As defined by the U.S. Government, critical infrastructure consists of "systems and assets, whether physical or virtual, so vital to the United States that the incapacity or destruction of such systems and assets would have a debilitating impact on security, the national economy, national public health or safety, or any combination of those matters" (42 U.S.C. 5195c(e)).
The U.S. National Strategy for Homeland Security succinctly recognizes the challenge and the opportunity:
"We will not be able to deter all terrorist threats, and it is impossible to deter or prevent natural catastrophes. We can, however, mitigate the Nation's vulnerability to acts of terrorism, other man-made threats, and natural disasters by ensuring the structural and operational resilience of our critical infrastructure and key resources" (p. 27)
Thus, the National Strategy for Homeland Security states the infrastructure mission unambiguously:
"We must now focus on the resilience of the system as a whole—an approach that centers on investments that make the system better able to absorb the impact of an event without losing the capacity to function" (p.28).
The limited availability of investment resources to support this mission challenges infrastructure decision-makers at all levels of government, industry, and the military. Our research focuses on how to model and solve such investment problems.
We focus on two primary activities:
1. Determine how infrastructure systems will respond to major disruptions, whether they come from deliberate threat (e.g. sabotage, vandalism, terrorism, war) or non-deliberate hazard (e.g. accident, failure, natural disaster).
2. Identify optimal plans to invest limited resources (for hardening, redundancy, or capacity expansion) to make these systems resilient to worst-case disruptions.
Red and Blue Teaming
By viewing critical infrastructure through the eyes of intelligent adversaries, we discover potential vulnerabilities, system fragilities, and how to increase resilience with defensive investment.
The Naval Postgraduate School has more than 1,500 uniformed military officers who stand ready to address emergent issues related to national or international defense. For problems involving the continuity of operations (COOP) of critical civilian or military infrastructure, the CID can facilitate "red teaming" engagements at several levels.
Quick-Turn Student Course Projects. As part of Operations Analysis OA4202: Network Flows and Graphs, students learn how to model the function of infrastructure systems and then use mathematics to identify component-level failures (or attacks) that would result in the worst-case disruption to their function. They then use this information to determine how to invest a limited defensive budget to make the system under study as resilient as possible to these disruptions. Duration: six weeks.
Analogous Red Teams. This red cell approach emulates a group hostile to the United States and its interests, possibly a terrorist group, a rogue nation sponsored group, or even a first world country. Following the rules of engagement for an Analogous Red Team analytical assessment (see Bushman, 2009), teams of operationally experienced NPS students to conduct open source research on potential systems of interest, evaluate vulnerabilities, then create feasible attack plans against those targets. These studies result in an asymmetric vulnerability assessment on target infrastructure systems and reveal how an asymmetric group could exploit the system at risk to achieve specific results. At the end of the study, a "Blue Team" of experts evaluates the assumptions, assesses the effectiveness of the proposed attack scenarios, and suggests enhancements to security measures to reduce or eliminate the specific vulnerabilities and the effectiveness of such attacks. Duration: 2-12 weeks.
Master's Theses. Every Operations Analysis student at NPS must complete a Master's thesis to graduate. This provides an opportunity for the student to go much deeper into a problem of particular importance. In the Operations Research Department at NPS, students participate in an "experience tour," a three-week period at roughly the midpoint of the curriculum during which students go off-campus to an organization where they can gain practical analytical experience (see Rosenthal, 2007). In most cases, this tour is the start of the student's eventual thesis topic. Duration: 9-12 months.
Sponsored Research Projects. CID faculty can conduct research projects for the U.S. Government and its partners, both public and private. These projects allow CID researchers to apply their modeling and analysis expertise to a variety of infrastructure-related problems.Duration: By arrangement.
- Brown, G., Carlyle, M., Salmerón, J. and Wood, K., 2006, "Defending Critical Infrastructure," Interfaces, 36, pp. 530-544.
- Bushman, C., 2009, "Analogous Red Teams: Identifying Vulnerabilities and Improving Counterterrorism Capabilities," M.A. Thesis in Security Studies, June 2009. (This thesis is unavailable on the web.)
- Rosenthal, R., 2007, "It's More Than a Job or an Adventure," OR/MS Today, August 2007.
How We Do It
Infrastructures are systems, not isolated components.
What happens in one part of the system can affect what happens somewhere else, often in non-intuitive ways.
The "value" or "criticality" of an infrastructure component depends on its contribution to overall system function.
1. System modeling: We represent the function of the infrastructure in an "operationally relevant" manner.
Infrastructures are systems. The importance of a single component within a system relates to how it contributes to the function of that system, but that contribution may depend on its interaction with other components. What happens in one part of the system can affect what happens somewhere else, often in non-intuitive ways. And there is no one-size-fits-all model of infrastructure; the domain-specific details matter!
There are industry standards for evaluating the performance of an infrastructure system (for example, in electric transmission systems, load shedding represents the total customer demand that must go without power). We can measure the consequence of a disruption in terms of the resulting change in its system performance.
Infrastructure behavior is governed by decisions. Approximately 85 percent of critical infrastructure is privately owned and operated. Operators of modern infrastructures make decisions about the system activities that yield the "best" overall performance, even in the presence of disruptions. Any assessment of system behavior in the presence of disruption should be "operationally relevant," in the sense that it reflects this level of decision-making.
2. Red Teaming: We identify worst-case disruptions.
Military planners have learned to deal with deliberate threats, primarily through the analysis of worst-case outcomes. Assessing worst case outcomes typically uses "capability-based assessment"—one assumes that the adversary is intelligent and will act to inflict the most possible harm based on his capability. The key idea is to base assessments on what the adversary can do, as opposed to guesses about what the adversary wants to do. This is conservative, but prudent, and it avoids having to guess at what an opponent will do.
For infrastructure systems, most military planning has been offensive in nature. Specifically, there is a long literature in system interdiction problems, which attempt to identify what parts of an infrastructure to target in order to achieve a certain effect. In general, we need to answer, "What will happen if a particular component (or set of components) is lost for some period of time?" Because combinations of seemingly unimportant components can collectively cause "first-order effects" on system function, deciding what is "critically important" to the system should be an output of analysis, not a required input.
Faculty and students at NPS have applied this technique to more than 150 case studies, including the following.
- Energy: Electric Power, Natural Gas, Oil Distribution, Petroleum Reserves
- Transportation: Roads & Bridges, Rail, Ports, Mass Transit, Air Travel
- Data and Voice Communications
- Emergency Preparation & Response
- Supply Chains
- Site Security: Airports, Military Bases, Heads of State, Superbowl
- Critical Project Management
3. Blue Teaming: We identify optimal investments to maximize system resilience
Determining how we should invest limited resources to make our infrastructures resilient to disruption is a system design problem. In some military applications, this is known as mission assurance, and such analysis adds another layer of difficulty to the general problem of using appropriate risk-based analyses to protect infrastructure systems. We ask, "what is mission assurance for civilian infrastructure?"
In general, infrastructure components cannot be organized into a prioritized list that appropriately ranks them for defensive investment.
What Is Operations Research?
Operations Research (OR) is the science of helping people and organizations make better decisions via
- mathematical models, statistical analyses, simulations
- analytical reasoning and common sense
to enhance the understanding and improvement of real-world operations.
OR originated during World War II. The military uses OR at the strategic, operational, and tactical levels.
Military OR is explicitly about decision-making in the presence of a harmful adversary.
Biggest users of OR: modern corporations (including infrastructure owners & operators).
There is a large body of scientific work in OR that can be applied to critical infrastructure.
NPS has the oldest OR department in existence. We develop decision support tools that are of immediate operational relevance to the decision-maker.
Research in Optimization at the NPS Operations Research Department has included projects for all U.S. Services, many government agencies, and 30 of the Fortune 50. These are often centered around student Masters thesis projects.
For more information: