeth just said. It's about prioritizing different threats and to see, you know, which one is really serious, and which one is not so serious. But I think, one step even before that is to identify hazards and to identify weak points, things, that's extremely important, things are very complex. We very often don't see what are the weak points in our system, and that could also be associated with bells that risk hazard or the agent, or the carrier of the risk. It could be energy, or it could be substance, or it could be Bayada like we have now with the viruses, and at the same time it could be the so-called risk absorbing system. So, these kind of risk vectors, of course, of being absorbed by some kind of a system could be a building, it could be a human being, it could be an ecosystem. And now we know if this system is resilient enough to withstand stress or not. So, in the sense, risk analysis tells us something about these risk vectors, and how they work, and how they get diffused in time and space, but also about the vulnerability of each of the risk absorbing systems. So, it tells you does it affect it to a strong degree or not, and which kind of damage is to be expected. And the worst thing is the functionality of the system being at risk and made collapse mean, of course, which put the worst thing we have a very critical infrastructure. So, we can learn from risk analysis, basing something about the scenarios, which could lead to some kind of damage, but at the same time we learn more about the risk absorbing system, how weak that this is or what are the weak points in it? What kind of stresses are easy to withstand? What kind of stresses are not, either in nature and magnitude, and well, you know, what temporal frequency and other kinds of crucial parameters? And the last point, and I think also that was mentioned already by Elisabeth, that is very important, it informs public debate. Risk analysis can be a very important element in, you know, the heated debate where fake news or kinds of risk perceptions and anxieties may lead politicians to going the wrong direction. And risk analysis is, as Elisabeth pointed out, is something that tries to be as objective as possible. We know it is no objective truth anywhere, but it can be close to it, and that it can help to have evidence, the base of a debate. I think that's extremely important because otherwise we may just be misled by wrong feelings, by anxieties, by fake news or kind of things, and I think, there, risk analysis has very strong corrective function in society and in policy making.<br/><br/> <b>Mr. Dave Brannegan:</b> Excellent, thank you. I love the point about the objectivity of informing objective decisions. We know our leaders are decision makers, have to make decisions on hour by hour, sometimes minute by minute basis. So, the best thing we can do is give them the most risk-informed, the most defensible analysis so that they make the best decisions available to them. We don't necessary try to influence their decisions, but we try to give them the best information so that they can take in all the different various factors as a decision maker, as a senior leader, that they have to make those best decisions possible. So really, I can't underscore the importance of risk analysis in that construct nearly enough. So excellent points and very well made.<br/><br/> <b>Dr. Elisabeth Pate-Cornell:</b> And then I have to run for something that Ortwin just said because it was really very important that there is a point where, sometimes, perception becomes reality, and it is very disconnected and so it's time for us to inject some reality into the perception. So, that, as Ortwin was saying, we don't start making decisions, political decisions, policy decisions that are based on the fears and anxieties of the people, as opposed to what we can say is closer to reality, let's say.<br/><br/> <b>Mr. Dave Brannegan:</b> Excellent, absolute.<br/><br/> <b>Dr. Monica Cardarilli:</b> If I may just add something in order to set holistic risks, we must consider the role of technologies since our society is facing new technology and emerging innovations made on the market, such as drones, artificial intelligence, satellite earth observations among them, we have also to pay attention to the fact that these tools can support early monitoring, early response actions, but can also be used in a malicious way. They can represent themselves a threat if used by cyber attackers, or terrorists, or organized criminal activities, to affect our critical infrastructure, essentially energy infrastructure, which provides essential services to community and many other sectors, where the concurrence of events are very important elements to consider. So, the role of technologies should be considered as a threat, so not only as a support tool, which is something that sometimes is underestimated. So, it's important to keep in mind that malicious actors can use our technology to impact the service supply, in particular, when an infrastructure has a lot of interdependencies and support the functioning of other network services.<br/><br/> <b>Mr. Dave Brannegan:</b> Excellent point Dr. Cardarilli. I think it's really important to emphasize exactly the point you are making that we also can never get complacent. Risk is constantly evolving, our parameters are constantly evolving, the threat spectrum, the vulnerabilities, the consequences that could emerge. You can never get complacent, and so it's one of the fascinating but also troubling pieces of the risk environment we are always in, you know, domestically and internationally. So, really important points. Sometimes your biggest asset can turn into the biggest liability as well. Sometimes in the same sort of scenario or parameter. So really, really interesting discussion. Mr. Velasquez, alright, I like to turn to you for some of your perspectives, please.<br/><br/> <b>Mr. Andrew Velasquez III:</b> Well, thank you David. I appreciate that, and I think just to follow on with some of the things that you had mentioned with regards to the issue of complacency. You know, I think that our ability to effectively protect critical infrastructure is only as good as your ability to plan effectively and to execute effectively on those plans. And I think that is crucial because our cities, our communities, they rely heavily on critical infrastructure for the delivery of essential services and so any attacks or disruptions on critical infrastructure, as we all know, can have very devastating effects to include loss of life and so one of the things that I see is very troubling at times and an area where I think we fall short in our planning efforts, is that we tend to build faulty assumptions into our plans, and so I think that, for instance, if we know that the City of Chicago is going to be gripped with a week of extreme heat temperatures exceeding what is necessary for the implementation of, let's say, an extreme heat plan. Oftentimes, we tend to rely on the faulty assumption that our electrical grid is going to remain resilient. And so, we don't necessarily reach out to that private sector partner to say, hey, we are planning for this heat wave. What are you guys doing to ensure that your grid is bolstered enough, resilient enough, to withstand the loads? Are there plans in place for load shedding in facilities across the city that can reduce the impact, or that could reduce, you know the strain, if you will, on the grid, and so we tend to build faulty assumptions into our plans. We assume that the improvised nuclear device is going to go off on a nice summer day, but to be frankly honest with you, it can go off on a day that is 30 below 0 and so have we planned for the cascading impacts or consequences associated with those effects? And so, I think getting back to what I had initially said about the importance of, you know, integrated planning we not only have to consider critical infrastructure into our planning efforts, but we cannot build faulty assumptions into these plans. And so, as previously stated, you know, we are living in an environment that has an ever-changing risk, it has an ever-changing threat landscape, and so in order to really achieve what I would consider to be effective resiliency in our critical infrastructure, is this integrated approach to planning, this integrated approach across the spectrum of stakeholders that touch our critical infrastructure to ensure that we are all working together to address all of the possible considerations, and to implement all of the necessary risk mitigation strategies that could be beneficial when it comes to dealing with disruptions or failures in critical infrastructure. Thank you.<br/><br/> <b>Mr. Dave Brannegan:</b> yes, it's a fascinating conversation because Dr Renn introduces a little bit before as well like the stakeholder constituency group is so large: 16 critical infrastructure sectors, public and private equities, various temporal and spatial challenges that we have, the cascading and escalating impacts of potential dependencies and interdependencies of disruptions or destruction. It's as complex and interconnected, a web of priorities, and equities, and requirements, as we could possibly imagine. So, I think that is a really important point in that, sometimes, we like to think about risk, and very discreet buckets, because, I think, it's convenient and it's easy to understand. It kind of makes us feel comfortable, but, I think, real comprehensive understanding of risk is complicated, complex, interconnected, it is ever-changing, as you said Mr Velasquez.<br/><br/> <b>Dr. Ortwin Renn:</b> And what I think is extremely important to, David, is that we now live in an environment in which these different resources are all interconnected, so that the electricity system is connected with other systems, and then all kind of computer equipment. It is strongly affected with the water supply system. It is affected with, you know, the health and emergency system. And what we need to understand is that if you do risk assessments for each of them separately, we may miss a point because it goes back and forth. So, we have two kinds of dynamic situations. One is that we have cascading risk. So, it starts this one and goes to the next and the next and the next. And the other one, which is even worse, is the risk amplifier, where it starts in one and it's not that big, but then it goes to the next one and they really create disaster. And so, if you just focus on the first one, you think, oh it's not that bad and we have it all under control. But if it then develops into the next area and then has a great potential for disaster, then we are going to have a real problem. So maybe one of the natural hazards is not bad in itself, but if it runs into a chemical factory, and you have a release of toxic substances, so we have a real problem. And the release of toxic substance could lead to a, you know, for example, that a government failed. So, then we have a lot of upset people, and it has maybe even a string of violence coming out. So even the connection between let’s say a natural, technological, and social risks is one that we always have to consider in all of this. And this makes it more difficult. But at the same time, if we look at, you know, what are the carriers or the agents of risk, they are not that many. It is either energy or the physical side, so energy in all its forms. It could be biota, viruses, mushrooms, fungi, and bacteria. And on the third one is substance and on the social side is basically information. Wrong information kills. It is money, power, and violence. So, those are the kind of carriers. We don't have more and that is a comfortable problem, because we can say, we can think about all the potential combinations between these various carriers of risk. And then we have a much better idea on how to build good scenarios that can help us to develop the interaction between these different risk agents or risk areas, and that's something we try to do here. Also, you know do systematic permutation of all of these and to say look we are developing scenarios in which, you know, heat wave, which is set, has a problem with energy production, and energy production is a real problem with delivery of goods and services. This has a problem with, you know, people being upset and do all kind of funny things, which of course put their health at stake. The health system is not really equipped for that. So, we can go on and on and on. I don't want to do that but it's just very often that's not the primary cause that makes most trouble. It's a secondary and third.<br/><br/> <b>Mr. Dave Brannegan:</b> Yes, excellent points. Two quick things I will add in that we often talk about cascading and escalating impacts. So, that as dependencies and interdependencies of these interconnected system-of-systems. So, cascading essentially thinking of dominoes falling. One domino hits another one and another one in the cascade throughout. Escalating is more like a snowball going down a hill and just continuing to grow in size and scope and overall impact. So excellent points absolutely.<br/><br/> <b>Dr. Elisabeth Pate-Cornell:</b> I would like to introduce an engineering point of view to what Andrew and Ortwin have just said, which is, of course, perfectly correct. If you are an engineer constructing very complex systems with different contractors, let's say the space mission. You have to make sure that, but it is just an example, that the criteria that you use for the different parts of that system and that your contractors are going to use criteria in terms of safety and security are consistent and are all the same. So, that you don't have one parent that is much weaker than the others and you do not know it. So, as an overall manager, you have to be very conscious of the consistency of the criteria that you adopt so that you do not create a weak point.<br/><br/> <b>Mr. Dave Brannegan:</b> Excellent, thank you. Monica, before we move on to the next windows, is there anything else you wanted to add to the overall discussion?<br/><br/> <b>Dr. Monica Cardarilli:</b> Yes, I would like to point out also the past experiences, the lessons learned, which play a key role in building good risk analyses. This includes empirical approaches that use historical failure data information and expert judgment because the availability of accurate, reliable, and complete data affects the quality of risk analysis and all risk reduction decisions based on it. Indeed, data is the basis for gaining knowledge on the dynamics of incidents, through incidents analysis and lessons learned, complemented by the understanding of risks and they are also supporting the usage of risk outcomes for decision making. So, it is good to keep in mind that past events and experiences should be considered and included among lessons learned upon which we have to build a stronger risk analysis and more comprehensive, as much as possible.<br/><br/> <b>Mr. Dave Brannegan:</b> Great, well thank you very much. This has been a wonderful discussion so far. We have touched on some of the key elements, the primary pillars of understanding risk analysis, its components, application, its overall construct. So, I would love to turn it over to the four of you for some final remarks.</td> </tr> <tr> <td style="background-color:rgba(0,136,198,.30); vertical-align: middle; text-align:left;" colspan="1"><b>40:00 - Experts Final Remarks – Main Elements to Consider and Challenges</b></td> </tr> <tr> <td style="background-color:white;"> <b>Mr. Dave Brannegan:</b> We are really interested in maybe pulling some of your key themes together, summarizing what you think is most important for our audience to hear. Some things we are interested in is number one, maybe some of the main elements to consider as we are constructing approaches to risk analysis, to risk frameworks. And then two, I think we talked a lot about this, but if you want to emphasize a little bit more, some of the major challenges that we encounter as we think about risk. Dr. Renn, I would like to start with you, please.<br/><br/> <b>Dr. Ortwin Renn:</b> Well, thank you very much. I would like to draw the attention on two issues that I think are sometimes underestimated and still have a strong importance. The first one is the interaction between natural and social events, and I think that we very often have a very exclusive view on the natural events. For example, natural hazard or some kind of a natural event like global warming. But it is always interacting with social activities, and this is also true in terms of technological disaster where you always have interaction between staff, people and, you know, safety crews and others. But also people respond to these kind of threats and they may respond very prudently or less prudently to it. Sometimes they are exacerbating the impacts. So, it is very important to understand that kind of interlinkage between social activity and natural technological responses and the other way around. And that is something where I believe it is very important to have this kind of interdisciplinary staff or interdisciplinary cooperation. We need the cooperation of engineers, natural scientists, and social scientists, to really understand these complex risks. And the second, and my last point, is that I think it is very important, and I started with it, that we think a little broader terms of risk governance. Very often, you know, we need to see the whole societal context, in which risk appears. What risk of being selected as being very serious and what not is partially a social framing part, so you know what kind of groups in society believes this is really a big problem or not. And it is not always a result, let's say, of a risk assessment, saying this is the best priority, as Elisabeth pointed out, and we see that society is very worried about some things where risk analysts would say, well, it's not so difficult and others, with risk analysts say it is really very problematic, but people seem not to care. And so, I think it's very important to see that cold context. And I'm not saying people have irrational assumptions. Very often there are good reasons for caring for one rather than the other. There are a lot of different distribution effects of risk, and some are, you know, not being affected at all, and others are. And we need to find out what is the social just or equitable way of distributing the risk. And then also I think it is about all of institutions that we have in society that they have different tasks and different mandate, and they very often defend their mandate, even if it is, let's say, only a minor risk and may not be able to look at the larger risk because it is not within their mandate. So, I think it is very important to keep that context in mind for those are the two major messages that I would like to say at the end of this conversation.<br/><br/> <b>Mr. Dave Brannegan:</b> Wonderful thank you very much, points very well made, much appreciated. Dr. Cardarilli, can I please turn the floor over to you for some concluding remarks?<br/><br/> <b>Dr. Monica Cardarilli:</b> Yes, well, we have to think about also slow onset phenomena, such as climate change, which can act as threat multipliers by exacerbating others, exceeding also the adaptive capacities of critical infrastructure systems. So, therefore when considering multiple hazards and their interactions, it is possible that the total risk estimated can be greater than the sum of their individual parts, due also to the dynamic nature of risks. This remarks the need for integration of risk assessment methods capable of viewing the problem from different perspectives, suitable for coping with high complexity of the systems and the related uncertainties, accounting for transdisciplinary solutions and risk mitigation strategies in the short and also long-term because we also have to think about long-term impacts that could be exacerbated by nowadays risks and threats.<br/><br/> <b>Mr. Dave Brannegan:</b> Excellent, thank you very much. Very, very well said. Mr Velasquez, please.<br/><br/> <b>Mr. Andrew Velasquez III:</b> Yes, thank you Dave. I didn't really have much of an opportunity to touch on, sort of like a risk framework. I mentioned a lot about, you know, planning, but I think from my perspective as a practitioner, what is critically important to developing an effective framework for risk analysis, risk management, is obviously first and foremost hazard identification, and that was mentioned earlier on before, but I think along with hazard identification and risk analysis is the identification of key stakeholders that will play a role in developing these plans because there are so many stakeholders that are involved in the risk management process, right. You can look at it from the perspective of the United States, local State and federal agencies, right, they have a role, owners and operators of critical infrastructure, not-for-profit, academia. It's going to take a truly integrated approach among all the stakeholders to manage the risks from significant threats and hazards to critical infrastructure, and to achieve what I would call effective security and resilience, if you will. So, it has to be, beyond a shadow of a doubt, a collaborative process. Now, I think in addition to it being a collaborative process, it also has to be a continuous deliberate process. And I think that is one of the challenges that I see, is that continuous deliberate process oftentimes does not take place, and I think, you know, because the threat landscape continues to evolve, as public safety practitioners, owners of critical infrastructure, all need to stay abreast of new threats and hazards that pose a risk to infrastructure. So, if we become complacent on the planning side, we are not going to stay abreast of those risks and challenges that we face, thereby hindering our ability to be resilient and thereby hindering our ability to effectively implement risk management strategies that can save lives and protect property. <br/><br/> <b>Mr. Dave Brannegan:</b> Excellent, thank you very much. I love the concepts of both continuous and deliberate, you know, one without the other isn't satisfactory and I appreciate the emphasis as we are concluding here about security and about what we are really talking about, which is saving lives, and saving property, and reducing the damage that could potentially happen with these various set of threats and hazards we are facing globally. Last but certainly not least, Dr. Pate-Cornell, do you have some concluding remarks?<br/><br/> <b>Dr. Elisabeth Pate-Cornell:</b> Yes, I would like to add the last word on cybersecurity and cyber risk. I mean, it is one of those that is very difficult to analyze. Cybersecurity, in general, we hear a lot about, but I give you one cyber system and the question is what is your cyber risk? Who is interested in attacking you and how are you going to react to it? And that starts with understanding your system as usual and taking measures to make sure that first, you know your vulnerabilities and you plug those that you know, and you constantly look for new ones. Cybersecurity has become extremely important in terms of safety of people, safety of our financial system, safety of our environment, and I think that some cyber risk and risk analysis as a lot to offer. But there is not so much cyber risk being done. And I think it is an important field. And, of course, it touches on human beings and adversarial conflicts, which, of course, people trying to take your money and not exactly your friends. So, you have to look at it in that light.<br/><br/> <b>Mr. Dave Brannegan:</b> Excellent and important conclusion that keep us laser focused on existing and future threats that are cascading throughout our various systems.</td> </tr> <tr> <td style="background-color:rgba(0,136,198,.30); vertical-align: middle; text-align:left;" colspan="1"><b>49:13 - Closing</b></td> </tr> <tr> <td style="background-color:white;"> <b>Mr. Dave Brannegan:</b> I would love to thank the four experts who took the time to share their wonderful and deep expertise with us today. The conversation was both rich, and deep, and certainly very enlightening. So, very sincere thanks for spending some time with us and sharing your expert perspectives. We look forward to continuing the conversation and appreciate you taking some time with us today. Thank you very much.<br/><br/>Thank you to our experts for sharing their perspectives about risk analysis applied to critical infrastructure systems. Find more information about risk assessment in the corresponding training module on the OSCE Virtual Centre for the protection of critical energy infrastructure. Watch other videos addressing key elements of risk analysis for critical infrastructure on the OSCE Virtual Centre for the protection of critical energy infrastructure.</td> </tr> </table> </div> </div> </div> <script type="text/javascript"> var acc = document.getElementsByClassName("accordion_new"); var i; for (i = 0; i < acc.length; i++) { acc[i].addEventListener("click", function() { this.classList.toggle("active"); var panel = this.nextElementSibling; if (panel.style.display === "block") { panel.style.display = "none"; } else { panel.style.display = "block"; } }); } </script> </div> </div> <div class="vert vert-3" data-id="block-v1:OSCE+CriticalEnergyNetworks101+2021+type@html+block@b2590385c9da48be8f9dd3999077f1ef"> <div class="xblock xblock-public_view xblock-public_view-html xmodule_display xmodule_HtmlBlock" data-course-id="course-v1:OSCE+CriticalEnergyNetworks101+2021" data-init="XBlockToXModuleShim" data-runtime-class="LmsRuntime" data-runtime-version="1" data-block-type="html" data-usage-id="block-v1:OSCE+CriticalEnergyNetworks101+2021+type@html+block@b2590385c9da48be8f9dd3999077f1ef" data-request-token="e7724aea164f11f09c6f2afdb7906a71" data-graded="False" data-has-score="False"> <script type="json/xblock-args" class="xblock-json-init-args"> {"xmodule-type": "HTMLModule"} </script> <style></style> <div> <p style="color: #003478;"><em><span style="text-decoration: underline; font-weight: bold !important">Meet the experts:</span> Select each of the following accordions to find out more about our experts.</em></p> </div> </div> </div> <div class="vert vert-4" data-id="block-v1:OSCE+CriticalEnergyNetworks101+2021+type@html+block@2d180075bf7b40faabac5e18750a69c2"> <div class="xblock xblock-public_view xblock-public_view-html xmodule_display xmodule_HtmlBlock" data-course-id="course-v1:OSCE+CriticalEnergyNetworks101+2021" data-init="XBlockToXModuleShim" data-runtime-class="LmsRuntime" data-runtime-version="1" data-block-type="html" data-usage-id="block-v1:OSCE+CriticalEnergyNetworks101+2021+type@html+block@2d180075bf7b40faabac5e18750a69c2" data-request-token="e7724aea164f11f09c6f2afdb7906a71" data-graded="False" data-has-score="False"> <script type="json/xblock-args" class="xblock-json-init-args"> {"xmodule-type": "HTMLModule"} </script> <style></style> <div><button class="accordion_new1" style= "font-size: 12.0pt; font-family: Calibri; background-color: #003478; background-image: none;">Dr. Monica Cardarilli</button> <div class="panel3"> <br/> <div> <p><strong>Dr. Monica Cardarilli</strong> is a Risk Engineer and Project Officer at European Commission, Joint Research Centre Ispra, Lombardy, Italy. Dr. Cardarilli is an expert in threat mitigation and security aspects for improving critical infrastructure protection and resilience, supporting Member States with training exercises, guidelines and recommendations on crisis management, operations planning and emergency preparedness.</p> <p><em><a href="https://www.linkedin.com/in/monica-cardarilli-a89291b5/?originalSubdomain=it" target="[object Object]">Click here for more information</a></em></p> </div> </div> </div> <script type="text/javascript"> var acc = document.getElementsByClassName("accordion_new1"); var i; for (i = 0; i < acc.length; i++) { acc[i].addEventListener("click", function() { this.classList.toggle("active"); var panel = this.nextElementSibling; if (panel.style.display === "block") { panel.style.display = "none"; } else { panel.style.display = "block"; } }); } </script> </div> </div> <div class="vert vert-5" data-id="block-v1:OSCE+CriticalEnergyNetworks101+2021+type@html+block@0a458a0025dc4bdab415292ef84884d9"> <div class="xblock xblock-public_view xblock-public_view-html xmodule_display xmodule_HtmlBlock" data-course-id="course-v1:OSCE+CriticalEnergyNetworks101+2021" data-init="XBlockToXModuleShim" data-runtime-class="LmsRuntime" data-runtime-version="1" data-block-type="html" data-usage-id="block-v1:OSCE+CriticalEnergyNetworks101+2021+type@html+block@0a458a0025dc4bdab415292ef84884d9" data-request-token="e7724aea164f11f09c6f2afdb7906a71" data-graded="False" data-has-score="False"> <script type="json/xblock-args" class="xblock-json-init-args"> {"xmodule-type": "HTMLModule"} </script> <style></style> <div><button class="accordion_new2" style= "font-size: 12.0pt; font-family: 'Calibri'; background-color: #003478; background-image: none; ">Dr. Elisabeth Pate-Cornell</button> <div class="panel3"> <br/> <div> <p><strong>Dr. Elisabeth Pate-Cornell</strong> is the Burt and Deedee McMurtry Professor in the School of Engineering and Professor and Founding Chair (2000-2011) of the Department of Management Science and Engineering at Stanford University, California, United States. Her specialty is engineering risk analysis with application to complex systems (e.g., space, medical, and offshore oil platforms).</p> <p><em><a href="https://profiles.stanford.edu/m-elisabeth-pate-cornell" target="[object Object]">Click here for more information</a></em></p> </div> </div> <script type="text/javascript"> var acc = document.getElementsByClassName("accordion_new2"); var i; for (i = 0; i < acc.length; i++) { acc[i].addEventListener("click", function() { this.classList.toggle("active"); var panel = this.nextElementSibling; if (panel.style.display === "block") { panel.style.display = "none"; } else { panel.style.display = "block"; } }); } </script> </div> </div> <div class="vert vert-6" data-id="block-v1:OSCE+CriticalEnergyNetworks101+2021+type@html+block@3b52bc5044d34b9eb42b14000163d2ee"> <div class="xblock xblock-public_view xblock-public_view-html xmodule_display xmodule_HtmlBlock" data-course-id="course-v1:OSCE+CriticalEnergyNetworks101+2021" data-init="XBlockToXModuleShim" data-runtime-class="LmsRuntime" data-runtime-version="1" data-block-type="html" data-usage-id="block-v1:OSCE+CriticalEnergyNetworks101+2021+type@html+block@3b52bc5044d34b9eb42b14000163d2ee" data-request-token="e7724aea164f11f09c6f2afdb7906a71" data-graded="False" data-has-score="False"> <script type="json/xblock-args" class="xblock-json-init-args"> {"xmodule-type": "HTMLModule"} </script> <style></style> <div><button class="accordion_new3" style= "font-size: 12.0pt; font-family: 'Calibri'; background-color: #003478; background-image: none;">Dr. Ortwin Renn</button> <div class="panel3"> <br/> <div> <p><strong>Dr. Ortwin Renn</strong> serves as Scientific Director at the Institute for Advanced Sustainability Studies (IASS) in Potsdam, Germany. He is professor for technology assessment and evironmental sociology at the University and directs, together with Dr. Marion Dreyer and Agnes Lampke, the non-profit company DIALOGIK, a research institute for the investigation of communication and participation processes.</p> <p><em><a href="https://www.iass-potsdam.de/en/people/ortwin-renn" target="[object Object]">Click here for more information</a></em></p> </div> </div> <script type="text/javascript"> var acc = document.getElementsByClassName("accordion_new3"); var i; for (i = 0; i < acc.length; i++) { acc[i].addEventListener("click", function() { this.classList.toggle("active"); var panel = this.nextElementSibling; if (panel.style.display === "block") { panel.style.display = "none"; } else { panel.style.display = "block"; } }); } </script> </div> </div> <div class="vert vert-7" data-id="block-v1:OSCE+CriticalEnergyNetworks101+2021+type@html+block@1a1443629e3745139365c052ac53bdb3"> <div class="xblock xblock-public_view xblock-public_view-html xmodule_display xmodule_HtmlBlock" data-course-id="course-v1:OSCE+CriticalEnergyNetworks101+2021" data-init="XBlockToXModuleShim" data-runtime-class="LmsRuntime" data-runtime-version="1" data-block-type="html" data-usage-id="block-v1:OSCE+CriticalEnergyNetworks101+2021+type@html+block@1a1443629e3745139365c052ac53bdb3" data-request-token="e7724aea164f11f09c6f2afdb7906a71" data-graded="False" data-has-score="False"> <script type="json/xblock-args" class="xblock-json-init-args"> {"xmodule-type": "HTMLModule"} </script> <style></style> <div><button class="accordion_new4" style= "font-size: 12.0pt; font-family: 'Calibri'; background-color: #003478; background-image: none;">Mr. Andrew Velasquez III</button> <div class="panel3"> <br/> <div> <p><strong>Mr. Andrew Velasquez III</strong> is the First Deputy Aviation Commissioner at the Chicago Department of Aviation, Chicago Illinois, United States. He is the former regional administrator for FEMA Region V, and serves as an instructor in the University Of Chicago Graham School of General Studies.</p> <p><em><a href="https://www.linkedin.com/in/andrew-velasquez-iii-a9a1bbb2/" target="[object Object]">Click here for more information</a></em></p> </div> </div> <script type="text/javascript"> var acc = document.getElementsByClassName("accordion_new4"); var i; for (i = 0; i < acc.length; i++) { acc[i].addEventListener("click", function() { this.classList.toggle("active"); var panel = this.nextElementSibling; if (panel.style.display === "block") { panel.style.display = "none"; } else { panel.style.display = "block"; } }); } </script> </div> </div> <div class="vert vert-8" data-id="block-v1:OSCE+CriticalEnergyNetworks101+2021+type@html+block@0b93bf5d24074383a0aef1e913566b34"> <div class="xblock xblock-public_view xblock-public_view-html xmodule_display xmodule_HtmlBlock" data-course-id="course-v1:OSCE+CriticalEnergyNetworks101+2021" data-init="XBlockToXModuleShim" data-runtime-class="LmsRuntime" data-runtime-version="1" data-block-type="html" data-usage-id="block-v1:OSCE+CriticalEnergyNetworks101+2021+type@html+block@0b93bf5d24074383a0aef1e913566b34" data-request-token="e7724aea164f11f09c6f2afdb7906a71" data-graded="False" data-has-score="False"> <script type="json/xblock-args" class="xblock-json-init-args"> {"xmodule-type": "HTMLModule"} </script> <style></style> <div><button class="accordion_new5" style= "font-size: 12.0pt; font-family: 'Calibri'; background-color: #003478; background-image: none;">Mr. Dave Brannegan</button> <div class="panel3"> <br/> <div> <p><strong>Mr. Dave Brannegan</strong> is the Director of Argonne National Laboratory’s Decision and Infrastructure Sciences division Lemont Illinois, United States. During his tenure at Argonne, Mr. Brannegan has led a variety of work-for-others programs for the Department of Homeland Security (DHS), including a comprehensive effort to prioritize critical infrastructure based on criticality, near-real-time analysis of threats to infrastructure assets, and continued analysis of systemic infrastructure dependencies.</p> <p><em><a href="https://www.linkedin.com/in/dave-brannegan-9698555/" target="[object Object]">Click here for more information</a></em></p> </div> </div> <script type="text/javascript"> var acc = document.getElementsByClassName("accordion_new5"); var i; for (i = 0; i < acc.length; i++) { acc[i].addEventListener("click", function() { this.classList.toggle("active"); var panel = this.nextElementSibling; if (panel.style.display === "block") { panel.style.display = "none"; } else { panel.style.display = "block"; } }); } </script> </div> </div> </div> <script type="text/javascript"> (function (require) { require(['https://d24jp206mxeyfm.cloudfront.net/static/js/dateutil_factory.a28baef97506.js?raw'], function () { require(['js/dateutil_factory'], function (DateUtilFactory) { DateUtilFactory.transform('.localized-datetime'); }); }); }).call(this, require || RequireJS.require); </script> <script> function emit_event(message) { parent.postMessage(message, '*'); } </script> </div>

<div class="xblock xblock-public_view xblock-public_view-vertical" data-course-id="course-v1:OSCE+CriticalEnergyNetworks101+2021" data-init="VerticalStudentView" data-runtime-class="LmsRuntime" data-runtime-version="1" data-block-type="vertical" data-usage-id="block-v1:OSCE+CriticalEnergyNetworks101+2021+type@vertical+block@7fda946379cc4f14af40ae1221546f32" data-request-token="e7724aea164f11f09c6f2afdb7906a71" data-graded="False" data-has-score="False"> <div class="vert-mod"> <div class="vert vert-0" data-id="block-v1:OSCE+CriticalEnergyNetworks101+2021+type@html+block@6ddd69b6d6bf47ffa5330767335a3a55"> <div class="xblock xblock-public_view xblock-public_view-html xmodule_display xmodule_HtmlBlock" data-course-id="course-v1:OSCE+CriticalEnergyNetworks101+2021" data-init="XBlockToXModuleShim" data-runtime-class="LmsRuntime" data-runtime-version="1" data-block-type="html" data-usage-id="block-v1:OSCE+CriticalEnergyNetworks101+2021+type@html+block@6ddd69b6d6bf47ffa5330767335a3a55" data-request-token="e7724aea164f11f09c6f2afdb7906a71" data-graded="False" data-has-score="False"> <script type="json/xblock-args" class="xblock-json-init-args"> {"xmodule-type": "HTMLModule"} </script> <style> </style> <div> <p>Before addressing the concepts supporting risk analysis, it is important to use a common language and to start by defining what constitutes a risk.</p> <p style="font-size: 13pt !important; color: #003478; font-weight: bold !important; text-decoration: underline !important;">Definition of Risk</p> <p>A <span style="font-weight: bold !important;">Risk</span> is <span style="color: #003478; font-style: italic !important;">"the potential for an unwanted outcome resulting from an incident, event, or occurrence, as determined by its likelihood and the associated consequences."<a href="https://www.cisa.gov/sites/default/files/publications/dhs-risk-lexicon-2010_0.pdf" target="[object Object]"> (DHS, 2010)</a></span></p> <p>A Risk is traditionally defined as a function of three components:</p> <ul style="margin-left: .25in;"> <li>Hazard</li> <li>Vulnerability</li> <li>Consequence</li> </ul> <p>However, another risk component is very important: the Resilience. Therefore, <b>a risk can now be defined as a function of four components (i.e., Hazard, Vulnerability, Resilience, and Consequence).</b></p> <p><center><img src="//d24jp206mxeyfm.cloudfront.net/assets/courseware/v1/fe2896929f5f7b341c872c9ed8eed611/asset-v1:OSCE+CriticalEnergyNetworks101+2021+type@asset+block/Mod3_Img5.png" alt = "Get Alt Text"/><span style="color: #003478;"><br/> <b>Risk Components</b><a href="https://publications.anl.gov/anlpubs/2015/06/111906.pdf" target="[object Object]"> (Petit <i>et al.</i>, 2015)</a></span></center></p> <p><center><span style="color: #003478; font-weight: bold !important;">Risk=f(Hazard, Vulnerability, Resilience, Consequence)</span></center></p> <p style="color: #003478;"> Expand the accordions below to view the definitions of each risk components.</p> </div> </div> </div> <div class="vert vert-1" data-id="block-v1:OSCE+CriticalEnergyNetworks101+2021+type@html+block@75c79d7b0d3540819db87b586eeb7778"> <div class="xblock xblock-public_view xblock-public_view-html xmodule_display xmodule_HtmlBlock" data-course-id="course-v1:OSCE+CriticalEnergyNetworks101+2021" data-init="XBlockToXModuleShim" data-runtime-class="LmsRuntime" data-runtime-version="1" data-block-type="html" data-usage-id="block-v1:OSCE+CriticalEnergyNetworks101+2021+type@html+block@75c79d7b0d3540819db87b586eeb7778" data-request-token="e7724aea164f11f09c6f2afdb7906a71" data-graded="False" data-has-score="False"> <script type="json/xblock-args" class="xblock-json-init-args"> {"xmodule-type": "HTMLModule"} </script> <style></style> <div><button class="accordion_new1" style= "font-size: 12.0pt; font-family: 'Calibri'; background-color: #003478; background-image: none;">Hazard</button> <div class="panel1"> <p></p> <div> <p><span style="font-size: 13pt !important; color: #003478; font-weight: bold !important; text-decoration: underline !important;">Hazard or Threat?</span></p> <p>A <span style="font-weight: bold !important;">Hazard</span> is <span style="color: #003478; font-style: italic !important;">"a natural or manmade occurrence, individual, entity, or action that has or indicates the potential to harm life, information, operations, the environment, and/or property."</span><a href="https://www.cisa.gov/sites/default/files/publications/dhs-risk-lexicon-2010_0.pdf" target="[object Object]"><span style="color: #003478;"> (DHS, 2010)</span></a></p> <p>There are several categories of hazards presented in the table below.</p> <table> <tr> <td style="background-color:#003478; color: white; border: 1px solid black; padding: 15px; vertical-align: middle; text-align:center; font-weight: bold !important;" colspan="2">Classification of Hazards</td> </tr> <tr style="align: middle; vertical-align: middle;"> <td style="border: 1px solid black; padding: 15px; align: middle; vertical-align: middle; width: 15%"><img src="//d24jp206mxeyfm.cloudfront.net/assets/courseware/v1/acf67f38ec637d8c28b48dfcd800db57/asset-v1:OSCE+CriticalEnergyNetworks101+2021+type@asset+block/Mod1_Natural.jpg" alt="Get Alt Text" /></td> <td style="border: 1px solid black; padding: 15px; align: left; vertical-align: top; "><span style="font-weight: bold !important; text-decoration: underline !important;">Natural Hazards</span><br/>Natural hazards refer to all atmospheric, hydrologic, geologic (especially seismic and volcanic), and wildfire phenomena that, because of their location, severity, and frequency, have the potential to affect humans, their structures, or their activities adversely (e.g., loods, earthquakes, tornadoes, tsunamis, lightnings, etc).</td> </tr> <tr style="align: middle; vertical-align: middle;"> <td style="border: 1px solid black; padding: 15px; align: middle; vertical-align: middle; width: 15%"><img src="//d24jp206mxeyfm.cloudfront.net/assets/courseware/v1/fd9abd363466a7bd5ec1c1e0c283f166/asset-v1:OSCE+CriticalEnergyNetworks101+2021+type@asset+block/Mod1_Technological.jpg" alt="Get Alt Text" /></td> <td style="border: 1px solid black; padding: 15px; align: left; vertical-align: top;"><span style=""><span style="font-weight: bold !important; text-decoration: underline !important;">Technological Hazards</span><br/>Technological hazards refer to hazard originating from technological or industrial conditions, including accidents, dangerous procedures, infrastructure failures or specific human activities, that may cause loss of life, injury, illness or other health impacts, property damage, loss of livelihoods and services, social and economic disruption, or environmental damage.Industrial facilities, structures, transportation systems, consumer products, pesticides, pharmaceuticals. They include industrial accidents, transport accidents, and other miscellaneous accidents such as explosions, collapses, or fires.</span></td> </tr> <tr style="align: middle; vertical-align: middle;"> <td style="border: 1px solid black; padding: 15px; align: middle; vertical-align: middle; width: 15%"><img src="//d24jp206mxeyfm.cloudfront.net/assets/courseware/v1/da16350715136dca28bc58713c46cb53/asset-v1:OSCE+CriticalEnergyNetworks101+2021+type@asset+block/Mod1_Organizational.jpg" alt="Get Alt Text" /></td> <td style="border: 1px solid black; padding: 15px; align: left; vertical-align: top;"><span style=""><span style="font-weight: bold !important; text-decoration: underline !important;">Organizational Hazards</span><br/>Organizational hazards are a subset of technological hazards that relate specifically to unsuitable workplace and safety processes, policies, and procedures such as long working hours, inadequate competence.</span></td> </tr> <tr style="align: middle; vertical-align: middle;"> <td style="border: 1px solid black; padding: 15px; align: middle; vertical-align: middle; width: 15%"><img src="//d24jp206mxeyfm.cloudfront.net/assets/courseware/v1/fa01e056146acce3c0fd65b4338884dd/asset-v1:OSCE+CriticalEnergyNetworks101+2021+type@asset+block/Mod1_Behavioral.jpg" alt="Get Alt Text" /></td> <td style="border: 1px solid black; padding: 15px; align: left; vertical-align: top;"><span style=""><span style="font-weight: bold !important; text-decoration: underline !important;">Behavioral Hazards</span><br/>Behavioral hazards refer to health behavioral hazards resulting from substance abuse (e.g., drug, alcohol, smoking) but also to work behavioral safety hazard resulting from conscious or unconscious bad habitual practices.</span></td> </tr> <tr style="align: middle; vertical-align: middle;"> <td style="border: 1px solid black; padding: 15px; align: middle; vertical-align: middle; width: 15%"><img src="//d24jp206mxeyfm.cloudfront.net/assets/courseware/v1/ba8ae2407298ec1d2b33455ef609be3f/asset-v1:OSCE+CriticalEnergyNetworks101+2021+type@asset+block/Mod1_Social.jpg" alt="Get Alt Text" /></td> <td style="border: 1px solid black; padding: 15px; align: left; vertical-align: top;"><span style=""><span style="font-weight: bold !important; text-decoration: underline !important;">Social Hazards</span><br/>Social hazards refer to harm that one society or part of a society may do to another. They include war, sabotage, or communicable disease.</span></td> </tr> </table> <p>A <span style="font-weight: bold !important;">Threat</span> is a particular type of hazard. A threat <span style="color: #003478; font-style: italic !important;">"differs from a hazard in that a threat is directed at an entity, asset, system, network, or geographic area, while a hazard is not directed. Therefore, a threat is an intentional hazard."</span><a href="https://www.cisa.gov/sites/default/files/publications/dhs-risk-lexicon-2010_0.pdf" target="[object Object]"><span style="color: #003478;"> (DHS, 2010)</span></a> Threats include elements such as cyberattacks, sabotages, thefts, or terrorism.</p> </div> </div> </div> <script type="text/javascript"> var acc = document.getElementsByClassName("accordion_new1"); var i; for (i = 0; i < acc.length; i++) { acc[i].addEventListener("click", function() { this.classList.toggle("active"); var panel = this.nextElementSibling; if (panel.style.display === "block") { panel.style.display = "none"; } else { panel.style.display = "block"; } }); } </script> </div> </div> <div class="vert vert-2" data-id="block-v1:OSCE+CriticalEnergyNetworks101+2021+type@html+block@4b2d3a200be745e2b7f92bf3b6de4934"> <div class="xblock xblock-public_view xblock-public_view-html xmodule_display xmodule_HtmlBlock" data-course-id="course-v1:OSCE+CriticalEnergyNetworks101+2021" data-init="XBlockToXModuleShim" data-runtime-class="LmsRuntime" data-runtime-version="1" data-block-type="html" data-usage-id="block-v1:OSCE+CriticalEnergyNetworks101+2021+type@html+block@4b2d3a200be745e2b7f92bf3b6de4934" data-request-token="e7724aea164f11f09c6f2afdb7906a71" data-graded="False" data-has-score="False"> <script type="json/xblock-args" class="xblock-json-init-args"> {"xmodule-type": "HTMLModule"} </script> <style></style> <div><button class="accordion_new2" style= "font-size: 12.0pt; font-family: 'Calibri'; background-color: #003478; background-image: none;">Vulnerability</button> <div class="panel1"> <p></p> <p>A <span style="font-weight: bold !important;">Vulnerability</span> is a <span style="color: #003478; font-style: italic !important;">"physical feature or operational attribute that renders an entity open to exploitation or susceptible to a given hazard."</span><a href="https://www.cisa.gov/sites/default/files/publications/dhs-risk-lexicon-2010_0.pdf" target="[object Object]"><span style="color: #003478;"> (DHS, 2010)</span></a></p> <p>There are four main categories of vulnerabilities presented in the table below.</p> <table> <tr> <td td style="background-color:#003478; color: white; border: 1px solid black; padding: 15px; vertical-align: middle; text-align:center;font-weight:bold !important;" colspan="2">Categories of Vulnerabilities</td> </tr> <tr style="align: middle; vertical-align: middle;"> <td style="border: 1px solid black; padding: 15px; align: middle; vertical-align: middle; width: 15%"><img src="//d24jp206mxeyfm.cloudfront.net/assets/courseware/v1/8f7fb9657f33002d71dce6e6ae59d2d7/asset-v1:OSCE+CriticalEnergyNetworks101+2021+type@asset+block/Mod1_Physical-Vuln.jpg" alt="Get Alt Text" /></td> <td style="border: 1px solid black; padding: 15px; align: left; vertical-align: top;"><span style="font-weight:bold !important; text-decoration: underline !important;">Physical vulnerabilities</span> refer to weaknesses resulting from structural fragilities such as aging infrastructure, physical attributes, and dependencies.</td> </tr> <tr style="align: middle; vertical-align: middle;"> <td style="border: 1px solid black; padding: 15px; align: middle; vertical-align: middle; width: 15%"><img src="//d24jp206mxeyfm.cloudfront.net/assets/courseware/v1/19f0fc74b25b2a9b5dd215f9eb46fb54/asset-v1:OSCE+CriticalEnergyNetworks101+2021+type@asset+block/Mod1_Technical-Vuln.jpg" alt="Get Alt Text" /></td> <td style="border: 1px solid black; padding: 15px; align: left; vertical-align: top;"><span style="font-weight:bold !important; text-decoration: underline !important;">Technical vulnerabilities</span> refer to weaknesses of technical and technological elements such as equipment, software, and hardware.</td> </tr> <tr style="align: middle; vertical-align: middle;"> <td style="border: 1px solid black; padding: 15px; align: middle; vertical-align: middle; width: 15%"><img src="//d24jp206mxeyfm.cloudfront.net/assets/courseware/v1/127d51d355aa2dc82ea9b1d05d2e5f4f/asset-v1:OSCE+CriticalEnergyNetworks101+2021+type@asset+block/Mod1_Operational-Vuln.jpg" alt="Get Alt Text" /></td> <td style="border: 1px solid black; padding: 15px; align: left; vertical-align: top;"><span style="font-weight:bold !important; text-decoration: underline !important;">Operational vulnerabilities</span> refer to weaknesses of performance elements such as communication, control, logistics, reliability, availability, maintainability, and security.</td> </tr> <tr style="align: middle; vertical-align: middle;"> <td style="border: 1px solid black; padding: 15px; align: middle; vertical-align: middle; width: 15%"><img src="//d24jp206mxeyfm.cloudfront.net/assets/courseware/v1/2c180bc58ef714b4c9c0691663acaa61/asset-v1:OSCE+CriticalEnergyNetworks101+2021+type@asset+block/Mod1_Organizational-Vuln.jpg" alt="Get Alt Text" /></td> <td style="border: 1px solid black; padding: 15px; align: left; vertical-align: top;"><span style="font-weight:bold !important; text-decoration: underline !important;">Organizational vulnerabilities</span> refer to weaknesses of economic and social elements such as market drivers, business continuity, costs-benefits, personnel, and human factors.</td> </tr> </table> </div> </div> <script type="text/javascript"> var acc = document.getElementsByClassName("accordion_new2"); var i; for (i = 0; i < acc.length; i++) { acc[i].addEventListener("click", function() { this.classList.toggle("active"); var panel = this.nextElementSibling; if (panel.style.display === "block") { panel.style.display = "none"; } else { panel.style.display = "block"; } }); } </script> </div> </div> <div class="vert vert-3" data-id="block-v1:OSCE+CriticalEnergyNetworks101+2021+type@html+block@68c84308ab3343a78f5119aced913f0f"> <div class="xblock xblock-public_view xblock-public_view-html xmodule_display xmodule_HtmlBlock" data-course-id="course-v1:OSCE+CriticalEnergyNetworks101+2021" data-init="XBlockToXModuleShim" data-runtime-class="LmsRuntime" data-runtime-version="1" data-block-type="html" data-usage-id="block-v1:OSCE+CriticalEnergyNetworks101+2021+type@html+block@68c84308ab3343a78f5119aced913f0f" data-request-token="e7724aea164f11f09c6f2afdb7906a71" data-graded="False" data-has-score="False"> <script type="json/xblock-args" class="xblock-json-init-args"> {"xmodule-type": "HTMLModule"} </script> <style></style> <div><button class="accordion_new3" style= "font-size: 12.0pt; font-family: 'Calibri'; background-color: #003478; background-image: none;">Resilience</button> <div class="panel1"> <p></p> <p><span style="font-weight: bold !important;">Resilience</span> is the <span style="color: #003478; font-style: italic !important;">"ability to prepare for and adapt to changing conditions and withstand and recover rapidly from disruptions. Resilience includes the ability to withstand and recover from deliberate attacks, accidents, or naturally occurring threats or incidents."</span><a href="https://obamawhitehouse.archives.gov/the-press-office/2013/02/12/presidential-policy-directive-critical-infrastructure-security-and-resil" target="[object Object]"><span style="color: #003478;"> (White House, 2013)</span></a></p> <p><center><a href="//d24jp206mxeyfm.cloudfront.net/assets/courseware/v1/5f765536d052e1f6ffb6913fe432942c/asset-v1:OSCE+CriticalEnergyNetworks101+2021+type@asset+block/Mod1_Resilience-Curve.jpg" target="_blank"><img width="50%" src="//d24jp206mxeyfm.cloudfront.net/assets/courseware/v1/5f765536d052e1f6ffb6913fe432942c/asset-v1:OSCE+CriticalEnergyNetworks101+2021+type@asset+block/Mod1_Resilience-Curve.jpg" alt = "Get Alt Text"/></a><span style="color: #003478;"><br/> <b>Resilience Curve</b><a href="https://www.umb.edu/editor_uploads/images/centers_institutes/ciocs/DHS_Operational_Framework.pdf" target="[object Object]"> (Kahan, Allen, and George, 2009)</a></span></center></p> <p style="color: #003478;"> Click on the figure to enlarge it.</p> <p>Resilience is defined by three dimensions presented in the table below.</p> <table> <tr> <td td style="background-color:#003478; color: white; border: 1px solid black; padding: 15px; vertical-align: middle; text-align:center;" colspan="2">Resilience Dimensions</td> </tr> <tr style="align: middle; vertical-align: middle;"> <td style="background-color:rgba(0,136,198,.30); border: 1px solid black; padding: 15px; width:100px; vertical-align: middle; text-align:center;"><b><u>Performance</u></b></td> <td style="background-color:white; border: 1px solid black; padding: 15px; width:300px; ">General level of capacity and quality at which an element or elements of a system perform an essential role.</td> </tr> <tr style="align: middle; vertical-align: middle;"> <td style="background-color:rgba(0,136,198,.30); border: 1px solid black; padding: 15px; width:100px; vertical-align: middle; text-align:center;"><b><u>Time</u></b></td> <td style="background-color:white; border: 1px solid black; padding: 15px; width:300px; ">Chronology of the whole life cycle of any particular adverse situation, whether caused by human- or nature-driven hazards.</td> </tr> <tr style="align: middle; vertical-align: middle;"> <td style="background-color:rgba(0,136,198,.30); border: 1px solid black; padding: 15px; width:100px; vertical-align: middle; text-align:center;"><b><u>Gravity</u></b></td> <td style="background-color:white; border: 1px solid black; padding: 15px; width:300px; ">Degree to which any particular function plays a key role within its host system.</td> </tr> </table> <p>Therefore, resilience represents the gravity of the degradation of an asset's performance overtime. It integrates business continuity and contingency measures that would allow to minimize undesired consequences. Resilience can be characterized with the traditional phases of emergency management presented in the table below <a href="https://publications.anl.gov/anlpubs/2013/07/76797.pdf" target="[object Object]"> (Petit <i>et al.</i>, 2013)</a>: <table> <tr> <td style="background-color:#003478; color: white; border: 1px solid black; padding: 15px; vertical-align: middle; text-align:center;" colspan="2">Resilience Components</td> </tr> <tr style="align: middle; vertical-align: middle;"> <td style="background-color:rgba(0,136,198,.30); border: 1px solid black; padding: 15px; width:100px; vertical-align: middle; text-align:center;"><b><u>Preparedness</u></b></td> <td style="background-color:white; border: 1px solid black; padding: 15px; width:300px; ">Preparedness refers to activities undertaken by an entity in anticipation of the threats/hazards, and the possible consequences, to which it is subject.</td> </tr> <tr style="align: middle; vertical-align: middle;"> <td style="background-color:rgba(0,136,198,.30); border: 1px solid black; padding: 15px; width:100px; vertical-align: middle; text-align:center;"><b><u>Mitigation measures</u></b></td> <td style="background-color:white; border: 1px solid black; padding: 15px; width:300px; ">Mitigation Measures characterize the facility’s capabilities to resist a threat/hazard or to absorb the consequences from the threat/hazard. Mitigation Measures consist of activities undertaken prior to an event to reduce the severity or consequences of a hazard.</td> </tr> <tr style="align: middle; vertical-align: middle;"> <td style="background-color:rgba(0,136,198,.30); border: 1px solid black; padding: 15px; width:100px; vertical-align: middle; text-align:center;"><b><u>Response capabilities</u></b></td> <td style="background-color:white; border: 1px solid black; padding: 15px; width:300px; ">Response capabilities are a function of immediate and ongoing activities, tasks, programs, and systems that have been undertaken or developed to respond and adapt to the adverse effects of an event.</td> </tr> <tr style="align: middle; vertical-align: middle;"> <td style="background-color:rgba(0,136,198,.30); border: 1px solid black; padding: 15px; width:100px; vertical-align: middle; text-align:center;"><b><u>Recovery mechanisms</u></b></td> <td style="background-color:white; border: 1px solid black; padding: 15px; width:300px; ">Recovery Mechanisms include activities and programs designed to be effective and efficient in returning operating conditions to a level that is acceptable to the entity.</td> </tr> </table> </div> </div> <script type="text/javascript"> var acc = document.getElementsByClassName("accordion_new3"); var i; for (i = 0; i < acc.length; i++) { acc[i].addEventListener("click", function() { this.classList.toggle("active"); var panel = this.nextElementSibling; if (panel.style.display === "block") { panel.style.display = "none"; } else { panel.style.display = "block"; } }); } </script> </div> </div> <div class="vert vert-4" data-id="block-v1:OSCE+CriticalEnergyNetworks101+2021+type@html+block@b55ddf417d2947179e1b71f246e31af4"> <div class="xblock xblock-public_view xblock-public_view-html xmodule_display xmodule_HtmlBlock" data-course-id="course-v1:OSCE+CriticalEnergyNetworks101+2021" data-init="XBlockToXModuleShim" data-runtime-class="LmsRuntime" data-runtime-version="1" data-block-type="html" data-usage-id="block-v1:OSCE+CriticalEnergyNetworks101+2021+type@html+block@b55ddf417d2947179e1b71f246e31af4" data-request-token="e7724aea164f11f09c6f2afdb7906a71" data-graded="False" data-has-score="False"> <script type="json/xblock-args" class="xblock-json-init-args"> {"xmodule-type": "HTMLModule"} </script> <style></style> <div><button class="accordion_new4" style= "font-size: 12.0pt; font-family: 'Calibri'; background-color: #003478; background-image: none;">Consequence</button> <div class="panel1"> <p></p> <p>A <span style="font-weight: bold !important;">Consequence</span> is the <span style="color: #003478; font-style: italic !important;">"effect of an event, incident, or occurrence; it reflects the level, duration, and nature of the loss resulting from the incident."</span><a href="https://www.cisa.gov/sites/default/files/publications/dhs-risk-lexicon-2010_0.pdf" target="[object Object]"><span style="color: #003478;"> (DHS, 2010)</span></a></p> <p>Consequences can be categorized in four main categories, which are presented in the table below.</p> <table> <tr> <td style="background-color:#003478; color: white; border: 1px solid black; padding: 15px; vertical-align: middle; text-align:center; font-weight:bold !important;" colspan="2">Categories of Consequences</td> </tr> <tr style="align: middle; vertical-align: middle;"> <td style="border: 1px solid black; padding: 15px; align: middle; vertical-align: middle; width: 15%"><img src="//d24jp206mxeyfm.cloudfront.net/assets/courseware/v1/272f7f8d312f7e1572c6789d4dc92e4f/asset-v1:OSCE+CriticalEnergyNetworks101+2021+type@asset+block/Mod1_Public-Health-Conseq.jpg" alt="Get Alt Text" /></td> <td style="border: 1px solid black; padding: 15px; align: left; vertical-align: top;"><span style="font-weight: bold !important; text-decoration:underline !important;">Public health and safety (i.e., loss of life and illness)</span><br/>Effect on human life and physical well-being (e.g., fatalities, injuries/illness.</td> </tr> <tr style="align: middle; vertical-align: middle;"> <td style="border: 1px solid black; padding: 15px; align: middle; vertical-align: middle; width: 15%"><img src="//d24jp206mxeyfm.cloudfront.net/assets/courseware/v1/fcb8062225de03625824d0ad0a72735d/asset-v1:OSCE+CriticalEnergyNetworks101+2021+type@asset+block/Mod1_Economic-Conseq.jpg" alt="Get Alt Text" /></td> <td style="border: 1px solid black; padding: 15px; align: left; vertical-align: top;"><span style="font-weight: bold !important; text-decoration:underline !important;">Economic (direct and indirect)</span><br/>Direct and indirect economic losses (e.g., cost to rebuild asset, cost to respond to and recover from attack, downstream costs resulting from disruption of product or service, long-term costs due to environmental damage). </td> </tr> <tr style="align: middle; vertical-align: middle;"> <td style="border: 1px solid black; padding: 15px; align: middle; vertical-align: middle; width: 15%"><img src="//d24jp206mxeyfm.cloudfront.net/assets/courseware/v1/a5689118caca6dfdb90ecae5bd4ddf64/asset-v1:OSCE+CriticalEnergyNetworks101+2021+type@asset+block/Mod1_Psychological-Conseq.jpg" alt="Get Alt Text" /></td> <td style="border: 1px solid black; padding: 15px; align: left; vertical-align: top;"><span style="font-weight: bold !important; text-decoration:underline !important;">Psychological</span><br/>Effect on public morale and confidence in national economic and political institutions. This encompasses those changes in perceptions emerging after a significant incident that affect the public’s sense of safety and well-being and can manifest in aberrant behavior.</td> </tr> <tr style="align: middle; vertical-align: middle;"> <td style="border: 1px solid black; padding: 15px; align: middle; vertical-align: middle; width: 15%"><img src="//d24jp206mxeyfm.cloudfront.net/assets/courseware/v1/8cce3b5d7b84003aa371cc17530b1383/asset-v1:OSCE+CriticalEnergyNetworks101+2021+type@asset+block/Mod1_Government-Conseq.jpg" alt="Get Alt Text" /></td> <td style="border: 1px solid black; padding: 15px; align: left; vertical-align: top;"><span style="font-weight: bold !important; text-decoration:underline !important;">Governance/mission impacts</span><br/>Effect on government’s or industry’s ability to maintain order, deliver minimum essential public services, ensure public health and safety, and carry out national security-related missions.</td> </tr> </table> </div> </div> <script type="text/javascript"> var acc = document.getElementsByClassName("accordion_new4"); var i; for (i = 0; i < acc.length; i++) { acc[i].addEventListener("click", function() { this.classList.toggle("active"); var panel = this.nextElementSibling; if (panel.style.display === "block") { panel.style.display = "none"; } else { panel.style.display = "block"; } }); } </script> </div> </div> <div class="vert vert-5" data-id="block-v1:OSCE+CriticalEnergyNetworks101+2021+type@html+block@5540d18640b246efb1ada92438450255"> <div class="xblock xblock-public_view xblock-public_view-html xmodule_display xmodule_HtmlBlock" data-course-id="course-v1:OSCE+CriticalEnergyNetworks101+2021" data-init="XBlockToXModuleShim" data-runtime-class="LmsRuntime" data-runtime-version="1" data-block-type="html" data-usage-id="block-v1:OSCE+CriticalEnergyNetworks101+2021+type@html+block@5540d18640b246efb1ada92438450255" data-request-token="e7724aea164f11f09c6f2afdb7906a71" data-graded="False" data-has-score="False"> <script type="json/xblock-args" class="xblock-json-init-args"> {"xmodule-type": "HTMLModule"} </script> <style></style> <div> <p>Risk is thus a function of four elements: the hazards to which an asset is susceptible, the vulnerability of the asset to the hazard, the resilience of the asset to face an incident (i.e., degradation of the asset), and the undesired consequences potentially generated by the incident. The risk components can be represented as a Risk Bowtie.</p> <p><center><a href="//d24jp206mxeyfm.cloudfront.net/assets/courseware/v1/e7ab8f4975bcb282e4616201d43fd6a7/asset-v1:OSCE+CriticalEnergyNetworks101+2021+type@asset+block/Mod1_Risk-Bowtie.jpg" target="_blank"><img width="60%" src="//d24jp206mxeyfm.cloudfront.net/assets/courseware/v1/e7ab8f4975bcb282e4616201d43fd6a7/asset-v1:OSCE+CriticalEnergyNetworks101+2021+type@asset+block/Mod1_Risk-Bowtie.jpg" alt="Get Alt Text" /></a><br/><span style="color: #003478;"><b>Risk Bowtie</b> (Petit, 2021)</span></center></p> <p style="color: #003478;"> Click on the figure to enlarge it.</p> <p>The risk bowtie represents how hazards, vulnerability, resilience, and consequences fit together over time to define a risk logical flow. The interactions among the components of risk are complex — and are made more so when analysts and owners/operators consider the transfer of risk among assets in the case of a threat by an intelligent adversary.<br/><br/>The next sections of this first module describe the general concepts to conduct risk analyses.</p> </div> </div> </div> </div> <script type="text/javascript"> (function (require) { require(['https://d24jp206mxeyfm.cloudfront.net/static/js/dateutil_factory.a28baef97506.js?raw'], function () { require(['js/dateutil_factory'], function (DateUtilFactory) { DateUtilFactory.transform('.localized-datetime'); }); }); }).call(this, require || RequireJS.require); </script> <script> function emit_event(message) { parent.postMessage(message, '*'); } </script> </div>

<div class="xblock xblock-public_view xblock-public_view-vertical" data-course-id="course-v1:OSCE+CriticalEnergyNetworks101+2021" data-init="VerticalStudentView" data-runtime-class="LmsRuntime" data-runtime-version="1" data-block-type="vertical" data-usage-id="block-v1:OSCE+CriticalEnergyNetworks101+2021+type@vertical+block@e8ffa7b4470e4f3db6fb45495dd7eb7b" data-request-token="e7724aea164f11f09c6f2afdb7906a71" data-graded="False" data-has-score="False"> <div class="vert-mod"> <div class="vert vert-0" data-id="block-v1:OSCE+CriticalEnergyNetworks101+2021+type@html+block@91de8cbf415a4072ba145061e1d512b1"> <div class="xblock xblock-public_view xblock-public_view-html xmodule_display xmodule_HtmlBlock" data-course-id="course-v1:OSCE+CriticalEnergyNetworks101+2021" data-init="XBlockToXModuleShim" data-runtime-class="LmsRuntime" data-runtime-version="1" data-block-type="html" data-usage-id="block-v1:OSCE+CriticalEnergyNetworks101+2021+type@html+block@91de8cbf415a4072ba145061e1d512b1" data-request-token="e7724aea164f11f09c6f2afdb7906a71" data-graded="False" data-has-score="False"> <script type="json/xblock-args" class="xblock-json-init-args"> {"xmodule-type": "HTMLModule"} </script> <style></style> <div> <p style="font-size: 13pt !important; color: #003478; font-weight: bold !important; text-decoration: underline !important;">Risk Analysis vs Risk Assessment vs Risk Management</p> <p>There are fundamental differences between risk analysis, assessment, and management. The following table presents these key terms.</p> <table> <tr> <td style="background-color:#003478; color: white; border: 1px solid black; padding: 15px; vertical-align: middle; text-align:center;" colspan="2"><b>Key Terms </b><a href="https://www.cisa.gov/sites/default/files/publications/dhs-risk-lexicon-2010_0.pdf" target="_blank"><span style="color:white;">(DHS, 2010)</span></a></td> </tr> <tr> <td style="background-color:rgba(0,136,198,.30); border: 1px solid black; padding: 15px; width:100px; vertical-align: middle; text-align:center;"><b>Risk Analyis</b></td> <td style="background-color:white; border: 1px solid black; padding: 15px; width:300px; ">Systematic examination of the components and characteristics of risk.</td> </tr> <tr> <td style="background-color:rgba(0,136,198,.30); border: 1px solid black; padding: 15px; width:100px; vertical-align: middle; text-align:center;"><b>Risk Assessment</b></td> <td style="background-color:white; border: 1px solid black; padding: 15px; width:300px; ">Product or process that collects information and assigns values to risks for the purpose of informing priorities, developing or comparing courses of action, and informing decision-making.</td> </tr> <tr> <td style="background-color:rgba(0,136,198,.30); border: 1px solid black; padding: 15px; width:100px; vertical-align: middle; text-align:center;"><b>Risk Management</b></td> <td style="background-color:white; border: 1px solid black; padding: 15px; width:300px; ">Process of identifying, analyzing, assessing, and communicating risk; and accepting, avoiding, transferring, or controlling it to an acceptable level considering the associated costs and the benefits of any actions taken.</td> </tr> <tr> <td style="background-color:rgba(0,136,198,.30); border: 1px solid black; padding: 15px; width:100px; vertical-align: middle; text-align:center;"><b>Risk-Based Decision-making</b></td> <td style="background-color:white; border: 1px solid black; padding: 15px; width:300px; ">Determination of a course of action predicated <u>primarily</u> on the assessment of risk and the expected impact of that course of action on that risk.</td> </tr> <tr> <td style="background-color:rgba(0,136,198,.30); border: 1px solid black; padding: 15px; width:100px; vertical-align: middle; text-align:center;"><b>Risk-Informed Decision-making</b></td> <td style="background-color:white; border: 1px solid black; padding: 15px; width:300px; ">Determination of a course of action predicated on the assessment of risk, the expected impact of that course of action on that risk, <u>as well as other relevant factors</u>.</td> </tr> </table> <p><span style="color:#003478"><b>Risk analysis is the process</b></span> one goes through in order to develop a risk assessment. <span style="color:#003478"><b>Risk assessment is the tangible outcome</b></span> of the risk analysis process. Finally, <span style="color:#003478"><b>risk management defines the roles and responsibilities</b></span> of people who need to make decisions based upon the results of the risk analysis process. The objective of a risk management framework, which includes analysis and assessment, is therefore to inform decision-making.</p> <p>Risk-based decision-making, which focuses exclusively on the analysis of risk components, is ideal. However, it is also important to consider other factors, such as resource constraints and political implications, and therefore settle for risk-informed decision-making to enhance the protection and resilience of critical infrastructure systems.</p> <p>Protection includes actions to mitigate the overall risk to critical infrastructure assets, systems, networks, functions, or their interconnecting links resulting from exposure, injury, destruction,incapacitation, or exploitation. This includes actions to deter the threat, mitigate vulnerabilities, or minimize te consequences associated with an attack or other manmade or natural event.</p> <p><center><a href="//d24jp206mxeyfm.cloudfront.net/assets/courseware/v1/c8bc918fe3388a96d609efdf664ec82d/asset-v1:OSCE+CriticalEnergyNetworks101+2021+type@asset+block/Mod1_Protection.jpg" target="_blank"><img width="50%" src="//d24jp206mxeyfm.cloudfront.net/assets/courseware/v1/c8bc918fe3388a96d609efdf664ec82d/asset-v1:OSCE+CriticalEnergyNetworks101+2021+type@asset+block/Mod1_Protection.jpg" alt="Get Alt Text" /></a><br/><span style="color: #003478;"><b>Infrastructure Protection</b><a href="https://www.cisa.gov/sites/default/files/publications/national-infrastructure-protection-plan-2009-508.pdf" target="[object Object]"> (DHS, 2009)</a></span></center></p> <p style="color: #003478;"> Click on the figure to enlarge it.</p> <p>Risk management therefore includes activities to:</p> <ul> <li>Identify, deter, detect, disrupt, and prepare for threats and hazards</li> <li>Reduce vulnerabilities</li> <li>Mitigate consequences</li> </ul> <p>As defined in the section on risk components, it is also important to consider resilience components. The following figure illustrates the integration of traditional risk components (i.e., threat, vulnerability, and consequence) with resilience components in a risk management approach.</p> <p><center><a href="//d24jp206mxeyfm.cloudfront.net/assets/courseware/v1/9b74d6208ec38d49e19b16ed91a9242d/asset-v1:OSCE+CriticalEnergyNetworks101+2021+type@asset+block/Mod1_Security-and-Resilience.jpg" target="_blank"><img width="50%" src="//d24jp206mxeyfm.cloudfront.net/assets/courseware/v1/9b74d6208ec38d49e19b16ed91a9242d/asset-v1:OSCE+CriticalEnergyNetworks101+2021+type@asset+block/Mod1_Security-and-Resilience.jpg" alt="Get Alt Text" /></a><br/><span style="color: #003478;"><b>Infrastructure Protection and Resilience</b><a href="https://www.cisa.gov/sites/default/files/publications/national-infrastructure-protection-plan-2013-508.pdf" target="[object Object]"> (DHS, 2013)</a></span></center></p> <p style="color: #003478;"> Click on the figure to enlarge it.</p> <p style="color: #003478;"> Expand the accordions below for more information on the critical infrastructure risk management framework and to view some risk analysis challenges and myths.</p> </div> </div> </div> <div class="vert vert-1" data-id="block-v1:OSCE+CriticalEnergyNetworks101+2021+type@html+block@6a2eaa3cda2a4611b474dbb3e63973d8"> <div class="xblock xblock-public_view xblock-public_view-html xmodule_display xmodule_HtmlBlock" data-course-id="course-v1:OSCE+CriticalEnergyNetworks101+2021" data-init="XBlockToXModuleShim" data-runtime-class="LmsRuntime" data-runtime-version="1" data-block-type="html" data-usage-id="block-v1:OSCE+CriticalEnergyNetworks101+2021+type@html+block@6a2eaa3cda2a4611b474dbb3e63973d8" data-request-token="e7724aea164f11f09c6f2afdb7906a71" data-graded="False" data-has-score="False"> <script type="json/xblock-args" class="xblock-json-init-args"> {"xmodule-type": "HTMLModule"} </script> <style></style> <div><button class="accordion_new" style= "font-size: 12.0pt; font-family: 'Calibri'; background-color: #003478; background-image: none;">Critical Infrastructure Risk Management Framework</button> <div class="panel"><br/> <div> <p>The Critical Infrastructure Risk Management Framework includes five main steps, which constitute an iterative process shown in the figure below.</p> <p><center><a href="//d24jp206mxeyfm.cloudfront.net/assets/courseware/v1/e8bb45b67c91a83dba5b8503c068ec5d/asset-v1:OSCE+CriticalEnergyNetworks101+2021+type@asset+block/Mod1_Risk-Management.jpg" target="_blank"><img src="//d24jp206mxeyfm.cloudfront.net/assets/courseware/v1/e8bb45b67c91a83dba5b8503c068ec5d/asset-v1:OSCE+CriticalEnergyNetworks101+2021+type@asset+block/Mod1_Risk-Management.jpg" alt="Get Alt Text" /></a><br/><span style="color: #003478;"><b>Critical Infrastructure Risk Management Framework</b><a href="https://www.cisa.gov/sites/default/files/publications/national-infrastructure-protection-plan-2013-508.pdf" target="[object Object]"> (DHS, 2013)</a></span></center></p> <p style="color: #003478;"> Click on the figure to enlarge it.</p> <p>The table below describes these five steps.</p> <table> <tr> <td style="background-color:#003478; color: white; border: 1px solid black; padding: 15px; vertical-align: middle; text-align:center;" colspan="2"><b>Risk Management Steps</b></td> </tr> <tr> <td style="background-color:rgba(0,136,198,.30); border: 1px solid black; padding: 15px; width:100px; vertical-align: middle; text-align:center;"><b><center>Set Goals and Objectives</center></b></td> <td style="background-color:white; border: 1px solid black; padding: 15px; ">Achieving robust, protected, and resilient infrastructure requires national, State, local, and sector-specific protection and resilience visions, goals, and objectives that describe the desired risk management posture. These goals and objectives should consider the physical, cyber, and human elements of critical infrastructure protection and resilience. Goals and objectives may vary across and within sectors and levels of government, depending on the risk landscape, operating environment, and composition of a specific industry, resource, or other aspect of critical infrastructure systems.</td> </tr> <tr> <td style="background-color:rgba(0,136,198,.30); border: 1px solid black; padding: 15px; width:100px; vertical-align: middle; text-align:center;"><b><center>Identify Infrastructure</center></b></td> <td style="background-color:white; border: 1px solid black; padding: 15px; ">Partnerships among governments and critical infrastructure partners is important to build, manage, refine, and improve a comprehensive inventory of the assets, systems, and networks that make up critical infrastructure systems. This inventory provides a common baseline of knowledge that can support in understanding critical infrastruture systems, as well as enable national, local, regional, and sector-based risk assessment, prioritization, and management.</td> </tr> <tr> <td style="background-color:rgba(0,136,198,.30); border: 1px solid black; padding: 15px; width:100px; vertical-align: middle; text-align:center;"><b><center>Assess and Analyze Risks</center></b></td> <td style="background-color:white; border: 1px solid black; padding: 15px; ">Common definitions, scenarios, assumptions, metrics, and processes are needed to ensure that risk assessments contribute to a shared understanding among critical infrastructure partners. Risk analysis results in sound, scenario-based consequence and vulnerability estimates, as well as an assessment of the likelihood that the postulated threat would occur. Risk analyses and assessments are conducted to inform decision making, using a broad range of methodologies. These assessments allow critical infrastructure community leaders to understand the most likely and severe incidents that could affect their operations and communities and use this information to support planning and resource allocation in a coordinated manner.</td> </tr> <tr> <td style="background-color:rgba(0,136,198,.30); border: 1px solid black; padding: 15px; width:100px; vertical-align: middle; text-align:center;"><b><center>Implement Risk Management Activities</center></b></td> <td style="background-color:white; border: 1px solid black; padding: 15px; ">Prioritizing risk management efforts regarding the most significant critical infrastructure helps focus planning, increase coordination, and support effective resource allocation and incident management, response, and restoration decisions. Decision makers prioritize activities to manage critical infrastructure risk based on the criticality of the affected infrastructure, the costs of such activities, and the potential for risk reduction. Some risk management activities address multiple aspects of risk, while others are more targeted to address specific threats, vulnerabilities, or potential consequences.</td> </tr> <tr> <td style="background-color:rgba(0,136,198,.30); border: 1px solid black; padding: 15px; width:100px; vertical-align: middle; text-align:center;"><b><center>Measure Effectiveness</center></b></td> <td style="background-color:white; border: 1px solid black; padding: 15px; ">The critical infrastructure community evaluates the effectiveness of risk management efforts within sectors and at national, State, local, and regional levels by developing metrics for both direct and indirect indicator measurement.</td> </tr> </table> <p>The following sections of this module focus primarily on risk analysis.</p> </div> </div> </div> <script type="text/javascript"> var acc = document.getElementsByClassName("accordion_new"); var i; for (i = 0; i < acc.length; i++) { acc[i].addEventListener("click", function() { this.classList.toggle("active"); var panel = this.nextElementSibling; if (panel.style.display === "block") { panel.style.display = "none"; } else { panel.style.display = "block"; } }); } </script> </div> </div> <div class="vert vert-2" data-id="block-v1:OSCE+CriticalEnergyNetworks101+2021+type@html+block@6517d05ed44943278c58c253425db3d2"> <div class="xblock xblock-public_view xblock-public_view-html xmodule_display xmodule_HtmlBlock" data-course-id="course-v1:OSCE+CriticalEnergyNetworks101+2021" data-init="XBlockToXModuleShim" data-runtime-class="LmsRuntime" data-runtime-version="1" data-block-type="html" data-usage-id="block-v1:OSCE+CriticalEnergyNetworks101+2021+type@html+block@6517d05ed44943278c58c253425db3d2" data-request-token="e7724aea164f11f09c6f2afdb7906a71" data-graded="False" data-has-score="False"> <script type="json/xblock-args" class="xblock-json-init-args"> {"xmodule-type": "HTMLModule"} </script> <style></style> <div><button class="accordion_new1" style= "font-size: 12.0pt; font-family: 'Calibri'; background-color: #003478; background-image: none;">Risk Analysis Myths</button> <div class="panel"><br/> <div> <p style="font-size: 13pt !important; color: #003478; font-weight: bold !important; text-decoration: underline !important;">Myths vs ...</p> <p>There are <span style="color: #003478;">several myths</span> about risk analysis:</p> <ul> <li><span style="color: #003478;">It is predictive.</span><br/> Risk analysis is not predictive. It does not attempt to “predict” the future, but rather it uses the information of what currently exists and what has occurred in the past to outline the potential events that could occur and what those impacts may be.</li> <li><span style="color: #003478;">It measures risk in absolute terms.</span><br/> Risk analysis is not a thermometer. It does not “measure” risk in absolute terms, but rather combine qualitative and quantitative analyses to identify and analyze potential issues that could negatively impact key business initiatives or projects.</li> <li><span style="color: #003478;">It needs perfect information.</span><br/> Risk analysis does not require perfect information to be useful. Risk analysis is done in an environment where information gaps exist, therefore even with uncertainty risk analysis is still helpful in outlining the potential events and hazards that could manifest themselves.</li> <li><span style="color: #003478;">It needs scientific or mathematical precision.</span><br/> Risk analysis does not use numbers to imply scientific or mathematical precision. Risk analysis takes into account hazard/threat, vulnerability, consequence, and resilience to inform decision-making on critical infrastructure security and resilience.</li> <li><span style="color: #003478;">It is used to make decisions.</span><br/> Risk analysis does not “make decisions." It is the process used to develop risk assessment and to better inform those who do make decisions.</li> </ul> <p style="font-size: 13pt !important; color: #003478; font-weight: bold !important; text-decoration: underline !important;">Reality</p> <p>Some <span style="color: #003478;">truths</span> about risk analysis:</p> <ul> <li><span style="color: #003478;">Risk analysis creates "risk awareness" and promotes "risk intelligence."</span><br/> Risk analysis allows to gather information and to provide decision-makers products on which to make decisions.</li> <li><span style="color: #003478;">The risk analysis processes of research and analysis can be more useful than the final product.</span><br/> Going through the process helps to inform analysts in current and potential future situations.</li> <li><span style="color: #003478;">Risk analysis can be done with as little or as much information as is available.</span><br/> Risk analysis can be done with limited time, resources and information.</li> <li><span style="color: #003478;">There is no "perfect" risk analysis methodology.</span></li> <li><span style="color: #003478;">There is no "one-size fits all" risk analysis methodology.</span></li> </ul> </div> </div> </div> <script type="text/javascript"> var acc = document.getElementsByClassName("accordion_new1"); var i; for (i = 0; i < acc.length; i++) { acc[i].addEventListener("click", function() { this.classList.toggle("active"); var panel = this.nextElementSibling; if (panel.style.display === "block") { panel.style.display = "none"; } else { panel.style.display = "block"; } }); } </script> </div> </div> <div class="vert vert-3" data-id="block-v1:OSCE+CriticalEnergyNetworks101+2021+type@html+block@13949cd5ef89486999ed8eb775adc8be"> <div class="xblock xblock-public_view xblock-public_view-html xmodule_display xmodule_HtmlBlock" data-course-id="course-v1:OSCE+CriticalEnergyNetworks101+2021" data-init="XBlockToXModuleShim" data-runtime-class="LmsRuntime" data-runtime-version="1" data-block-type="html" data-usage-id="block-v1:OSCE+CriticalEnergyNetworks101+2021+type@html+block@13949cd5ef89486999ed8eb775adc8be" data-request-token="e7724aea164f11f09c6f2afdb7906a71" data-graded="False" data-has-score="False"> <script type="json/xblock-args" class="xblock-json-init-args"> {"xmodule-type": "HTMLModule"} </script> <style></style> <div><button class="accordion_new2" style= "font-size: 12.0pt; font-family: 'Calibri'; background-color: #003478; background-image: none;">Risk Analysis Challenges</button> <div class="panel"><br/> <div> <p style="font-size: 13pt !important; color: #003478; font-weight: bold !important; text-decoration: underline !important;">Challenges of risk analysis</p> <p>A number of challenges to conducting risk analysis do exist:</p> <ul> <li style="color: #003478;">All critical infrastructure systems have specificities.</li> <li style="color: #003478;">It is difficlut to predict human behavior.</li> <li style="color: #003478;">There are differences between real and perceived risk.</li> <li style="color: #003478;">It can be difficult to capture the knowledge and culture of an institution.</li> <li style="color: #003478;">It can be difficult to ensure (reasonable) completeness of the analysis.</li> <li style="color: #003478;">It can be difficult to validate you analysis models.</li> </ul> <p style="font-size: 13pt !important; color: #003478; font-weight: bold !important; text-decoration: underline !important;">Challenges of risk analysis in Homeland Security</p> <p>Additional challenges do exist for risk analysis applied in Homeland Security:</p> <ul> <li><span style="color: #003478;">Difficulties to quantify the probability of a threat.</span><br/>There is a lack of knowledge about intentional threat, how we can define human intent and capabilities.</li> <li><span style="color: #003478;">The balance between information sharing, information reliability, and information security.</span><br/>Information security and reliability is a conundrum. Securing information that is necessary, yet protecting it through classification which will ultimately reduce the amount of people that can consume your analysis is always a balancing act.</li> <li><span style="color: #003478;">Difficulty of measuring return on investment.</span><br/>Measuring the return on investment for protective and deterrent methods has always been difficult. How can you prove that because of your protective measures, the threat did not occur? Because it is difficult to show the value of these measures often times these potential needed measures are not put in place</li> </ul> <table> <tr> <td style="background-color:rgba(0,136,198,.30); border: 1px solid black; padding: 15px; vertical-align: middle; text-align:center;" colspan="1"><b>In the absence of risk analysis, decisionmakers will still make decisions,<br/> but will lack the benefits of the analysis you can provide.</b></td> </tr> </table> </div> </div> </div> <script type="text/javascript"> var acc = document.getElementsByClassName("accordion_new2"); var i; for (i = 0; i < acc.length; i++) { acc[i].addEventListener("click", function() { this.classList.toggle("active"); var panel = this.nextElementSibling; if (panel.style.display === "block") { panel.style.display = "none"; } else { panel.style.display = "block"; } }); } </script> </div> </div> <div class="vert vert-4" data-id="block-v1:OSCE+CriticalEnergyNetworks101+2021+type@html+block@deca293636704a8d95fdb6ad1d64383a"> <div class="xblock xblock-public_view xblock-public_view-html xmodule_display xmodule_HtmlBlock" data-course-id="course-v1:OSCE+CriticalEnergyNetworks101+2021" data-init="XBlockToXModuleShim" data-runtime-class="LmsRuntime" data-runtime-version="1" data-block-type="html" data-usage-id="block-v1:OSCE+CriticalEnergyNetworks101+2021+type@html+block@deca293636704a8d95fdb6ad1d64383a" data-request-token="e7724aea164f11f09c6f2afdb7906a71" data-graded="False" data-has-score="False"> <script type="json/xblock-args" class="xblock-json-init-args"> {"xmodule-type": "HTMLModule"} </script> <style></style> <p> The following sections introduce the general concepts of threat analysis, vulnerability analysis, consequence analysis, and resilience analysis.</p> </div> </div> </div> <script type="text/javascript"> (function (require) { require(['https://d24jp206mxeyfm.cloudfront.net/static/js/dateutil_factory.a28baef97506.js?raw'], function () { require(['js/dateutil_factory'], function (DateUtilFactory) { DateUtilFactory.transform('.localized-datetime'); }); }); }).call(this, require || RequireJS.require); </script> <script> function emit_event(message) { parent.postMessage(message, '*'); } </script> </div>

<div class="xblock xblock-public_view xblock-public_view-vertical" data-course-id="course-v1:OSCE+CriticalEnergyNetworks101+2021" data-init="VerticalStudentView" data-runtime-class="LmsRuntime" data-runtime-version="1" data-block-type="vertical" data-usage-id="block-v1:OSCE+CriticalEnergyNetworks101+2021+type@vertical+block@b7c478a5a0474f7ba91434f4ee54cb95" data-request-token="e7724aea164f11f09c6f2afdb7906a71" data-graded="False" data-has-score="False"> <div class="vert-mod"> <div class="vert vert-0" data-id="block-v1:OSCE+CriticalEnergyNetworks101+2021+type@html+block@42495c2e2de8426196e1e7e7370b86bd"> <div class="xblock xblock-public_view xblock-public_view-html xmodule_display xmodule_HtmlBlock" data-course-id="course-v1:OSCE+CriticalEnergyNetworks101+2021" data-init="XBlockToXModuleShim" data-runtime-class="LmsRuntime" data-runtime-version="1" data-block-type="html" data-usage-id="block-v1:OSCE+CriticalEnergyNetworks101+2021+type@html+block@42495c2e2de8426196e1e7e7370b86bd" data-request-token="e7724aea164f11f09c6f2afdb7906a71" data-graded="False" data-has-score="False"> <script type="json/xblock-args" class="xblock-json-init-args"> {"xmodule-type": "HTMLModule"} </script> <style></style> <div> <p>This section presents the basic concepts of Hazard Analysis.</p> </div> </div> </div> <div class="vert vert-1" data-id="block-v1:OSCE+CriticalEnergyNetworks101+2021+type@html+block@e02ce31e4c8c4fcdae30ac0dcf878ea3"> <div class="xblock xblock-public_view xblock-public_view-html xmodule_display xmodule_HtmlBlock" data-course-id="course-v1:OSCE+CriticalEnergyNetworks101+2021" data-init="XBlockToXModuleShim" data-runtime-class="LmsRuntime" data-runtime-version="1" data-block-type="html" data-usage-id="block-v1:OSCE+CriticalEnergyNetworks101+2021+type@html+block@e02ce31e4c8c4fcdae30ac0dcf878ea3" data-request-token="e7724aea164f11f09c6f2afdb7906a71" data-graded="False" data-has-score="False"> <script type="json/xblock-args" class="xblock-json-init-args"> {"xmodule-type": "HTMLModule"} </script> <style></style> <div> <p style="font-size: 13pt !important; color: #003478; font-weight: bold !important; text-decoration: underline !important;">Risk Environment</p> <p>The risk environment affecting critical infrastructure is complex and uncertain; threats, vulnerabilities, and consequences have all evolved over the last 10 years. Critical infrastructure are subject to all types of hazards, from physical threats and natural disasters to cyber threats resulting from growing integration of information and communications technologies with critical infrastructure <a href="https://www.cisa.gov/sites/default/files/publications/national-infrastructure-protection-plan-2013-508.pdf" target="[object Object]"> (DHS, 2013)</a>. The following figure illustrates the evolving threats to critical infrastructure.</p> <p><center><a href="//d24jp206mxeyfm.cloudfront.net/assets/courseware/v1/8930cbc45e0e7f92453c05e091e91145/asset-v1:OSCE+CriticalEnergyNetworks101+2021+type@asset+block/Mod1_Hazard.jpg" target="_blank"><img width="50%" src="//d24jp206mxeyfm.cloudfront.net/assets/courseware/v1/8930cbc45e0e7f92453c05e091e91145/asset-v1:OSCE+CriticalEnergyNetworks101+2021+type@asset+block/Mod1_Hazard.jpg" alt="Get Alt Text" /></a><br/><span style="color: #003478;"><b>Infrastructure Protection and Resilience</b><a href="https://www.cisa.gov/sites/default/files/publications/national-infrastructure-protection-plan-2013-508.pdf" target="[object Object]"> (DHS, 2013)</a></span></center></p> <p style="color: #003478;"> Click on the figure to enlarge it.</p> <p>Critical assets, systems, and networks face many hazards, including threats seeking to cause harm and disrupt essential services through physical and cyber attacks, severe weather events, pandemic influenza or other health crises, and the potential for accidents and failures due to infrastructure operating beyond its intended lifespan. Risk analysis must therefore be part of an all-hazards approach.</p> </div> </div> </div> <div class="vert vert-2" data-id="block-v1:OSCE+CriticalEnergyNetworks101+2021+type@html+block@6e389c2a9cde4f98a5d66f74d200fb65"> <div class="xblock xblock-public_view xblock-public_view-html xmodule_display xmodule_HtmlBlock" data-course-id="course-v1:OSCE+CriticalEnergyNetworks101+2021" data-init="XBlockToXModuleShim" data-runtime-class="LmsRuntime" data-runtime-version="1" data-block-type="html" data-usage-id="block-v1:OSCE+CriticalEnergyNetworks101+2021+type@html+block@6e389c2a9cde4f98a5d66f74d200fb65" data-request-token="e7724aea164f11f09c6f2afdb7906a71" data-graded="False" data-has-score="False"> <script type="json/xblock-args" class="xblock-json-init-args"> {"xmodule-type": "HTMLModule"} </script> <style></style> <div> <p style="font-size: 13pt !important; color: #003478; font-weight: bold !important; text-decoration: underline !important;">Hazard Analysis</p> <p>Hazard analysis differs depending on whether we consider an unintentional or an intentional event. Threat/Hazard Analysis seeks to define the likelihood of an incident or disturbing event.<br/><br/> The term <span style="color: #003478;"><b>"hazard"</b></span> is used for natural and unintentional events (e.g., hurricane, flooding) and is generally defined by the statistical analysis of historical data from past events.</p> <p><center><span style="color: #003478; font-weight: bold !important;">A Hazard is a function of the likelihood of a disturbing event.</span></center></p> <p>The <b>core criteria to conduct an analysis of natural disasters and accidental hazards</b> are to:</p> <ul> <li>Use best available analytic tools and historical data to estimate likelihood that events would affect critical Infrastructure.</li> </ul> <p></p> <p style="text-align: left;">The term <span style="color: #003478; font-weight: bold !important;">"threat"</span> is used for human and intentional events (i.e., "attack") and is defined by the combination of capability and intent to define the likelihood that an attack will be attempted.</p> <ul style="margin-left: .25in;"> <li><b>Capability</b> is the "tangible and intangible resources that are both necessary and sufficient for producing a desired outcome."</li> <li><b>Intent</b> is the "desire or design to conduct a type of attack, or attack a type of target."</li> </ul> <p><center><span style="color: #003478; font-weight: bold !important;">A Threat is a function of an attacker Intent and Capability.</span></center></p> <p>The <b>core criteria to conduct an analysis of adversary-specific threat assessments</b> are to:</p> <ul> <li>Account for adversary's ability to recognize target and deterrence value of existing security measres.</li> <li>Identify attack methods that may be used.</li> <li>Consider degree of adversary's intent to attack the target.</li> <li>Condider level of capability demonstrated for the particular attack method.</li> <li>Estimate threat as likelihood that adversary would attempt a given attack method against the target.</li> <li>When threat likelihoods cannot be estimated, use conditional risk values and conduct sensitivity analyses.</li> <li>Use best-available analytic tools and historical data to estimate the likelihood of these events affecting critical infrastructure.</li> </ul> <p>Manmade threat information typically comes from law enforcement and intelligence agencies when natural hazard sources are usually identified by environmental and weather forecast agencies. Accidental hazards are defined by the asset’s equipment and operations.</p> <p><span style="color: #003478;">Expand the accordions below for more information on threat analysis.</span></p> </div> </div> </div> <div class="vert vert-3" data-id="block-v1:OSCE+CriticalEnergyNetworks101+2021+type@html+block@2f2020572141465e8c9e7b58496949b7"> <div class="xblock xblock-public_view xblock-public_view-html xmodule_display xmodule_HtmlBlock" data-course-id="course-v1:OSCE+CriticalEnergyNetworks101+2021" data-init="XBlockToXModuleShim" data-runtime-class="LmsRuntime" data-runtime-version="1" data-block-type="html" data-usage-id="block-v1:OSCE+CriticalEnergyNetworks101+2021+type@html+block@2f2020572141465e8c9e7b58496949b7" data-request-token="e7724aea164f11f09c6f2afdb7906a71" data-graded="False" data-has-score="False"> <script type="json/xblock-args" class="xblock-json-init-args"> {"xmodule-type": "HTMLModule"} </script> <style></style> <div><button class="accordion_new" style= "font-size: 12.0pt; font-family: 'Calibri'; background-color: #003478; background-image: none; ">Basic Concepts</button> <div class="panel"><br/> <div> <p>Conducting a threat analysis is extremely complex. The characterization of an "adversary" intent and capability requires to consider various levels of information. It is important to validate this information and differentiate between several key elements: hypothesis and evidence, consistency and inconsistency, and diagnostic and indicator. These key elements are presented in the table below.</p> <table> <tr> <td style="background-color:#003478; color: white; border: 1px solid black; padding: 15px; vertical-align: middle; text-align:center;" colspan="2"><b>Key Terms </b></td> </tr> <tr> <td style="background-color:rgba(0,136,198,.30); border: 1px solid black; padding: 15px; width:100px; vertical-align: middle; text-align:center;"><b>Hypothesis</b></td> <td style="background-color:white; border: 1px solid black; padding: 15px; width:300px; ">An <b>hypothesis</b> is <i>"a supposition or proposed explanation made on the basis of limited evidence as a starting point for further investigation."</i><br/><br/><u>Example of hypothesis:</u> A violent extremist group will attempt to attack this facility by the end of the week.</td> </tr> <tr> <td style="background-color:rgba(0,136,198,.30); border: 1px solid black; padding: 15px; width:100px; vertical-align: middle; text-align:center;"><b>Evidence</b></td> <td style="background-color:white; border: 1px solid black; padding: 15px; width:300px; ">An <b>evidence</b> is<i>"a fact, documentation, or testimony used to strengthen a claim, support an argument, or reach a conclusion about a hypothesis – An evidence is not a proof."</i><br/><br/><u>Example of evidence:</u> Timmy, a known member of a violent extremist group, was observed taking photos of the entrances/exits to this facility two days ago.</td> </tr> <tr> <td style="background-color:rgba(0,136,198,.30); border: 1px solid black; padding: 15px; width:100px; vertical-align: middle; text-align:center;"><b>Consistency</b></td> <td style="background-color:white; border: 1px solid black; padding: 15px; width:300px; ">A <b>consistency</b> describes<i>"an evidence which tends to confirm a hypothesis."</i><br/><br/><u>Example of consistency:</u> Timmy, a known member of a violent extremist group, was observed taking photos of the entrances/exits to this facility two days ago.</td> </tr> <tr> <td style="background-color:rgba(0,136,198,.30); border: 1px solid black; padding: 15px; width:100px; vertical-align: middle; text-align:center;"><b>Inconsistency</b></td> <td style="background-color:white; border: 1px solid black; padding: 15px; width:300px; ">An <b>inconsistency</b> describes<i>"an evidence which tends to refute a hypothesis."</i><br/><br/><u>Example of inconsistency:</u> Timmy, a known member of a violent extremist group, is currently in custody pending trial.</td> </tr> <tr> <td style="background-color:rgba(0,136,198,.30); border: 1px solid black; padding: 15px; width:100px; vertical-align: middle; text-align:center;"><b>Diagnostic</b></td> <td style="background-color:white; border: 1px solid black; padding: 15px; width:300px; ">A <b>diagnostic</b> serves<i>"to distinguish, identify, or characterize a particular phenomenon."</i></td> </tr> <tr> <td style="background-color:rgba(0,136,198,.30); border: 1px solid black; padding: 15px; width:100px; vertical-align: middle; text-align:center;"><b>Indicator</b></td> <td style="background-color:white; border: 1px solid black; padding: 15px; width:300px; ">An <b>indicator</b> is<i>"an item of information which reflects the intention or capability of an adversary to adopt or reject a course of action."</i></td> </tr> </table> <p>A threat analysis consists therefore in gathering evidences and indicators and verifying hypotheses, considering consistencies and inconsistencies, to pose a diagnostic that allows to identify an intent and capabilities to conduct a disruptive event.</p> </div> </div> </div> <script type="text/javascript"> var acc = document.getElementsByClassName("accordion_new"); var i; for (i = 0; i < acc.length; i++) { acc[i].addEventListener("click", function() { this.classList.toggle("active"); var panel = this.nextElementSibling; if (panel.style.display === "block") { panel.style.display = "none"; } else { panel.style.display = "block"; } }); } </script> </div> </div> <div class="vert vert-4" data-id="block-v1:OSCE+CriticalEnergyNetworks101+2021+type@html+block@afd65a0ef2d74461aafc62e33811f715"> <div class="xblock xblock-public_view xblock-public_view-html xmodule_display xmodule_HtmlBlock" data-course-id="course-v1:OSCE+CriticalEnergyNetworks101+2021" data-init="XBlockToXModuleShim" data-runtime-class="LmsRuntime" data-runtime-version="1" data-block-type="html" data-usage-id="block-v1:OSCE+CriticalEnergyNetworks101+2021+type@html+block@afd65a0ef2d74461aafc62e33811f715" data-request-token="e7724aea164f11f09c6f2afdb7906a71" data-graded="False" data-has-score="False"> <script type="json/xblock-args" class="xblock-json-init-args"> {"xmodule-type": "HTMLModule"} </script> <style></style> <div><button class="accordion_new2" style= "font-size: 12.0pt; font-family: 'Calibri'; background-color: #003478; background-image: none; ">Intent Analysis</button> <div class="panel"><br/> <div> <p>Adversary intent is derived from their personal or organizational motives. This often can be viewed by familial, organizational or other affiliation ties.</p> <p>Assessing an intent can follow the following process:</p> <ul> <li>Define the scope of the threat analysis and refine your analytic task - i.e, Intent to do what?</li> <li>Identify the factors contributing to intent <ul style="list-style-type: circle"> <li>Use threat reporting and historical reference to evaluate intent: <ul style="list-style-type: square"> <li>Stated goals to conduct attacks</li> <li>History of conducting attacks</li> <li>Implied intent based on threat reporting</li> </ul></li> <li>Identify possible attack methods <ul style="list-style-type: square"> <li>Based on stated, implied, or assessed intent</li> <li>Is the objective to cause casualties, disrupt facilities or operations, acquire knowledge or identification?</li> <li>Does the intent imply target identification?</li> <li>Consider local context (e.g., critical infrastructure systems, symbolic targets, financial institutions, and government facilities)</li> </ul></li></ul> <li>Research and assess each factors by defining their presence or absence, and their importance and strength - i.e., define hypothesis, find evidence, and identify consistency and unconsistency</li> </ul> <p>Intent allows to think about the potential attack method that may be utilized. As shown in the figure below, part of understanding adversary intent is understanding the end state of their potential desired attack.</p> <p><center><a href="//d24jp206mxeyfm.cloudfront.net/assets/courseware/v1/5d4efbeeb9951dc1a2c7235af8cc9634/asset-v1:OSCE+CriticalEnergyNetworks101+2021+type@asset+block/Mod1_Intent.jpg" target="_blank"><img width="50%" src="//d24jp206mxeyfm.cloudfront.net/assets/courseware/v1/5d4efbeeb9951dc1a2c7235af8cc9634/asset-v1:OSCE+CriticalEnergyNetworks101+2021+type@asset+block/Mod1_Intent.jpg" alt="Get Alt Text" /></a><br/><span style="color: #003478;"><b>Intent - Adversary Targeting Objectives</b> (Source: FEMA)</span></center></p> <p style="color: #003478;"> Click on the figure to enlarge it.</p> <p>This graphic is a decision tree that can be used to define the potential consequences, aversaries may end up inflicting by looking at their broad intent for the attack. For instance, if their intent is to inflict harm to life, we might expect to see them perpetrate an attack that results in fatalities, critical injuries, or illness.</p> </div> </div> </div> <script type="text/javascript"> var acc = document.getElementsByClassName("accordion_new2"); var i; for (i = 0; i < acc.length; i++) { acc[i].addEventListener("click", function() { this.classList.toggle("active"); var panel = this.nextElementSibling; if (panel.style.display === "block") { panel.style.display = "none"; } else { panel.style.display = "block"; } }); } </script> </div> </div> <div class="vert vert-5" data-id="block-v1:OSCE+CriticalEnergyNetworks101+2021+type@html+block@d5e257f40de34415ba48b563e59d9176"> <div class="xblock xblock-public_view xblock-public_view-html xmodule_display xmodule_HtmlBlock" data-course-id="course-v1:OSCE+CriticalEnergyNetworks101+2021" data-init="XBlockToXModuleShim" data-runtime-class="LmsRuntime" data-runtime-version="1" data-block-type="html" data-usage-id="block-v1:OSCE+CriticalEnergyNetworks101+2021+type@html+block@d5e257f40de34415ba48b563e59d9176" data-request-token="e7724aea164f11f09c6f2afdb7906a71" data-graded="False" data-has-score="False"> <script type="json/xblock-args" class="xblock-json-init-args"> {"xmodule-type": "HTMLModule"} </script> <style></style> <div><button class="accordion_new3" style= "font-size: 12.0pt; font-family: 'Calibri'; background-color: #003478; background-image: none; ">Capability Analysis</button> <div class="panel"><br/> <div> <p>Analyzing an adversary capability is done in context of a specific scenario to identify specific requirements for conducting a succesful attack. Several considerations are important for identifying an adversary capabilities: <ul> <li>What information does the adversary need?</li> <li>Do they have the ability to collect that information?</li> <li>Can the information be processed and exploited in time to use it?</li> <li>What knowledge or skills would the adversary need to have?</li> <li>What material is required?</li> <li>What are some of the operational or logistical challenges?</li> <li>What type of coordination is needed? Number of attackers</li> </ul> <p>For pragmatic reasons, adversaries may avoid making plans they believe they cannot execute. Conversely, capability can breed intent. In particular, capabilities can shape intent by:</p> <ul> <li>Limiting the range of action</li> <li>Inspiring innovation</li> </ul> </div> </div> </div> <script type="text/javascript"> var acc = document.getElementsByClassName("accordion_new3"); var i; for (i = 0; i < acc.length; i++) { acc[i].addEventListener("click", function() { this.classList.toggle("active"); var panel = this.nextElementSibling; if (panel.style.display === "block") { panel.style.display = "none"; } else { panel.style.display = "block"; } }); } </script> </div> </div> </div> <script type="text/javascript"> (function (require) { require(['https://d24jp206mxeyfm.cloudfront.net/static/js/dateutil_factory.a28baef97506.js?raw'], function () { require(['js/dateutil_factory'], function (DateUtilFactory) { DateUtilFactory.transform('.localized-datetime'); }); }); }).call(this, require || RequireJS.require); </script> <script> function emit_event(message) { parent.postMessage(message, '*'); } </script> </div>

<div class="xblock xblock-public_view xblock-public_view-vertical" data-course-id="course-v1:OSCE+CriticalEnergyNetworks101+2021" data-init="VerticalStudentView" data-runtime-class="LmsRuntime" data-runtime-version="1" data-block-type="vertical" data-usage-id="block-v1:OSCE+CriticalEnergyNetworks101+2021+type@vertical+block@f9d1b844643b4791b01a8fd429393d83" data-request-token="e7724aea164f11f09c6f2afdb7906a71" data-graded="False" data-has-score="False"> <div class="vert-mod"> <div class="vert vert-0" data-id="block-v1:OSCE+CriticalEnergyNetworks101+2021+type@html+block@5cff640858614cfda22b6102bfa835d2"> <div class="xblock xblock-public_view xblock-public_view-html xmodule_display xmodule_HtmlBlock" data-course-id="course-v1:OSCE+CriticalEnergyNetworks101+2021" data-init="XBlockToXModuleShim" data-runtime-class="LmsRuntime" data-runtime-version="1" data-block-type="html" data-usage-id="block-v1:OSCE+CriticalEnergyNetworks101+2021+type@html+block@5cff640858614cfda22b6102bfa835d2" data-request-token="e7724aea164f11f09c6f2afdb7906a71" data-graded="False" data-has-score="False"> <script type="json/xblock-args" class="xblock-json-init-args"> {"xmodule-type": "HTMLModule"} </script> <style></style> <div> <p>This section presents the basic concepts of Vulnerability Analysis.</p> </div> </div> </div> <div class="vert vert-1" data-id="block-v1:OSCE+CriticalEnergyNetworks101+2021+type@html+block@0dc7c00d0cf44e698a615fc5c8b0db12"> <div class="xblock xblock-public_view xblock-public_view-html xmodule_display xmodule_HtmlBlock" data-course-id="course-v1:OSCE+CriticalEnergyNetworks101+2021" data-init="XBlockToXModuleShim" data-runtime-class="LmsRuntime" data-runtime-version="1" data-block-type="html" data-usage-id="block-v1:OSCE+CriticalEnergyNetworks101+2021+type@html+block@0dc7c00d0cf44e698a615fc5c8b0db12" data-request-token="e7724aea164f11f09c6f2afdb7906a71" data-graded="False" data-has-score="False"> <script type="json/xblock-args" class="xblock-json-init-args"> {"xmodule-type": "HTMLModule"} </script> <style></style> <div> <p style="font-size: 13pt !important; color: #003478; font-weight: bold !important; text-decoration: underline !important;">Risk Environment</p> <p>Growing interdependencies across critical infrastructure systems, particularly reliance on information and communications technologies, have increased the potential vulnerabilities to physical and cyber threats and potential consequences resulting from the compromise of underlying systems or networks. Vulnerabilities also may exist as a result of a retiring work force or lack of skilled labor. Skilled operators are necessary for infrastructure maintenance and, therefore, security and resilience.<a href="https://www.cisa.gov/sites/default/files/publications/national-infrastructure-protection-plan-2013-508.pdf" target="[object Object]"> (DHS, 2013)</a>. <p>Risk analysis requires understanding the hazards that could potentially affect a given asset, the impacts on the asset because of its vulnerabilities and resilience, and the consequences that might result. Vulnerabilities may be associated with the factors presented in the table below.</p> <table> <tr> <td style="background-color:#003478; color: white; border: 1px solid black; padding: 15px; vertical-align: middle; text-align:center;" colspan="2"><b>Vulnerability Dimensions</b></td> </tr> <tr> <td style="background-color:rgba(0,136,198,.30); border: 1px solid black; padding: 15px; width:100px; vertical-align: middle; text-align:center;"><b>Physical Vulnerabilities</b></td> <td style="background-color:white; border: 1px solid black; padding: 15px; width:300px; ">A <b>physical vulnerability</b> is an aspect or feature of a facility/asset or its geographic location that renders it susceptible to a potential threat or hazard.<br/><br/><u>Example of physical components that may present vulnerabilities:</u><br/> <ul> <li>Perimeter security</li> <li>Access control</li> <li>Building design</li> <li>Electronic Security</li> <li>Parking Access Control</li> <li>Illumination</li> <li>Barriers</li> <li>Location (e.g., environmental setting, and adjacent areas (streets, parking facilities, etc.))</li> </ul> </td> </tr> <tr> <td style="background-color:rgba(0,136,198,.30); border: 1px solid black; padding: 15px; width:100px; vertical-align: middle; text-align:center;"><b>Cyber Vulnerabilities</b></td> <td style="background-color:white; border: 1px solid black; padding: 15px; width:300px; ">A <b>cyber vulnerability</b> is an aspect or feature of a facility’s information technology or communication infrastructure that renders the facility, its people, or its information susceptible to a potential attack.<br/><br/><u>Example of cyber components that may present vulnerabilities:</u><br/> <ul> <li>Supervisory control and data acquisition (SCADA) system and Industrial Control System (ICS)</li> <li>Information Technology (IT) policies (e.g., firewalls, authentication, intrusion detection, and back-up)</li> <li>Personnel training</li> <li>Protection of sensitive information</li> </ul> </td> </tr> <tr> <td style="background-color:rgba(0,136,198,.30); border: 1px solid black; padding: 15px; width:100px; vertical-align: middle; text-align:center;"><b>Human Vulnerabilities</b></td> <td style="background-color:white; border: 1px solid black; padding: 15px; width:300px; ">A <b>human vulnerability</b> are features of an organization or facility that present potential concerns for security due to the presence of employees, patrons, or visitors.<br/><br/><u>Example of human components that may present vulnerabilities:</u><br/> <ul> <li>Employees background checks</li> <li>Security force (e.g., training, staffing, capability)</li> <li>Personnel training</li> <li>Organizational culture (e.g., planning, preparedness)</li> <li>Communications and notifications</li> <li>Monitoring</li> </ul> </td> </tr> <tr> <td style="background-color:rgba(0,136,198,.30); border: 1px solid black; padding: 15px; width:100px; vertical-align: middle; text-align:center;"><b>Operational Vulnerabilities</b></td> <td style="background-color:white; border: 1px solid black; padding: 15px; width:300px; ">An <b>operational vulnerability</b> are features of an organization or facility’s production or operations that renders it susceptible to degradation or disruption from an attack or incident.<br/><br/><u>Example of operational components that may present vulnerabilities:</u><br/> <ul> <li>Dependencies (e.g., utilities, supply chains)</li> <li>Redundancies (e.g., independent backups, pre-planned alternate suppliers and chains)</li> <li>Continuity of operations (e.g., inventory, planning)</li> </ul> </td> </tr> </table> <p>Vunerabilities can be static or dynamic:</p> <ul> <li>A <b>static vulnerability</b> is a vulnerability that is relatively insensitive to the nature of the hazard (e.g., building structure).</li> <li>A <b>dynamic vulnerability</b> is a vulnerability that has characteristics that vary based on the nature of the threat (e.g., population increase during a sporting event).</li> </ul> </div> </div> </div> <div class="vert vert-2" data-id="block-v1:OSCE+CriticalEnergyNetworks101+2021+type@html+block@953a8060924642fb93bbf71b859e57e2"> <div class="xblock xblock-public_view xblock-public_view-html xmodule_display xmodule_HtmlBlock" data-course-id="course-v1:OSCE+CriticalEnergyNetworks101+2021" data-init="XBlockToXModuleShim" data-runtime-class="LmsRuntime" data-runtime-version="1" data-block-type="html" data-usage-id="block-v1:OSCE+CriticalEnergyNetworks101+2021+type@html+block@953a8060924642fb93bbf71b859e57e2" data-request-token="e7724aea164f11f09c6f2afdb7906a71" data-graded="False" data-has-score="False"> <script type="json/xblock-args" class="xblock-json-init-args"> {"xmodule-type": "HTMLModule"} </script> <style></style> <div> <p style="font-size: 13pt !important; color: #003478; font-weight: bold !important; text-decoration: underline !important;">Vulnerability Analysis</p> <p>A vulnerability analysis is an important part of an overall risk analysis process that helps critical infrastructure owners and operators to allocate resources to protect their most important infrastructure assets and systems. The Swiss-cheese Model, developed by James Reason <a href="https://www.ncbi.nlm.nih.gov/pmc/articles/PMC1298298/" target="[object Object]"> (Perneger, 2005)</a>, and generally used in medicine and safety engineering, helps understanding the causal model of an incident, or how a hazard (or combinations of hazards) can result in an incident. The figure below illustrates the risk swiss-cheese model. <p><center><a href="//d24jp206mxeyfm.cloudfront.net/assets/courseware/v1/315a0949b390e538a85db99d2aad9698/asset-v1:OSCE+CriticalEnergyNetworks101+2021+type@asset+block/Mod1_Swiss-Cheese.jpg" target="_blank"><img width="50%" src="//d24jp206mxeyfm.cloudfront.net/assets/courseware/v1/315a0949b390e538a85db99d2aad9698/asset-v1:OSCE+CriticalEnergyNetworks101+2021+type@asset+block/Mod1_Swiss-Cheese.jpg" alt="Get Alt Text" /></a><br/><span style="color: #003478;"><b>Risk Swiss-Cheese Model</b></span></center></p> <p style="color: #003478;"> Click on the figure to enlarge it.</p> <p>In the model, the different slices of cheese represent the various levels of protective barriers in place to ensure the defense in depth (i.e., security and safety) of each infrastructure asset. The holes represent existing weaknesses in existing protective measures. Therefore, a hazard can “exploit” these vulnerabilities, which are represented by the alignment of the holes, and will ultimately lead to a failure (i.e., incident). A vulnerability analysis specifically seeks to assess past incidents and identify latent weaknesses (i.e., existing holes in the protective measures that have not yet been exploited) to propose physical and cyber security improvements; either additional barriers (i.e., new slices) or protective and mitigation measures to fix existing vulnerabilities.</p> <p><span style="color: #003478;">Expand the accordions below for more information on vulnerability analysis.</span></p> </div> </div> </div> <div class="vert vert-3" data-id="block-v1:OSCE+CriticalEnergyNetworks101+2021+type@html+block@86a3dd5ddb614fb497eb7df56fe38157"> <div class="xblock xblock-public_view xblock-public_view-html xmodule_display xmodule_HtmlBlock" data-course-id="course-v1:OSCE+CriticalEnergyNetworks101+2021" data-init="XBlockToXModuleShim" data-runtime-class="LmsRuntime" data-runtime-version="1" data-block-type="html" data-usage-id="block-v1:OSCE+CriticalEnergyNetworks101+2021+type@html+block@86a3dd5ddb614fb497eb7df56fe38157" data-request-token="e7724aea164f11f09c6f2afdb7906a71" data-graded="False" data-has-score="False"> <script type="json/xblock-args" class="xblock-json-init-args"> {"xmodule-type": "HTMLModule"} </script> <style></style> <div><button class="accordion_new" style= "font-size: 12.0pt; font-family: 'Calibri'; background-color: #003478; background-image: none; ">Vulnerability Analysis Levels</button> <div class="panel"><br/> <div> <p>In order to provide a comprehensive picture of critical infrastructure vulnerabilities, vulnerability analyses occur at three main levels presented in the table below.</p> <table> <tr> <td style="background-color:#003478; color: white; border: 1px solid black; padding: 15px; vertical-align: middle; text-align:center;" colspan="2"><b>Vulnerability Analysis Levels</b></td> </tr> <tr> <td style="background-color:rgba(0,136,198,.30); border: 1px solid black; padding: 15px; width:100px; vertical-align: middle; text-align:center;"><b>Asset Level</b></td> <td style="background-color:white; border: 1px solid black; padding: 15px; width:300px; ">The vulnerability analysis focuses on critical infrastructure individual assets (e.g., facility, information, personnel).</td> </tr> <tr> <td style="background-color:rgba(0,136,198,.30); border: 1px solid black; padding: 15px; width:100px; vertical-align: middle; text-align:center;"><b>System Level</b></td> <td style="background-color:white; border: 1px solid black; padding: 15px; width:300px; ">The vulnerability analysis focuses on the end-to-end functioning of a complete critical infrastructure sector or subsector (e.g., electric grid, water systems).</td> </tr> <tr> <td style="background-color:rgba(0,136,198,.30); border: 1px solid black; padding: 15px; width:100px; vertical-align: middle; text-align:center;"><b>System-of-Systems Level</b></td> <td style="background-color:white; border: 1px solid black; padding: 15px; width:300px; ">The vulnerability analysis focuses on the interrelationships among critical infrastructure systems (e.g., energy/water nexus).</td> </tr> </table> </div> </div> </div> <script type="text/javascript"> var acc = document.getElementsByClassName("accordion_new"); var i; for (i = 0; i < acc.length; i++) { acc[i].addEventListener("click", function() { this.classList.toggle("active"); var panel = this.nextElementSibling; if (panel.style.display === "block") { panel.style.display = "none"; } else { panel.style.display = "block"; } }); } </script> </div> </div> <div class="vert vert-4" data-id="block-v1:OSCE+CriticalEnergyNetworks101+2021+type@html+block@c635be55929044748d0170e141821bc5"> <div class="xblock xblock-public_view xblock-public_view-html xmodule_display xmodule_HtmlBlock" data-course-id="course-v1:OSCE+CriticalEnergyNetworks101+2021" data-init="XBlockToXModuleShim" data-runtime-class="LmsRuntime" data-runtime-version="1" data-block-type="html" data-usage-id="block-v1:OSCE+CriticalEnergyNetworks101+2021+type@html+block@c635be55929044748d0170e141821bc5" data-request-token="e7724aea164f11f09c6f2afdb7906a71" data-graded="False" data-has-score="False"> <script type="json/xblock-args" class="xblock-json-init-args"> {"xmodule-type": "HTMLModule"} </script> <style></style> <div><button class="accordion_new2" style= "font-size: 12.0pt; font-family: 'Calibri'; background-color: #003478; background-image: none; ">Methodological Approaches</button> <div class="panel"><br/> <div> <p>Several methodological approaches are available for conducting vulnerability analyses. These approaches can be categorized according to four criteria presented in the table below.</p> <table> <tr> <td style="background-color:#003478; color: white; border: 1px solid black; padding: 15px; vertical-align: middle; text-align:center;" colspan="2"><b>Vulnerability Analysis - Methodological Approaches</b></td> </tr> <tr> <td style="background-color:rgba(0,136,198,.30); border: 1px solid black; padding: 15px; width:100px; vertical-align: middle; text-align:center;"><b>Overall approach</b></td> <td style="background-color:white; border: 1px solid black; padding: 15px; width:300px; ">Overall approach defines the overarching characteristics and techniques that guide the analysis. Among other elements, the vulnerability analysis can be quantitative, focusing on measurable and often pre-defined data, or qualitative, focusing more on subjective considerations difficult to quantify and on the expertise and knowledge of the assessor. The type of analysis also depends on the level of analysis (i.e., asset, system, or system-of-systems) and the considered hazards (i.e., all-hazard vs. scenario-driven assessments).</td> </tr> <tr> <td style="background-color:rgba(0,136,198,.30); border: 1px solid black; padding: 15px; width:100px; vertical-align: middle; text-align:center;"><b>Comprehensiveness</b></td> <td style="background-color:white; border: 1px solid black; padding: 15px; width:300px; ">Comprehensiveness defines the scope of the analysis, which ranges from a quick overview or “snapshot”, using a checklist and remaining very general, to a detailed assessment, including site visits and addressing specific security concerns.</td> </tr> <tr> <td style="background-color:rgba(0,136,198,.30); border: 1px solid black; padding: 15px; width:100px; vertical-align: middle; text-align:center;"><b>Duration</b></td> <td style="background-color:white; border: 1px solid black; padding: 15px; width:300px; ">The duration largely depends on the overall approach and comprehensiveness of the analysis conducted. VAs can range from few hours to several weeks according to the size of the asset assessed and the scope of the analysis.</td> </tr> <tr> <td style="background-color:rgba(0,136,198,.30); border: 1px solid black; padding: 15px; width:100px; vertical-align: middle; text-align:center;"><b>Resource and expertise requirements</b></td> <td style="background-color:white; border: 1px solid black; padding: 15px; width:300px; ">Like the duration, resources and expertise vary based on the critical infrastructure assessed and the objectives of the analysis.</td> </tr> </table> <p>The figure below shows how these four criteria help characterizing but also selecting the VAs that will meet the assessment objectives.</p> <p><center><a href="//d24jp206mxeyfm.cloudfront.net/assets/courseware/v1/58ce8d6ca9f948477b94891f6f690897/asset-v1:OSCE+CriticalEnergyNetworks101+2021+type@asset+block/Mod1_Vulnerability-Tradeoffs.jpg" target="_blank"><img width="50%" src="//d24jp206mxeyfm.cloudfront.net/assets/courseware/v1/58ce8d6ca9f948477b94891f6f690897/asset-v1:OSCE+CriticalEnergyNetworks101+2021+type@asset+block/Mod1_Vulnerability-Tradeoffs.jpg" alt="Get Alt Text" /></a><br/><span style="color: #003478;"><b>Vulnerability Analysis Trade-offs</b> (Source: Argonne National Laboratory)</span></center></p> <p style="color: #003478;"> Click on the figure to enlarge it.</p> <p>Each approach (e.g., VA-1, VA-2, and VA-3) has various strengths, weaknesses, and suitability given the objectives of the analysis being conducted. Detailed, quantitative analyses (i.e., VA-3) may not be feasible (or necessary) given time and resource constraints. Qualitative analyses that provide a snapshot of vulnerabilities and the security posture (i.e., SA-1) may be sufficient to understand a facility’s general vulnerabilities.</p> <p>Decisions must be made regarding the level of detail desired and the specific methodology (or methodologies) to be applied. To the extent possible, a single vulnerability analysis approach should be used to facilitate consistent comparisons among the assets included in the analysis. The selection of the appropriate techniques and methodologies is therefore directly based on the analysis objectives.</p> </div> </div> </div> <script type="text/javascript"> var acc = document.getElementsByClassName("accordion_new2"); var i; for (i = 0; i < acc.length; i++) { acc[i].addEventListener("click", function() { this.classList.toggle("active"); var panel = this.nextElementSibling; if (panel.style.display === "block") { panel.style.display = "none"; } else { panel.style.display = "block"; } }); } </script> </div> </div> <div class="vert vert-5" data-id="block-v1:OSCE+CriticalEnergyNetworks101+2021+type@html+block@3d8a6c8b7e634b3cb2c58d00aaf2eabc"> <div class="xblock xblock-public_view xblock-public_view-html xmodule_display xmodule_HtmlBlock" data-course-id="course-v1:OSCE+CriticalEnergyNetworks101+2021" data-init="XBlockToXModuleShim" data-runtime-class="LmsRuntime" data-runtime-version="1" data-block-type="html" data-usage-id="block-v1:OSCE+CriticalEnergyNetworks101+2021+type@html+block@3d8a6c8b7e634b3cb2c58d00aaf2eabc" data-request-token="e7724aea164f11f09c6f2afdb7906a71" data-graded="False" data-has-score="False"> <script type="json/xblock-args" class="xblock-json-init-args"> {"xmodule-type": "HTMLModule"} </script> <style></style> <div><button class="accordion_new3" style= "font-size: 12.0pt; font-family: 'Calibri'; background-color: #003478; background-image: none;">Vulnerability Analysis Objectives</button> <div class="panel"><br/> <div> <p>Critical infrastructure should routinely perform vulnerability analyses to understand threats and vulnerabilities, determine acceptable levels of risk, and stimulate action to mitigate identified vulnerabilities. The direct benefits of performing a vulnerability analyses include the elements presented in the table below.</p> <table> <tr> <td style="background-color:#003478; color: white; border: 1px solid black; padding: 15px; vertical-align: middle; text-align:center;" colspan="2"><b>Vulnerability Analysis Direct Benefits</b></td> </tr> <tr> <td style="background-color:rgba(0,136,198,.30); border: 1px solid black; padding: 15px; width:100px; vertical-align: middle; text-align:center;"><b>Build and broaden security awareness</b></td> <td style="background-color:white; border: 1px solid black; padding: 15px; width:300px; ">A vulnerability analysis directs senior management attention to security by characterizing security issues, risks, vulnerabilities, mitigation options, and best practices. Developing awareness is one of the least expensive and most effective methods for improving the overall security posture of critical infrastructure systems.</td> </tr> <tr> <td style="background-color:rgba(0,136,198,.30); border: 1px solid black; padding: 15px; width:100px; vertical-align: middle; text-align:center;"><b>Establish or evaluate against a security baseline</b></td> <td style="background-color:white; border: 1px solid black; padding: 15px; width:300px; ">If a security baseline has been previously established (or if security policies are in place), an analysis is an opportunity to evaluate the improvement or deterioration of the security posture of critical infrastructure systems. If there is no security baseline, a vulnerability analysis is an opportunity to integrate and unify previous efforts, define common metrics, and establish security objectives.</td> </tr> <tr> <td style="background-color:rgba(0,136,198,.30); border: 1px solid black; padding: 15px; width:100px; vertical-align: middle; text-align:center;"><b>Identify vulnerabilities and develop responses</b></td> <td style="background-color:white; border: 1px solid black; padding: 15px; width:300px; ">Generating lists of vulnerabilities and potential responses is usually a core activity and outcome of an assessment. Sometimes, due to budget, time, complexity, and risk considerations, the response selected for many of the vulnerabilities may be non-action, but after completing the analysis and assessment processes, these decisions will be conscious ones, with a documented decision process and item-by-item rationale available for revisiting issues at scheduled intervals. This information can help drive or motivate the development of a risk management process.</td> </tr> <tr> <td style="background-color:rgba(0,136,198,.30); border: 1px solid black; padding: 15px; width:100px; vertical-align: middle; text-align:center;"><b>Categorize important assets and drive the risk management process</b></td> <td style="background-color:white; border: 1px solid black; padding: 15px; width:300px; ">An analysis can be a vehicle for reaching corporate-wide consensus on a hierarchy of critical infrastructure assets. This ranking, combined with threat, vulnerability and risk analysis is at the heart of any risk management process.</td> </tr> <tr> <td style="background-color:rgba(0,136,198,.30); border: 1px solid black; padding: 15px; width:100px; vertical-align: middle; text-align:center;"><b>Develop and build internal skills and expertise</b></td> <td style="background-color:white; border: 1px solid black; padding: 15px; width:300px; ">A vulnerability analysis, when not implemented in an “audit” mode, can serve as an excellent opportunity to build security skills and expertise within an organization. A well-structured analysis can have elements, which serve as a forum for crosscutting groups to come together and share issues, experiences, and expertise.</td> </tr> <tr> <td style="background-color:rgba(0,136,198,.30); border: 1px solid black; padding: 15px; width:100px; vertical-align: middle; text-align:center;"><b>Promote action</b></td> <td style="background-color:white; border: 1px solid black; padding: 15px; width:300px; ">Although disparate security efforts may be underway in an organization, a vulnerability analysis can crystallize and focus management attention and resources on solving specific and systemic security problems. It can help raise security concerns to appropriate levels (legal, financial, executive) and achieve action.</td> </tr> <tr> <td style="background-color:rgba(0,136,198,.30); border: 1px solid black; padding: 15px; width:100px; vertical-align: middle; text-align:center;"><b>Kick off an ongoing security effort</b></td> <td style="background-color:white; border: 1px solid black; padding: 15px; width:300px; ">A vulnerability analysis can be utilized as a catalyst to involve people throughout the organization in security issues, build crosscutting teams, establish permanent forums and councils, and harness the momentum generated by the assessment to build an ongoing institutional security effort.</td> </tr> </table> </div> </div> </div> <script type="text/javascript"> var acc = document.getElementsByClassName("accordion_new3"); var i; for (i = 0; i < acc.length; i++) { acc[i].addEventListener("click", function() { this.classList.toggle("active"); var panel = this.nextElementSibling; if (panel.style.display === "block") { panel.style.display = "none"; } else { panel.style.display = "block"; } }); } </script> </div> </div> </div> <script type="text/javascript"> (function (require) { require(['https://d24jp206mxeyfm.cloudfront.net/static/js/dateutil_factory.a28baef97506.js?raw'], function () { require(['js/dateutil_factory'], function (DateUtilFactory) { DateUtilFactory.transform('.localized-datetime'); }); }); }).call(this, require || RequireJS.require); </script> <script> function emit_event(message) { parent.postMessage(message, '*'); } </script> </div>

<div class="xblock xblock-public_view xblock-public_view-vertical" data-course-id="course-v1:OSCE+CriticalEnergyNetworks101+2021" data-init="VerticalStudentView" data-runtime-class="LmsRuntime" data-runtime-version="1" data-block-type="vertical" data-usage-id="block-v1:OSCE+CriticalEnergyNetworks101+2021+type@vertical+block@2ba6682c3ad64105b73d3958227fb209" data-request-token="e7724aea164f11f09c6f2afdb7906a71" data-graded="False" data-has-score="False"> <div class="vert-mod"> <div class="vert vert-0" data-id="block-v1:OSCE+CriticalEnergyNetworks101+2021+type@html+block@9c0e2a5d64354ca0b4207281a7c737b1"> <div class="xblock xblock-public_view xblock-public_view-html xmodule_display xmodule_HtmlBlock" data-course-id="course-v1:OSCE+CriticalEnergyNetworks101+2021" data-init="XBlockToXModuleShim" data-runtime-class="LmsRuntime" data-runtime-version="1" data-block-type="html" data-usage-id="block-v1:OSCE+CriticalEnergyNetworks101+2021+type@html+block@9c0e2a5d64354ca0b4207281a7c737b1" data-request-token="e7724aea164f11f09c6f2afdb7906a71" data-graded="False" data-has-score="False"> <script type="json/xblock-args" class="xblock-json-init-args"> {"xmodule-type": "HTMLModule"} </script> <style></style> <div> <p>This section presents the basic concepts of Consequence Analysis.</p> </div> </div> </div> <div class="vert vert-1" data-id="block-v1:OSCE+CriticalEnergyNetworks101+2021+type@html+block@a0331c39a1b448ea9e1a8d7424238784"> <div class="xblock xblock-public_view xblock-public_view-html xmodule_display xmodule_HtmlBlock" data-course-id="course-v1:OSCE+CriticalEnergyNetworks101+2021" data-init="XBlockToXModuleShim" data-runtime-class="LmsRuntime" data-runtime-version="1" data-block-type="html" data-usage-id="block-v1:OSCE+CriticalEnergyNetworks101+2021+type@html+block@a0331c39a1b448ea9e1a8d7424238784" data-request-token="e7724aea164f11f09c6f2afdb7906a71" data-graded="False" data-has-score="False"> <script type="json/xblock-args" class="xblock-json-init-args"> {"xmodule-type": "HTMLModule"} </script> <style></style> <div> <p style="font-size: 13pt !important; color: #003478; font-weight: bold !important; text-decoration: underline !important;">Risk Environment</p> <p>Analyzing consequences is very important because consequence levels guide the definition of the infrastructure assets criticality and make it possible to prioritize protection and resilience strategies. As defined earlier, there are four main categories of consequences. The table below shows examples of variables that can be used to analyze these four categories of consequences.</p> <table> <tr> <td style="background-color:#003478; color: white; border: 1px solid black; padding: 15px; vertical-align: middle; text-align:center;" colspan="2"><b>Consequence Analysis Variables</b></td> </tr> <tr> <td style="background-color:rgba(0,136,198,.30); border: 1px solid black; padding: 15px; width:100px; vertical-align: middle; text-align:center;"><b>Public Health and Safety</b></td> <td style="background-color:white; border: 1px solid black; padding: 15px; width:300px; "> <ul> <li>Fatalities</li> <li>Injuries</li> <li>Illnesses</li> </ul> </td> </tr> <tr> <td style="background-color:rgba(0,136,198,.30); border: 1px solid black; padding: 15px; width:100px; vertical-align: middle; text-align:center;"><b>Governance and Mission</b></td> <td style="background-color:white; border: 1px solid black; padding: 15px; width:300px; "> <ul> <li>Social Order and Policing</li> <li>Force Projection</li> <li>Continuity of Operations</li> <li>Functional Capability</li> </ul> </td> </tr> <tr> <td style="background-color:rgba(0,136,198,.30); border: 1px solid black; padding: 15px; width:100px; font-size: 12.0pt; vertical-align: middle; text-align:center;"><b>Economic</b></td> <td style="background-color:white; border: 1px solid black; padding: 15px; width:300px; "> <ul> <li>Repair Costs</li> <li>Remediation Costs</li> <li>Value of Lost Product</li> <li>Replacement Costs</li> <li>Business Interruption</li> <li>Response Costs</li> <li>Value of Behavioral Response</li> </ul> </td> </tr> <tr> <td style="background-color:rgba(0,136,198,.30); border: 1px solid black; padding: 15px; width:100px; vertical-align: middle; text-align:center;"><b>Psychological</b></td> <td style="background-color:white; border: 1px solid black; padding: 15px; width:300px; "> <ul> <li>Behavioral Response</li> <li>Redundancies (e.g., independent backups, pre-planned alternate suppliers and chains)</li> <li>Trust in Government / Institutions</li> </ul> </td> </tr> </table> <p style="font-size: 13pt !important; color: #003478; font-weight: bold !important; text-decoration: underline !important;">Infrastructure Criticality</p> <p>Defining the criticality of infrastructure assets is an enterprise-wide ranking of the vital systems, facilities, processes, and information necessary to maintain continuity of service. Delineating the relative importance of corporate assets is necessary to managing risk, but determining their specific importance (i.e., criticality) is rarely straightforward, particularly in critical infrastructure. It is important to use an approach that evaluates all the important assets against a common set of criteria. The result is a uniform enterprise wide prioritization, rather than a business unit by business unit prioritization. This uniformity avoids the disparity in ranking that frequently develops when each business unit conducts its own prioritization.</p> <p>The primary basis for determining criticality is the severity of consequences associated with loss or compromise of the asset. The consequences of asset loss or compromise can have many different dimensions. In some cases, the consequences can be estimated quantitatively. In other cases, they must be determined qualitatively. The table below provides examples of criteria and measures that can be used for making an asset criticality determination.</p> <table> <tr> <td style="background-color:#003478; color: white; border: 1px solid black; padding: 15px; vertical-align: middle; text-align:center;" colspan="4"><b>Typical Criteria and Measures for Determining Asset Criticality</b></td> </tr> <tr> <td style="background-color:#003478; color: white; border: 1px solid black; padding: 15px; vertical-align: middle; text-align:center;"><b>Criterion</b></td> <td style="background-color:#003478; color: white; border: 1px solid black; padding: 15px; vertical-align: middle; text-align:center;"><b>Low Criticality</b></td> <td style="background-color:#003478; color: white; border: 1px solid black; padding: 15px; vertical-align: middle; text-align:center;"><b>Medium Criticality</b></td> <td style="background-color:#003478; color: white; border: 1px solid black; padding: 15px; vertical-align: middle; text-align:center;"><b>High Criticality</b></td> </tr> <tr> <td style="background-color:rgba(0,136,198,.30); border: 1px solid black; padding: 15px; width:100px; vertical-align: middle; text-align:center;"><b>Business</b></td> <td style="background-color:white; border: 1px solid black; padding: 15px; width:300px; ">Little or no impact on business.</td> <td style="background-color:white; border: 1px solid black; padding: 15px; width:300px; ">Loss of some business; loss of investor confidence; drop in stock value.</td> <td style="background-color:white; border: 1px solid black; padding: 15px; width:300px; ">Loss of entire business.</td> </tr> <tr> <td style="background-color:rgba(0,136,198,.30); border: 1px solid black; padding: 15px; width:100px; vertical-align: middle; text-align:center;"><b>Economy</b></td> <td style="background-color:white; border: 1px solid black; padding: 15px; width:300px; ">Little or no loss of economic activity; no loss of jobs; small reduction in governments’ revenue.</td> <td style="background-color:white; border: 1px solid black; padding: 15px; width:300px;">Some loss of economic activity; some loss of jobs; some reduction in governments’ revenue.</td> <td style="background-color:white; border: 1px solid black; padding: 15px; width:300px; ">Extensive loss of economic activity; extensive loss of jobs; large reduction in governments’ revenue.</td> </tr> <tr> <td style="background-color:rgba(0,136,198,.30); border: 1px solid black; padding: 15px; width:100px; vertical-align: middle; text-align:center;"><b>Environmental Discharge</b></td> <td style="background-color:white; border: 1px solid black; padding: 15px; width:300px; ">Minimal release of contaminants; little or no public health threat; little or no damage to ecosystems.</td> <td style="background-color:white; border: 1px solid black; padding: 15px; width:300px; ">Moderate release of contaminants; moderate public health threat; moderate damage to ecosystems.</td> <td style="background-color:white; border: 1px solid black; padding: 15px; width:300px; ">Extensive release of contaminants to air, water, soil; extensive public health threat; extensive damage to ecosystems.</td> </tr> <tr> <td style="background-color:rgba(0,136,198,.30); border: 1px solid black; padding: 15px; width:100px; vertical-align: middle; text-align:center;"><b>Health and Safety</b></td> <td style="background-color:white; border: 1px solid black; padding: 15px; width:300px; ">Few injuries and no loss of life.</td> <td style="background-color:white; border: 1px solid black; padding: 15px; width:300px; ">Some injuries and/or loss of life.</td> <td style="background-color:white; border: 1px solid black; padding: 15px; width:300px; ">Numerous injuries and/or loss of life.</td> </tr> <tr> <td style="background-color:rgba(0,136,198,.30); border: 1px solid black; padding: 15px; width:100px; vertical-align: middle; text-align:center;"><b>Legal Liability</b></td> <td style="background-color:white; border: 1px solid black; padding: 15px; width:300px; ">Few or no liability claims.</td> <td style="background-color:white; border: 1px solid black; padding: 15px; width:300px; ">Some liability claims.</td> <td style="background-color:white; border: 1px solid black; padding: 15px; width:300px; ">Extensive and expensive liability claims.</td> </tr> <tr> <td style="background-color:rgba(0,136,198,.30); border: 1px solid black; padding: 15px; width:100px; vertical-align: middle; text-align:center;"><b>Operations</b></td> <td style="background-color:white; border: 1px solid black; padding: 15px; width:300px; ">Some impacts on asset operations, but workaround solutions are available, and the effect is minor on critical infrastructure operations.</td> <td style="background-color:white; border: 1px solid black; padding: 15px; width:300px; ">Major impact on an asset operation and/or loss of service to the system-of-systems.</td> <td style="background-color:white; border: 1px solid black; padding: 15px; width:300px; ">Substantial or total incapacitation of an asset and/or loss of service to a large portion of the system-of-systems.</td> </tr> <tr> <td style="background-color:rgba(0,136,198,.30); border: 1px solid black; padding: 15px; width:100px; vertical-align: middle; text-align:center;"><b>National Security</b></td> <td style="background-color:white; border: 1px solid black; padding: 15px; width:300px; ">Extensive loss of capability to support national security activities.</td> <td style="background-color:white; border: 1px solid black; padding: 15px; width:300px; ">Some loss of capability to support national security activities.</td> <td style="background-color:white; border: 1px solid black; padding: 15px; width:300px; ">Extensive loss of capability to support national security activities.</td> </tr> <tr> <td style="background-color:rgba(0,136,198,.30); border: 1px solid black; padding: 15px; width:100px; vertical-align: middle; text-align:center;"><b>Political Considerations</b></td> <td style="background-color:white; border: 1px solid black; padding: 15px; width:300px; ">Little or no political impact.</td> <td style="background-color:white; border: 1px solid black; padding: 15px; width:300px; ">Action required by governmental legislature.</td> <td style="background-color:white; border: 1px solid black; padding: 15px; width:300px; ">Immediate action required by the public sector and governments.</td> </tr> <tr> <td style="background-color:rgba(0,136,198,.30); border: 1px solid black; padding: 15px; width:100px; vertical-align: middle; text-align:center;"><b>Property Damage</b></td> <td style="background-color:white; border: 1px solid black; padding: 15px; width:300px; ">Minimal damage to property and/or equipment; short repair time; low cost to repair.</td> <td style="background-color:white; border: 1px solid black; padding: 15px; width:300px; ">Moderate damage to property and/or equipment; moderate repair time; moderate cost to repair.</td> <td style="background-color:white; border: 1px solid black; padding: 15px; width:300px; ">Extensive damage to property and/or equipment; extended time to repair; high cost to repair.</td> </tr> <tr> <td style="background-color:rgba(0,136,198,.30); border: 1px solid black; padding: 15px; width:100px; vertical-align: middle; text-align:center;"><b>Public Perception</b></td> <td style="background-color:white; border: 1px solid black; padding: 15px; width:300px; ">Little or no impact on public perception.</td> <td style="background-color:white; border: 1px solid black; padding: 15px; width:300px; ">Loss of public confidence.</td> <td style="background-color:white; border: 1px solid black; padding: 15px; width:300px; ">Public panic.</td> </tr> </table> <p>Identifying the criticality of assets is used primarily to focus the vulnerability analysis efforts. It also assists with the ranking of the various recommendations for reducing vulnerabilities. It is important to recognize that many of an infrastructure’s assets may be very important but not declared critical. This does not mean that such assets offer little risk and thus should not be protected. At most, it means that the possible consequences of its loss place this asset lower on the hierarchy for a thorough assessment and for any investment for remediation. Factors such as geographic location, density of critical assets, time of year, system stresses, surrounding population, and component outages in the infrastructure system can all influence the determination of criticality. The product of the criticality determination is a prioritized list of critical assets that are candidates for a vulnerability assessment to define their security and resilience.</p> <p style="font-size: 13pt !important; color: #003478; font-weight: bold !important; text-decoration: underline !important;">Consequence Analysis</p> <p>Consequence analysis is also used to inform security and resilience strategies:</p> <ul> <li>Develop situational awareness <ul style="list-style-type: circle;"> <li>Resource Deployment (e.g., Police, Emergency Services, Medical Surge)</li> </ul></li> <li>Define response and mitigation measures</li> <li>Prioritize investments <ul style="list-style-type: circle;"> <li>Security (i.e., prevent, deter, detect, delay)</li> <li>Hardening (e.g., building codes, shielding)</li> <li>Response/Recovery Planning and Preparedness (e.g., training, response plans, business continuity plans)</li> <li>Redundancies/Surge Capacity (storage/stockpiles, adaptations, temporary fixes)</li> <li>System re-design</li> </ul></li> </ul> <p><span style="color: #003478;">Expand the accordions below for more information on consequence analysis.</span></p> </div> </div> </div> <div class="vert vert-2" data-id="block-v1:OSCE+CriticalEnergyNetworks101+2021+type@html+block@ad4358bca0254abe8ba9648574723a87"> <div class="xblock xblock-public_view xblock-public_view-html xmodule_display xmodule_HtmlBlock" data-course-id="course-v1:OSCE+CriticalEnergyNetworks101+2021" data-init="XBlockToXModuleShim" data-runtime-class="LmsRuntime" data-runtime-version="1" data-block-type="html" data-usage-id="block-v1:OSCE+CriticalEnergyNetworks101+2021+type@html+block@ad4358bca0254abe8ba9648574723a87" data-request-token="e7724aea164f11f09c6f2afdb7906a71" data-graded="False" data-has-score="False"> <script type="json/xblock-args" class="xblock-json-init-args"> {"xmodule-type": "HTMLModule"} </script> <style></style> <div><button class="accordion_new" style= "font-size: 12.0pt; font-family: 'Calibri'; background-color: #003478; background-image: none; ">Public Health and Safety</button> <div class="panel"><br/> <div> <p>Public health and safety impacts characterize the effect of an incident on human life and physical well-being (e.g., fatalities, injuries, illness).</p> <table> <tr> <td style="background-color:#003478; color: white; border: 1px solid black; padding: 15px; vertical-align: middle; text-align:center;" colspan="2"><b>Analysis of Public Health and Safety Impacts</b></td> </tr> <tr> <td style="border: 1px solid black; padding: 15px; width:100px; vertical-align: middle; text-align:center;"><img src="//d24jp206mxeyfm.cloudfront.net/assets/courseware/v1/612bbc249eaae1afa89cc4ff68cab38e/asset-v1:OSCE+CriticalEnergyNetworks101+2021+type@asset+block/Mod1_Public-Health.jpg" alt="Get Alt Text" /></td> <td style="background-color:white; border: 1px solid black; padding: 15px; width:300px; ">Estimating the number of fatalities, injuries, and illnesses both on- and off-site (as appropriate) is an important step in the assessment of consequences :<br/> <ul> <li>In quantifying the impact of an event, consider historical evidence (similar events at similar facilities) or other analytical approaches</li> <li>Carefully document all estimates of notional events that incorporate certain assumptions (e.g. populations at or near the facility, weather conditions, etc.)</li> </ul> </td> </tr> </table> <p>Public health impacts can be difficult to assess without very specific hazard scenarios (e.g. design basis threat) however using historic scenarios and threats can help gaining a better understanding of public health and safety impacts. Because of the difficulty in measuring potential public health impacts all assumptions made in the calculation of those potential impacts must be stated.</p> </div> </div> </div> <script type="text/javascript"> var acc = document.getElementsByClassName("accordion_new"); var i; for (i = 0; i < acc.length; i++) { acc[i].addEventListener("click", function() { this.classList.toggle("active"); var panel = this.nextElementSibling; if (panel.style.display === "block") { panel.style.display = "none"; } else { panel.style.display = "block"; } }); } </script> </div> </div> <div class="vert vert-3" data-id="block-v1:OSCE+CriticalEnergyNetworks101+2021+type@html+block@788676d16b2540aea40672890d7ece00"> <div class="xblock xblock-public_view xblock-public_view-html xmodule_display xmodule_HtmlBlock" data-course-id="course-v1:OSCE+CriticalEnergyNetworks101+2021" data-init="XBlockToXModuleShim" data-runtime-class="LmsRuntime" data-runtime-version="1" data-block-type="html" data-usage-id="block-v1:OSCE+CriticalEnergyNetworks101+2021+type@html+block@788676d16b2540aea40672890d7ece00" data-request-token="e7724aea164f11f09c6f2afdb7906a71" data-graded="False" data-has-score="False"> <script type="json/xblock-args" class="xblock-json-init-args"> {"xmodule-type": "HTMLModule"} </script> <style></style> <div><button class="accordion_new2" style= "font-size: 12.0pt; font-family: 'Calibri'; background-color: #003478; background-image: none; ">Economic</button> <div class="panel"><br/> <div> <p>Economic impacts characterize direct and indirect economic losses (e.g., cost to rebuild asset, cost to respond to and recover from attack, downstream costs resulting from disruption of product or service, long-term costs due to environmental damage).</p> <table> <tr> <td style="background-color:#003478; color: white; border: 1px solid black; padding: 15px; vertical-align: middle; text-align:center;" colspan="2"><b>Analysis of Economic Impacts</b></td> </tr> <tr> <td style="border: 1px solid black; padding: 15px; width:100px; vertical-align: middle; text-align:center;"><img src="//d24jp206mxeyfm.cloudfront.net/assets/courseware/v1/8655a56ccaa3346f62f9034968457655/asset-v1:OSCE+CriticalEnergyNetworks101+2021+type@asset+block/Mod1_Economic.jpg" alt="Get Alt Text" /></td> <td style="background-color:white; border: 1px solid black; padding: 15px; width:300px; ">Estimating the economic loss in dollars, stating which costs are included and what duration was considered:<br/> <ul> <li>Include both direct and indirect economic impacts on- and/or off-site</li> <li>Elements of economic losses: <ul style="list-style-type: circle"> <li>Asset and Property Replacement</li> <li>Evacuation and Response</li> <li>Relocation and Rerouting</li> <li>Remediation</li> <li>Business Interruption</li> <li>Dependencies and Interdependencies</li> </ul></li> </ul> </td> </tr> </table> <p>Economic impacts can be measured in numerous ways as for examples:</p> <ul> <li>Repair costs – a commercial building built for 50 million dollars that is destroyed will cost me 50 million dollars to replace</li> <li>Disruption costs – a substation that cost 5 million to build, if its destroyed will have significant indirect impacts such as all the households or other critical infrastructure that lost power and thus were forced to stop operations.</li> </ul> </div> </div> </div> <script type="text/javascript"> var acc = document.getElementsByClassName("accordion_new2"); var i; for (i = 0; i < acc.length; i++) { acc[i].addEventListener("click", function() { this.classList.toggle("active"); var panel = this.nextElementSibling; if (panel.style.display === "block") { panel.style.display = "none"; } else { panel.style.display = "block"; } }); } </script> </div> </div> <div class="vert vert-4" data-id="block-v1:OSCE+CriticalEnergyNetworks101+2021+type@html+block@a1c63f3b0cc649c3a2ec8a440a8de0f2"> <div class="xblock xblock-public_view xblock-public_view-html xmodule_display xmodule_HtmlBlock" data-course-id="course-v1:OSCE+CriticalEnergyNetworks101+2021" data-init="XBlockToXModuleShim" data-runtime-class="LmsRuntime" data-runtime-version="1" data-block-type="html" data-usage-id="block-v1:OSCE+CriticalEnergyNetworks101+2021+type@html+block@a1c63f3b0cc649c3a2ec8a440a8de0f2" data-request-token="e7724aea164f11f09c6f2afdb7906a71" data-graded="False" data-has-score="False"> <script type="json/xblock-args" class="xblock-json-init-args"> {"xmodule-type": "HTMLModule"} </script> <style></style> <div><button class="accordion_new3" style= "font-size: 12.0pt; font-family: 'Calibri'; background-color: #003478; background-image: none; ">Psychological</button> <div class="panel"><br/> <div> <p>Psychological impacts characterize the effects on public morale and confidence in national economic and political institutions.</p> <table> <tr> <td style="background-color:#003478; color: white; border: 1px solid black; padding: 15px; vertical-align: middle; text-align:center;" colspan="2"><b>Analysis of Psychological Impacts</b></td> </tr> <tr> <td style="border: 1px solid black; padding: 15px; width:100px; vertical-align: middle; text-align:center;"><img src="//d24jp206mxeyfm.cloudfront.net/assets/courseware/v1/2440c1833af7fe3dd2c67605d2bd7379/asset-v1:OSCE+CriticalEnergyNetworks101+2021+type@asset+block/Mod1_Psychological.jpg" alt="Get Alt Text" /></td> <td style="background-color:white; border: 1px solid black; padding: 15px; width:300px; ">At least in qualitative terms, describe any potential psychological or symbolic impacts that would be the direct result of an attack on the facility or area being assessed:<br/> <ul> <li>Describe the psychological or symbolic impacts</li> <li>Document the data sources and models used to qualify the psychological or symbolic impact of the event, and quantify as economic impacts or illness if possible</li> <li>Evaluate, prioritize, and document all assumptions, subjective judgments, and uncertainty</li> </ul> </td> </tr> </table> <p>Psychological impacts are very difficult to directly measure therefore proxy variables are generally used to measure how behavior may have changed following an event. To the extent that it has been studied, behavioral responses to an incindent are largely characterized in terms of market engagement. Available studies use economic variables as a proxy for behavioral response. Statistically significant changes in revenues and service utilization are argued to support theories related to individual or collective perceptions of risk.</p> </div> </div> </div> <script type="text/javascript"> var acc = document.getElementsByClassName("accordion_new3"); var i; for (i = 0; i < acc.length; i++) { acc[i].addEventListener("click", function() { this.classList.toggle("active"); var panel = this.nextElementSibling; if (panel.style.display === "block") { panel.style.display = "none"; } else { panel.style.display = "block"; } }); } </script> </div> </div> <div class="vert vert-5" data-id="block-v1:OSCE+CriticalEnergyNetworks101+2021+type@html+block@bd3b73d7478249a99fee5f0530ba2677"> <div class="xblock xblock-public_view xblock-public_view-html xmodule_display xmodule_HtmlBlock" data-course-id="course-v1:OSCE+CriticalEnergyNetworks101+2021" data-init="XBlockToXModuleShim" data-runtime-class="LmsRuntime" data-runtime-version="1" data-block-type="html" data-usage-id="block-v1:OSCE+CriticalEnergyNetworks101+2021+type@html+block@bd3b73d7478249a99fee5f0530ba2677" data-request-token="e7724aea164f11f09c6f2afdb7906a71" data-graded="False" data-has-score="False"> <script type="json/xblock-args" class="xblock-json-init-args"> {"xmodule-type": "HTMLModule"} </script> <style></style> <div><button class="accordion_new4" style= "font-size: 12.0pt; font-family: 'Calibri'; background-color: #003478; background-image: none; ">Governance and Mission</button> <div class="panel"><br/> <div> <p>Governance and mission impacts characterize the effect on government’s or industry’s ability to maintain order, deliver minimum essential public services, ensure public health and safety, and carry out national security-related missions.</p> <table> <tr> <td style="background-color:#003478; color: white; border: 1px solid black; padding: 15px; vertical-align: middle; text-align:center;" colspan="2"><b>Analysis of Governance and Mission Impacts</b></td> </tr> <tr> <td style="border: 1px solid black; padding: 15px; width:100px; vertical-align: middle; text-align:center;"><img src="//d24jp206mxeyfm.cloudfront.net/assets/courseware/v1/58fc24d61b98af7493f1621bd79b4b4e/asset-v1:OSCE+CriticalEnergyNetworks101+2021+type@asset+block/Mod1_Governance.jpg" alt="Get Alt Text" /></td> <td style="background-color:white; border: 1px solid black; padding: 15px; width:300px; ">Quantification of mission disruption will largely be difficult outside the realm of a financial estimate for immediate up- and/or downstream business interruption of suppliers/providers and/or customers/clients. Much of consequences estimated are generally qualitative and descriptive. </td> </tr> </table> <p>Governance and mission impacts characterize the ability to maintain order and provide essential government services. This is typically measured as a binary variable: will the event reduce, delay, or shut down an essential government service?</p> </div> </div> </div> <script type="text/javascript"> var acc = document.getElementsByClassName("accordion_new4"); var i; for (i = 0; i < acc.length; i++) { acc[i].addEventListener("click", function() { this.classList.toggle("active"); var panel = this.nextElementSibling; if (panel.style.display === "block") { panel.style.display = "none"; } else { panel.style.display = "block"; } }); } </script> </div> </div> <div class="vert vert-6" data-id="block-v1:OSCE+CriticalEnergyNetworks101+2021+type@html+block@1d1c65dc36df47b3a78275c168d595cb"> <div class="xblock xblock-public_view xblock-public_view-html xmodule_display xmodule_HtmlBlock" data-course-id="course-v1:OSCE+CriticalEnergyNetworks101+2021" data-init="XBlockToXModuleShim" data-runtime-class="LmsRuntime" data-runtime-version="1" data-block-type="html" data-usage-id="block-v1:OSCE+CriticalEnergyNetworks101+2021+type@html+block@1d1c65dc36df47b3a78275c168d595cb" data-request-token="e7724aea164f11f09c6f2afdb7906a71" data-graded="False" data-has-score="False"> <script type="json/xblock-args" class="xblock-json-init-args"> {"xmodule-type": "HTMLModule"} </script> <style></style> <div> <p><span style="font-size: 13pt !important; color: #003478; font-weight: bold !important; text-decoration: underline !important;">Analytical Thinking</span></p> <p>Consequence analysis involves estimating the impact on people, property or environment, should an incident occur. The following questions help developing an analytical thinking and process for conducting a dependency analysis:</p> <ul> <li>What happened/could happen? (Threat Scenario)</li> <li>Where did/could it happen? (Asset/System Type)</li> <li>When did/could it happen? (Static/Dynamic Consequences)</li> <li>What is damaged?</li> <li>How many injuries and deaths?</li> <li>How are/will people respond?</li> <li>Are there limitations on ability to provide essential services?</li> <li>What can/could be done to reduce negative impacts?</li> </ul> </div> </div> </div> </div> <script type="text/javascript"> (function (require) { require(['https://d24jp206mxeyfm.cloudfront.net/static/js/dateutil_factory.a28baef97506.js?raw'], function () { require(['js/dateutil_factory'], function (DateUtilFactory) { DateUtilFactory.transform('.localized-datetime'); }); }); }).call(this, require || RequireJS.require); </script> <script> function emit_event(message) { parent.postMessage(message, '*'); } </script> </div>

<div class="xblock xblock-public_view xblock-public_view-vertical" data-course-id="course-v1:OSCE+CriticalEnergyNetworks101+2021" data-init="VerticalStudentView" data-runtime-class="LmsRuntime" data-runtime-version="1" data-block-type="vertical" data-usage-id="block-v1:OSCE+CriticalEnergyNetworks101+2021+type@vertical+block@5bd5bc98fafa4482a6244f4a75805a46" data-request-token="e7724aea164f11f09c6f2afdb7906a71" data-graded="False" data-has-score="False"> <div class="vert-mod"> <div class="vert vert-0" data-id="block-v1:OSCE+CriticalEnergyNetworks101+2021+type@html+block@f6cf8ed1c389497e848fb2f3c1ae7d2b"> <div class="xblock xblock-public_view xblock-public_view-html xmodule_display xmodule_HtmlBlock" data-course-id="course-v1:OSCE+CriticalEnergyNetworks101+2021" data-init="XBlockToXModuleShim" data-runtime-class="LmsRuntime" data-runtime-version="1" data-block-type="html" data-usage-id="block-v1:OSCE+CriticalEnergyNetworks101+2021+type@html+block@f6cf8ed1c389497e848fb2f3c1ae7d2b" data-request-token="e7724aea164f11f09c6f2afdb7906a71" data-graded="False" data-has-score="False"> <script type="json/xblock-args" class="xblock-json-init-args"> {"xmodule-type": "HTMLModule"} </script> <style></style> <div> <p>This section presents the basic concepts of Resilience Analysis.</p> </div> </div> </div> <div class="vert vert-1" data-id="block-v1:OSCE+CriticalEnergyNetworks101+2021+type@html+block@41bf768522844d60b4c34922d2a388e0"> <div class="xblock xblock-public_view xblock-public_view-html xmodule_display xmodule_HtmlBlock" data-course-id="course-v1:OSCE+CriticalEnergyNetworks101+2021" data-init="XBlockToXModuleShim" data-runtime-class="LmsRuntime" data-runtime-version="1" data-block-type="html" data-usage-id="block-v1:OSCE+CriticalEnergyNetworks101+2021+type@html+block@41bf768522844d60b4c34922d2a388e0" data-request-token="e7724aea164f11f09c6f2afdb7906a71" data-graded="False" data-has-score="False"> <script type="json/xblock-args" class="xblock-json-init-args"> {"xmodule-type": "HTMLModule"} </script> <style></style> <div> <p style="font-size: 13pt !important; color: #003478; font-weight: bold !important; text-decoration: underline !important;">Risk Environment</p> <p>Over time, traditional approaches of critical infrastructure protection have focused mainly on the consideration of consequences and vulnerability to manmade hazards. However, methods used to define and analyze risk are constantly evolving toward all-hazard approaches considering resilience, interdependencies, and systemic risks.<br/><br/> This evolution constitutes a major change of paradigm in terms of homeland security. In order to manage critical infrastructure effectively from a “risk perspective,” it is necessary to form an approach that is not based exclusively on protection and prevention. Risk management must include a balance between prevention, protection, mitigation, response, and recovery. The progression of risk management for critical infrastructure must consist of an evolution and incorporation of resilience and service continuity, a more comprehensive involvement of all stakeholders (including the public), based on strong information sharing, training, and education processes, that includes the effects from infrastructure interdependencies.<br/><br/> Although in recent homeland security policies and business standards, resilience concepts are included in risk management strategies, a distinction can be made between strategies seeking to eliminate or transfer the risk and strategies seeking to maintain critical infrastructure operations. The first type of strategies, usually named vulnerability management strategies, tries to eliminate negative consequences by implementing protective measures that reduce threats and vulnerabilities. The second type of strategies tries to maintain consequences as low as reasonably possible (i.e., acceptable level of operations) by implementing mitigation, response, and recovery measures.<br/><br/> Vulnerability management and resilience management strategies are inseparable and complementary in a holistic risk management approach of systemic risks. Vulnerability management strategies are implemented to mitigate known threats and resilience management strategies are implemented in case the protection measures are not sufficient to prevent negative consequences resulting from known or unknown threats. The following sections of this chapter focus on vulnerability assessment.</p> </div> </div> </div> <div class="vert vert-2" data-id="block-v1:OSCE+CriticalEnergyNetworks101+2021+type@html+block@268bc3f47cde4b3a87c8c77e7f84f5de"> <div class="xblock xblock-public_view xblock-public_view-html xmodule_display xmodule_HtmlBlock" data-course-id="course-v1:OSCE+CriticalEnergyNetworks101+2021" data-init="XBlockToXModuleShim" data-runtime-class="LmsRuntime" data-runtime-version="1" data-block-type="html" data-usage-id="block-v1:OSCE+CriticalEnergyNetworks101+2021+type@html+block@268bc3f47cde4b3a87c8c77e7f84f5de" data-request-token="e7724aea164f11f09c6f2afdb7906a71" data-graded="False" data-has-score="False"> <script type="json/xblock-args" class="xblock-json-init-args"> {"xmodule-type": "HTMLModule"} </script> <style></style> <div> <p style="font-size: 13pt !important; color: #003478; font-weight: bold !important; text-decoration: underline !important;">Resilience Analysis</p> <p>Resilience consists in efforts to reduce the magnitude and duration of critical infrastructure service disruptions. Resilience is an objective characteristic of energy infrastructure systems, which is developed from a precautionary perspective to limit disruptions even in the face of new or evolving hazards and threats. Resilience-enhancing measures generally fall within four broad categories: preparedness, mitigation, response, and recovery.</p> <p><center><img src="//d24jp206mxeyfm.cloudfront.net/assets/courseware/v1/28fe57ef5c14625ee8292e09f82bd3ce/asset-v1:OSCE+CriticalEnergyNetworks101+2021+type@asset+block/Mod1_Resilience-Components.jpg" alt = "Get Alt Text"/><span style="color: #003478;"><br/> <b>Risk Components</b><a href="https://publications.anl.gov/anlpubs/2017/02/133591.pdf" target="[object Object]"> (Phillips <i>et al.</i>, 2015)</a></span></center></p> <p>Resilience enhancement measures are generally applied to achieve at least one of three primary goals:</p> <ul> <li>Prevent or minimize damage to help avoid or reduce adverse events;</li> <li>Expand alternatives and enable systems to continue operating despite damage; and</li> <li>Promote a rapid return to normal operations when a disruption does occur (i.e., speed the rate of recovery).</li> </ul> <p>A core resilience challenge for energy system owners and operators is to translate the definitions, objectives, and approaches for resilience into identifiable and implementable actions at the component and engineering levels.</p> <p>The table below shows the relationship between components of resilience and resilience-enhancing measures.</p> <table> <tr> <td style="background-color:#003478; color: white; border: 1px solid black; padding: 15px; vertical-align: middle; text-align:center;" colspan="3"><b>Relationship between Components of Resilience and Resilience-Enhancing Measures </b><a href="https://publications.anl.gov/anlpubs/2017/02/133591.pdf" target="_blank"><span style="color:white;">(Phillips <i>et al.</i>, 2015)</span></a></td> </tr> <tr> <td style="background-color:#003478; color: white; border: 1px solid black; padding: 15px; vertical-align: middle; text-align:center;"><b>Resilience-Enhancing Measures</b></td> <td style="background-color:#003478; color: white; border: 1px solid black; padding: 15px; vertical-align: middle; text-align:center;"><b>Components of Resilience</b></td> <td style="background-color:#003478; color: white; border: 1px solid black; padding: 15px; vertical-align: middle; text-align:center;"><b>Definition</b></td> </tr> <tr> <td style="background-color:rgba(0,136,198,.30); border: 1px solid black; padding: 15px; width:200px; vertical-align: middle; text-align:center;"><b>Preparedness</b></td> <td style="background-color:white; border: 1px solid black; padding: 15px; width:200px; vertical-align: middle; text-align:center;">Anticipate</td> <td style="background-color:white; border: 1px solid black; padding: 15px; width:300px; ">Activities taken by an entity to define the hazard environment to which it is subject</td> </tr> <tr> <td style="background-color:rgba(0,136,198,.30); border: 1px solid black; padding: 15px; width:200px; vertical-align: middle; text-align:center;"><b>Mitigation</b></td> <td style="background-color:white; border: 1px solid black; padding: 15px; width:200px; vertical-align: middle; text-align:center;">Resist<br/><br/>Absorb</td> <td style="background-color:white; border: 1px solid black; padding: 15px; width:300px; ">Activities taken prior to an event to reduce the risk by reducing consequences, vulnerabilities, and threats/hazard</td> </tr> <tr> <td style="background-color:rgba(0,136,198,.30); border: 1px solid black; padding: 15px; width:200px; vertical-align: middle; text-align:center;"><b>Response</b></td> <td style="background-color:white; border: 1px solid black; padding: 15px; width:200px; vertical-align: middle; text-align:center;">Respond<br/><br/>Adapt</td> <td style="background-color:white; border: 1px solid black; padding: 15px; width:300px; ">Immediate and ongoing activities, tasks, programs, and systems that have been undertaken or developed to manage the adverse effects of an event</td> </tr> <tr> <td style="background-color:rgba(0,136,198,.30); border: 1px solid black; padding: 15px; width:200px; vertical-align: middle; text-align:center;"><b>Recovery</b></td> <td style="background-color:white; border: 1px solid black; padding: 15px; width:200px; vertical-align: middle; text-align:center;">Recover</td> <td style="background-color:white; border: 1px solid black; padding: 15px; width:300px; ">Activities and programs designed to effectively and efficiently return conditions to a level that is acceptable to the entity</td> </tr> </table> <p style="color: #003478;">Expand the accordions below for more information on resilience analysis.</p> </div> </div> </div> <div class="vert vert-3" data-id="block-v1:OSCE+CriticalEnergyNetworks101+2021+type@html+block@7d57dce3e561425389a6cb0258b90773"> <div class="xblock xblock-public_view xblock-public_view-html xmodule_display xmodule_HtmlBlock" data-course-id="course-v1:OSCE+CriticalEnergyNetworks101+2021" data-init="XBlockToXModuleShim" data-runtime-class="LmsRuntime" data-runtime-version="1" data-block-type="html" data-usage-id="block-v1:OSCE+CriticalEnergyNetworks101+2021+type@html+block@7d57dce3e561425389a6cb0258b90773" data-request-token="e7724aea164f11f09c6f2afdb7906a71" data-graded="False" data-has-score="False"> <script type="json/xblock-args" class="xblock-json-init-args"> {"xmodule-type": "HTMLModule"} </script> <style></style> <div><button class="accordion_new1" style= "font-size: 12.0pt; font-family: 'Calibri'; background-color: #003478; background-image: none; ">Preparedness</button> <div class="panel1"> <p></p> <div> <p><b>Preparedness</b> is <i>"the knowledge and capacities developed by governments, response and recovery organizations, communities and individuals to effectively anticipate, respond to and recover from the impacts of likely, imminent or current disasters."</i><a href="https://www.undrr.org/terminology/preparedness" target="[object Object]"> (UNDRR, 2021)</a></p> <p>Preparedness is based on a sound analysis of disaster risks and good linkages with early warning systems, and includes such activities as contingency planning, the stockpiling of equipment and supplies, the development of arrangements for coordination, evacuation and public information, and associated training and field exercises. These must be supported by formal institutional, legal and budgetary capacities.</p> <p>Preparedness refers to activities undertaken by an entity in anticipation of the threats/hazards, or “pre-event.” The creation of Energy Assurance Plans and Strategic Energy Plans is an example of a preparedness action. A component of preparedness that is often overlooked is the communication, coordination, training, and exercising of plans, as well as regular reviews and updates of those plans.<p> </div> </div> </div> <script type="text/javascript"> var acc = document.getElementsByClassName("accordion_new1"); var i; for (i = 0; i < acc.length; i++) { acc[i].addEventListener("click", function() { this.classList.toggle("active"); var panel = this.nextElementSibling; if (panel.style.display === "block") { panel.style.display = "none"; } else { panel.style.display = "block"; } }); } </script> </div> </div> <div class="vert vert-4" data-id="block-v1:OSCE+CriticalEnergyNetworks101+2021+type@html+block@3521871855124359a51483a3ccc3944c"> <div class="xblock xblock-public_view xblock-public_view-html xmodule_display xmodule_HtmlBlock" data-course-id="course-v1:OSCE+CriticalEnergyNetworks101+2021" data-init="XBlockToXModuleShim" data-runtime-class="LmsRuntime" data-runtime-version="1" data-block-type="html" data-usage-id="block-v1:OSCE+CriticalEnergyNetworks101+2021+type@html+block@3521871855124359a51483a3ccc3944c" data-request-token="e7724aea164f11f09c6f2afdb7906a71" data-graded="False" data-has-score="False"> <script type="json/xblock-args" class="xblock-json-init-args"> {"xmodule-type": "HTMLModule"} </script> <style></style> <div><button class="accordion_new2" style= "font-size: 12.0pt; font-family: 'Calibri'; background-color: #003478; background-image: none; ">Mitigation Measures</button> <div class="panel2"> <p></p> <div> <p><b>Mitigation</b> is <i>"the lessening or minimizing of the adverse impacts of a hazardous event."</i><a href="https://www.undrr.org/terminology/mitigation" target="[object Object]"> (UNDRR, 2021)</a></p> <p>The adverse impacts of hazards, in particular natural hazards, often cannot be prevented fully, but their scale or severity can be substantially lessened by various strategies and actions. Mitigation measures include engineering techniques and hazard-resistant construction as well as improved environmental and social policies and public awareness. It should be noted that, in climate change policy, “mitigation” is defined differently, and is the term used for the reduction of greenhouse gas emissions that are the source of climate change.</p> <p>Mitigation measures characterize the capabilities to resist a threat/hazard or to absorb the consequences from the threat/hazard. Mitigation measures are usually implemented before an event occurs; however, their benefits can be realized before, during, and after an event.<p> </div> </div> </div> <script type="text/javascript"> var acc = document.getElementsByClassName("accordion_new2"); var i; for (i = 0; i < acc.length; i++) { acc[i].addEventListener("click", function() { this.classList.toggle("active"); var panel = this.nextElementSibling; if (panel.style.display === "block") { panel.style.display = "none"; } else { panel.style.display = "block"; } }); } </script> </div> </div> <div class="vert vert-5" data-id="block-v1:OSCE+CriticalEnergyNetworks101+2021+type@html+block@6ebd44acab0a4992bb4f144ea9bdff17"> <div class="xblock xblock-public_view xblock-public_view-html xmodule_display xmodule_HtmlBlock" data-course-id="course-v1:OSCE+CriticalEnergyNetworks101+2021" data-init="XBlockToXModuleShim" data-runtime-class="LmsRuntime" data-runtime-version="1" data-block-type="html" data-usage-id="block-v1:OSCE+CriticalEnergyNetworks101+2021+type@html+block@6ebd44acab0a4992bb4f144ea9bdff17" data-request-token="e7724aea164f11f09c6f2afdb7906a71" data-graded="False" data-has-score="False"> <script type="json/xblock-args" class="xblock-json-init-args"> {"xmodule-type": "HTMLModule"} </script> <style></style> <div><button class="accordion_new3" style= "font-size: 12.0pt; font-family: 'Calibri'; background-color: #003478; background-image: none; ">Response</button> <div class="panel3"> <p></p> <div> <p><b>Response</b> encompasses <i>"the actions taken directly before, during or immediately after a disaster in order to save lives, reduce health impacts, ensure public safety and meet the basic subsistence needs of the people affected."</i><a href="https://www.undrr.org/terminology/response" target="[object Object]"> (UNDRR, 2021)</a></p> <p>The institutional elements of response often include the provision of emergency services and public assistance by public and private sectors and community sectors, as well as community and volunteer participation. “Emergency services” are a critical set of specialized agencies that have specific responsibilities in serving and protecting people and property in emergency and disaster situations. They include civil protection authorities and police and fire services, among many others. The division between the response stage and the subsequent recovery stage is not clear-cut. Some response actions, such as the supply of temporary housing and water supplies, may extend well into the recovery stage.</p> <p>Response capabilities are a function of immediate and ongoing activities, tasks, programs, and systems that have been undertaken or developed to respond and adapt to the adverse effects of an event. These capabilities are typically associated with actions taken immediately following the event. Response capabilities are a mix of components that can be provided from both the public sector and the private sector.<p> </div> </div> </div> <script type="text/javascript"> var acc = document.getElementsByClassName("accordion_new3"); var i; for (i = 0; i < acc.length; i++) { acc[i].addEventListener("click", function() { this.classList.toggle("active"); var panel = this.nextElementSibling; if (panel.style.display === "block") { panel.style.display = "none"; } else { panel.style.display = "block"; } }); } </script> </div> </div> <div class="vert vert-6" data-id="block-v1:OSCE+CriticalEnergyNetworks101+2021+type@html+block@331096eed89742fc84f141b2fd7ab9ff"> <div class="xblock xblock-public_view xblock-public_view-html xmodule_display xmodule_HtmlBlock" data-course-id="course-v1:OSCE+CriticalEnergyNetworks101+2021" data-init="XBlockToXModuleShim" data-runtime-class="LmsRuntime" data-runtime-version="1" data-block-type="html" data-usage-id="block-v1:OSCE+CriticalEnergyNetworks101+2021+type@html+block@331096eed89742fc84f141b2fd7ab9ff" data-request-token="e7724aea164f11f09c6f2afdb7906a71" data-graded="False" data-has-score="False"> <script type="json/xblock-args" class="xblock-json-init-args"> {"xmodule-type": "HTMLModule"} </script> <style></style> <div><button class="accordion_new4" style= "font-size: 12.0pt; font-family: 'Calibri'; background-color: #003478; background-image: none; ">Recovery</button> <div class="panel4"> <p></p> <div> <p><b>Recovery</b> consists in <i>"the restoring or improving of livelihoods and health, as well as economic, physical, social, cultural and environmental assets, systems and activities, of a disaster-affected community or society, aligning with the principles of sustainable development and “build back better”, to avoid or reduce future disaster risk."</i><a href="https://www.undrr.org/terminology/recovery" target="[object Object]"> (UNDRR, 2021)</a></p> <p>Recovery mechanisms include activities and programs designed to be effective and efficient in returning operating conditions to a level that is acceptable to the entity. Recovery measures usually consist of longer-term remediation measures.<p> </div> </div> </div> <script type="text/javascript"> var acc = document.getElementsByClassName("accordion_new4"); var i; for (i = 0; i < acc.length; i++) { acc[i].addEventListener("click", function() { this.classList.toggle("active"); var panel = this.nextElementSibling; if (panel.style.display === "block") { panel.style.display = "none"; } else { panel.style.display = "block"; } }); } </script> </div> </div> <div class="vert vert-7" data-id="block-v1:OSCE+CriticalEnergyNetworks101+2021+type@html+block@6f466369011948bbb03241c9fdb3ee77"> <div class="xblock xblock-public_view xblock-public_view-html xmodule_display xmodule_HtmlBlock" data-course-id="course-v1:OSCE+CriticalEnergyNetworks101+2021" data-init="XBlockToXModuleShim" data-runtime-class="LmsRuntime" data-runtime-version="1" data-block-type="html" data-usage-id="block-v1:OSCE+CriticalEnergyNetworks101+2021+type@html+block@6f466369011948bbb03241c9fdb3ee77" data-request-token="e7724aea164f11f09c6f2afdb7906a71" data-graded="False" data-has-score="False"> <script type="json/xblock-args" class="xblock-json-init-args"> {"xmodule-type": "HTMLModule"} </script> <style></style> <div> <p style="font-size: 13pt !important; color: #003478; font-weight: bold !important; text-decoration: underline !important;">Resilience Enhancement Approaches</p> <p>Because utilities and government decisionmakers do not have limitless time or budgets to implement resilience options, the decision on what to implement is largely driven by the amount of risk they are willing to accept. Much of this risk acceptance might be inherited from the risk postures of the utilities themselves, since most of the infrastructure is privately owned and operated. The amount of risk acceptance often boils down to a cost-benefit analysis, where measures are implemented as long as the benefits outweigh the costs. One of the challenges with resilience enhancements is that it is often difficult to quantify the benefits and competitive project prioritization for funds within a company or entity.<br/><br/> For example, if training is established and implemented for emergency plans, what is the accompanying benefit from that training? How can that benefit be measured? This often drives decisionmaking for resilience enhancement options toward the options that result in more tangible measures of resilience, such as hardening or installing backup generators even if they are less cost-effective.<br/><br/> Energy officials must balance several factors when considering resilience enhancement options. For one, they are obligated to be responsible stewards of taxpayer funds. The difficulty of tangibly demonstrating resilience options can make public buy-in equally difficult. A second challenge is determining what can be done with limited resources and competition among other governmental entities that also require funds for infrastructure resilience, such as transportation.</p> <p>Many critical infrastructure sectors, including the energy sector, utilize resilience enhancements options as part of normal operations. The table below provides examples of resilience enhancement options.</p> <p style="color: #003478; font-weight: bold !important;">Examples of Resilience Enhancement Options</p> <table> <tr> <td style="background-color: Orange; color: white; vertical-align: middle; text-align:center; width:50%;"><b>Preparedness</b></td> <td style="background-color: Green; color: white; vertical-align: middle; text-align:center; width:50%;"><b>Mitigation</b></td> </tr> <tr> <td> <ul> <li>Coordinating communications between responders</li> <li>Development of continuity, contingency, and strategic plans</li> <li>Training and exercising of plans</li> </ul> </td> <td> <ul> <li>Fences</li> <li>Hardening/strengthening/retrofitting</li> <li>Automation and smart monitoring</li> <li>Backup generators</li> <li>Onsite fuel storage</li> <li>Cogeneration plants</li> <li>System redundancies</li> </ul> </td> </tr> <tr> <td style="background-color: Blue; color: white; vertical-align: middle; text-align:center;"><b>Response</b></td> <td style="background-color: Red; color: white; vertical-align: middle; text-align:center;"><b>Recovery</b></td> </tr> <tr> <td> <ul> <li>Mobile incident management and command center</li> <li>Mutual aid agreements</li> <li>Coordinating agreements between energy system assets and emergency response</li> </ul> </td> <td> <ul> <li>Material provider priority plans</li> <li>Access to critical equipment</li> <li>Memorandum of understanding/ memorandum of agreement activation (e.g., with material providers or outside contractors)</li> <li>After-action reporting and lessons learned</li> </ul> </td> </tr> </table> </div> </div> </div> </div> <script type="text/javascript"> (function (require) { require(['https://d24jp206mxeyfm.cloudfront.net/static/js/dateutil_factory.a28baef97506.js?raw'], function () { require(['js/dateutil_factory'], function (DateUtilFactory) { DateUtilFactory.transform('.localized-datetime'); }); }); }).call(this, require || RequireJS.require); </script> <script> function emit_event(message) { parent.postMessage(message, '*'); } </script> </div>

<div class="xblock xblock-public_view xblock-public_view-vertical" data-course-id="course-v1:OSCE+CriticalEnergyNetworks101+2021" data-init="VerticalStudentView" data-runtime-class="LmsRuntime" data-runtime-version="1" data-block-type="vertical" data-usage-id="block-v1:OSCE+CriticalEnergyNetworks101+2021+type@vertical+block@15f4d4cefb95486da665c1f698fea7eb" data-request-token="e7724aea164f11f09c6f2afdb7906a71" data-graded="False" data-has-score="False"> <div class="vert-mod"> <div class="vert vert-0" data-id="block-v1:OSCE+CriticalEnergyNetworks101+2021+type@html+block@432a8cc065554d60b47993b79529015f"> <div class="xblock xblock-public_view xblock-public_view-html xmodule_display xmodule_HtmlBlock" data-course-id="course-v1:OSCE+CriticalEnergyNetworks101+2021" data-init="XBlockToXModuleShim" data-runtime-class="LmsRuntime" data-runtime-version="1" data-block-type="html" data-usage-id="block-v1:OSCE+CriticalEnergyNetworks101+2021+type@html+block@432a8cc065554d60b47993b79529015f" data-request-token="e7724aea164f11f09c6f2afdb7906a71" data-graded="False" data-has-score="False"> <script type="json/xblock-args" class="xblock-json-init-args"> {"xmodule-type": "HTMLModule"} </script> <style></style> <div> <p>This page provides a framework for the execution of a formal risk analysis. There is no need to accomplish every step in the process in order to analyze risk. The framework is flexible and should be tailored to accommodate time and data constraints. It is meant to support analysts in producing a variety of risk products. Each individual checklist can also be used to develop corresponding products that focus on the components of risk (threat, vulnerability, resilience, or consequence).</p> <p style="color: #003478;">Expand the accordions below to view the checklists for the various parts of the risk analysis framework.</p> </div> </div> </div> <div class="vert vert-1" data-id="block-v1:OSCE+CriticalEnergyNetworks101+2021+type@html+block@25eca7c7f5054c64b679e94bfae9c0c1"> <div class="xblock xblock-public_view xblock-public_view-html xmodule_display xmodule_HtmlBlock" data-course-id="course-v1:OSCE+CriticalEnergyNetworks101+2021" data-init="XBlockToXModuleShim" data-runtime-class="LmsRuntime" data-runtime-version="1" data-block-type="html" data-usage-id="block-v1:OSCE+CriticalEnergyNetworks101+2021+type@html+block@25eca7c7f5054c64b679e94bfae9c0c1" data-request-token="e7724aea164f11f09c6f2afdb7906a71" data-graded="False" data-has-score="False"> <script type="json/xblock-args" class="xblock-json-init-args"> {"xmodule-type": "HTMLModule"} </script> <style></style> <div><button class="accordion_new" style= "font-size: 12.0pt; font-family: 'Calibri'; background-color: #003478; background-image: none; ">Hazard Analysis Checklist</button> <div class="panel"><br/> <div> <p>The following elements provide a checklist that can be used to develop a hazard analysis.</p> <p style="color: #003478"><b><u>Hazard Analysis Guidance Checklist</u></b></p> <p><b>Goal:</b> Apply local, statewide, and regional perspectives to national-level threat information to identify and prioritize potential hazard scenarios. Based on the hazard information: <ul> <li>Identify potential hazard scenarios</li> <li>Identify and prioritize precursors and indicators/warnings associated with the identified hazard scenarios</li> <li>Review open source information and information received from the field for matches to identified precursors, indicators/warnings, and other patterns/trends</li> <li>Survey critical infrastructure partners for information related to identified hazard scenarios</li> <li>Identify and rank the hazard scenarios of concern</li> </ul> </div> </div> </div> <script type="text/javascript"> var acc = document.getElementsByClassName("accordion_new"); var i; for (i = 0; i < acc.length; i++) { acc[i].addEventListener("click", function() { this.classList.toggle("active"); var panel = this.nextElementSibling; if (panel.style.display === "block") { panel.style.display = "none"; } else { panel.style.display = "block"; } }); } </script> </div> </div> <div class="vert vert-2" data-id="block-v1:OSCE+CriticalEnergyNetworks101+2021+type@html+block@cbd33a7553674957b654fd26916ec34c"> <div class="xblock xblock-public_view xblock-public_view-html xmodule_display xmodule_HtmlBlock" data-course-id="course-v1:OSCE+CriticalEnergyNetworks101+2021" data-init="XBlockToXModuleShim" data-runtime-class="LmsRuntime" data-runtime-version="1" data-block-type="html" data-usage-id="block-v1:OSCE+CriticalEnergyNetworks101+2021+type@html+block@cbd33a7553674957b654fd26916ec34c" data-request-token="e7724aea164f11f09c6f2afdb7906a71" data-graded="False" data-has-score="False"> <script type="json/xblock-args" class="xblock-json-init-args"> {"xmodule-type": "HTMLModule"} </script> <style></style> <div><button class="accordion_new1" style= "font-size: 12.0pt; font-family: 'Calibri'; background-color: #003478; background-image: none; ">Vulnerability Analysis Checklist</button> <div class="panel"><br/> <div> <p>The following elements provide a checklist that can be used to develop a vulnerability analysis.</p> <p style="color: #003478"><b><u>Vulnerability Analysis Guidance Checklist</u></b></p> <p><b>Goal:</b> Apply existing information to identify and prioritize infrastructure assets based on specific assessment of vulnerability to a potential hazard. For each identified hazard scenario of concern: <ul> <li>Identify infrastructure sectors, assets, and specific critical infrastructure that are most vulnerable to a given hazard</li> <ul style="list-style-type: circle"> <li>Evaluate potential targets based on physical security vulnerabilities</li> <li>Evaluate potential targets based on human vulnerabilities</li> <li>Evaluate potential targets based on cyber vulnerabilities</li> <li>Evaluate potential targets based on the presence, or lack, of protective measures</li> <li>Evaluate potential functional vulnerabilities based on natural hazards and infrastructure dependencies</li> </ul> <li>Review and incorporate historical evidence (similar events at similar facilities)</li> <li>Rank or rate the sectors, asset classes, and/or specific critical infrastructure based on potential vulnerabilities</li> </ul> </div> </div> </div> <script type="text/javascript"> var acc = document.getElementsByClassName("accordion_new1"); var i; for (i = 0; i < acc.length; i++) { acc[i].addEventListener("click", function() { this.classList.toggle("active"); var panel = this.nextElementSibling; if (panel.style.display === "block") { panel.style.display = "none"; } else { panel.style.display = "block"; } }); } </script> </div> </div> <div class="vert vert-3" data-id="block-v1:OSCE+CriticalEnergyNetworks101+2021+type@html+block@62239e95e7da4443ab23c3ed750a7d5a"> <div class="xblock xblock-public_view xblock-public_view-html xmodule_display xmodule_HtmlBlock" data-course-id="course-v1:OSCE+CriticalEnergyNetworks101+2021" data-init="XBlockToXModuleShim" data-runtime-class="LmsRuntime" data-runtime-version="1" data-block-type="html" data-usage-id="block-v1:OSCE+CriticalEnergyNetworks101+2021+type@html+block@62239e95e7da4443ab23c3ed750a7d5a" data-request-token="e7724aea164f11f09c6f2afdb7906a71" data-graded="False" data-has-score="False"> <script type="json/xblock-args" class="xblock-json-init-args"> {"xmodule-type": "HTMLModule"} </script> <style></style> <div><button class="accordion_new2" style= "font-size: 12.0pt; font-family: 'Calibri'; background-color: #003478; background-image: none; ">Resilience Analysis Checklist</button> <div class="panel"><br/> <div> <p>The following elements provide a checklist that can be used to develop a resilience analysis.</p> <p style="color: #003478"><b><u>Resilience Analysis Guidance Checklist</u></b></p> <p><b>Goal:</b> Apply existing information to identify and prioritize infrastructure assets based on specific assessment of resilience strategies to a potential hazard. For each identified hazard scenario of concern: <ul> <li>Identify infrastructure sectors, assets, and specific critical infrastructure that are less resilient to a given hazard</li> <ul style="list-style-type: circle"> <li>Evaluate preparedness measures</li> <li>Evaluate structural and non-structural mitigation measures</li> <li>Evaluate response capabilities</li> <li>Evaluate recovery mechanisms</li> </ul> <li>Review and incorporate historical evidence (similar events at similar facilities)</li> <li>Rank or rate the sectors, asset classes, and/or specific critical infrastructure based on existing resilience capabilities</li> </ul> </div> </div> </div> <script type="text/javascript"> var acc = document.getElementsByClassName("accordion_new2"); var i; for (i = 0; i < acc.length; i++) { acc[i].addEventListener("click", function() { this.classList.toggle("active"); var panel = this.nextElementSibling; if (panel.style.display === "block") { panel.style.display = "none"; } else { panel.style.display = "block"; } }); } </script> </div> </div> <div class="vert vert-4" data-id="block-v1:OSCE+CriticalEnergyNetworks101+2021+type@html+block@b4733f3667b346af834146efb154db4e"> <div class="xblock xblock-public_view xblock-public_view-html xmodule_display xmodule_HtmlBlock" data-course-id="course-v1:OSCE+CriticalEnergyNetworks101+2021" data-init="XBlockToXModuleShim" data-runtime-class="LmsRuntime" data-runtime-version="1" data-block-type="html" data-usage-id="block-v1:OSCE+CriticalEnergyNetworks101+2021+type@html+block@b4733f3667b346af834146efb154db4e" data-request-token="e7724aea164f11f09c6f2afdb7906a71" data-graded="False" data-has-score="False"> <script type="json/xblock-args" class="xblock-json-init-args"> {"xmodule-type": "HTMLModule"} </script> <style></style> <div><button class="accordion_new3" style= "font-size: 12.0pt; font-family: 'Calibri'; background-color: #003478; background-image: none; ">Consequence Analysis Checklist</button> <div class="panel"><br/> <div> <p>The following elements provide a checklist that can be used to develop a consequence analysis.</p> <p style="color: #003478"><b><u>Consequence Analysis Guidance Checklist</u></b></p> <p><b>Goal:</b> Apply existing information to identify and prioritize infrastructure assets based on specific assessment of consequences resulting from a disruptive event. For each identified hazard scenario of concern: <ul> <li>Identify infrastructure sector and assets, and specific critical infrastructure that, if disrupted, would produce the highest consequences:</li> <ul style="list-style-type: circle"> <li>Estimate numbers of fatalities, injuries, and illnesses, both on- and off-site</li> <li>Estimate economic loss</li> <li>Estimate operational damage (e.g. percent of operating capacity impacted or remaining)</li> <li>Estimate potential psychological or symbolic impacts</li> </ul> <li>Review and incorporate historical evidence (similar events at similar facilities)</li> <li>Rank or rate the sectors, asset classes, and/or specific critical infrastructure based on potential consequences</li> </ul> </div> </div> </div> <script type="text/javascript"> var acc = document.getElementsByClassName("accordion_new3"); var i; for (i = 0; i < acc.length; i++) { acc[i].addEventListener("click", function() { this.classList.toggle("active"); var panel = this.nextElementSibling; if (panel.style.display === "block") { panel.style.display = "none"; } else { panel.style.display = "block"; } }); } </script> </div> </div> <div class="vert vert-5" data-id="block-v1:OSCE+CriticalEnergyNetworks101+2021+type@html+block@7b3384cc6ca94b6083d4707eb95cae54"> <div class="xblock xblock-public_view xblock-public_view-html xmodule_display xmodule_HtmlBlock" data-course-id="course-v1:OSCE+CriticalEnergyNetworks101+2021" data-init="XBlockToXModuleShim" data-runtime-class="LmsRuntime" data-runtime-version="1" data-block-type="html" data-usage-id="block-v1:OSCE+CriticalEnergyNetworks101+2021+type@html+block@7b3384cc6ca94b6083d4707eb95cae54" data-request-token="e7724aea164f11f09c6f2afdb7906a71" data-graded="False" data-has-score="False"> <script type="json/xblock-args" class="xblock-json-init-args"> {"xmodule-type": "HTMLModule"} </script> <style></style> <div><button class="accordion_new4" style= "font-size: 12.0pt; font-family: 'Calibri'; background-color: #003478; background-image: none; ">Integration</button> <div class="panel"><br/> <div> <p>The four checklists (i.e., hazard, vulnerability, resilience, and consequence) can be integrated to constitute the risk analysis framework.</p> <p style="color: #003478"><b><u>Integration and Recommandations Checklist</u></b></p> <p><b>Goal:</b> Integrate risk components to provide decisionmakers with recommendations regarding hazard mitigation and risk reduction. Analysis results can be used to: <ul> <li>Inform decision-makers on tactical decisions regarding the implementation of prioritized preventative or protective measures:</li> <ul style="list-style-type: circle"> <li>Deployment of personnel</li> <li>Physical security measures</li> </ul> <li>Identify information gaps and corresponding gathering and reporting requirements</li> <li>Define additional analysis requirements</li> <li>Identify information gaps and explain assumptions made in analyzing hazard, vulnerability, resilience, and consequence</li> </ul> </div> </div> </div> <script type="text/javascript"> var acc = document.getElementsByClassName("accordion_new4"); var i; for (i = 0; i < acc.length; i++) { acc[i].addEventListener("click", function() { this.classList.toggle("active"); var panel = this.nextElementSibling; if (panel.style.display === "block") { panel.style.display = "none"; } else { panel.style.display = "block"; } }); } </script> </div> </div> </div> <script type="text/javascript"> (function (require) { require(['https://d24jp206mxeyfm.cloudfront.net/static/js/dateutil_factory.a28baef97506.js?raw'], function () { require(['js/dateutil_factory'], function (DateUtilFactory) { DateUtilFactory.transform('.localized-datetime'); }); }); }).call(this, require || RequireJS.require); </script> <script> function emit_event(message) { parent.postMessage(message, '*'); } </script> </div>

<div class="xblock xblock-public_view xblock-public_view-vertical" data-course-id="course-v1:OSCE+CriticalEnergyNetworks101+2021" data-init="VerticalStudentView" data-runtime-class="LmsRuntime" data-runtime-version="1" data-block-type="vertical" data-usage-id="block-v1:OSCE+CriticalEnergyNetworks101+2021+type@vertical+block@5efb4438a2f44048a6b4bca31c55d87e" data-request-token="e7724aea164f11f09c6f2afdb7906a71" data-graded="False" data-has-score="False"> <div class="vert-mod"> <div class="vert vert-0" data-id="block-v1:OSCE+CriticalEnergyNetworks101+2021+type@html+block@c965c940bc3941b28a01895ac3ef2e4e"> <div class="xblock xblock-public_view xblock-public_view-html xmodule_display xmodule_HtmlBlock" data-course-id="course-v1:OSCE+CriticalEnergyNetworks101+2021" data-init="XBlockToXModuleShim" data-runtime-class="LmsRuntime" data-runtime-version="1" data-block-type="html" data-usage-id="block-v1:OSCE+CriticalEnergyNetworks101+2021+type@html+block@c965c940bc3941b28a01895ac3ef2e4e" data-request-token="e7724aea164f11f09c6f2afdb7906a71" data-graded="False" data-has-score="False"> <script type="json/xblock-args" class="xblock-json-init-args"> {"xmodule-type": "HTMLModule"} </script> <style> #SecondOrderList { list-style-type: lower-alpha; } .SecondOrderList { list-style-type: lower-alpha; } ol.SecondOrderList { list-style-type: lower-alpha; } div { font-family: Calibri !important; font-size: 12pt !important; } td { font-family: Calibri !important; font-size: 12pt !important; } li { font-family: Calibri !important; font-size: 12pt !important; } p { font-family: Calibri !important; font-size: 12pt !important; } </style> <div> <p>The general concepts presented in this module constitute the foundations necessary to understand risk analysis principles and processes. <p style="color: #003478;"><u><b>The four key elements presented through this module are:</b></u></p> <p style="color: #003478;"><b>1. Risk is generally defined as a function of three elements:</b></p> <ol class="SecondOrderList" id="SecondOrderList" style="padding-left: 50px;" type="a" start="1"> <li>The hazards or threats to which an asset is subject.</li> <li>The asset vulnerabilities to the hazards or threats.</li> <li>The consequences resulting from the disruption/failure of the asset.</li> </ol> <p style="color: #003478"><b>2. To analyze risk, it is also important to consider a fourth element - the resilience of the asset, which is its capability to prepare for, mitigate, respond to, and recover from a disruption.</b></p> <p style="color: #003478;"><b>3. Risk analysis combines:</b></p> <ol style="padding-left: 50px;" class="SecondOrderList" id="SecondOrderList" type="a" start="1"> <li>Hazard analysis, which characterizes the likelihood of a disturbing event or the intent and capability of an adversary.</li> <li>Vulnerability analysis, which characterizes physical, cyber, human, and operational vulnerabilities.</li> <li>Consequence analysis, which characterizes public health and safety impacts, governance and mission impacts, economic impacts, and psychological impacts.</li> <li>Resilience analysis, which characterizes the ability to prepare for and adapt to changing conditions and withstand and recover rapidly from disruptions.</li> </ol> <p style="color: #003478;"><b>4. Risk analysis is the fundation of risk assessment and management processes. Risk management includes activities to:</b></p> <ol style="padding-left: 50px;" class="SecondOrderList" id="SecondOrderList" type="a" start="1"> <li>Identify, deter, detect, disrupt, and prepare for threats and hazards.</li> <li>Reduce vulnerabilities.</li> <li>Mitigate consequences.</li> </ol> </div> </div> </div> </div> <script type="text/javascript"> (function (require) { require(['https://d24jp206mxeyfm.cloudfront.net/static/js/dateutil_factory.a28baef97506.js?raw'], function () { require(['js/dateutil_factory'], function (DateUtilFactory) { DateUtilFactory.transform('.localized-datetime'); }); }); }).call(this, require || RequireJS.require); </script> <script> function emit_event(message) { parent.postMessage(message, '*'); } </script> </div>

<div class="xblock xblock-public_view xblock-public_view-vertical" data-course-id="course-v1:OSCE+CriticalEnergyNetworks101+2021" data-init="VerticalStudentView" data-runtime-class="LmsRuntime" data-runtime-version="1" data-block-type="vertical" data-usage-id="block-v1:OSCE+CriticalEnergyNetworks101+2021+type@vertical+block@ddf8216fd67646518695b6915ca63c3a" data-request-token="e7724aea164f11f09c6f2afdb7906a71" data-graded="False" data-has-score="False"> <div class="vert-mod"> <div class="vert vert-0" data-id="block-v1:OSCE+CriticalEnergyNetworks101+2021+type@html+block@fd240126efd148c49f9130c1d81da276"> <div class="xblock xblock-public_view xblock-public_view-html xmodule_display xmodule_HtmlBlock" data-course-id="course-v1:OSCE+CriticalEnergyNetworks101+2021" data-init="XBlockToXModuleShim" data-runtime-class="LmsRuntime" data-runtime-version="1" data-block-type="html" data-usage-id="block-v1:OSCE+CriticalEnergyNetworks101+2021+type@html+block@fd240126efd148c49f9130c1d81da276" data-request-token="e7724aea164f11f09c6f2afdb7906a71" data-graded="False" data-has-score="False"> <script type="json/xblock-args" class="xblock-json-init-args"> {"xmodule-type": "HTMLModule"} </script> <style></style> <div>The following learning quiz will help you test your understanding of the important elements presented in the Introduction to Risk Analysis module.<br/><br/> The test includes five questions.<br/><br/> <p style="color: #003478;">In case you make a mistake while answering a question, <span style="text-decoration: underline;">go back to the corresponding sections to review the concepts presented.</span></p> </div> </div> </div> <div class="vert vert-1" data-id="block-v1:OSCE+CriticalEnergyNetworks101+2021+type@problem+block@0438c5136c654a66befd972faedca083"> <div class="xblock xblock-public_view xblock-public_view-problem xmodule_display xmodule_ProblemBlock" data-course-id="course-v1:OSCE+CriticalEnergyNetworks101+2021" data-block-type="problem" data-usage-id="block-v1:OSCE+CriticalEnergyNetworks101+2021+type@problem+block@0438c5136c654a66befd972faedca083" data-request-token="e7724aea164f11f09c6f2afdb7906a71" data-graded="False" data-has-score="True"> <div class="page-banner"><div class="alert alert-warning"><span class="icon icon-alert fa fa fa-warning" aria-hidden="true"></span><div class="message-content">Question 1 is only accessible to enrolled learners. Sign in or register, and enroll in this course to view it.</div></div></div> </div> </div> <div class="vert vert-2" data-id="block-v1:OSCE+CriticalEnergyNetworks101+2021+type@problem+block@46e2f059e0794a3c9ee3fdeabc384f7f"> <div class="xblock xblock-public_view xblock-public_view-problem xmodule_display xmodule_ProblemBlock" data-course-id="course-v1:OSCE+CriticalEnergyNetworks101+2021" data-block-type="problem" data-usage-id="block-v1:OSCE+CriticalEnergyNetworks101+2021+type@problem+block@46e2f059e0794a3c9ee3fdeabc384f7f" data-request-token="e7724aea164f11f09c6f2afdb7906a71" data-graded="False" data-has-score="True"> <div class="page-banner"><div class="alert alert-warning"><span class="icon icon-alert fa fa fa-warning" aria-hidden="true"></span><div class="message-content">Question 2 is only accessible to enrolled learners. Sign in or register, and enroll in this course to view it.</div></div></div> </div> </div> <div class="vert vert-3" data-id="block-v1:OSCE+CriticalEnergyNetworks101+2021+type@problem+block@35eef1547c1f49a2b0d5b7638b48e6df"> <div class="xblock xblock-public_view xblock-public_view-problem xmodule_display xmodule_ProblemBlock" data-course-id="course-v1:OSCE+CriticalEnergyNetworks101+2021" data-block-type="problem" data-usage-id="block-v1:OSCE+CriticalEnergyNetworks101+2021+type@problem+block@35eef1547c1f49a2b0d5b7638b48e6df" data-request-token="e7724aea164f11f09c6f2afdb7906a71" data-graded="False" data-has-score="True"> <div class="page-banner"><div class="alert alert-warning"><span class="icon icon-alert fa fa fa-warning" aria-hidden="true"></span><div class="message-content">Question 3 is only accessible to enrolled learners. Sign in or register, and enroll in this course to view it.</div></div></div> </div> </div> <div class="vert vert-4" data-id="block-v1:OSCE+CriticalEnergyNetworks101+2021+type@problem+block@5a8949fb0ff94e2491bb2fb9b69ae85e"> <div class="xblock xblock-public_view xblock-public_view-problem xmodule_display xmodule_ProblemBlock" data-course-id="course-v1:OSCE+CriticalEnergyNetworks101+2021" data-block-type="problem" data-usage-id="block-v1:OSCE+CriticalEnergyNetworks101+2021+type@problem+block@5a8949fb0ff94e2491bb2fb9b69ae85e" data-request-token="e7724aea164f11f09c6f2afdb7906a71" data-graded="False" data-has-score="True"> <div class="page-banner"><div class="alert alert-warning"><span class="icon icon-alert fa fa fa-warning" aria-hidden="true"></span><div class="message-content">Question 4 is only accessible to enrolled learners. Sign in or register, and enroll in this course to view it.</div></div></div> </div> </div> <div class="vert vert-5" data-id="block-v1:OSCE+CriticalEnergyNetworks101+2021+type@problem+block@ff7c99fd919846c899f344ea3a2e1f95"> <div class="xblock xblock-public_view xblock-public_view-problem xmodule_display xmodule_ProblemBlock" data-course-id="course-v1:OSCE+CriticalEnergyNetworks101+2021" data-block-type="problem" data-usage-id="block-v1:OSCE+CriticalEnergyNetworks101+2021+type@problem+block@ff7c99fd919846c899f344ea3a2e1f95" data-request-token="e7724aea164f11f09c6f2afdb7906a71" data-graded="False" data-has-score="True"> <div class="page-banner"><div class="alert alert-warning"><span class="icon icon-alert fa fa fa-warning" aria-hidden="true"></span><div class="message-content">Question 5 is only accessible to enrolled learners. Sign in or register, and enroll in this course to view it.</div></div></div> </div> </div> </div> <script type="text/javascript"> (function (require) { require(['https://d24jp206mxeyfm.cloudfront.net/static/js/dateutil_factory.a28baef97506.js?raw'], function () { require(['js/dateutil_factory'], function (DateUtilFactory) { DateUtilFactory.transform('.localized-datetime'); }); }); }).call(this, require || RequireJS.require); </script> <script> function emit_event(message) { parent.postMessage(message, '*'); } </script> </div>

<div class="xblock xblock-public_view xblock-public_view-vertical" data-course-id="course-v1:OSCE+CriticalEnergyNetworks101+2021" data-init="VerticalStudentView" data-runtime-class="LmsRuntime" data-runtime-version="1" data-block-type="vertical" data-usage-id="block-v1:OSCE+CriticalEnergyNetworks101+2021+type@vertical+block@c99f7d1eb61341de94c624f608b7c0be" data-request-token="e7724aea164f11f09c6f2afdb7906a71" data-graded="False" data-has-score="False"> <div class="vert-mod"> <div class="vert vert-0" data-id="block-v1:OSCE+CriticalEnergyNetworks101+2021+type@html+block@0ccce0cfadf248ee893eb52ef908f744"> <div class="xblock xblock-public_view xblock-public_view-html xmodule_display xmodule_HtmlBlock" data-course-id="course-v1:OSCE+CriticalEnergyNetworks101+2021" data-init="XBlockToXModuleShim" data-runtime-class="LmsRuntime" data-runtime-version="1" data-block-type="html" data-usage-id="block-v1:OSCE+CriticalEnergyNetworks101+2021+type@html+block@0ccce0cfadf248ee893eb52ef908f744" data-request-token="e7724aea164f11f09c6f2afdb7906a71" data-graded="False" data-has-score="False"> <script type="json/xblock-args" class="xblock-json-init-args"> {"xmodule-type": "HTMLModule"} </script> <style></style> <table> <tbody> <tr> <td style="background-color: #003478; color: white; font-weight: bold;" colspan="2">Risk Assessment Methodologies for Critical Infrastructure Protection. Part I: A State of the Art</td> </tr> <tr style="align: middle; vertical-align: middle;"> <td style="align: middle; vertical-align: middle; width: 15%"><img src="//d24jp206mxeyfm.cloudfront.net/assets/courseware/v1/49c9d3afbc31f63f2fc5101c1cb6dc18/asset-v1:OSCE+CriticalEnergyNetworks101+2021+type@asset+block/Mod1_Ref1.jpg" alt="Get Alt Text" /></td> <td style="align: left; vertical-align: top;">Effective risk assessment methodologies are the cornerstone of a successful Critical Infrastructure Protection program. The extensive number of risk assessment methodologies for critical infrastructures clearly supports this argument. Risk assessment is indispensable in order to identify threats, assess vulnerabilities and evaluate the impact on assets, infrastructures or systems taking into account the probability of the occurrence of these threats. This is a critical element that differentiates a risk assessment from a typical impact assessment methodology.</td> </tr> <tr> <td colspan="2"><span style="color: #003478;"><em><strong>Reference:</strong></em></span> Giannopoulos, G., R. Filippini, and M. Schimmer, 2012, <a href="https://ec.europa.eu/jrc/en/publication/eur-scientific-and-technical-research-reports/risk-assessment-methodologies-critical-infrastructure-protection-part-i-state-art" target="_blank">Risk Assessment Methodologies for Critical Infrastructure Protection. Part I: A State of the Art</a>, Publications Office of the European Union, JRC70046, ISBN 1831-9424, accessed on April 15, 2021.</td> </tr> <tr> <td style="background-color: #003478; color: white; font-weight: bold;" colspan="2">Risk Management Guide for Critical Infrastructure Sectors</td> </tr> <tr style="align: middle; vertical-align: middle;"> <td style="align: middle; vertical-align: middle; width: 15%"><img src="//d24jp206mxeyfm.cloudfront.net/assets/courseware/v1/ee8c02b2b57bc55b6b4673be2d9b9f0c/asset-v1:OSCE+CriticalEnergyNetworks101+2021+type@asset+block/Mod1_Ref2.jpg" alt="Get Alt Text" /></td> <td style="align: left; vertical-align: top;">Managing risk is a shared responsibility among all critical infrastructure stakeholders, including governments, industry partners, first responders and non-government organizations. While partnerships and information sharing represent the building blocks of the Canadian approach to enhancing the resiliency of critical infrastructure, these cannot be undertaken in isolation of risk management and the development of plans and exercises to address these risks.<br/><br/>This guide is adapted from the ISO 31000 International Standard: “Risk Management – Principles and guidelines on implementation”.</td> </tr> <tr> <td colspan="2"><span style="color: #003478;"><em><strong>Reference:</strong></em></span> Public Safety Canada, 2018, <a href="https://www.publicsafety.gc.ca/cnt/rsrcs/pblctns/rsk-mngmnt-gd/rsk-mngmnt-gd-eng.pdf" target="_blank">Risk Management Guide for Critical Infrastructure Sectors</a>, Version 1.0, Public Safety Canada, accessed on April 15, 2021.</td> </tr> <tr> <td style="background-color: #003478; color: white; font-weight: bold;" colspan="2">2013 National Infrastructure Protection Plan</td> </tr> <tr style="align: middle; vertical-align: middle;"> <td style="align: middle; vertical-align: middle; width: 15%"><img src="//d24jp206mxeyfm.cloudfront.net/assets/courseware/v1/96b4a876ee9c2386b84e1310487e8b7f/asset-v1:OSCE+CriticalEnergyNetworks101+2021+type@asset+block/Mod1_Ref3.jpg" alt="Get Alt Text" /></td> <td style="align: left; vertical-align: top;">The National Infrastructure Protection Plan (NIPP)—NIPP 2013: Partnering for Critical Infrastructure Security and Resilience—outlines how government and private sector participants in the critical infrastructure community work together to manage risks and achieve security and resilience outcomes.<br/><br/>NIPP 2013 represents an evolution from concepts introduced in the initial version of the NIPP released in 2006. The updated National Plan is streamlined and adaptable to the current risk, policy, and strategic environments. It provides the foundation for an integrated and collaborative approach to achieve a vision of: A Nation in which physical and cyber critical infrastructure remain secure and resilient, with vulnerabilities reduced, consequences minimized, threats identified and disrupted, and response and recovery hastened.</td> </tr> <tr> <td colspan="2"><span style="color: #003478;"><em><strong>Reference:</strong></em></span> U.S. Department of Homeland (DHS), 2013, <a href="https://www.dhs.gov/sites/default/files/publications/National-Infrastructure-Protection-Plan-2013-508.pdf" target="_blank">2013 National Infrastructure Protection Plan - Partnering for Critical Infrastructure Security and Resilience</a>, U.S. Department of Homeland Security, accessed on April 15, 2021.</td> </tr> <tr> <td style="background-color: #003478; color: white; font-weight: bold;" colspan="2">Community Resilience Planning Guide - Volume I</td> </tr> <tr style="align: middle; vertical-align: middle;"> <td style="align: middle; vertical-align: middle; width: 15%"><img src="//d24jp206mxeyfm.cloudfront.net/assets/courseware/v1/e71417be8d8b24c6365738ae8c7fcf99/asset-v1:OSCE+CriticalEnergyNetworks101+2021+type@asset+block/Mod1_Ref4.jpg" alt="Get Alt Text" /></td> <td style="align: left; vertical-align: top;">The NIST Community Resilience Planning Guide for Buildings and Infrastructure Systems (Guide) and companion Playbook provides a practical and flexible approach to help all communities improve their resilience by setting priorities and allocating resources to manage risks for their prevailing hazards. Volume I of the Guide describes the six step planning process and provides a worked example to illustrate the process.</td> </tr> <tr> <td colspan="2"><span style="color: #003478;"><em><strong>Reference:</strong></em></span> National Institute of Standards and Technology (NIST), 2016, <a href="https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.1190v1.pdf" target="_blank">Community Resilience Planning Guide and Infrastructure Systems Volume I</a>, A NIST Special Publication 1190, U.S. Department of Commerce, accessed on November 10, 2021.</td> </tr> </tbody> </table> </div> </div> </div> <script type="text/javascript"> (function (require) { require(['https://d24jp206mxeyfm.cloudfront.net/static/js/dateutil_factory.a28baef97506.js?raw'], function () { require(['js/dateutil_factory'], function (DateUtilFactory) { DateUtilFactory.transform('.localized-datetime'); }); }); }).call(this, require || RequireJS.require); </script> <script> function emit_event(message) { parent.postMessage(message, '*'); } </script> </div>