A Consistent Approach for Security Risk Assessments of Dams and Related Critical Infrastructure
Abstract
The Common Risk Model for Dams (CRM-D), developed in collaboration with the U.S. Army Corps of Engineers and the U.S. Department of Homeland Security, is a consistent, mathematically rigorous, and easy to implement methodology to assess the security risk at dams, navigation locks, hydropower projects, and similar infrastructures. It provides a systematic approach for evaluating and comparing security risks across a large portfolio. Risk is calculated for attack scenarios (a specific adversary using a specific attack vector against a specific target) by combining consequence, vulnerability, and threat estimates in a way that properly accounts for the relationships among these variables. The CRM-D can effectively quantify the benefits of implementing a particular risk mitigation strategy, enabling return-on-investment analyses for multiple mitigation alternatives across a large portfolio. Recently, refinements have been made to the methodology to characterize the complexities of adversarial threats and the ability to interdict their actions. In addition, this fully-featured methodology has been extended beyond site-specific defenses to consider the role of local and national defenses in mitigating the risk of attacks and is extensible to other types of critical infrastructures. This document discusses various features of the CRM-D methodology, as well as findings and lessons learned resulting from its recent implementation.
Document Details
- Document Type
- Technical Report
- Publication Date
- Jun 01, 2014
- Accession Number
- ADA605156
Entities
People
- Enrique E. Matheu
- J. D. Morgeson
- Jason A. Dechant
- Yazmin Seda-sanabria
- Yev Kirpichevsky
Organizations
- Institute for Defense Analyses