CIPMA CRITICAL INFRASTRUCTURE PROTECTION MODELLING & ANALYSIS Overview of CIP in Australia Greg Scott Leader, Critical Infrastructure Project Risk & Impact Analysis Group Geoscience Australia Greg.Scott@ga.gov.au November 2007
CIP in Australia Definition Critical Infrastructure is defined as those physical facilities, supply chains, information technologies and communication networks which if destroyed, degraded or rendered unavailable for an extended period would significantly impact on the social or economic wellbeing of the nation or affect Australia s ability to conduct national defence and ensure national security
CIP in Australia The Drivers The need to minimise risks to public health, safety and confidence Ensure our economic security Maintain Australia s international competitiveness Ensure the continuity of government and its services
CIP in Australia - The Aim To ensure there are adequate levels of protective security on critical infrastructure, minimal single points of failure, and rapid, tested recovery arrangements
CIP in Australia The Process Identify critical infrastructure on a sectoral basis Analyse vulnerabilities, dependencies and interdependencies Protect from and prepare for all hazards AGD lead Australian Government agency for CIP
CIP in Australia A Risk Driven Approach Sector groups ID their critical infrastructure using agreed risk methodology Developed by ASIO Endorsed by CIAC Based on AS/NZS 4360 of 1999 Combining three variables: Threat, Vulnerability, Consequence
CIP in Australia Business Partnership Up to 90% of critical infrastructure is privately owned or operated on a commercial basis, as a consequence: CIP cannot be carried out solely by government a business-government partnership is required the active participation of owners and operators is needed, and also professional bodies, industry associations, all levels of government, and the public
CIP in Australia - TISN The Trusted Information Sharing Network for Critical Infrastructure Protection (TISN) owners and operators of CI and governments work together to share information includes a number of Infrastructure Assurance Advisory Groups (IAAGs) for different business sectors and expert advisory groups overseen by the Critical Infrastructure Advisory Council (CIAC)
Australia s Critical Infrastructure Protection Arrangements
CIP in Australia - CIAC Chaired by AGD Oversees IAAGs Provides advice to Attorney-General on national approach to critical infrastructure protection Comprises representatives from each of the IAAGs & EAGs States & Territories Relevant Australian Government agencies National Counter-Terrorism Committee
CIP in Australia - CIAC Concerned with medium-to-long-term issues of preventative aspects of CIP especially those issues that have cross sector implications NOT involved in response arrangements for security incidents Conduit to identify requirements for CI research
CIP in Australia - IAAGs Create an atmosphere of trust based around shared threats and vulnerabilities Nine IAAGs now established Currently working on a range of initiatives Identification of critical infrastructure (incl supply chains) for sector based on Risk Methodology Mitigation strategies Dependencies and interdependencies with other sectors
CIP in Australia The Process Identify critical infrastructure on a sectoral basis Analyse vulnerabilities, dependencies and interdependencies Protect from and prepare for all hazards How do we achieve this??
CIPMA CRITICAL INFRASTRUCTURE PROTECTION MODELLING & ANALYSIS Enhancing the Protection of Australia s National Critical Infrastructure
CIPMA CRITICAL INFRASTRUCTURE PROTECTION MODELLING & ANALYSIS Overview of CIPMA Greg Scott Leader, Critical Infrastructure Project Risk & Impact Analysis Group Geoscience Australia Greg.Scott@ga.gov.au November 2007
CIPMA Overview A national capability to assist business and government decision makers involved in critical infrastructure protection, counter-terrorism and emergency management A business-government partnership
CIPMA Overview A computer based tool in a secure facility that can be utilised by Australian businesses and governments to help answer important strategic and operational questions on an all hazards basis
CIPMA Overview A complex and robust capability Sector and systems behaviour, dependencies and relationships Identify vulnerabilities and resilience An all hazards approach Assurance of confidentiality and security
CIPMA Overview It includes: sector data and knowledge that builds a detailed picture network behaviour that shows relationships and dependencies complex models to assess the impacts and consequences of a disruption
CIPMA Overview SYSTEM MODELLING DECISION SUPPORT INFORMATION & DATA ELECTRICITY GAS ECONOMIC SOCIAL INVESTMENT BUSINESS CONTINUITY SECURITY RESILIENCE LIQUID FUELS COMMUNICATIONS BROADCASTING BANKING & FINANCE WATER
CIPMA Overview FUNDAMENTAL Imagery Topography Transport Cadastre Addresses Census Demography Buildings Admin. Bdys. LOCATIONAL Police Fire Ambulance SES Schools Hospitals Aged care Community facilities Icons Business Insurance INFRASTRUCTURE Electricity Gas Liquid fuels Telecoms Submarine cables Broadcasting Banking Water Assets Networks Behaviour Dependencies SCENARIOS Event models Exposure Vulnerability Impact analysis Social profiles Economic loss Casualties Fatalities
CIPMA Overview SYSTEM MODELLING DECISION SUPPORT INFORMATION & DATA ELECTRICITY GAS ECONOMIC SOCIAL INVESTMENT BUSINESS CONTINUITY SECURITY RESILIENCE LIQUID FUELS COMMUNICATIONS BROADCASTING BANKING & FINANCE WATER
CIPMA Overview
CIPMA Overview It is an all hazards approach Incorporates natural and human hazards Covers critical infrastructure networks and high priority precincts (eg Sydney and Melbourne CBDs) To help decision makers answer important operational and strategic questions relating to CIP, CT and EM
CIPMA Overview Operational and strategic questions - identify vulnerability and assess resilience Provide insights into the behaviour of complex networks Analyse relationships and dependencies Examine the flow-on consequences of infrastructure failure Identify choke points, single points of failure, and other vulnerabilities Assess mitigation strategies, business continuity plans and options for investment
CIPMA Overview The capability will be primarily used for prevention preparedness and planning recovery CIPMA will also address a range of incident response needs
CIPMA Overview Sector coverage of the capability Currently, three priority sectors energy communications banking and finance Water as the 4 th sector was announced on 12 Sept 2006 Transport the 5 th sector?
CIPMA CRITICAL INFRASTRUCTURE PROTECTION MODELLING & ANALYSIS CIPMA Architecture & Analysis Workflow Greg Scott Leader, Critical Infrastructure Project Risk & Impact Analysis Group Geoscience Australia Greg.Scott@ga.gov.au November 2007
CIPMA Architecture and Workflow SCENARIOS DATA & MODELS IMPACT & RECOVERY DECISION SUPPORT EVENT PROPAGATION Hazard Models Natural Environment Seasonal Factors Man Made Time of Year Population Activity Weather Mass Gathering People DATA Buildings Infrastructure System Connectivity Data Relationships MODELS Supply/Demand Behaviour Business Rules Interdependence Exposure Time IMPACT Vulnerability Damage States Systems Disruption Area RECOVERY System Asset Business Continuity COST Duration Event Impact Recovery Social Economic RISK MANAGEMENT Increased Resilience VISUALISATION
Earthquake, Wind, Tsunami, Flood, Blast, Plume, etc Event 7.0 ML x Hazard Models Physical Environment affected Risk - Annual Damage Percentage 0.0035 0.003 0.0025 0.002 0.0015 0.001 0.0005 System Models 0 Vulnerability Mean+1SD cummulative risk Mean cummulative risk Mean-1SD cummulative risk 10 100 1000 10000 100000 Return Period considered (years) CI damage state estimates Cost / Recovery Geospatial Database Recovery of disrupted CI Built Environment asset function (% over time) Estimated capital stock losses People Direct Loss Macro-Economic Buildings Infrastructure Business Residential Estimated losses Real GRP, Consumption, Employment, Investment Impact footprint over time Age, Income, Employment, Activity, etc Population affected Community Profiles Casualties Business resilience Injuries, Fatalities, Medical costs Disruption induced financial costs & revenue losses Indirect Loss Estimated productivity losses
CIPMA CRITICAL INFRASTRUCTURE PROTECTION MODELLING & ANALYSIS CIPMA Sectors, Data & Models will also be presented but are not for distribution