|1. System modeling: We represent the function of the infrastructure in an "operationally relevant" manner. |
Infrastructures are systems. The importance of a single component within a system relates to how it contributes to the function of that system, but that contribution may depend on its interaction with other components. What happens in one part of the system can affect what happens somewhere else, often in non-intuitive ways. And there is no one-size-fits-all model of infrastructure; the domain-specific details matter!
There are industry standards for evaluating the performance of an infrastructure system (for example, in electric transmission systems, load shedding represents the total customer demand that must go without power). We can measure the consequence of a disruption in terms of the resulting change in its system performance.
Infrastructure behavior is governed by decisions. Approximately 85 percent of critical infrastructure is privately owned and operated. Operators of modern infrastructures make decisions about the system activities that yield the “best” overall performance, even in the presence of disruptions. Any assessment of system behavior in the presence of disruption should be “operationally relevant,” in the sense that it reflects this level of decision-making.
2. Red Teaming: We identify worst-case disruptions.
Military planners have learned to deal with deliberate threats, primarily through the analysis of worst-case outcomes. Assessing worst case outcomes typically uses “capability-based assessment”—one assumes that the adversary is intelligent and will act to inflict the most possible harm based on his capability. The key idea is to base assessments on what the adversary can do, as opposed to guesses about what the adversary wants to do. This is conservative, but prudent, and it avoids having to guess at what an opponent will do.
For infrastructure systems, most military planning has been offensive in nature. Specifically, there is a long literature in system interdiction problems, which attempt to identify what parts of an infrastructure to target in order to achieve a certain effect. In general, we need to answer, “What will happen if a particular component (or set of components) is lost for some period of time?” Because combinations of seemingly unimportant components can collectively cause “first-order effects” on system function, deciding what is “critically important” to the system should be an output of analysis, not a required input.
Faculty and students at NPS have applied this technique to more than 150 case studies, including the following.
3. Blue Teaming: We identify optimal investments to maximize system resilience
Determining how we should invest limited resources to make our infrastructures resilient to disruption is a system design problem. In some military applications, this is known as mission assurance, and such analysis adds another layer of difficulty to the general problem of using appropriate risk-based analyses to protect infrastructure systems. We ask, “what is mission assurance for civilian infrastructure?”
In general, infrastructure components cannot be organized into a prioritized list that appropriately ranks them for defensive investment.
Infrastructures are systems, not isolated components.
What happens in one part of the system can affect what happens somewhere else, often in non-intuitive ways.
The “value” or “criticality” of an infrastructure component depends on its contribution to overall system function.