Download PDF Frontiers of Engineering December 1, 2001 Volume 31 Issue 4 Frontiers of Engineering Bridge Issue Winter 2001 Interdependencies in Civil Infrastructure Systems Wednesday, December 3, 2008 Author: Miriam Heller Integrated information systems can increase accuracy, improve services and products, reduce capacity needs, make utilization more efficient, and reduce costs. Information systems hold the key to the efficient planning, design, construction, operation, maintenance, and retirement of our nation’s very valuable civil infrastructure assets. Information systems are already being integrated into infrastructure operations to exploit new technologies, compensate for capacity limitations, address regulatory changes, increase efficiency, and protect against natural, accidental, and deliberate threats. Integrated information-infrastructure systems drive traffic signals and variable message signs on roadways and bridges, monitor potable water quality at treatment plants, pump water and wastewater, and activate switches in telecommunications systems that command transportation and water networks. All of these capabilities are enabled by energy and power infrastructures, which, in turn, depend on even more information infrastructure. In short, information systems can make or break civil infrastructure. Integrated information systems have substantially improved unit-level and component-level operating efficiencies in transportation, water, telecommunications, and power infrastructures, just to name a few. The benefits include increased accuracy, expanded and improved services and products, reduced capacity needs, higher utilization, and lower costs. Theory suggests that further efficiencies are achievable by integrating information systems at increasingly higher levels: the subsystem level, the system level, and even across infrastructure systems. History suggests, however, that further efficiencies might be difficult to realize because of trade-offs with induced vulnerabilities. As the automation of infrastructure systems increases, system behaviors are becoming complex beyond comprehension and more far-reaching than was ever anticipated. Interdependencies can reverberate perturbations globally. In 2001, for example, the real-life restructuring of California’s electricity industry demonstrated linked and unexpected effects. Fuel production, refining, and distribution were disrupted, sometimes cutting off fuel supplies to the very plants that should have been generating their electricity. Interruptions in water distribution affected the state’s agribusiness. Soaring wholesale power prices had rippling regional effects. In Washington state, salmon-protection and air-quality regulations had to be relaxed and aluminum mills shut down. Idaho farmers curtailed potato production to exploit Idaho Power Company’s electricity buy-back program. This paper focuses on the tension between the need to push our civil infrastructure systems to higher levels of efficiency and competitiveness and the need to ensure minimum levels of service, reliability, and security, even under critical conditions. To set the scene, some recent history is given, and infrastructure systems are described in terms of their performance, interdependencies, and vulnerabilities. This is followed by a description of some emerging frameworks that promise to capture these "systems of systems" and their interdependencies. A case study is presented highlighting the benefits of exploiting interdependencies, and research challenges are identified. Infrastructure Interdependencies Infrastructure interdependencies appeared on the radar screens with Presidential Decision Directive 63 (PDD-63) on Critical Infrastructure Protection. Prompted by the Oklahoma City bombing in 1995 and the 1996 Defense Science Board Task Force on Information Warfare, PDD-63 was the culmination of a 15-month study by the President’s Commission on Critical Infrastructure Protection, which revealed the rapidly growing capability of exploiting energy, banking and finance, transportation, vital human services (water, wastewater, and health services), and telecommunications infrastructures, especially through digital infrastructures (PDD63, 1998). The directive acknowledged that our national and economic security depend on the critical infrastructures and information systems that support them. To ensure their reliability and protection, committees were established for each infrastructure sector and paired with their agency counterparts to study sector-specific problems. These initiatives have focused on protecting information systems against malicious intrusions (cyber attacks) that could cause the banking, finance, power systems, and other critical infrastructures to fail. Infrastructure systems are also vulnerable to myriad stresses and failures as a result of everyday interdependencies, insufficiencies, and inefficiencies. Cascading power blackouts in the United States in July and August 1996 cost an estimated $1.5 billion, including related infrastructure and environmental impacts (Amin, 2000). On a grander scale, recent estimates of the annual cost to the U.S. economy from non-cyber power disturbances exceed $119 billion, most of which is related to disruptions to discrete manufacturing and electricity-dependent utilities (Lineweber and McNulty, 2001). Traffic congestion costs the nation an additional $78 billion annually in 4.5 billion hours of extra travel time and 6.8 billion gallons of fuel idled away in traffic jams (TTI, 2001). The longer we neglect these problems, the more they will create new and exacerbate old infrastructure vulnerabilities. The estimated cost of maintaining the status quo of existing infrastructure systems is $1.3 trillion over the next five years (ASCE, 2001). Although this figure seems high at first glance, it seems reasonable considering that the total U.S. investment in infrastructure is more than $7 trillion (CERF, 1997). Natural interventions test the robustness and reliability of infrastructure design. The cost of earthquakes averages $4.4 billion per year (FEMA, 1999). Another intervention, space weather, was the culprit in 1998. When the Galaxy 4 satellite’s attitude control system failed, radio, television, pager, bank machine, and other satellite-linked services across North America were disrupted. As an example of the cost, two pager companies that did not have backup systems in place lost $5.8 million. Indirect and intangible costs included lost credit card sales, missed market trades, inability to contact doctors and emergency medical services, and many others. The tragedies of September 11, 2001, have given us new data on the costs of physical infrastructure catastrophe, their interdependencies, and their resiliency. In the first weeks after the attacks, losses to the air transportation industry were estimated at $320 million per day. The direct and indirect costs of the closure of Reagan National Airport, the drastic decrease in tourism, lower consumer spending, and bankruptcies will probably never be tallied. The disaster relief package of $40 billion from the federal government provides, at best, a lower bound. The structural changes to the U.S. economy and the American life style have yet to be fully realized, much less assessed. As a result of these events, questions about how to manage the life cycle (i.e., the design, construction, operation, maintenance, and retirement) of civil infrastructure systems and their digital infrastructure adjuncts have become urgent. What methods and tools can capture, clarify, and predict the complex behaviors and interdependencies of infrastructure systems? How can maximal efficiency during normal operations be balanced with resiliency, sustainability, and minimal vulnerability to common and catastrophic failures? Which measures of performance adequately capture system(s) complexity? Who are the decision makers and stakeholders, and what are their goals and objectives? How can risk and uncertainty be incorporated into the design and management of infrastructure systems? Even before September 11, these questions had taken on greater urgency as infrastructure systems were being pressed to meet or surpass the levels of efficiency of the systems that create the demand for their services (e.g., just-in-time manufacturing, e-commerce sales and procurement, and overnight delivery). The vulnerabilities intrinsic to interdependent, slack-free, deteriorating, or externally threatened systems must be understood, predicted, sensed, and engineered to meet multiple performance measures. Optimizing these systems for normal conditions without considering the costs, risks, and uncertainties of “abnormal” conditions would be shortsighted and even dangerous. But even the horrors of September 11 must not blind us to the ongoing need for investing in the design and operation of infrastructures that can, and do, cost billions of unnecessary dollars and lead to many deaths every year. Emerging Frameworks Developing a model of a single infrastructure system, with its own patterns of use, its interactions with associated natural and economic systems, and its reactions to technological and natural interventions, poses serious challenges. Many infrastructure systems (e.g., power, transportation, and telecommunications) are complex adaptive systems (CASs), that is, their collective, systemic behavior is emergent (i.e., it follows patterns that result, yet are not analytically predictable from, dynamic, nonlinear, spatiotemporal interactions among a large number of components or subsystems [Coveney and Highfield, 1995]). Because a CAS is greater than the sum of its parts, the system can only be described at levels higher than the components. The size and frequency of electricity disturbances, for instance, obey the power law, a characteristic of complex systems at the critical edge between order and chaos (Amin, 2001). CASs are adaptive in that the capabilities of components and decision rules change over time in response to interactions with other components and external interventions (Gell-Mann, 1994). Despite the challenges, modeling systems of infrastructure systems, whether CAS or not, is necessary for optimal life-cycle management of civil infrastructure systems. Much remains to be done to develop models and merge individual models of coupled systems, including formalizing theories and conceptual frameworks for meta-infrastructure systems to support them. Although new methods and tools for individual infrastructure system models have been evolving, fewer attempts have been made, and even fewer successes attained, at modeling meta-infrastructure systems. Rinaldi et al. (2001) have proposed a general framework for characterizing infrastructure interdependencies. The framework identifies infrastructure systems as CASs and provides details for developing agent-based simulations (ABSs) of complex systems. The authors identify six dimensions of infrastructure interdependencies: infrastructure environment, coupling, response behavior, failure types, infrastructure characteristics, and state of operation. Analyzing infrastructure in these terms yields new insights into infrastructure interdependencies. They also identify four types of interdependencies: physical, cyber, logical, and geographical. In a physical interdependency, the states of two infrastructures (e.g., a coal-transporting rail network and a coal-fired electrical plant that supplies the power to that rail network) depend on the material output of both. Other interesting issues are also raised, including requirements for an information architecture; data capture, storage, and privacy; and model metrics. Haimes and Jiang (2001) extend Leontief’s economic input-output models to evaluate the risk of inoperability in interconnected infrastructures as a result of one or more failures subject to risk management resource constraints. Interdependence is captured in Leontief’s production coefficients, which here represent the probability of an interconnected infrastructure component propagating inoperability to another component. Infrastructure components are also subject to independent risks of failure. Finally, each component has an associated coefficient reflecting the amount of some resource (e.g., funds or personnel) required to manage the risk of inoperability. Thus, infrastructures are interdependent through failure propagation, specified in geographical, functional, temporal, and political dimensions, and through the allocation of limited resources for risk management. The authors also propose a hierarchical adaptation of this model to avoid over-aggregation and reductionism, reduce the dimensions of problems, provide more realistic systems models (both static and dynamic), and enable multi-objective analyses. Another approach based on economics by Friesz et al. (2001) defines a spatial computable general equilibrium (SCGE) model of an economy comprised of spatially separated markets interconnected by a generalized transportation network. Each infrastructure model is conceptually extended to capture interdependencies using a multilayer network of SCGE models with interlayer coupling constraints. The authors first identify five sources of interdependency with the aim of devising a mechanism to express them mathematically. Interdependencies can be physical, budgetary, market-based or spatio-economically competitive, information-based, or environmental. The static model yields equilibrium values for the supply price of the commodity (e.g., goods, passengers, messages, data, water, or energy), flow quantity and path, levels and locations of commodity production, and transport costs. Methods of modeling the system dynamically, including ABS, are suggested for evaluating and enhancing infrastructure systems design and capital budget allocations for operations, maintenance, and replacement. ABSs are emerging as the most promising modeling techniques for predicting, controlling, and optimizing infrastructure systems. Like CASs, agents in ABSs execute relatively simple decision rules within the structural definition and constraints of the infrastructure system(s). Agents’ decisions are responses to the information they have about the system, some of which may be sensed. ABS has two advantages. First, ABS can represent CAS without resorting to inappropriate analytical models; at the same time, it can enable predictions of the desirability of different policy options. North (2000) developed a series of ABSs to explore pricing and various levels of competition with deregulated electric utilities. The simulations addressed the effects of price swings for natural gas, such as those that would follow a pipeline interruption; the number of companies needed for truly competitive markets; and the identification of companies colluding to drive up electricity prices. Second, ABS may offer an improved control paradigm that can be implemented at the hardware level. With centralized control, infrastructure systems are vulnerable to the weakest link; distributed control can limit, localize, and allocate risk. Some models have been proposed whereby infrastructure system agents could automatically reconfigure a system to "heal" failures (Amin, 2000). Distributed control also enables distributed power generation, as well as the control of multiple infrastructure systems. The meta-infrastructure system approaches described above are reasonably representative of the current state of the art. It is interesting to note that none of these frameworks deals explicitly with interdependencies induced by sharing input resources. Physical interdependencies in Rinaldi come the closest; Friesz et al. and Haimes and Jiang both use implicit notions of activity levels. Interdependencies from resource sharing arise when improved efficiency is achieved by reducing redundancy across systems. When systems use resources completely independently of one another to provide their respective services, the systems are independent with respect to that resource, assuming perfect market competition. If the resources could have been shared but were not, the resources were redundant. Every reduction in redundancy in these systems through resource sharing creates a certain class of system interdependency. Reduced redundancy, the elimination of a redundant power generator, and high utilization of remaining generators, for example, can render a system more vulnerable. A beneficial example of resource sharing would be a hydropower facility and a drinking water plant that use and reuse the same river flow to generate their respective services. In fact, the chief of the Bureau of Reclamation recently stated that to use water stored by 457 dams in the western United States as efficiently as possible water should be passed through the dams multiple times for recreation, power generation, and irrigation (WaterTech Online, 2001). Finally, tracking resource quantities explicitly would make possible more accurate assessments of the external costs (e.g., environmental impact) of using those resources. Case Study Colorado Springs Utilities, an innovative western water utility that has been researching multiple uses of water resources, estimates the benefits would be worth more than $500,000 per year, not including windfalls from high electricity prices (Jentgen, 2001). Their energy and water quality management system (EWQMS) is conceptually an extension of electric utilities’ energy management systems (EMSs), which include power generation control and real-time power systems analysis. Some aspects of the EWQMS can be substantially more complicated than EMS. For example, in an EWQMS where hydropower is an option, decisions about pumped storage are coupled with the selection of electricity sources to exploit time-of-day electricity pricing. Alternatively, if spot market prices are exorbitant, hydropower might best be used to generate electricity for sale. Whereas EMS’s power generation control has a short-term load-forecasting component, the EWQMS has two sets of demands to predict and satisfy: one for electricity and one for water. In addition, scheduling decisions must also consider (1) what quantity of raw water from which source is subject to water rights and quantity and quality constraints, given variable pumping costs; (2) what quantity of water to treat at which plant, given variable treatment costs; and (3) what pumps to use for distribution, collection, and wastewater treatment and which ones to take off line for maintenance. This case study shows how shared resources can simultaneously improve efficiency and reduce vulnerability through resource reuse. Heller et al. (1999) discuss the concept of shared resources as a means of achieving regional eco-efficiency. In this context, information system boundaries are extended to coordinate the shared production, consumption, treatment, or reuse of electricity, water, and wastewater resources among regional utilities and manufacturing facilities. Future Research Interdependencies in civil infrastructure systems require much more attention and study. As long as we treat infrastructure systems in isolation, we will perpetuate suboptimal systems operations, inefficient resource use, and vulnerability to the risks and uncertainties of failure. We need new frameworks for understanding systems of infrastructure systems as a basis for modeling the complex behaviors of individual infrastructure systems as well as coupled systems. Specifically, research should be focused on meta-infrastructure systems models in the context of multiple large-scale complex adaptive systems. We also need methodologies for designing and operating these systems of systems in a way that provides the best trade-offs in terms of efficiency, vulnerability, resiliency, and other competing objectives, under normal and disrupted conditions. Another area for research is the development of multiple performance measures and economic models that accommodate them to capture multiple stakeholders’ interests and decision makers’ missions, constituencies, resources, and schedules. Design and operations must be performance-based. Metrics and economic models must address organizational and human errors and threats, as well as the risks and uncertainties of extreme events. New paradigms for distributed control should be investigated and compared with centralized control options. To provide more and better information, research could focus on the design and development of infrastructure-level sensor systems and data management systems. Finally, efforts must be directed toward educating and training a workforce for research in infrastructure interdependencies. Infrastructure systems, which were engineered to facilitate the competitive flow of people, goods, energy, and information, have expanded far beyond their original design specifications. To meet the exigencies of our greatly changed world, we must rethink and reengineer infrastructure systems life cycles to serve their original purposes under new conditions, such as globalization, deregulation, telecommunications intensity, and increased customer requirements. We must make sure information system interdependencies contribute to solutions and do not exacerbate, or even become, the problem. Acknowledgments Many thanks to P. Nelson, T. Kelly, M. Amin, K. Sullivan, E. Casman, G. Marino, and M.E. Porter for contributing to this paper, and to the National Science Foundation for the compensated time. Note The opinions expressed in this paper are those of the author only, and do not necessarily represent those of the National Science Foundation or any other entity with which the author has been or is now affiliated. References Amin, M. 2000. Toward self-healing infrastructure systems. IEEE Computer 33(8):44-53. Amin, M. 2001. EPRI/DoD Complex Interactive Networks/Systems Initiative. Workshop on Mitigating the Vulnerability of Critical Infrastructures to Catastrophic Failures, Alexandria Research Institute, September 10-11, 2001. ASCE (American Society of Civil Engineers). 2001. The 2001 Report Card for America’s Infrastructure. CERF (Civil Engineering Research Foundation). 1997. Partnership for the Advancement of Infrastructure and Its Renewal through Innovative Technologies. Coveney, P., and R. Highfield. 1995. Frontiers of Complexity: The Search for Order in a Chaotic World. New York: Fawcett. FEMA (Federal Emergency Management Agency). 1999. HAZUS?: Estimated Annualized Earthquake Losses for the United States. Washington, D.C.: Federal Emergency Management Agency. Friesz, T., S. Peeta, and D. Bernstein. 2001. Multi-layer Infrastructure Networks and Capital Budgeting. Working Paper TF0801A. Department of Systems Engineering and Operations Research, George Mason University, Fairfax, Virginia. Gell-Mann, M. 1994. Complex adaptive systems. Pp. 17-28 in Complexity: Metaphors, Models and Reality, G.A. Cowan, D. Pines, and D. Meltzer, eds. Reading, Mass.: Addison-Wesley. Haimes, Y.Y, and P. Jiang. 2001. Leontief-based model of risk in complex interconnected infrastructures. ASCE Journal of Infrastructure Systems 7(1):1-12. Heller, M., E.W. von Sacken, and R.L. Gerstberger. 1999. Water utilities as integrated businesses. Journal of the American Waterworks Association 91(11):72-83. Jentgen, L. 2001. Implementation Prototype Energy and Water Quality Management System. Presentation at the American Waterworks Association International Conference, Washington, D.C., June 22, 2001. Lineweber, D., and S. McNulty. 2001. The Cost of Power Disturbances to Industrial and Digital Economy Companies. North, M.J. 2000. An Agent-Based Tool for Infrastructure Interdependency Policy Analysis. Presentation at the Rand Workshop on Complex Systems and Policy Analysis: New Tools for a New Millennium, Washington, D.C., September 28, 2000. Available online at: <http://www.rand.org/scitech/stpi/Complexity/>. PDD63 (Presidential Decision Directive 63). 1998. The Clinton Administration’s Policy on Critical Infrastructure Protection: Presidential Decision Directive 63. Rinaldi, S.M., J.P. Peerenboom, and T. Kelly. 2001. Complexities in identifying, understanding, and analyzing critical infrastructure interdependencies. Accepted for publication in IEEE Control Systems, December 2001. TTI (Texas Transportation Institute). 2001. The 2001 Urban Mobility Study. College Station, Texas: Texas Transportation Institute. WaterTech Online. 2001. U.S. Official Calls for More Water Recycling. Available online at <http://waternet.com/News.asp?mode=4&N_id=24622 >. About the Author:Miriam Heller is program director of the Infrastructure and Information Systems Program at the National Science Foundation.