Center for Infrastructure Protection & Homeland Security

Incorporating Logical Dependencies and Interdependencies into Infrastructure Analyses

Frédéric Petit and Lawrence Paul Lewis, Risk and Infrastructure Science Center
Global Security Sciences Division, Argonne National Laboratory

Introduction

Critical infrastructure dependencies and interdependencies are fundamental considerations when assessing the resilience of infrastructure—and, ultimately, the resilience of the community, sector, or region in which the infrastructure is located. Critical infrastructure assets help other entities function by providing essential resources and services, which can also be used by other critical infrastructure, government entities, and the population. The needs and connections shared by different assets and across sectors warrant greater inclusion in infrastructure analyses. Most analyses focus primarily on physical, cyber, and, to a lesser extent, geographic interdependencies; however, logical relationships are also important to consider in understanding how critical infrastructure systems function. This paper presents an overview of elements that can be used to characterize and assess logical dependencies and interdependencies; it also proposes ways to operationalize and integrate the notion of logical dependencies and interdependencies in risk and resilience management methodologies.

General Concepts

Several taxonomies that have defined classes of dependency and interdependency have included notions of logical, policy/procedural, or societal interdependencies. Table 1 presents some of these definitions.

Table 1—Definitions of Logical, Policy/Procedural or Societal Interdependencies

Taxonomy Name Definitions
Rinaldi, Peerenboom, and Kelly – 2001[1] Logical Logical interdependencies may be more closely likened to a control schema that links an agent in one infrastructure to an agent in another infrastructure without any direct physical, cyber, or geographic connection.
Pederson et al. – 2006[2] Policy/Procedural An interdependency that exists due to policy or procedure that relates a state or event change in one infrastructure sector component to a subsequent effect on another component.
Pederson et al. – 2006[3] Societal The interdependencies or influences that an infrastructure component event may have on societal factors such as public opinion, public confidence, fear, and cultural issues.

Infrastructure is therefore logically dependent if its state of operations depends on the state of other infrastructure via a mechanism that is not a physical, cyber, or geographic connection. Infrastructure may be interdependent through more than one connection, but logical dependency is attributable to human decisions and actions of one asset that influence those of another (Figure 1).

Figure 1—Logical Dependencies
ANLFeb2016Figure 1

Logical dependencies and interdependencies occur at both operational and strategic levels. They relate to management decisions that affect an asset’s functioning. Figure 2 illustrates the four classes of interdependencies between two assets. Asset B’s decision is influenced by elements enacted by Asset A (e.g., geopolitical developments increase Asset A’s operational risks which in turn influences Asset B in the form of higher prices).

Figure 2—Interdependencies between Two Assets
ANLFeb2016Figure 2

Geographic dependencies and interdependencies relate to assets’ locations, terrain characteristics, and physical environmental factors whereas the three other classes of interdependencies are specific to the assets’ missions and functions. Physical dependencies and interdependencies act on physical systems (i.e., transfer of resources and equipment); cyber dependencies and interdependencies act on operations and control systems (i.e., transfer of data and information); and logical dependencies and interdependencies specifically affect assets’ functioning at a management level.

Logical Dependencies and Management

The logical dependencies and interdependencies that operate within an infrastructure asset can be characterized as the tasks required for its strategic management. These internal influences include the decision-making structures required for the direction and supervision of physical processes, cyber systems, employee procedures, and business administration. Management can be categorized into four general areas of activity:

  1. Operations, which include the administrative tasks necessary to oversee assets, direct activities, and gather value from the entity’s activities. Examples of these activities could include the day-to-day management of human resources, finance, and sales.
  2. Logistics, which include the coordination of processes necessary to acquire materials, create products or services, and distribute those products or services to users. Examples of these activities could include procurement, supply chain management, and business contact with upstream providers and downstream users.
  3. Continuity, which involves preparedness efforts to ensure that critical functions continue to operate despite incidents or can be recovered within a reasonably short period of time. Examples of these activities could include hazard mitigation, vulnerability assessment, emergency operations, and business continuity planning.
  4. Development, which involves the creation of future opportunities for growth and long-term value. Examples of these activities could include research, investment, partnerships, and marketing.

Logical Dependencies and Interdependencies in Infrastructure Analysis

Several elements may be considered when addressing upstream, internal, and downstream logical dependencies and interdependencies (Table 2).

Table 2—Elements to Consider for Analyzing Categories of Logical Dependencies

Upstream Internal Downstream
How external factors may affect the infrastructure’s operations (e.g., financial market; human resources, which require certain skills, training, and expertise). Consideration of human reliability, human error, and cognitive systems.[4] Identification of policies, regulations, and other logical elements enacted by an infrastructure that may impact other systems.

The identification and characterization of dependencies and interdependencies also require the consideration of several dimensions (i.e., operating environment, coupling and response behavior, type of failure, infrastructure characteristics, and state of operations).[5] Integration of these characteristics in a comprehensive approach is complex. Characterization of operating environment alone requires considering several elements:

  • Business/Economic—Economics and market forces shape production scheduling and business agreements.
  • Public Policy and Legal/Regulatory—Laws, regulations, or policies influence the growth and structure of organizations or bound the operating environment.
  • Technical/Security—Security and technical requirements influence modes of operation.
  • Health/Safety—Health and safety requirements and regulations affect the operation of associated systems.
  • Social/Political—Social or political factors may influence the operational decisions of owners and operators.

It can be difficult to consider all these elements in an assessment methodology. Furthermore, these elements characterizing the operating environment, and influencing all classes of dependencies (i.e., physical, cyber, logical, and geographic), are also the main elements defining logical dependencies and interdependencies.

Infrastructure analysis has primarily developed from the fields of engineering, physical, and cyber security. The consideration of logical dependencies, however, will require the incorporation of social, behavior, and economic concepts in order to develop new types of data, analysis, and products. The following elements should be considered:

  • Data
    • Mission, goals, and benchmarks of operations
    • Management and staff requirements
    • Financial and operating budgets
    • Internal and external rules and procedures
    • Plans and training details
    • Communication, information sharing, and partnerships
  • Analysis
    • Indicators measuring proactive and reactive decisions
    • Performance metrics for long and short-term management strategies
  • Products
    • Link strategic management to success/failure of physical and cyber elements
    • Link logical dependencies of one asset to another asset or region

Future Developments

Currently, several research teams are developing data collection tools[6] and models to allow for a more detailed analysis of critical infrastructure dependencies and interdependencies. Data collection and analyses are being developed to address physical, cyber, and geographic dependencies and initiate the anticipation and visualization of first-order cascading failures. However, most of the existing tools and models operate in isolation and have little interaction with complementary tools and models. Understanding logical dependencies and escalating failures is still a challenge. A multidisciplinary or “socio-technical” point of view is needed to fully elucidate the full range of influences acting upon infrastructure, from the individual asset to the sector level. Refining the concept of logical dependency and defining the elements characterizing this type of critical infrastructure relationship is essential in order to draw connections between infrastructure and its management, from the operator to the policy-maker. Novel assessments are being developed that incorporate the social, behavioral, economic, political, and legal forces that influence and are impacted by the strategic management of critical infrastructure. This capability will enable policy-makers, economic actors, infrastructure operators, and community planners to draw meaningful and actionable conclusions about the fundamental relationship between critical infrastructure sectors and their impact on community resilience.

Conclusion

Considering and understanding logical dependencies and interdependencies is important for enhancing the protection and resilience of critical infrastructure and complex systems. Logical dependencies have been relegated to a catch-all category of “human factors” and are rarely integrated in dependency assessments. The term is widely used but it has suffered from little further refinement beyond its identification. The lack of deeper inquiry into the human interests and activities that define these logical dependencies, such as business continuity principles and economic market forces, societal aspirations and development, equal access and distributive justice, is a significant deficiency in the holistic understanding of community resilience we seek to build. Logical interconnections are complex elements to identify and analyze. It can be difficult to differentiate between interactions existing at strategic management levels (e.g., operations, logistics, continuity, and development) and operating environment characteristics that influence all classes of dependencies and interdependencies (i.e., physical, cyber, logical, and geographic). The consideration of all classes of dependencies, including logical dependencies and interdependencies, requires multidisciplinary or “socio-technical” approaches.

Acknowledgments

The work presented in this paper was partially supported by Argonne National Laboratory under U.S. Department of Energy contract number DE-AC02-06CH11357. The submitted manuscript has been created by UChicago Argonne, LLC, Operator of Argonne National Laboratory (“Argonne”). Argonne, a U.S. Department of Energy Office of Science laboratory, is operated under Contract No. DE-AC02-06CH11357. The U.S. Government retains for itself, and others acting on its behalf, a paid-up nonexclusive, irrevocable worldwide license in said article to reproduce, prepare derivative works, distribute copies to the public, and perform publicly and display publicly, by or on behalf of the Government.

If you would like more information regarding this paper, please contact Frédéric Petit at fpetit@anl.gov.


References

[1] Steven M. Rinaldi, James P. Peerenboom, and Terrance K. Kelly,“Identifying, Understanding, and Analyzing Critical Infrastructure Interdependencies,” IEEE Control Systems Magazine (Dec. 2001), 11-25, available at http://user.it.uu.se/~bc/Art.pdf.

[2] P. Pederson, D. Dudenhoeffer, S. Hartley, and M. Permann, Critical Infrastructure Interdependency Modeling: A Survey of U.S. and International Research, (Idaho Falls; Idaho National Laboratory, Aug. 2006), available at http://cip.management.dal.ca/publications/Critical%20Infrastructure%20Interdependency%20Modeling.pdf.

[3] Ibid.

[4] Human reliability is the probability that an individual, a team, or a human organization, will accomplish a mission, under given condition, within acceptable limits, for a certain period of time. Human error is behavior that exceeds acceptable limits. Resilience engineering and cognitive analysis may be used to address the consideration of human factors in sociotechnical interactions. See James Reason, Human Error, (Cambridge, UK; Cambridge University Press, 1990).

[5] Rinaldi, “Identifying, Understanding, and Analyzing Critical Infrastructure Interdependencies.”

[6] For example, Argonne National Laboratory has provided key technical support to a U.S. Department of Homeland Security (DHS) program by developing a methodology for assessing critical infrastructure risk and resilience to a variety of natural and man-made hazards. Argonne also developed statistical and data-mining procedures to analyze and display data, including critical infrastructure dependencies, collected in easy-to-use “dashboards.”

Note on Aug. 18, 2016 update: In an effort to increase access to CIP Report content, we are optimizing previously published articles for search engines such as Google Scholar. No substantive changes have been made to the content of this article since it’s original publication. Thank you very much for reading.