Improving Critical InfrastructureResilience with Application to PowerDistribution NetworksbyAbdullah AlsubaieB.Sc., King Fahd University of Petroleum and Minerals, 2004M.Eng, The University of British Columbia, 2010a thesis submitted in partial fulfillmentof the requirements for the degree ofDoctor of Philosophyinthe faculty of graduate and postdoctoral studies(Electrical and Computer Engineering )The University of British Columbia(Vancouver)October 2016c© Abdullah Alsubaie, 2016AbstractOur modern societies are dependent on the functioning of infrastructure systems thatsupport economic prosperity and quality of life. These infrastructure systems face anincreasingly set of threats, natural or man-made disasters, that can cause significantphysical, economic, and social disruptions. Recent extreme events have shown thattotal protection can not be accomplished. Therefore, Critical Infrastructure Pro-tection strategies should focus not only on the prevention of these events but alsoon the response and recovery following them. This shift is realized by the conceptof infrastructure resilience. In this thesis, we address the problem of assessing andimproving infrastructure resilience. The contributions of this thesis focus on mod-elling, simulation, and optimization of infrastructure systems with respect to theirresilience to extreme events. We first develop a resilience assessment framework forinterdependent infrastructure systems. The developed framework provides a quanti-tative means to assess infrastructure resilience by introducing a generalized resilienceindex. To account for the inherent complexity due to infrastructure interdependen-cies, we use the Infrastructure Interdependency Simulator (i2Sim) framework formodelling and simulating the studied infrastructure. The resilience improvementproblem is formulated using the proposed resilience index as a resources allocationoptimization problem. The problem aims at finding the best allocation of avail-able resources such as power and water to mitigate the consequences of a disaster.Two solutions algorithm are proposed to solve the problem: the first one uses aiisimulation-optimization approach based on the Ordinal Optimization theory, andthe second one uses a Linear Programming formulation. Results of both algorithmsshow that infrastructure resilience can be greatly improved by efficient allocations ofavailable resources. In addition, a prioritization methodology is developed to assessdecision makers to direct resilience investment to the most important componentsin the infrastructure. Finally, an optimal power distribution network reconfigura-tion algorithm is developed to complement the two resources allocation algorithmsby solving the technical feasibility problem of the power distribution network. Aheuristic computationally inexpensive optimization algorithm is developed based onGraph theory for solving this problem. The proposed algorithms are tested usingdifferent test cases and promising results are achieved.iiiPrefaceThe contributions pointed in this dissertation have led to a number of already pub-lished, or currently under preparation for publications in journals and conferences.My research work and all my publications have been done by me under the super-vision of Prof. Jose´ R. Mart´ı. The co-authors of the publications have provided uswith constructive feedback.The outcomes of each chapter in terms of publications are as follows. A majorpart of chapter 3 was first presented in the 10th International Conference On CriticalInformation Infrastructures Security 2015 and is scheduled to appear as a bookchapter in the proceedings book:• A. Alsubaie, K. Alutaibi, J. R. Mart´ı, “Resilience Assessment of Interdepen-dent Critical Infrastructure,” to appear in Critical Information InfrastructureSecurity, Springer International Publishing, 2016.Work presented in chapter 4 section 4.3 was published in the 2014 IEEE CanadaInternational Humanitarian Technology Conference (IHTC):• A. Alsubaie, J. R. Mart´ı, K. Alutaibi, A. Di Pietro and A. Tofani “Re-sources Allocation in Disaster Response Using Ordinal Optimization BasedApproach,” Humanitarian Technology Conference - (IHTC), 2014 IEEE CanadaInternational, Montreal, QC, Jun. 2014.Work presented in chapter 4 section 4.5 was published in the EIC Climate ChangeivTechnology Conference 2015:• A. Alsubaie, K. Alutaibi, J. R. Mart´ı, “A Methodology for Identifying Criti-cal Components in Physical Infrastructures” EIC Climate Change TechnologyConference, Montreal, QC, May. 2015.vTable of ContentsAbstract . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . iiPreface . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . ivTable of Contents . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . viList of Tables . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xList of Figures . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xiiGlossary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xvAcknowledgments . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xviiDedication . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .xviii1 Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11.1 Motivation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11.2 Problem Statement and Research Objectives . . . . . . . . . . . . . 51.3 Thesis Contributions and Structure . . . . . . . . . . . . . . . . . . . 62 Critical Infrastructure Modelling and Simulation . . . . . . . . . . 82.1 Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 82.1.1 Applications of Critical Infrastructure Modelling . . . . . . . 8vi2.1.2 Challenges of Critical Infrastructure Modelling . . . . . . . . 112.2 Literature Review on CI Modelling and Simulation . . . . . . . . . . 112.3 Modelling Framework . . . . . . . . . . . . . . . . . . . . . . . . . . 152.3.1 i2Sim Modelling and Simulation Framework . . . . . . . . . . 152.3.2 i2Sim Ontology . . . . . . . . . . . . . . . . . . . . . . . . . . 162.3.3 i2Sim Models . . . . . . . . . . . . . . . . . . . . . . . . . . . 182.3.4 Integrating i2Sim with Domain Simulators . . . . . . . . . . . 212.4 Mathematical Formulation of The i2Sim Framework . . . . . . . . . 222.4.1 i2Sim Cell Model Approximation . . . . . . . . . . . . . . . . 232.4.2 i2Sim System of Equations . . . . . . . . . . . . . . . . . . . 252.5 Model Development for the Case Study . . . . . . . . . . . . . . . . 282.5.1 Infrastructure Models . . . . . . . . . . . . . . . . . . . . . . 302.5.2 Mathematical Formulation . . . . . . . . . . . . . . . . . . . 332.5.3 Extreme Event Scenario . . . . . . . . . . . . . . . . . . . . . 352.6 Conclusion . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 373 Resilience of Critical Infrastructure . . . . . . . . . . . . . . . . . . 393.1 Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 393.2 Literature Review on CI Resilience . . . . . . . . . . . . . . . . . . . 403.2.1 Resilience Definition . . . . . . . . . . . . . . . . . . . . . . . 403.2.2 Resilience Assessment . . . . . . . . . . . . . . . . . . . . . . 423.3 Resilience Concept within Critical Infrastructure Protection Analysis 443.4 Resilience Assessment Framework . . . . . . . . . . . . . . . . . . . . 463.4.1 Critical Infrastructure Systems Attributes . . . . . . . . . . . 463.4.2 System Modelling . . . . . . . . . . . . . . . . . . . . . . . . 483.4.3 Resilience Measure . . . . . . . . . . . . . . . . . . . . . . . . 493.5 Illustrative Example . . . . . . . . . . . . . . . . . . . . . . . . . . . 533.6 Generalized Resilience Index . . . . . . . . . . . . . . . . . . . . . . . 54vii3.6.1 GRI Function for the Case Study . . . . . . . . . . . . . . . . 573.7 Cyber-Physical Interactions within Resilience Assessment . . . . . . 613.8 Improving Critical Infrastructure Resilience . . . . . . . . . . . . . . 623.9 Conclusion . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 634 Optimal Resources Allocation for Resilience Improvement . . . . 654.1 Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 654.2 Literature Review on Resources Allocation Optimization in CI . . . 664.3 Resources Allocation using Ordinal Optimization-Based Algorithm . 694.3.1 Overview of Ordinal Optimization . . . . . . . . . . . . . . . 694.3.2 Problem Formulation . . . . . . . . . . . . . . . . . . . . . . 724.3.3 OO-Based Algorithm . . . . . . . . . . . . . . . . . . . . . . . 744.3.4 Case Study Results . . . . . . . . . . . . . . . . . . . . . . . . 774.4 Resources Allocation using Linear Programming . . . . . . . . . . . 824.4.1 Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . 824.4.2 Problem Formulation . . . . . . . . . . . . . . . . . . . . . . 834.4.3 Case Study Results . . . . . . . . . . . . . . . . . . . . . . . . 854.5 Prioritization of CI Systems . . . . . . . . . . . . . . . . . . . . . . . 874.5.1 Critical Infrastructure Ranking . . . . . . . . . . . . . . . . . 894.5.2 Case Study Results . . . . . . . . . . . . . . . . . . . . . . . . 914.6 Discussion and Conclusion . . . . . . . . . . . . . . . . . . . . . . . . 945 Resilience of Power Distribution Networks . . . . . . . . . . . . . 975.1 Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 975.2 Literature Review of Power Distribution Networks Resilience . . . . 985.3 Resilience Assessment Framework for Power Distribution Networks . 1015.4 Improving Power Distribution Networks Resilience . . . . . . . . . . 1035.5 Optimal Network Reconfiguration for Power Distribution Networks . 105viii5.6 ONR for CI Restoration using A Minimum Spanning Tree Based Al-gorithm . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1065.6.1 System Models . . . . . . . . . . . . . . . . . . . . . . . . . . 1075.6.2 Problem Formulation . . . . . . . . . . . . . . . . . . . . . . 1095.6.3 Solution Algorithm . . . . . . . . . . . . . . . . . . . . . . . . 1105.6.4 Test Cases . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1155.7 Conclusion . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1196 Conclusion . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1236.1 Future Research Directions . . . . . . . . . . . . . . . . . . . . . . . 125Bibliography . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 128A Minimum Spanning Trees . . . . . . . . . . . . . . . . . . . . . . . . 138ixList of TablesTable 2.1 List of Critical Infrastructure Systems in Different Nations. . . . . 9Table 2.2 Different Classifications and Comparisons Criteria in Infrastruc-ture Modelling and Simulation Literature. . . . . . . . . . . . . . 12Table 2.3 Output capacity of the modeled electrical substations. . . . . . . 31Table 2.4 The HRT table for substation P1. . . . . . . . . . . . . . . . . . . 31Table 2.5 Treatment rate for the modeled hospitals. . . . . . . . . . . . . . 32Table 2.6 Requirements of the modeled hospitals at full capacity. . . . . . . 32Table 2.7 Input and output data for the i2Sim water station models. . . . . 33Table 3.1 Literature survey of resilience assessment in infrastructure. . . . . 44Table 3.2 A GRI table example. . . . . . . . . . . . . . . . . . . . . . . . . . 56Table 3.3 GRI table for the case study. . . . . . . . . . . . . . . . . . . . . . 60Table 3.4 Types of cyber-physical failures. . . . . . . . . . . . . . . . . . . . 62Table 3.5 Examples of resilience actions for reducing vulnerability. . . . . . 63Table 3.6 Examples of resilience actions for increasing adaptive capacity. . . 63Table 4.1 Comparison of results. . . . . . . . . . . . . . . . . . . . . . . . . 79Table 4.2 RALP Optimization Model . . . . . . . . . . . . . . . . . . . . . . 85Table 4.3 RALP Parameters. . . . . . . . . . . . . . . . . . . . . . . . . . . 86Table 4.4 Comparison of results. . . . . . . . . . . . . . . . . . . . . . . . . 86xTable 4.5 Ranking of failure sets for 100% failure mode. . . . . . . . . . . . 92Table 4.6 Ranking of failure sets for 50% failure mode. . . . . . . . . . . . . 93Table 4.7 Comparison of results. . . . . . . . . . . . . . . . . . . . . . . . . 94Table 5.1 Examples of resilience attributes for the power distribution network.102Table 5.2 Obtained solutions for the 33-nodes network reconfiguration . . . 118Table 5.3 Obtained solutions for the 70-nodes network reconfiguration . . . 121xiList of FiguresFigure 1.1 Estimated Damage by Reported Natural Disasters 1975-2010 [1].Source: EM-DAT: The OFDA/CRED International Disaster Databasewww.emdat.be Universit Catholique de Louvain Brussels Belgium. 2Figure 1.2 DOE Resilient Electrical Distribution Grid R&D Needs [2]. . . . 4Figure 2.1 The i2Sim Ontology. . . . . . . . . . . . . . . . . . . . . . . . . . 16Figure 2.2 An example of an i2Sim model. . . . . . . . . . . . . . . . . . . . 19Figure 2.3 A conceptual i2Sim cell model. . . . . . . . . . . . . . . . . . . . 20Figure 2.4 An example of integrating i2Sim model with domain simulators. 22Figure 2.5 DR-NEP Architecture. . . . . . . . . . . . . . . . . . . . . . . . . 23Figure 2.6 An example a Human Readable Table [3]. . . . . . . . . . . . . . 24Figure 2.7 Function coefficients and function evaluation at some points . . . 26Figure 2.8 A plot of HRT fitted function . . . . . . . . . . . . . . . . . . . . 26Figure 2.9 Main i2Sim model for the case study . . . . . . . . . . . . . . . . 29Figure 2.10 i2Sim general model for electrical substation . . . . . . . . . . . 31Figure 2.11 Hospitals’ outputs in the base case scenario . . . . . . . . . . . . 37Figure 3.1 Key characteristics of resilience definitions from different disciplines. 43Figure 3.2 Proposed resilience assessment framework. . . . . . . . . . . . . . 46Figure 3.3 i2Sim simulation layers [3]. . . . . . . . . . . . . . . . . . . . . . 49xiiFigure 3.4 Graphical representation of resilience. . . . . . . . . . . . . . . . 50Figure 3.5 Graphical representation of resilience with constant time step andsingle output. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 51Figure 3.6 Graphical representation of resilience with constant time step andmultiple outputs. . . . . . . . . . . . . . . . . . . . . . . . . . . . 52Figure 3.7 Time line of the simulated events. . . . . . . . . . . . . . . . . . 53Figure 3.8 Simulated results for the four cases in the illustrative example. . 55Figure 4.1 Ordinal Optimization [4]. . . . . . . . . . . . . . . . . . . . . . . 71Figure 4.2 OPC Classes [4]. . . . . . . . . . . . . . . . . . . . . . . . . . . . 72Figure 4.3 The interaction between RAOO algorithm and i2Sim. . . . . . . 74Figure 4.4 RAOO Algorithm. . . . . . . . . . . . . . . . . . . . . . . . . . . 75Figure 4.5 Sample sets using LDS vs. standard Pseudo-random generators. 77Figure 4.6 OPC plot for the case study. . . . . . . . . . . . . . . . . . . . . 78Figure 4.7 Comparison of the hospitals’ outputs using RAOO algorithm. . . 80Figure 4.8 Comparison of P2, P4, and W1 outputs using RAOO algorithm. 81Figure 4.9 Comparison of the hospitals’ outputs using RALP algorithm. . . 87Figure 4.10 Comparison of P2, P4, and W1 outputs using RALP algorithm. 88Figure 4.11 Comparison of the rankings in two different failure modes. . . . . 93Figure 4.12 An integrated simulation optimization approach for disaster man-agement systems. . . . . . . . . . . . . . . . . . . . . . . . . . . . 95Figure 5.1 Stages for the resilience assessment framework. . . . . . . . . . . 101Figure 5.2 Approaches and investments for improving power distribution net-works resilience. . . . . . . . . . . . . . . . . . . . . . . . . . . . 104Figure 5.3 Overall flow of the proposed iterative simulation optimization al-gorithm. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 111Figure 5.4 Flow chart for the Minimum Spanning Tree (MST) based algorithm.114xiiiFigure 5.5 Initial configuration of the 33-node test system. The dotted linesrepresent normally open switches. . . . . . . . . . . . . . . . . . 117Figure 5.6 Minimum voltage in the final configuration for every scenario inthe 33-nodes test cases. . . . . . . . . . . . . . . . . . . . . . . . 119Figure 5.7 Initial configuration of the 70-node test system. The dotted linesrepresent normally open switches. . . . . . . . . . . . . . . . . . 120Figure 5.8 Minimum voltage in the final configuration for every scenario inthe 70-nodes test cases. . . . . . . . . . . . . . . . . . . . . . . . 122Figure 5.9 Comparison of ONR for CI restoration results. . . . . . . . . . . 122Figure A.1 An application of Prim’s algorithm to an example graph. . . . . 140xivGlossaryCI Critical Infrastructures . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2CIP Critical Infrastructure Protection . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6DAS Distribution Automation System . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 106DR-NEP Disaster Response Network Enabled Platform . . . . . . . . . . . . . . . . . . . . . . . . 21ESB Enterprise Service Bus. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .21GIS Geographical Information System. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .95GRI Generalized Resilience Index. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .55HRT Human Readable Table . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 23IIM Input-output Inoperability Model . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13i2Sim Infrastructure Interdependency Simulator . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14LDS Low Discrepancy Sequence . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 75LP Linear Programming . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 66MST Minimum Spanning Tree . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 111ONR Optimal Network Reconfiguration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 99OO Ordinal Optimization. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .66OPC Ordered Performance Curve . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 71QMC Quasi-Monte Carlo . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 76xvRALP Resources Allocation using Linear Programming . . . . . . . . . . . . . . . . . . . . . . . 84RAOO Resources Allocation using Ordinal Optimization . . . . . . . . . . . . . . . . . . . . . . 74xviAcknowledgmentsI would like to express my sincere gratitude to my supervisor Professor Jose´ R. Mart´ı.His forward-looking thinking and his invaluable guidance and support have given mea unique opportunity to pursue my PhD studies. Also, I would like to acknowledgeand thank my committee members Dr. Hermann Dommel, Dr. William Dunford,and Dr. Juri Jatskevich, and my university examiners Dr. Clarence de Silva andDr. Karthik Pattabiraman for their valuable comments and constructive feedback.Throughout my PhD studies, I have had the opportunity to know and meet agreat number of people at the University of British Columbia including past andcurrent lab mates and colleagues, faculty and staff of the Department of Electricaland Computer Engineering, friends and neighbors. I would like to thank them allfor all the support and encouragement they have provided me. Special thanks goto Dr. K.D. Srivastava and the i2Sim group for all the discussions and inspirationsduring our weekly meetings.I would like to acknowledge the financial support provided by King AbdulazizCity for Science and Technology (KACST), Saudi Arabia.Finally, I would like to thank my family, my father, my mother, my wife, and mychildren for their unconditional love and support. Special thanks go to my belovedwife who has played a crucial role in supporting me through the stressful times ofmy PhD studies.xviiDedicationThis dissertation is dedicated to my beloved familyxviiiChapter 1Introduction1.1 MotivationOur modern societies are dependent on the functioning of infrastructure systemsthat support economic prosperity and quality of life. These infrastructure systemsface an increasingly set of threats, natural or man-made disasters, that can causesignificant physical, economic, and social disruptions. The impact of these disasterscould be limited to local communities, such as earthquakes, or could be global, suchas the 2010 Iceland volcanic ash cloud which affected global air travel. Infrastructuresystems operators have been continuously working on improving systems safety andsecurity through traditional risk and reliability frameworks and guidelines. Thetraditional risk and reliability methods assume different failure scenarios and tryto understand the reasons for their occurrence. Then, measures or practices arerecommended to minimize the impact of these failures.Over the last decades, disasters have caused significant loss of lives and essentialservices. These losses caused major setback for economic and social development inthe affected countries. According to the annual disaster statistical review publishedby the Centre for Research on The Epidemiology of Disasters (CRED) in Belgium,1Figure 1.1: Estimated Damage by Reported Natural Disasters 1975-2010 [1].Source: EM-DAT: The OFDA/CRED International Disaster Databasewww.emdat.be Universit Catholique de Louvain Brussels Belgium.330 natural-related disasters were reported around the world in 2013 only. In 2013,more than 21,000 lives were lost and the economic losses were estimated to be US$118.6 billion [1]. Taking a wider look, it appears that the trend of economic lossesis increasing over the last decades as shown in Fig. 1.1.In recent years, there is an increasing effort being devoted to protecting CriticalInfrastructures (CI) systems from natural and man-made disasters. Every countrydefines its CI systems according to its national priorities. In Canada, Public SafetyCanada refers to CI as the “processes, systems, facilities, technologies, networks,assets and services essential to the health, safety, security or economic well-being ofCanadians and the effective functioning of government. Critical infrastructure can2be stand-alone or interconnected and interdependent within and across provinces,territories and national borders. Disruptions of critical infrastructure could resultin catastrophic loss of life, adverse economic effects, and significant harm to publicconfidence.”[5].Infrastructure systems are large and complex which makes it impractical to con-sider all possible failure scenarios. It is then acknowledged that if total securitycannot be achieved more effort should be devoted to planning effective response andrecovery. As a result, there has been a paradigm shift in recent years from riskand reliability concepts toward resilience concepts [6]. This shift was realized byseveral governmental initiatives such as The Critical Infrastructure Resilience Studyconducted by the US National Infrastructure Advisory Council (NIAC) [7] and TheCritical Infrastructure Preparedness and Resilience Research Network (CIPRNet)program established by the European Union (EU) [8].Infrastructure systems are not unique static entities. They share mutual inter-dependencies which are complex to analyze and manage [9] They interact and adaptto their changing and dynamic operations. As systems grow in size and complexity,more interdependencies are introduced. These systems are typically integrated andcontrolled in distributed and loosely manner. Haimes et al [10] describe them as‘emergent systems’ and show that while the cost of protecting emergent systems ishigh, more attention should be paid to improving their resilience. Also, Marti [3]highlights the role of emergent behavior of interdependent infrastructure systems indisaster response.The ultimate goal of this research project is to improve the resilience of infras-tructure systems by mitigating the impact of extreme events. Although domain-specific methodologies and techniques have been developed for disasters mitigationand response for different infrastructure systems, there is a need for a “global”view in dealing with complex and adaptive interdependent systems. In an attempt3to achieve a “global resiliency”, this research project considers infrastructure in-terdependencies in the process of improving the overall resilience of infrastructuresystems.Of particular interest in this project are the power distribution networks whichare directly connected to other CI systems. Since electrical energy is a vital resourcefor the operation of CI systems such as hospitals and water networks, disruption ofpower supply often causes a high degree of disturbance to their operations. Recentincidents have raised major concerns on the resilience of power distribution networksagainst extreme events as it has been reported that they suffer more damages thangeneration and transmission networks [11]. Emphasis has been placed on improvingthe resilience of power distribution networks by governmental agencies and utilities[7][2]. One of the research and development needs in the area of power distribu-tion resilience is the “coupling of electric restoration models to other infrastructuremodels” as shown in Figure 1.2. This research project attempts to contribute tothis research area by combining a power distribution reconfiguration model with aninterdependent infrastructure restoration model.30 IEEE power & energy magazine may/june 2015Enhance System Design for ResiliencyThe development of new materials and designs for electric systems and components to be more resilient to extreme events is needed. This development includes “hardening” the existing electricity delivery infrastructure (e.g., distribution lines, poles, substations). Design and construction standards for higher performance will be required but dependent on the local conditions of the facilities. An industry study on the myriad hardening measures concluded that widespread sys-tem hardening is cost prohibitive. Innovative R&D is needed for developing and implementing cost-effective strengthen-ing measures (such as those for lines and poles, hydrophobic coatings, dynamic circuit reconguration and microgrids) as well as for resilient design tools to enable grid designers to prioritize cost-effective system upgrades and expansions. Improve Preparedness and Mitigation MeasuresSimulation tools, equipped with environmental forecast-ing and damage prediction models, need to be developed to provide high-delity system performance predictions under extreme event scenarios. R&D on monitoring predictive failure modes of electric equipment is needed to provide timely information on maintenance, repair, and replacement actions before failures occur. New tools for resilience assessments that address technical, organi-zational, social, and economical dimensions are needed to determine what key aspects of resilience measures are lacking (at the facility, sector, community, and regional levels) and their corresponding resilience-enhancing measures to mitigate against system risks. R&D is also needed for improved !exibility and robustness, which includes power electronic-based controllers to enable the routing of power around damaged/impacted areas to con-ti ue delivery of electricity to critical loads, energy stor-age to support renewable energy integration and improve system stability, and microgrids with the ability to con-tinue operating and to serve as a grid resource during grid disturbances. Improve System Response and RecoveryImproved situational awareness and its prerequisite of a more resilient communications infrastructure are two key Smart grid technologies, developed by the DOE OE, are being applied to customer-based, distribution, and tra smission systems.table 1. The top R&D needs and projects identified at the 2014 DOE resilient electric distribution grid R&D workshop.Area R&D Needs R&D ProjectsDesign, preparedness, and planningDesign of segmented and agile distributed systemt &NFSHFODZDPOUSPMTTFHNFOUBUJPOBOEDPNNVOJDBUJPOTt .JDSPHSJEUPGFFEFSJOUFHSBUJPOBig data and analytics t .VMUJTDBMFNPEFMJOHEJTUSJCVUJPOBOEUSBOTNJTTJPOt 3FBMUJNFEBUBCBTFXJUITQFFEBOEBDDVSBDZStochastic and uncertainty t 3PCVTUDPOUSPMUPVODFSUBJOEBUBt 1SFEJDUJWFNPEFMTOperational response and system recoveryProactive assessment of damage (automated calls to customers, smart meters)t %BNBHFBTTFTTNFOUt 6ONBOOFEBFSJBMWFIJDMFTUPTVQQPSUSFBMUJNF(PPHMF.BQTt /FXEFWJDFTUPTVQQPSUEFHSBEBUJPOJEFOUJGJDBUJPOt )BSEFOJOHPGDPNNVOJDBUJPOTSituational awareness t %FWFMPQNFOUPGBSDIJUFDUVSFt 4UBUFFTUJNBUJPOXJUIOFXEBUBBOEOFXEFWJDFTt $ZCFSQIZTJDBM EFHSBEBUJPO BOE UIF OFDFTTBSZ VOEFSTUBOEJOH UPrespond to it when it occurst 5ISFFQIBTFTUBUFFTUJNBUJPODecision support to determine restoration prioritiest %FWFMPQNFOUPGUFDIOPMPHJFTUPGJOEBMUFSOBUJWFSFTUPSBUJPOTUSBUFHJFTt $PTUFGGFDUJWFSFTJMJFOUDPOUSPMTZTUFNTt $PVQMJOHPGFMFDUSJDSFTUPSBUJPONPEFMTUPPUIFSJOGSBTUSVDUVSFNPEFMTt *OUFHSBUJPOPGNJDSPHSJETUPEJTUSJCVUJPONBOBHFNFOUTZTUFNt "EWBODFNFOU PG TUBOEBSEJ[BUJPO PG NJDSPHSJE SFTPVSDFT TVDI BTinverters and distributed generationFigure 1.2: DOE Resilient Electrical Distribution Grid R&D Needs [ ].41.2 Problem Statement and Research ObjectivesA disruption to an infrastructure system causes potential cascading interruptionsto other infrastructure systems. Therefore, it is essential to make infrastructuresystems more resilient to such disruptions. The problem of improving infrastructureresilience can be summarized in the following questions:1. How can we model interdependent infrastructure systems for resilience analy-sis?2. How can we measure the resilience of interdependent infrastructure systems?3. What can be done to improve their resilience?In order to answer the above questions, the following objectives are set for thisresearch project:1. To develop a resilience assessment framework for interdependent infrastructuresystems. This framework should be able to capture the required characteristicsof a resilient infrastructure.2. To develop a resilience measure that can be used to assess the resilience levelof a given infrastructure. This measure should be flexible enough to capturethe defined characteristics and connected to the operational details of theinfrastructure to show the improvement or degradation of resilience after eachoperational change.3. To formulate the resilience improvement problem as an optimization problemand provide solution algorithms for this problem.4. To model the power distribution reconfiguration problem in the context ofinfrastructure interdependency.51.3 Thesis Contributions and StructureResilience-informed decisions will make a major shift in the field of Critical In-frastructure Protection (CIP). In the wake of recent extreme events, infrastructureoperators have realized the need to extend the traditional reliability and risk strate-gies to resilience-based strategies. The contributions in this thesis provide effectivetools for developing these strategies. The thesis presents original contributions fo-cusing on modelling, simulation, and optimization of infrastructure systems withrespect to their resilience to extreme events. The main contributions of this thesisare summarized in the following list:1. Development of a resilience assessment framework for interdependent infras-tructure systems.2. Introduction of a comprehensive resilience index that is applicable across dif-ferent domains and applications.3. Formulation of the resilience improvement problem as a resources allocationoptimization problem.4. Modelling the power distribution reconfiguration problem in the context ofinfrastructure interdependency.5. Development of several solution algorithms for solving the resources allocationproblem.6. Development of a prioritization methodology for interdependent critical infras-tructure systems.The structure of this thesis is as follows: Chapter 1 introduces the main focus ofthe thesis and discusses the motivation for the research project and its objectives.Chapter 2 discusses the modelling and simulation framework for the interdepen-dent CI systems. Based on this modelling and simulation framework, a resilience6assessment framework is proposed in chapter 3. The proposed resilience index isalso discussed in chapter 3. Using this resilience index, two resources allocationalgorithms are formulated and solved in chapter 4. Also, a prioritization method-ology for ranking CI systems components is proposed in this chapter. In chapter 5,the resilience of power distribution networks is discussed and an optimal networkreconfiguration problem is formulated and solved for restoring power supply to CIsystems. A summary of contributions and future research directions are provided inchapter 6.7Chapter 2Critical InfrastructureModelling and Simulation2.1 IntroductionCritical Infrastructure (CI) systems are physical or virtual systems that are madeof a number of components that work collectively to provide key services to society.Examples of these systems include: electrical power system, water distribution sys-tem, telecommunication system, and healthcare system. Every nation has defineda set of infrastructure systems that are considered to be “critical”. Table 2.1 liststhe defined critical infrastructure systems in Canada, the United States, and theEuropean Union. One of the main concerns in studying critical infrastructure sys-tems is their growing complexity[9]. This complexity causes infrastructure systemsto exhibit unpredictable behavior during extreme events. Modelling and simulationapproaches have proven to be very effective in predicting this behavior.2.1.1 Applications of Critical Infrastructure ModellingThere are many applications that require modelling and simulation of critical in-frastructure systems. Some of these applications are predictive analysis, such as8Table 2.1: List of Critical Infrastructure Systems in Different Nations.Country Critical Infrastructure SystemsCanada [5]HealthFoodFinanceWaterInformation and Communication TechnologySafetyEnergy and UtilitiesManufacturingGovernmentTransportationUSA [12]Emergency ServicesEnergyFood and AgricultureHealthcare and Public HealthWater and WastewaterTransportationNuclear Reactors, Materials, and WasteInformation TechnologyGovernment FacilitiesFinancial ServicesDefence Industrial BaseDamsCommercial FacilitiesChemicalCommunicationsCritical manufacturingEU [13]EnergyNuclear IndustryInformation and Communication TechnologyWaterFoodHealthFinancialTransportChemical IndustrySpaceResearch Facilities9“What-if scenarios”; others are exploratory analysis, such as system optimizationstudies. A list of some common applications follows:Risk and Reliability Analysis The objective of this type of applications is toidentify undesirable events, estimate their probability of occurrence, and thenstudy their consequences. The last step is where CI modelling and simulationis needed.Resilience Analysis The objective of this type of applications is to study thesystem behavior after the disruptive event and the effectiveness of its reaction.Optimization Optimization can be used in a very wide range of applications, suchas cost minimization, output maximization, allocation of limited resources,and placement of certain components. Typically, a CI model is required toevaluate the objective function of the optimization problem.Investment Planning The objective of this type of applications is to find the bestinvestment strategy for the infrastructure. It can be a long-term planning; e.g.where and when to build power generation plants, or a short-term planning;e.g. which type of generation to use to meet a current demand. In many casesan optimization technique is used in this application. The CI model is used toevaluate the planning strategy.Operational Support In this type of applications, CI models are used to supportdecision-making process during operations or to provide support to controlsystems. For example, a power system model is used to recommend the opti-mum topology for the power grid given the current operational status. Also,an interdependent infrastructure model is used to provide decision supportduring disasters in emergency control centers.The above list is not distinct but rather provides examples of where CI modelscan be used. These applications may overlap in some cases. For example, an infras-10tructure model can be used for optimization and reliability analysis to find the beststructure or topology that provides the highest reliability level.2.1.2 Challenges of Critical Infrastructure ModellingModelling interdependent critical infrastructure poses several challenges. One ofthe main challenges is the increased complexity due to interdependencies. A firststep in the modelling process is to identify types of interdependencies. Rinaldi etal.[9] identified four main types of interdependencies: physical, cyber, geographical,and logical. Difficulty arises when modelling these interdependencies within a CImodel. Another challenge is the huge number of components to be included in themodel. Consider, for example, building a model comprising of a power distributionsystem and a water distribution system. Each one of the system comprises of manyindividual components; e.g. transformers and cables in the power system and pumpsand pipes in the water system. This complexity typically introduces a tradeoffproblem in the modelling: the more components to be modeled (low-level details),the more accurate is the model, but the more expensive its computation becomes.Other modelling challenges include incompatibility of simulation requirements,such as time-step sizes and computational algorithms, unavailability of appropriatedata due security and confidentiality constraints, and scarcity of simulation casestudies. In addition to these challenges, modelling different infrastructure systemsrequires certain knowledge and expertise of the modeled systems which can be achallenge for the modeler.2.2 Literature Review on CI Modelling and SimulationInfrastructure modelling and simulation has gained an increasing attention withinthe scientific community over the past decade. Many efforts in this area are relatedto CIP programs. Modelling and simulating the critical infrastructure systems arekey elements in many CIP programs. Since infrastructure systems are highly in-11terconnected and interdependent, the concept of infrastructure interdependencies ispresent in most of the modelling and simulation works. There are different ways inwhich interdependent infrastructure modelling and simulation can be classified andcompared. Table 2.2 presents the different classifications and comparison criteriaused by some scholars.Table 2.2: Different Classifications and Comparisons Criteria in InfrastructureModelling and Simulation Literature.Reference Year Classification/Comparison CriteriaPederson et al. [14] 2006InfrastructureModelling and Simulation TechniqueIntegrated vs. Coupled ModelsHardware/Software RequirementsIntended UserMaturity LevelEusgeld et al. [15] 2008Modelling FocusMethodical Design StrategiesTypes of InterdependenciesTypes of EventsCourse of Triggered EventsData NeedsMonitoring AreaModelling and Simulation ParadigmsMaturitySatumtira et al. [16] 2010Mathematical Method UtilizedModelling ObjectiveScale of AnalysisQuality and Quantity of Input DataTargeted DisciplineEnd User TypeOuyang [17] 2014Emprical ApproachesAgent-based ApproachesSystem Dynamics ApproachesEconomic Theory-based ApproachesNetwork-based ApproachesOthersAlthough most of the scholarly work on CI modelling and simulation is recent,there are some early conceptual work that motivates the recent development in the12field. One of the earliest works is Leontief’s input-output model of the economy [18]which describes the interconnectedness among different sectors of the economy forthe study of economic equilibrium. Agent-based modelling is also one of the earli-est approaches used by researchers for studying the behavior of infrastructure sys-tems [19]. Recently, several modelling and simulation approaches based on networkanalysis, complex networks and graph theory, and system dynamics have been pro-posed.An Input-output Inoperability Model (IIM) was proposed by Haims and Jian [20]to study risk in CI. The model extends the Leontief’s input-output model using theconcept of inoperability, which is defined as the inability of an infrastructure systemto perform its intended function. In this model, x = Ax+ c where x represents therisk on operability of infrastructure and A is an interconnectedness matrix. Basedon this model, one can measure the effects on infrastructure inoperability given someperturbations. Crowther and Haimes. [21] extended the IIM model to the demand-reduction IIM model. In this extended model, the inoperability is defined as thenormalized loss with respect to the nominal production output of the infrastructure.Another extension is also proposed by DAgostino et al. [22] in which a MarkovChain evolution law is used to replace the Leontief equilibrium conditions. TheIIM model and its extensions are useful for analyzing failures propagation amonginterdependent infrastructure systems. However, they provide a macroscopic viewand cannot analyze the detailed components level.Another common approach for modelling and simulating CI is the Agent-basedapproach. Several tools were developed using this approach, including: Aspen [14]by Sandia national lab, SMART [14] by Argonne national lab, and CIMS [14] byIdaho national lab. In agent based modelling, every infrastructure system (or com-ponent) is represented by an agent. The agent has an objective and a behavior. Theagents are built in a distributed manner and communicate with each other. Agent13based modelling can be useful for conducting scenario based analysis. One of itsadvantages is the modularity in building the models. However, accuracy and detailsof agent based models are dependent on the assumptions made during constructingthe agent’s behavior which may affect the simulation results.Several CI models were built using network based approaches. These modelsexploit the network structure (or topology) to capture infrastructure interdepen-dencies. Zhang and Peeta [23] used a multilayer infrastructure network to capturesupply-demand mechanisms within interdependent infrastructure systems. Graph-theoretic structural networks are very common in modelling CI, e.g. [24], [25], [26],and [27]. Specific network models have also been used to model CI such as Petri-Nets[28], and network flow models [29]. Network based approaches are capable of captur-ing the network (topological) characteristics of infrastructure systems which makesthem useful for studying failure and disruption scenarios or identifying critical partsof the system under study. However, these approaches are broad and require moremodelling effort to be implemented for any specific domain. A discussion on theusefulness and limitations of complex network approaches for power system studiesis presented in [30]. System Dynamics (SD) models have been used by several USnational labs to build a tool for modelling interdependent CI systems. The tool wasnamed Critical Infrastructure Protection/Decision Support System (CIP/DSS) andit was coupled with different optimization models [17].Existing CI modelling and simulation approaches are broad and serve differentobjectives. They overlap in many aspects. Selecting a proper modelling approachis highly dependent on the objective of the study. In this thesis, the InfrastructureInterdependency Simulator (i2Sim) modelling approach is used for modelling infras-tructure systems. The i2Sim modelling approach is described in the next section.142.3 Modelling FrameworkThis thesis uses the Infrastructure Interdependency Simulator (i2Sim) for modellingcritical infrastructure systems. The i2Sim is a functional modelling approach thatallows for capturing the interdependent interactions between different infrastructuresystems. The i2Sim modelling approach is described in more details in the followingsubsections.2.3.1 i2Sim Modelling and Simulation FrameworkToday’s infrastructure systems comprise a huge number of components that are es-sential for their operations. A single infrastructure system can comprise thousandsof components between the source of its service or material and the end user. Con-sider, for example, the power delivery system. There are hundreds if not thousandsof components between the power generation facility and the end user of electric-ity e.g. transformers, transmission lines, breakers, substations etc. Modelling allof these components together is impractical due to computational limitations. Theproblem becomes more complex when considering multiple infrastructure systemstogether. To model and simulate these large systems at the level of their interactionsrequires levels of abstractions.To cope the above modelling challenge, we use the modelling framework proposedby Mart´ı [3], namely the Infrastructure Interdependencies Simulator (i2Sim) frame-work. The i2Sim Simulator is an event-driven time-domain simulator for modellinginfrastructure interdependencies. It uses a cell-channel approach to build a simu-lation environment that provides a multi-system representation of multiple CriticalInfrastructures CI at multiple hierarchical levels (local, municipal, provincial, etc.).The simulator assesses in real time the effects of resources allocation decisions in agiven scenario.In the i2Sim modelling framework, every infrastructure system is modeled inde-15i2Sim OntologySinks (Terminators)Sources (Generators)Physical Mode ModifierHuman Mode ModifierReservoirs (Waiting Rooms)Information ModifierTokens (Resources)Cells (Production Units)Distributors (Allocation Units)Channels (Transport Units)Aggregators (Adders)External TokensBase Types Modifier TypesExchange TypesFigure 2.1: The i2Sim Ontology.pendently with its own detailed model. The detailed model is then represented byan equivalent. This equivalent represents an abstraction of the system and providesthe required solution at the interaction level with other infrastructure systems. Theequivalents of all the systems form the i2Sim model. This model is then solved tofind the interaction parameters between the different systems; e.g. flow of resources.The solution of the equivalents model (i2Sim model) can be then fed to the underly-ing detailed models to update their solutions. The i2Sim framework integrates thedissimilar equivalents by providing a common ontological framework built upon acell-channel approach. This ontology is described in the following section.2.3.2 i2Sim OntologyThe i2Sim ontology defines a common framework to combine multiple dissimilarinfrastructure systems. This framework captures the interactions among the systemsand has sufficient information to simulate their behavior. The i2Sim ontology definesthree main types. Each type has several components as depicted in Fig. 2.1. Thei2Sim components are defined as follow:Tokens These are the resources needed or produced in the infrastructure system,e.g. electricity, water, and medicines.16Cells These are the production units in i2Sim models. They take input and produceoutput tokens. A hospital cell is an example. It takes input tokens, such aselectricity, water, and medicines, and produces output token, patents treated.Channels These are the connecting elements in i2Sim models. They receive outputtokens from different cells and transport them as inputs to other cells.Distributors These are the allocation units in i2Sim models. They map the de-tailed topology of the infrastructure into the i2Sim model. Also, distributorsare the decision elements if resources allocation is desirable.Aggregators These are the additive elements in i2Sim models. They combine twooutputs of the same token into one channel.External Tokens These are the tokens (resources) that are brought in from outsidethe i2Sim model.Sources These are the producers of the external tokens. Sources represent infras-tructure systems that are not included in the i2Sim model.Sinks Sinks are the components that send internal tokens to outside the i2Simmodel.Reservoirs These are the storage elements in the i2Sim model.Physical Mode Modifiers Physical mode modifiers represent the physical dam-age which results in decrease in the output of the infrastructure system; e.g.failure of one transformer in an electrical substation.Human Mode Modifiers Human mode modifiers represent the human factorsthat affect the output of the infrastructure system; e.g. tiredness of rescueteams.17Information Modifiers Information modifiers represent the knowledge effect onthe operation of the infrastructure system; e.g. inability of controlling a circuitbreaker due loss of monitoring signals.The i2Sim model is interfaced with external infrastructures that are not includedin the model, using source and sink elements. Any cell in the model can have manyinput tokens with different types but produces only one output token. A distributorhas one input and multiple outputs of the same token type. An aggregator hasmultiple inputs and one output of the same token type. Critical infrastructuresystems, such as power substations, water stations, and hospitals, are modeled usingthe i2Sim components: cells, channels, tokens, distributors, aggregators, sources,sinks, and modifiers. Figure 2.2 shows an example of an i2Sim model. In thisexample, a power substation supplying two hospitals is modeled as an i2Sim cellwhose output is connected to a distributor through a channel and the distributorhas two (output) channels connected to the two hospitals (cells). The source in themodel represents the electrical power system supplying the power substation; i.e.high voltage transmission network. The sinks represent the output, treated patientsin this example.2.3.3 i2Sim ModelsAn infrastructure i2Sim model consists of a combination of i2Sim components: to-kens, sources, sinks, cells, channels, distributors, aggreagators, reservoirs, and mod-ifiers. The cell and the channel are the two key components in every i2Sim model.The detailed models for cells and channels are described below.i2Sim Cell ModelAn i2Sim cell represents a production unit. It takes input resources (tokens) andproduces an output resource (token). A conceptual i2Sim cell model is shown in18Power SubstationCellHospital 2CellHospital 1CellSinkSinkFigure 2.2: An example of an i2Sim model.Fig. 2.3. The output of the cell is a function of the input tokens and the modifiers:y(t) = f(x1(t), ...., xi(t),m1(t), ....,mj(t)) (2.1)where y(t) is the output of the cell at time t, x1(t) to xi(t) are the input tokens tothe cell at time t, m1(t) to mj(t) are the modifiers values at time t, i is the numberof tokens in the model, j is the number of modifiers in the model.The input-output relationships can be represented by a function (or a table)describing the operation of the cell. The output level of the cell is determined bythe availability of input resources, level of physical damage to the cell or channel, andthe effect of possible modifiers. The availability of the input resources is determinedby the solution of the i2Sim solver at every time step. The level of physical damageis modeled in i2Sim using the Physical Mode (PM) parameter which can be an19X1(t)X2(t)y(t)Xi(t)Physical Modem1(t) m2(t) mj(t)Cell Operability StateColour Coding for the Cell Operability State100%75%50%25%0%Figure 2.3: A conceptual i2Sim cell model.external or internal input to the model. The modifiers are inputs to the cell that arenot directly used to produce the output but they can impact its level. For example,a control signal from SCADA can be a modifier to a power substation cell.In the i2Sim framework, the possible output of the cell is discretized into fivelevels: 100%, 75%, 50%, 25%, and 0%. A colour code, shown in Fig. 2.3, is usedto show the output level of the production cell during simulation. Each colourcorresponds to an output level measured by its operability state in percentages ofits rated output. The concept of output discretization into a finite number of levelsfacilitates the description of the cell function in cases such as a hospital where thecell production is known from experience.i2Sim Channel ModelThe i2Sim channel model describes a transportation function with two parameters:a time delay and losses:y(t) = αx(t− τ) (2.2)20where y(t) is the output of the channel at time t, x(t−τ) is the input to the channel,τ is the time delay, and α is the degradation factor. Note that y and x representsthe same token type, e.g. electricity or water. The concept of output descretizationdescribed in the cell’s model is also applied in the channel’s model.2.3.4 Integrating i2Sim with Domain SimulatorsAs described above, the i2Sim framework allows the interaction between the i2Simmodels and the detailed systems models. This interaction enables i2Sim solutions torespect the technical constraints imposed by the physical behaviour of the modelledinfrastructure systems, e.g. voltage limits in power system. There are different waysin which the interaction is done. For example, a power system model can be used torepresent the function inside an i2Sim cell model, as shown in Figure 2.4. In thisexample, the output of the power station cell and its distributor is determined by thepower flow results calculated by the power system simulator. Another example ofthe interactions is using i2Sim sources. A source in an i2Sim model can represent anexternal water system. The value of the source can be calculated by running a watersystem model using a water system simulator. The mapping in this integration isa challenging task due to the complexity of the modelled infrastructure systems. Itis a modelling criteria and can be case specific. For example, an i2Sim cell can becombined with a distributor to depict a specific topology, as shown in Figure 2.4.The i2Sim framework was used in the Disaster Response Network Enabled Plat-form (DR-NEP) project [31] to integrate different simulators. DR-NEP is a web servicesbased software platform that integrates different simulators by communicating theirresults to each other. It uses a common Enterprise Service Bus (ESB) and a databasefor establishing this communication. This design creates a distributed computingarchitecture for the purpose of assisting decision making. Every simulator is con-nected to DR-NEP using a software adapter that listens to the ESB for instructions21Figure 2.4: An example of integrating i2Sim model with domain simulators.to run simulations, gather inputs from simulators and the database, and push resultsfrom the simulators back into the database. Once the simulators and the adaptersare configured, a controller in the ESB pushes input into the simulators at regularintervals, which can be predetermined before the simulation. In addition, DR-NEPoffers web pages and mapping services for researchers and disaster responders to co-ordinate with each other and visualize resources flow and infrastructures operability.The interactions between DR-NEP components are shown in Fig. 2.5.2.4 Mathematical Formulation of The i2SimFrameworkThe i2Sim simulator is implemented in MATLAB/Simulink environment. An i2SimSimulink toolbox has been developed to construct i2Sim models[3]. There are several22Enterprise System Bus (ESB)ControllerOptimizationAgentInterdependencies Simulator(I2Sim)Power SimulatorWater SimulatorDatabaseFigure 2.5: DR-NEP Architecture.advantages for this implementation, such as user friendly, easy to construct models,and compatibility with wide range of other MATLAB tools. However, there are noanalytical formulations for the constructed models. This limits i2Sim optimizationapplications to simulation-based optimization techniques, e.g. Genetic Algorithmand Reinforcement Learning. These techniques use the model as a black-box forobjective function evaluation during the optimization process. One application ofan i2Sim simulation optimization is presented in this thesis in Chapter 4. For math-ematical optimization, a mathematical formulation for i2Sim model needs to beconstructed. The following sections describe the mathematical formulation of i2Simmodels.2.4.1 i2Sim Cell Model ApproximationThe output of an i2Sim cell, as in Eq 2.1, is a function of the input resources (ortokens), the modifiers, and the physical damage of the infrastructure. Marti [3]proposed the idea of the Human Readable Table (HRT) to model the input-outputrelationship in the i2Sim cells. An example of an HRT is shown in Fig. 2.6. The23HRT for a Hospital 1 y(t) x1(t) x2(t) x3(t) x4(t) m1(t) Operability Patients per hour Electricity (kW) Water (L/h) Doctors Nurses Physical Integrity 100% 20 100 1,000 4 8 100% 75% 15 50 500 3 6 80% 50% 10 30 300 2 4 50% 25% 7 20 200 2 3 20% 0% 0 0 0 0 0 0% Figure 2.6: An example a Human Readable Table [3].output of an i2Sim cell is determined by the minimum available input to the cell,i.e the output variable is limited by the minimum of the input variables. For theexample HRT shown in Figure 2.6, let us assume the inputs x1(t), x2(t), x3(t), x4(t),and m1(t) have the values as indicated by the green circles, then the output y(t) is10 patients per hour which corresponds to a 50% operability (indicated by the redcircle). Mathematically, this function can be written as:y(t) = min {f1(t), f2(t), ...., fn(t)} (2.3)where f1, f2 to fn are the relationships between every input and the output y(t)and n is the number of inputs (columns in the HRT). In the real world, every inputis supplied from a different infrastructure system, e.g., electricity from the powersystem and water from the water distribution system. Therefore, it is assumedthat the inputs in the HRT function are linearly independent. Depending on thetype of the supplying infrastructure system and its relationship with the receivinginfrastructure system, an appropriate function can be constructed. Consider, forexample, an HRT function z = f(x, y) with two inputs and one output. In this24example, x and y represent the cell’s inputs and z represents the cell’s output. Alinear function is used for x and y as follows:f1 = xf2 = yz = min {f1, f2}(2.4)For building the i2Sim system of equations, curve fitting techniques can be used toderive a closed-form function for the HRT without the operator min. One possibleapproach is to use a quadratic function approximation in the formz = f(x, y) = ax+ by + cxy + dx2 + ey2 + f (2.5)where a, b, c, d, e, and f, are the function coefficients which can be found by mini-mizing the least square error between the fitted data and the HRT data. Figure 2.7and Figure 2.8 show the function approximation. For the mathematical optimiza-tion formulation, one can use the approximated function which makes the problem anon-linear optimization problem. Alternatively, Equation (2.4) can be used to forma linear optimization problem, as will be explained in Chapter 4.2.4.2 i2Sim System of EquationsThe i2Sim system of equations describes the interrelations between interdependentinfrastructure systems. This system of equations is composed of cells’ equations,aggregators’ equations, and distributors’ equations. Let us consider an i2Sim modelwith n cells, m aggregators, and k distributors. We will denote each token as xn,where the subscript n indicates the token produced by cell n, e.g., electricity fromthe power station. Let us assume that each cell is approximated by a quadratic25X Y Z Z (Approximation) 1 1 1 0.96 1 0 0 -.06 0 1 0 -.06 0 0 0 -.06 0.5 0.5 0.5 0.4 Coefficients: a=0.38 , b=0.38, c=1.04, d=-0.4, e=-0.4, f=-.04 𝐳 = 𝟎. 𝟑𝟖𝒙 + 𝟎. 𝟑𝟖𝒚 + 𝟏. 𝟎𝟒𝒙𝒚 − 𝟎. 𝟒𝒙𝟐 − 𝟎. 𝟒𝒚𝟐 − 𝟎. 𝟎𝟒 Figure 2.7: Function coefficients and function evaluation at some points00.20.40.60.8100.20.40.60.81−0.500.51XYZFigure 2.8: A plot of HRT fitted functionfunction as described in (2.5). For n cells, we can write:f1 = a1x11 + b1x12 + c1x11x12 + d1x211 + e1x212 + f1f2 = a1x21 + b2x22 + c2x21x22 + d2x221 + e2x222 + f2.........fn = anxn1 + bnxn2 + cnxn1xn2 + dnx2n1 + enx2n2 + fn(2.6)26where xn1 and xn2 are the two inputs to cell n. The aggregators combine differentinputs into one output of the same token. For m aggregators, we can writexm1 = x11 + x12 + ....+ x1jxm2 = x21 + x22 + ....+ x2j.........xmn = xm1 + xm2 + ....+ xmj(2.7)where xm is the aggregator’s output, j is the number of inputs, and xm1 to xmj arethe inputs to aggregator m. The distributors’ functions represent the structure ofthe infrastructure which distributes the resources (tokens). For k distributors, wecan writexk1 = ak11x11 + ak12x12 + ....+ ak1ix1ixk2 = ak21x21 + ak22x22 + ....+ ak2ix2i.........xkk = akk1xk1 + akk2xk2 + ....+ akkixki(2.8)where xk is the distributor’s output, i is the number of outputs, and xk1 to xki arethe outputs of distributor k. The parameters akk1 to akki are called the distributionratios for distributor k. For example, if a power substation supplies 4 MW to twohospitals, 1 MW to hospital 1 and 3 MW to hospital 2, then the distribution ratios forthe distributor will be 0.25 and 0.75 respectively. The summation of the parametersakk1 to akki for every distributor is always 1. Note that the variables xn1, xn2, xjm,and xki are intermediate variables which can be expressed in terms of tokens x1 to27xn.The cells’ equations (2.6), aggregators’ equations (2.7), and distributors’ equa-tions (2.8) constitute the i2Sim system of non-linear equations. The non-linearityof the system comes from the cells’ equations (2.6). The remaining equations (ag-gregators and distributors) are called network equations since they represent thestructure of the infrastructure. At every time step, this system is solved to find theflow value of each token. The solution of the system at every time step gives theevolution of the infrastructure dynamics along the time line of the scenario understudy.2.5 Model Development for the Case StudyThe foregoing sections describe the i2Sim formulation for modelling interdependentCI. This section presents how this formulation is used to model the case study in thisthesis. The model of this case study is used to demonstrate the effectiveness of theproposed approaches in this thesis for improving CI resilience. The model can showthe impact of a disruption scenario on the modelled infrastructure systems. Also, itcan show the effectiveness of the response activities during the studied scenarios.The case study represents the metropolitan area of a major Canadian city. Thedata set used in constructing the model was collected during a project for supportingthe Emergency Management team in the city. Data sources include public reports,private reports, and interviews with infrastructure operators. The modelled infras-tructure includes hospitals, power system, and water system. The i2Sim model forthe case study is shown in Figure 2.9. The model consists of 10 production cells, 7distributors, and 5 aggregators.28cmdoutlevelsurplusH2 Waiting RoomincmdoutlevelsurplusH1 Waiting RoominoutlevelH2 Treatment TimeinoutlevelH1 Treatment TimeTerminator1trigger outSP4trigger outSP3trigger outSP1<--PM: 1Base:336.0 MW/hourinputout: outputNEED: inputPM:1RM:1P3in outlevelPatients arriving to H2Patients Waiting at H1Patients Waiting at H2<--PM: 1Base:586.0 MW/hourinputout: outputNEED: inputPM:1RM:1P4ino1o2inf1o1o2inf1o1o2incmdoutlevelsurplusH2 DischargedDischarged Patients from H1Discharged Patients from H2incmdoutlevelsurplusH1 DischargedinoutlevelV1 to H1<--PM: 1Base:300.0 MW/hourinputout: outputNEED: inputPM:1RM:1P1trigger outSP5<--PM: 1Base:150.0 MW/hourinputout: inputNEED: inputPM:1RM:1P5Patients arriving to H1Patients arriving to H3incmdoutlevelsurplusH3 Waiting RoominoutlevelH3 Treatment TimePatients Waiting at H3incmdoutlevelsurplusH3 Discharged Discharged Patients from H3<--PM: 1Base:336.0 MW/hourEoutputout: EinputNEED: EoutputPM:1RM:1P2 H1 OutputH2 OutputH3 OutputW2 OutputDP4_1DP4_1DP4_2DP4_2DP4_3DP4_3 DP4_4DP4_4DP5_1DP5_1DP5_2DP5_2Figure 2.9: Main i2Sim model for the case study292.5.1 Infrastructure ModelsPowerThe case study model includes five electrical substations: P1, P2, P3, P4, and P5.These substations are distribution system substations which receive power from thehigh voltage transmission system. The inputs to the five substations are modelled assources. Each substation is represented by an i2Sim production cell. The output ofthe i2Sim goes into a distributor which distributes the output power to other i2Simcells. Since only CI systems are considered in the model, the power supply to non-critical loads such as residents is represented by a distributor connection to a sink.The number of outputs for each distributor and the ratio values are all abstractedfrom the available data to map the power system configuration. A general modelfor an electrical substation is shown in Figure 2.10.Since the focus of this model is to study operational behavior of CI, only values ofreal power (in MW) are considered in the electrical substation model. In Chapter 6,the detailed power distribution system model is integrated with the i2Sim modelto solve a combined restoration problem. The maximum output capacity of eachsubstation, shown in Table 2.3, is used to form the first row of the HRT table for eachsubstation’s model. Since the output capacity of substation P5 could not be obtainedfrom the available data, it was assumed to be half of P1 based on the comparisonbetween the supplied hospitals. A linear approximation is used to construct the HRTfor each substation. Table 2.4 shows the HRT for substation P1.HospitalsThere are three hospitals in the case study: Hospital 1, Hospital 2, and Hospital3. Hospital 1 and Hospital 2 are the main hospitals in the modeled area. Hospital3 is the women and children hospital but it is used for treating injured patientsin extreme disaster scenarios. The i2Sim hospital model describes the functionality30trigger outHV Substation<--PM: 1Base:75.0 tokens/hourx1x2out: y1NEED: x2PM:1RM:5Electrical Substationino1o2o3Distributor1PM3Non-CI1CI12CI21In1Figure 2.10: i2Sim general model for electrical substationTable 2.3: Output capacity of the modeled electrical substations.Electrical Substation Output CapacityP1 300 MWP2 336 MWP3 336 MWP4 586 MWP5 150 MWof the hospital during disaster scenarios. This functionality is limited to receivingtrauma victims, treating them, and then discharging them. Other functions suchas surgeries and outpatient care are not modeled in this case study since they areoutside the context of disaster response.Each hospital is represented by an i2Sim production cell. The output of thehospital cell is the rate at which patients can be treated, measured in patients perTable 2.4: The HRT table for substation P1.PM Output (MW) Input (MW)1 300 3002 225 2253 150 1504 75 755 0 031Table 2.5: Treatment rate for the modeled hospitals.Hospital Rate (Patient/hour)H1 10H2 10H3 5Table 2.6: Requirements of the modeled hospitals at full capacity.Hospital Electricity Water Steam/Natural Gas Medical GassesH1 20MW 51KL/h 3333ft3/h 100%H2 10MW 51KL/h 11458.3lbs/h 100%H3 10MW 51KL/h 5729.2lbs/h 100%hour. The treatment rates for the modeled hospitals at full capacity are shown inTable 2.5. The inputs to each hospital cell are electricity (in MW), water (in KL/h),steam (in lbs/h), and medical gasses (in %). The medical gasses are measured in% since there were not reliable estimates for the required amount during emergencyoperations. Also, Hospital 1 uses natural gas for heating instead of steam. Therequired resources for treating patients at full capacity are shown in Table 2.6. Alinear approximation is used to construct the HRT for every hospital to represent thedifferent Physical Modes in the i2Sim model.WaterThere are two water pumping stations in the case study: W1 and W2. W1 supplieswater to hospitals H1 and H2 while W2 supplies water to H3. Due to lack of data,the output of the two water stations is assumed to be only for providing water supplyto the hospitals. Supplies to other consumers such as residential and commercialbuildings are not included. The inputs and output data for the water station modelsare shown in Table 2.7.32Table 2.7: Input and output data for the i2Sim water station models.Water station Output (Water) Input (Electricity) Input(Water)W1 103 KL/h 2.4MW 103 KL/hW2 51 KL/h 1.2MW 51 KL/h2.5.2 Mathematical FormulationThe mathematical formulation for the case study follows the formulation describedin section 2.4. For the power substation cells, let us denote yp1(t), yp2(t), yp3(t),yp4(t), and yp5(t) as the outputs of the cells. A linear function in the form f = ax isused to describe the relationship between the input x and the output yp. Since powerlosses are not considered in this model, the value of the constant a is 1. Therefore,the cell model is simplified to yp(t) = x(t) for each of the power substation cells.The value of x(t) is between 0 and the output capacity of the substation as in Table2.3.We denote yh1(t), yh2(t), and yh3(t) as the hospital outputs. Since there arefour inputs to each hospital, Equation (2.3) can be rewritten asyh(t) = min {feh(t), fwh(t), fs(t), fmg(t)} (2.9)where feh ,fwh, fs and fmg are the input functions for electricity, water, steam (ornatural gas), and medical gasses, respectively. Similar to the power substation cells,the hospital inputs are linearly mapped to the output of the hospital cell using thevalues in Table 2.6. For the water stations, we denote yw1(t), and yw2(t) as thewater outputs. Since there are two inputs to each water station, Equation (2.3) canbe rewritten asyw(t) = min {few(t), fww(t)} (2.10)where few, and fww are the input functions for electricity and water, respectively.The inputs are also linearly mapped to the output of the water station cells using33the values in Table 2.7.There are seven distributors in the case study: five electrical distributors and twowater distributors. We denote xkypn as the kth output of the nth power substationcell. For example, x2yp3 is the second output of the distributor of power substationP3. For every electrical distributor, we writeypn(t) = a1x1ypn + a2x2ypn + ...+ akxkypn (2.11)Similarly, we denote xkywn as the kth output of the nth water station cell. Therefore,we can writeywn(t) = a1x1ywn + a2x2ywn + ...+ akxkywn (2.12)where k is the number of outputs of this distributor and ak is the distribution factorsuch that a1 + a2 + ...+ ak = 1.There are five aggregators in the case study: four electrical aggregators AH1e,AH2e, AH3e, and AW1e, and one water aggregator AH2w. The aggregators com-bine inputs of the same token type into one, as described in (2.7). For example, theelectrical aggregator for hospital H1 can be expressed asAH1e(t) = m1x1yp3 +m2x1yp4 +BGH1 (2.13)where x1yp3 and x1yp4 are the power supplies from substations P3 and P4 respec-tively, and BGH1 is the backup generation source in the hospital. If the input valuesare expressed in per unit, then the appropriate factors m1 and m2 are needed toadjust the input values. Otherwise, m1 = m2 = 1.The i2Sim system of equations for this case study consists of 10 cells’ equa-tions, 7 distributors’ equations, and 5 aggregators’ equations. At every time stept, 22 equations are solved to find the flow value of each variable (electricity, wa-34ter, etc) in the modelled infrastructure systems. For a scenario of 10 hours witha time step of 5 minutes, there are (10 ∗ 60/5) ∗ 22 = 2640 equations. The casestudy was implemented using the i2Sim toolbox in MATLAB/Simulink and usingthe analytical mathematical formulations described above. Both implementationsare fundamentally the same. However, if the model is to be used in an optimizationproblem, then they are different with respect to the optimization approaches. TheMATLAB/Simulink implementation can be used with simulation based optimiza-tion techniques such as Genetic Algorithm, Ordinal Optimization, and SimulatedAnnealing. In these techniques, the model is considered as a black box and is usedfor evaluating the candidate solutions. In Chapter 4, an application of OrdinalOptimization is presented. The analytical formulation can be used in formulatingmathematical optimization problems such as Linear Programming and Non LinearProgramming. In Chapter 4, the i2Sim non linear system of equations is formulatedas a Linear Programming problem.2.5.3 Extreme Event ScenarioIn this case study, we consider a damage scenario based on an earthquake eventthat causes major damages to several CI systems in the modeled area. Since everyextreme event offers a unique set of conditions and circumstances, a general scenariowas developed in consultation with the infrastructure operators during the projectthat provided the data set for the case study. The scenario was refined using data,such as average equipments restoration times, from public reports and literature.The scenario describes a realistic threat to the city, an earthquake, and simulatesa complex situation in which simultaneous failures are encountered. The scenarioaims at illustrating the importance of allocating scarce resources during extremeevents. The sequence of events for the scenario is described below.T=00:00 Normal operations at all critical infrastructure systems.35T=00:05 An earthquake with a magnitude of 6 degrees hits the modelled arearesulting in the following damages:• Failures at two main transformers at substation P4 causing 75% reductionof power output• Major leaks in water supply pipes to hospitals H2 and H3• Failure of one of the circuits (cables) supplying power from substation P5to water station W2T=00:10 Backup generators come online.T=08:00 Backup generator at water station W1 runs out of fuel.T=24:00 Transformer 1 at substation P4 is back to service. All backup generatorsrun out of fuel.T=32:00 Power supply from substation P5 to water station W2 is restored.T=36:00 Transformer 2 at substation P4 is restored.T=48:00 Water supplies to hospitals H2 and H3 are restored.T=48:05 Normal operations at all critical infrastructure systems are restored.Typically, restoration activities continue until all services are restored to allusers. In the early phases of the restoration activities, all efforts are directed towardrestoring services to essential users. After that, the efforts are directed toward theremaining users. The later phases are usually slower and take longer duration, daysand sometimes weeks. Since the focus of this work is on CI systems, the scenarioevents are limited to restoring services to the three hospitals in the model. The per-formance of the three hospitals in this scenario is shown in Figure 2.11. The scenarioevents start at Time Step=1, where each time step is 5 minutes. Theoretically, thesimulation can be considered an event-driven simulation in which the execution is360 100 200 300 400 5000246810Time StepsH1 Out put (P at i ent s/ hour ) 0 100 200 300 400 5000246810Time StepsH2 Out put (P at i ent s/ hour ) 0 100 200 300 400 500012345Time StepsH3 Out put (P at i ent s/ hour ) Transformer 1 at P4 is restoredTransformer 2 at P4 is restoredWater supply is restoredBackup generator at W1 runs out of fuelEarthquake eventFigure 2.11: Hospitals’ outputs in the base case scenariodone when there is a triggering event. However, the development of this work takesinto consideration its applicability to real time applications in which the events arenot known in advance and there are updates at every time step. The results of thisscenario are considered the base case scenario and will be compared with the resultsfrom the proposed optimization algorithms in Chapter 4.2.6 ConclusionThis chapter presents the i2Sim modelling framework. The description of i2Sim modelsand their mathematical formulations are presented. This framework is used through-out this thesis for modelling CI systems. The description of the case study modellingis also presented in this chapter. In Chapter 3, a resilience assessment methodologyis developed based on the i2Sim framework. In Chapter 4, optimization applicationsfor CI resilience improvement are presented using different optimization techniques.37In Chapter 5, an i2Sim model is integrated with a power distribution model to solvea power restoration problem considering infrastructure interdependencies.38Chapter 3Resilience of CriticalInfrastructure3.1 IntroductionResilient infrastructure systems such as electric power, water, and health care areessential for minimizing the impact of extreme events. Building a resilient infras-tructure is an important goal for every nation’s Critical Infrastructure Protection(CIP) program. One of the first steps toward this goal is developing an evaluationmethodology that enables decision makers to quantify the infrastructure’s resilience.The methodology is then used to evaluate the possible measures for improving in-frastructure resilience.As infrastructure systems are coupled and interdependent, failures can propa-gate from one infrastructure system to another causing catastrophic consequences.Scala et. al. [32] have shown that couplings between infrastructure systems havetwo competing impacts on cascade failures: increasing the withstand capability andincreasing the total failure probability. Therefore, an effective resilience assessmentapproach must incorporate the interdependencies among infrastructure systems into39the analysis. However, this incorporation is not an easy task. Although modellingand simulation tools are available for studying different aspects of infrastructure sys-tems [14], conducting a comprehensive cross-infrastructure resilience analysis posesseveral challenges. One of these challenges is the absence of universal measuresor metrics that articulate the resilience of an infrastructure. Another challenge isfinding the appropriate data for the study, especially data related to failures or in-cidents. Infrastructure systems operators are reluctant to share information due toregulation, security, and competition.In this chapter, we propose an effective cross-infrastructure resilience assessmentframework. It incorporates three main steps: defining resilience attributes, mod-elling critical infrastructure, and measuring resilience. The assessment frameworkcan be used to evaluate and optimize preparedness, response, and mitigation plansagainst natural and man-made disasters. Section 3.2 of this chapter presents a lit-erature review on existing resilience definitions and assessment methods. Section3.3 discusses the use of the resilience concept within CIP analysis. The proposedresilience assessment framework is presented in section 3.4. An illustrative exam-ple is discussed in section 3.5. Section 3.6 presents the generalized resilience index.Section 3.7 discusses cyber-physical interactions within resilience assessment. A dis-cussion on how to improve the infrastructure resilience is presented in section 3.8and a conclusion is presented in section 3.9.3.2 Literature Review on CI Resilience3.2.1 Resilience DefinitionThe word resilience has been used in different disciplines such as ecology and healthsciences for a long time. Resilience was first defined at the system level by Hollingin 1973 [33]. Holling defined resilience as a measure of the persistence of systemsand of their ability to absorb change and disturbance and still maintain the same40relationships between populations or state variables [34]. Since the time when thefirst definition was proposed, researchers in social, ecological, and economic systemshave proposed other definitions. Some of them are general while others are domainspecific. Francis et al [35] presented a survey of resilience definitions from differentdisciplines.Within the Critical Infrastructure Protection community, much effort has beendevoted in the past to explore and study the concepts of risk, reliability and security.However, the concept of resilience is still relatively new. In a survey conducted bythe NIAC, many power companies executives indicated that “while reliability isrelatively easy to define and measure, resilience is more difficult.” [36].The definitions of resilience in the context of critical infrastructure systems haveevolved from the existing definitions in other fields. Infrastructure system resilienceis generally regarded as the ability of the system to withstand a disturbance andrecover back to its initial state [34]. Dalziell et al [37] describes resilience as theoverarching goal of a system to continue to function to the fullest possible extentin the face of stress to achieve its purpose. Based on this definition, resilience isa function of the systems vulnerability and its adaptive capacity, where adaptivecapacity is the ability of the system to respond to external changes and recoverfrom internal damages [37]. Haimes et al [10] proposes a definition that is morerelated to the disaster response activities: Resilience is the ability of the systemto withstand a major disruption within acceptable degradation parameters and torecover within acceptable cost and time. Recently, several governmental reportsdefined resilience as a key component in their CIP programs. For instance, the USNational Infrastructure Advisory Council (NIAC) defines infrastructure resilienceas [7]:the ability to reduce the magnitude and/or duration of disruptive events.The effectiveness of a resilient infrastructure or enterprise depends on its41ability to anticipate, absorb, adapt to, and/or rapidly recover from apotentially disruptive event.Looking at the different definitions, one can notice commonalities and differences.Figure 3.1 shows some of the key resilience characteristics as identified by CIPcommunity definitions and other disciplines. Attributes such as ability to recoverand to adapt were incorporated in several proposals. Some of the definitions considerthe long-term resilience by including a planning component [38] [7], others thinkabout resilience as an emerging behaviour after a disturbance [34]. Most of theproposed definitions include ‘the ability to withstand’ or ‘absorb’ a disturbance asa key attribute. However, Madni et. al. [39] argues that this attribute is thedefinition of survivability while resilience is the ability to bounce back. In general,it is difficult to select any of the discussed definitions as ‘the best’ or ‘the global’definition for resilience as they were developed to serve different objectives andperspectives. MacAskill and Guthrie [40] argue that “a strict consensus on thedefinition of resilience is not practical or perhaps not ever possible”. They suggestthat a flexibility in the definition is required to be adopted in different contexts.3.2.2 Resilience AssessmentSince the introduction of a system resilience definition by Holling in 1973 [33], re-searchers have proposed different approaches and methodologies for assessing andevaluating system resilience. In the context of critical infrastructure systems, Biringeret al [34] classify resilience assessment approaches into three general categories:structural, performance based, and hybrid. Structural approaches use the structureor topology of the system to evaluate its resilience. Performance based approachesevaluate the system resilience by measuring its performance before and after a dis-ruption. Hybrid approaches combine both: structural and performance based. Ithas been acknowledged that resilience assessment or evaluation is not an easy task.42 • to adapt• to absorb• to recover• to anticipate• timely recovery• flexibility• to respond • to plan• back to its original state• minimum level of services while undergoing changes• reengineering fundamental process• to cope stress• degrade gracefully• to maintain current function• to survive • to allocate resources• to withstand • resourcefullness• to retain system identity• retain relationshipsOther disciplines (social, ecological, economic,...etc.)Infrastructure systemsFigure 3.1: Key characteristics of resilience definitions from different disci-plines.It requires not only the static and dynamic properties of the systems but also otherfactors such as economic and human factors [39]. A survey of resilience assessmentmethods and frameworks for infrastructure systems is presented in Table 3.1. Severalconclusions can be drawn from this survey. First, the civil (structural) engineeringcommunity is one of the earliest areas in the engineering discipline to adapt theresilience concept and use it in seismic-related research. Therefore, there are morecontributions in the literature from the civil (structural) engineering communitythan other areas. Second, the resilience assessment approach is highly dependent onthe study definition and scope. Moreover, more work is being done on quantifyingthe resilience level using some performance indices. Finally, most of the work inassessing infrastructure systems resilience is recent (last few years) which reflectsthe increased attention to this topic within the research community.43Table 3.1: Literature survey of resilience assessment in infrastructure.Reference Year Approach Context/System[41] 2003 Hybrid (Quantitative) Seismic/Infrastructure[42] 2004 Performance (Quantitative) Seismic/Infrastructure[43] 2006 Performance (Quantitative) Transportation[44] 2007 Structural (Quantitative) Seismic resilience[45] 2009 Structural (Quantitative) Risk/Transportation[46] 2009 Performance (Quantitative) Infrastructure[47] 2009 Performance (Quantitative) Telecommunication[48] 2009 Hybrid (Quantitative) Hurricane/Infrastructure[49] 2010 Performance (Quantitative) Seismic/Health Care Facilities[50] 2010 Structural (Quantitative) Risk/Transportation[51] 2010 Performance (Quantitative) Transportation[52] 2011 Structural (Quantitative) Risk/Transportation[53] 2011 Performance (Quantitative) Transportation[54] 2011 Performance (Quant. & Quali.) Petrochemical[55] 2012 Performance (Quantitative) Generic[56] 2012 Performance (Quantitative) Infrastructure[57] 2012 Performance (Quantitative) Transportation[58] 2012 Performance (Quantitative) Power Transmission Grid[59] 2014 Hybrid (Quantitative) Infrastructure3.3 Resilience Concept within Critical InfrastructureProtection AnalysisThere are different analyses that CIP organizations use to ensure the safety of infras-tructure systems. Reliability, Risk, and Vulnerability analysis are commonly used inCIP studies. There are some overlapping aspects within the concepts of Reliability,Risk, Vulnerability, and Resilience. This section addresses the relationships betweenthese terms.Reliability can be defined as “the probability of a device (or system) performingits purpose adequately for the period of time intended under the operating conditionsencountered” [60]. One of the key problems in reliability analysis is to determinethe reliability of a complex system from knowledge of the individual components’reliability. Reliability analysis is concerned with the internal behaviour of the in-frastructure and limits the analysis to the failure time. However, resilience analysisextends reliability analysis in two ways: it considers external sources of failures in44the analysis and it considers the reaction of the system (response) after the failure.Risk is a more general concept than reliability. Risk analysis is based on threequestions [61]: what can happen?, how likely will it happen?, and if it does happen,what are the consequences?. By answering these questions, one can identify potentialthreats and develop strategies to reduce or avoid the risk of these threats. Resilienceanalysis, on the other hand, is concerned with the ability of the system to deal withthese threats and return the system to its functional state. Therefore, resilienceanalysis can be viewed as an extended part of the traditional risk analysis. Anotherview is to consider risk analysis as an input to resilience analysis. In both views,resilience analysis answers the question: how will the system react after the event?,which is not answered by traditional risk analysis.Vulnerability analysis is often viewed as part of risk analysis in which Risk =Threat X Vulnerability X Impact. Vulnerability as defined by Haimes [62] is “themanifestation of the inherent states of the system that can be exploited to adverselyaffect that system”. He also argues that vulnerability and resilience are “two sides ofthe same coin”: vulnerability analysis focuses on protecting the system and resilienceanalysis focuses on restoring the system. Therefore, a vulnerability analysis mayidentify the weak points in the system but may not address how the system behavesin case it is attacked. The latter aspect is covered by resilience analysis.In general, reliability, risk, vulnerability, and resilience are all essential analysis incritical infrastructure protection studies. They focus on different dimensions of theinfrastructure under study. Resilience analysis complements the other traditionalanalysis by extending the scope to cover the infrastructure response to disruptiveevents.45Define System AttributesBuild System ModelMeasure ResilienceFigure 3.2: Proposed resilience assessment framework.3.4 Resilience Assessment FrameworkResilience assessment is needed for decision support to quantify the effectiveness ofpreparedness investments and activities. An effective preparedness plan improvesthe reaction of critical infrastructure following a disruption or a disaster. Prior toconducting resilience assessment, one needs to define what aspects of the system un-der study constitute a resilient system. A proper modelling is also required to studythe behaviour of the system after disruptions. In addition, a metric (or metrics)needs to be formulated to measure resilience. In this chapter, we propose a resilientassessment framework consisting of three stages: defining resilience attributes, build-ing an infrastructure model, and measuring resilience, as shown in Figure 3.2. Moredetails on each stage are given in the following subsections.3.4.1 Critical Infrastructure Systems AttributesSince resilience is a multifaceted concept, it is imperative to assess resilience withinthe context of interest. The context of this thesis is critical infrastructure systems,such as power networks, water networks, and health facilities, with a particularinterest in disaster response operations. Therefore, it is helpful to define the systems46attributes that constitute their resilience. From the perspective of this thesis, aresilience assessment framework should encompass the following attributes:Static This attribute describes the physical static parameters of the infrastructure.These parameters provide information about the components and topology ofeach system. Examples of these parameters include electrical network topol-ogy, capacity parameters of water pumps, and number of routes leading to aspecific site. The interdependencies between the different systems are also de-scribed by this attribute. We should point out here that the interdependencerelationships related to systems structure are measured here. Other interde-pendencies are captured by the other two attributes defined in the proposedframework.Dynamic This attribute describes the dynamic behaviour of the infrastructure sys-tems. Aspects such as emergency preparedness, response management, andrecovery activities can all be measured in this attribute. For example, howthe available resources are allocated, how failures propagate through the in-frastructure, and how long it takes the infrastructure to return to its normalperformance level.Decision This attribute describes the decision factors whose contributions are es-sential to the overall infrastructure resilience. Examples of these factors includedecisions to allocate scarce resources, policies dictating command and controlduring disastrous events, and scheduling of available maintenance (or rescue)teams.The above attributes are defined as linearly independent Eigen-attributes thatinfluence the overall Critical Infrastructure (CI) resilience. The information given bythese attributes provides insights on the systems capabilities to withstand, absorb,and recover from a disruption. The next section describes how these attributes can47be modelled within the proposed resilience assessment framework.3.4.2 System ModellingPrior to measuring resilience, an infrastructure model needs to be constructed. Thereare a number of requirements that a model should satisfy. Some of these require-ments are highlighted below:• The model should include the required parameters for describing the specifiedattributes for system resilience, i.e., static, dynamic, and decision.• As time is an integral part of resilience assessment, the model should capturethe temporal behaviour of the infrastructure.• The model should be able to include both external and internal parameters.To meet the above requirements, this thesis uses the Infrastructure Interdepen-dencies Simulator (i2Sim) framework. The i2Sim modelling framework is described indetails in chapter 2 of this thesis. The i2Sim framework has been used in modellingcritical infrastructure systems in disaster response applications [63] [64]. Criticalinfrastructure systems, such as power substations, water stations, and hospitals, aremodelled using the i2Sim components: cells, channels, tokens, distributors, aggrega-tors, sources, sinks, and modifiers. The i2Sim simulation layers shown in Figure 3.3are used to model the system attributes described in section 3.4.1. The structure at-tribute can be modelled within the physical layer. For example, the topology of theinfrastructure is represented by their corresponding arrangement of cells, channels,distributors, and aggregators. The physical parameters, such as power substationcapacities, water pumps sizes, and required manpower resources to operate a hos-pital, are used to build the input-output functions. The dynamic attribute can bemodelled by simulating the impact of resources allocation decisions on the perfor-mance of the infrastructure. Decision attribute can be modelled as modifiers inputs48to the cells in the physical layer. It is worth noting that in many cases, an attributeis not necessarily captured within a single layer but can be modelled across differentlayers. Different parameters belonging to the same attribute can be representeddifferently inside the i2Sim model. For example, in the decision attribute, one canmodel an emergency response policy within the decision layer while a maintenanceteam schedule is modelled in the physical layer.Production CellPhysical ModeICT ModeDistributorPhysical Layer(substations, pipes, hospitals)Damage Assessment Layer(flood, earthquake, sensors)Strategic Decisions Layer(organizations, policies, procedures)ICT Layer(data, voice, video)Figure 3.3: i2Sim simulation layers [3].3.4.3 Resilience MeasureA quantitative resilience assessment is needed for decision support in planning foror designing resilient infrastructure. An index (or metric) reflecting the modelledresilience attributes is a basic measure in the assessment. One approach for definingthis index is to use a performance indicator (or indicators) that captures all therequired attributes. In the context of critical infrastructure protection, the perfor-mance indicator is usually related to the functionality (output) level of the system.49Thus, infrastructure resilience can be defined in terms of the deviation from thenormal (healthy) performance level. This is represented graphically in Figure 3.4.PLN is the normal performance level (without any disruption) while PL0 is theperformance level immediately after the event. t0 is the initial time of the event.tR is the recovery time when the infrastructure returns to its normal performancelevel.TimePerformance LevelFigure 3.4: Graphical representation of resilience.In this thesis, we propose the use of the i2Sim cell’s output as a basis for definingan infrastructure resilience index. The output of an i2Sim cell is a measure of theoperability of the modelled system. Moreover, it incorporates all the resilience at-tributes, static, dynamic, and decision, through the modelling approach described insection 3.4.2. We define R as a resilience index which can be defined mathematicallyas follows:R =1tD∫ tRt0y(t) dt (3.1)where y(t) represents the i2Sim cell’s output in per unit and tD=tR-t0 is the durationof the event. R is measured in per unit, i.e., R ∈ [0, 1]. A higher R value indicatesa more resilient infrastructure. As tD increases (longer time to recover), the value50of R decreases (less resilient infrastructure). This is in accordance with the generalconcept of resilience.The integral of y(t) represents the area under the curve between t0 and tR inFigure 3.4. Assuming that y(ti) is constant in the interval [ti, ti+1], where ti is anytime step between t0 and tR, the integral of y(t) can be calculated by adding up theareas in every time step as shown in Figure 3.5, which can be expressed as∫ tRt0y(t) dt =f∑i=1Ai (3.2)where f is the number of time steps. The area Ai is Ai = (ti+1− ti)y(ti). Assumingt0 tRyNy0TimePerformance Levelti ti+1yiAiyi+1Figure 3.5: Graphical representation of resilience with constant time step andsingle output.a constant time step and ti+1 − ti = 1, the summation 3.2 can be expressed as∑fi=1 y(ti). Therefore, R can be expressed asR =∑fi=1 y(ti)tR − t0 (3.3)The performance level evaluation using i2Sim ensures that the defined attributes51of the CI resilience are measured by the proposed index. The choice of a specific i2Simoutput in calculating R is problem specific and depends on the desired outcomes ofthe study. For example, a hospital’s cell output is an appropriate index for a disasterresponse planning concerning immediate response after a disaster. In this case, theresilience index R is expressed in terms of this output. In many cases, the decisionmaker needs to consider multiple CI systems in the resilience assessment study. Inthese cases, multiple outputs are required for evaluating the overall resilience. Thus,a proper calculation of y(t) is required.Consider the graphical representation of resilience shown in Figure 3.6 for themultiple outputs case. The overall area under the curve is composed of a number of”smaller” areas. These areas represent the different CI systems contributions to theoverall resilience. A direct extension of 3.3 isR =∑fi=1∑jj=1 yj(ti)tR − t0 (3.4)where j is the number of considered i2Sim outputs and yj(ti) is the output of system jt0 tRyNy0TimePerformance Levelti ti+1yiAjyi+1A1Figure 3.6: Graphical representation of resilience with constant time step andmultiple outputs.52at time i. Equation 3.4 shows that the overall output is y(t) = y1(t)+y2(t)+...+yj(t)which assumes a linear relationship. In many cases, not all the outputs have thesame importance to the decision maker. For example, a power supply to recreationalfacilities may not be as important as a water supply to houses. To account for thedecision maker preferences, we can define importance weights, wj , such thaty(t) = w1y1(t) + w2y2(t) + ...+ wjyj(t) (3.5)where j is the number of outputs to be considered in the study. We call R the“Basic Resilience Index”. Note that when calculating y(t) all the outputs should benormalized to their basis.3.5 Illustrative ExampleIn this section, we demonstrate the application of the proposed resilience assessmentframework by applying it to a large university campus. The CI of the campus weremodelled using the i2Sim modelling approach described in section 3.4.2. In thismodel, there are two power substations cells, one water station cell, one steam plantcell, and one hospital cell. The disaster events are taken from a heavy snowfall thatoccurred during the winter of 2006. Figure 3.7 depicts the sequence of events forthe simulated scenario. The infrastructure and events data were collected duringprevious projects. Figure 3.7: Time line of the simulated events.53The objective of this example is to show that the proposed framework can modelthe defined resilience attributes and measure their impact using the basic resilienceindex. In this example, we assume the hospital’s output as the performance levelvariable. Four different cases are considered to study different resilience attributes.The results are shown in Figure 3.8. Case (a) represents the original sequence ofevents as depicted in Figure 3.7. In this case, the i2Sim model represents the struc-ture and topology of the infrastructure. The resilience index for this case is R=0.38.The other three cases represent hypothetical scenarios in which we assume thatsome actions can be taken to alter the sequence of events. In case (b), we assumea dynamic behaviour where the available resources are redistributed to increase thefunctionality of the hospital. The resilience for this case is R=0.62 which is higherthan case (a) as expected. In case (c), we assume that some of the resources allo-cation are done automatically (power distribution network is reconfigured throughSCADA). The resilience index for this case increased slightly R=0.70. Finally, weassume a human factor in case (d) where a maintenance crew is required to per-form switching operation instead of automatic reconfiguration as in case (c). Theresilience index for this case is R=0.66 which is lower than case (c). This exampleonly shows that different actions (related to different attributes) bring different re-silience levels. Whether they are better actions or how to find the best action isoutside the scope of this chapter and it is discussed in the next chapter .3.6 Generalized Resilience IndexThe basic resilience index defined in 3.1 provides a basic mean to assess infras-tructure resilience by considering the infrastructure performance and the recoverytime. However, there are other dimensions of resilience that need to be capturedand measured, such as availability of resources (or resourcefulness), cost of recovery,organizational factors, etc. Therefore, there is a need for a generalized resilience540 5 10 15 2000.20.40.60.81Case (a)Time (Hours)Performance Level (pu)0 5 10 15 2000.20.40.60.81Case (b)Time (Hours)Performance Level (pu)0 5 10 15 2000.20.40.60.81Case (c)Time (Hours)Performance Level (pu)0 5 10 15 2000.20.40.60.81Case (d)Time (Hours)Performance Level (pu)Figure 3.8: Simulated results for the four cases in the illustrative example.index that is flexible to enable capturing the many dimensions of resilience.Following the HRT concept in i2Sim defined in Chapter 2, we define the General-ized Resilience Index (GRI) as follows:GRI = min {RD1 , RD2 , ...., RDn} (3.6)where D is the considered resilience dimension, RDn is the dimension resiliencefunction, and n is the number of dimensions. The GRI function can be implementedusing a lookup table similar to the HRT table as shown in Table 3.2. The GRIfunction can be explained as follows: the infrastructure resilience is a function of ndimensions. The function RDn measures the resilience along that dimension. Theoverall infrastructure resilience (measured by GRI) is limited by the minimum RDnvalue. Each RDn value can be calculated independently using a separate functionthat evaluates the specific resilience dimension D. Consider the following examplefrom Table 3.2: if RD1 = 1, RD2 = 1, and RDn = 0.8, then GRI = 0.8. This example55Table 3.2: A GRI table example.GRI RD1 RD2 . . . RDn1 1 1 . . . 10.9 0.9 0.9 . . . 0.90.8 0.8 0.8 . . . 0.8...............0 0 0 0 0could represent a recovery plan that results in a full system performance recovery(D1) and an acceptable recovery time (D2) but at a high recovery cost (Dn). In thiscase, the cost dimension affects the overall resilience of the system (GRI).The GRI function provides a flexible formulation that makes it practical anduseful for many domains and applications. One aspect of its flexibility lies in theability to add as many dimensions (D) as needed for the study. It is possible thatfor every resilience definition, one can formulate its corresponding GRI function.Consider, for example, the resilience definition by Bruneau et al. [41] in which fourdimensions are defined: Robustness, Rapidity, Resourcefulness, and Redundancy.One can define four columns in the GRI table RD1 , RD2 , RD3 , and RD4 that canmeasure the four dimensions in the definition.Some resilience definitions stress that the resilience of infrastructure systems ishighly dependent on the type of event. These definitions emphasize that a resilienceassessment should include the question: resilient to which event?. Using the pro-posed formulation, one can capture this event-dependence by defining a GRI tablefor every considered threat or event. For example, one can define two GRI tables forthe same modelled system: one for an earthquake scenario and one for a terroristattack scenario.Another important flexibility aspect is the ability to calculate each dimensionby using a specific function for that dimension. This function should be able toevaluate the contribution of the dimension to the overall resilience. We define this56function RD to map every value in the RD column to its corresponding value in theGRI column. The RD function can take any form: linear, exponential, or it can bea result of a simulation.An additional flexibility aspect is the ability to discretize the resilience index.Similar to the widely used risk matrix in risk assessment methods, in some cases itis more convenient for the decision makers to characterize infrastructure resilienceusing distinct resilience levels. However, the poor resolution problem in risk matricesis avoided in the GRI function by controlling the number of rows in the GRI table.Therefore, one can define a row for each resilience level in the table to achievethe desired assessment resolution. If a continuous value is desired, one can use anapproximation technique similar to the one described in Chapter 2 to find a closedform for the GRI function.There are two conditions for defining the resilience dimensions in the GRI func-tion: First, all the dimensions have to be linearly independent. For example, if therecovery cost is linearly dependent on the recovery time, then only one of them canbe included in the GRI function. Second, the dimension function RD has to be amonotonically increasing function of GRI, i.e., as the value of RD increases, the valueof GRI increases. The last condition ensures a proper implementation of the limitingfactor function in the table.3.6.1 GRI Function for the Case StudyFor the case study in this thesis, we define the following resilience dimensions.Dynamic Performance Recovery This dimension evaluates the behaviour of thesystem during the recover process. For this dimension, we define Dd such thatDd =∫ tRt0y(t) dt∫ tRt0ynormal(t) dt(3.7)where y(t) is the performance level during the event, ynormal(t) is the normal57performance level. Equation 3.7 represents the ratio of the area under therecovered performance curve to the area under the normal performance curve.It measures the efficiency of the infrastructure’s response to the disruptiveevent.Recovered Performance Level We define this resilience dimension as the ratioof the recovered performance level to the maximum performance drop afterthe event. This ratio is a measure of the infrastructure robustness. For thisdimension, we define Dy such thatDy =yr − yminyd − ymin (3.8)where yr is the performance level after completing the recovery activities,ymin is the minimum performance level during the event, and yd is a definedreference performance level. In some cases, the system pre-event status is notits normal status. Therefore, Equation 3.8 does not assume that the pre-eventperformance is the desired performance after recovery. Instead, the variable ydis introduced to define the desired recovery performance level by the decisionmaker. Consider for example a power system that encounters a disruption atsome loading point. It will be restored to a different loading point which mightbe different than the pre-disruption loading point depending on the time ofthe day. The difference between this dimension and the dynamic performancerecovery dimension Dd is that Dy measures how much drop in performancewas recovered regardless of the intermediate stages in the recovery process,while Dd measures the efficiency of the recovery path to the final performancelevel.Recovery Time We define this resilience dimension as the ratio of the time re-quired to complete the recovery activities to a pre-defined duration. This58definition stresses that the recovery activities have to be completed within atime frame. This is driven by the fact that many infrastructure systems op-erators have regulations mandating the recovery of services within some timeframe. For this dimension, we define Dt such thatDt =TrTd(3.9)where Tr is the total recovery duration and Td is the pre-defined maximumrecovery duration.Recovery Cost We define this resilience dimension as the ratio of the total costincurred by the infrastructure as a result of the disruption event to a pre-defined cost. The total recovery cost includes the recovery activities cost andthe production losses during the recovery time. Like the recovery time, therecovery cost cannot be unlimited and a cost limit Cd is introduced. We defineDc asDc =Cr + ClCd(3.10)where Cr is the total cost due to recovery activities, Cl is the total losses inproduction during the recovery time, and Cd is the maximum cost that can beincurred.For constructing the GRI function, we require the definitions of Rd, Ry, Rt, andRc. Since the recovered performance level increases proportionally with the overallresilience, then we can define Rd asRd = wdDd (3.11)Similarly, we define Ry asRy = wyDy (3.12)59Table 3.3: GRI table for the case study.GRI Rd Ry Rt Rc1 1 1 1 10.9 0.9 0.9 0.9 0.90.8 0.8 0.8 0.8 0.80.7 0.7 0.7 0.7 0.70.6 0.6 0.6 0.6 0.60.5 0.5 0.5 0.5 0.50.4 0.4 0.4 0.4 0.40.3 0.3 0.3 0.3 0.30.2 0.2 0.2 0.2 0.20.1 0.1 0.1 0.1 0.10 0 0 0 0Note that since ymin ≤ yr ≤ yd, the value of Ry is always between 0 and 1. For therecovery time dimension, we can defineRt = wt(1−Dt) Dt ≤ 10 Dt > 1 (3.13)and similarly for the recovery cost dimension:Rc = wc(1−Dc) Dc ≤ 10 Dc > 1 (3.14)The parameters wd, wy, wt, and wc ∈ [0, 1] are used to represent the importance ofeach dimension’s contribution to the overall resilience. Therefore, the GRI functionfor the case study can be written as follows:GRI = min {Rd, Ry, Rt, Rc} (3.15)Table 3.3 shows a sample implementation of the function. Note that all values areexpressed in per unit.603.7 Cyber-Physical Interactions within ResilienceAssessmentMany of the Critical Infrastructure Protection tools and strategies focus on thephysical infrastructures such as power networks, water networks, and transportation.On the other hand, Information Infrastructure is typically treated separately. Dueto its complex and diverse nature, specific tools and strategies are developed forCritical Information Infrastructure Protection (CIIP) activities. The InternationalCIIP Handbook 2008/2009 [65] summarizes the initiatives undertaken by differentcountries and organizations for CIIP related issues.Concepts such as risk, reliability, security, and resilience are studied within CIPin terms of the physical infrastructure attributes such as flows, pressure, and volt-ages. Although these attributes could provide good insights on the protection level,the cyber-physical interactions need to be considered. A large body of the existingresearch on cyber-physical systems highlights the difficulty of cyber-physical mod-elling.In this section, we outline a general approach for studying the impact of cyber-physical interactions on critical infrastructure. First, we utilize the i2Sim multi-ple simulation layer to construct an Information and Communication Technologies(ICT) layer. The ICT layer can be designed using the i2Sim cell-channel approachor can be implemented using a domain-specific modelling approach. After that, theinteractions between the ICT layer and the physical layer can be modelled usingthe i2Sim parameters in the physical layer, such as modifiers and distributors. Forexample, SCADA control signals can be interfaced to an i2Sim distributor to mapthe corresponding topology changes into the i2Sim distributor parameters. Sincethe focus of this chapter is resilience assessment, we consider the impact of ICTfailures on the physical systems. For this purpose, we define four failure types ofcyber-physical interactions as shown in Table 3.4. Each failure is mapped into the61Table 3.4: Types of cyber-physical failures.Failure Type Definition ExampleControl Fail to maintain control functionality Loss of a control signal(e.g. opening a circuit breaker)Monitor Fail to maintain monitor functionality Loss of a monitoring signal(e.g. water level in a tank)Time Fail to send/receive information within Delay of a monitoring signalacceptable time frameValue Fail to send/receive the correct value Error in a monitoring signal(e.g. voltage value)i2Sim model using the appropriate parameter. For example, a delay in one of theICT signals can be implemented using an i2Sim channel with a delay.3.8 Improving Critical Infrastructure ResilienceThe ultimate objective of resilience assessment studies is to suggest ways for improv-ing infrastructure resilience. In many cases, it is very difficult, if not impossible, topredict the time and magnitude of the disruptive event. A resilient infrastructureis an infrastructure that withstands and survives disruptive events with minimumloss. There are two ways for improving CI resilience: 1) to be proactive (increasingthe withstand capability) and 2) to be reactive (increasing the survive capability).Dalizell and McManus [37] refer to these two ways as reducing vulnerability andincreasing adaptive capacity. Reducing vulnerability can be achieved by increasingrobustness through hardening and redundancy. Also, ensuring adequate marginalcapacity is one form of reducing vulnerability. Adaptive capacity is referred toas “ the ability of a system to adjust to undesirable situations by undergoing somechanges” [35]. A good example is the reconfiguration of power networks after failuresto restore power supply to affected users. Reconfiguration and resources allocationare two important tools for increasing adaptive capacity. Table 3.5 and Table 3.6list examples of actions related to infrastructure attributes described in Sec. 3.4.1for improving infrastructure resilience.62Table 3.5: Examples of resilience actions for reducing vulnerability.Infrastructure Attribute Reducing VulnerabilityStatic Using underground power cables insteadof overhead linesDynamic Reducing electrical loads on substationtransformersDecision Adding more security measures forpersonnel entering critical locationsTable 3.6: Examples of resilience actions for increasing adaptive capacity.Infrastructure Attribute Increasing Adaptive CapacityStatic Installing new alternate feedersin power networksDynamic Reconfiguring network topologyto restore supplyDecision Developing disaster preparednessplans and proceduresThis thesis proposes new approaches for improving CI resilience through resourcesallocation and network reconfiguration. In Chapter 4, different optimization ap-proaches are used to allocate infrastructure resources after some disruptive events.In Chapter 5, a new approach for reconfiguring power distribution networks is pro-posed to account for infrastructure interdependencies during the restoration process.3.9 ConclusionThe primary focus of this chapter is infrastructure resilience assessment. In thischapter, we propose a resilience assessment framework. The presented frameworkconsists of three main components. First is the definition of the attributes that makean infrastructure resilient. The second component is the modelling approach whichis built upon the Infrastructure Interdependencies Simulator (i2Sim) framework.The third component is the resilience index.As highlighted in the relevant literature, the definition and quantification of re-63silience are highly dependent on the context and dimensions of the study. For theproposed framework, the context is emergency management in physical infrastruc-ture. Its applicability is dependent on the modelling approach, which is shown to beable to capture the required resilience attributes. A generalized resilience index isproposed to measure the defined resilience dimensions. Also, we show that the pro-posed framework can study the impact of cyber-physical interactions on the physicalinfrastructure resilience.Infrastructure resilience can be improved by either reducing its vulnerability orincreasing its adaptive capacity. This thesis focuses on increasing infrastructureadaptive capacity through resources allocation and network reconfiguration. In thisthesis, we propose several optimization algorithms that use the framework describedin this chapter. Details of the proposed resources allocation and reconfigurationalgorithms are described in Chapter 4 and Chapter 5.64Chapter 4Optimal Resources Allocationfor Resilience Improvement4.1 IntroductionIn the previous chapter, we discussed how infrastructure resilience can be improvedby increasing its adaptive capacity through resources allocation. During extremeevents, different infrastructures (power networks, water networks, health system,and communication networks, etc.) are affected simultaneously. Successful responseto such events requires efficient allocations of available resources. This, in turn,requires effective coordination across the infrastructure systems. Considering theircomplexity, allocating resources within interdependent infrastructure systems is amajor challenge for decision makers. Responsive resources allocation is determinedbased on the evolution of the event over time. Therefore, it can be formulated as adynamic process that can be optimized for improving its effectiveness.In this chapter, we build upon the modelling framework discussed in Chap-ter 2 and the resilience assessment framework discussed in Chapter 3 to formulatethe resources allocation problem as an optimization problem. Two different opti-65mization algorithms are developed. The algorithms are designed to increase theinfrastructure resilience through resources allocation. The first algorithm is basedon Ordinal Optimization (OO) theory [4]. The second algorithm is based on a LinearProgramming (LP) formulation. The OO algorithm can be classified as one of thesimulation-based optimization algorithms, in which the simulation model is used toevaluate the candidate solution during the search process. The i2Sim model is usedfor evaluating the candidate resources allocation in every iteration in the algorithm.The LP algorithm uses the i2Sim mathematical formulation described in section 2.4.In addition to the optimization algorithms, a prioritization methodology is proposedfor ranking critical components in multiple physical infrastructures, such as powernetworks, water networks, and health care facilities.The rest of this chapter is organized as follows. Section 4.2 presents a briefliterature review on the related work in resources allocation within interdependentinfrastructure systems. The proposed OO algorithm is presented in Section 4.3. InSection 4.4, the LP algorithm is explained. The proposed prioritization methodologyis presented in Section 4.5. A discussion and a conclusion are provided in Section4.6.4.2 Literature Review on Resources AllocationOptimization in CIThe scholarly works on resources allocation optimization in CI is a natural extensionof the CI modelling and simulation literature. Since the literature on CI modellingand simulation is covered in chapter 2 of this thesis, we focus the review in thissection on the most related work on optimization applications using CI models.Zhang and Peeta [23] proposed a multilayered network framework to model in-terdependent infrastructure systems. Then, they use this framework to formulatean equilibrium problem using an economic-market approach in which each infras-66tructure system is treated as an economic sector. There are two dimensions of theequilibrium problem: market and network flow. For each infrastructure system,there are producing entities associated with production functions and there are con-suming entities associated with consumption functions. Also, flow costs functionsare defined in the problem. The problem is formulated as a non-linear programmingproblem that is solved to balance the demand and supply in the network. Systemsdisruptions are modelled by placing capacity constraints on the producing nodes.Since the framework considers the economic interactions in addition to the physicalsystems interactions, its application is more useful for studying long-term recoveryplans. In addition, the modelling approach does not allow capturing many of thespecific operational details of each network.Building on the work of Lee et al. [66], Cavdaroglu et al. [29] considered thescheduling problem of restoration activities for interdependent infrastructure ser-vices after major disrupted events. The interdependent layer network flow model(ILN) of Lee et al. [66] is used to model the interactions between interdependentinfrastructure systems. In every network, there are supply nodes and demand nodeswith some operating costs associated with every node. At every time step, the lay-ered networks model is solved to calculate the costs considering the systems’ statusat that time step. Disrupted events are modelled by removing or adding arcs be-tween the nodes. A mixed integer programming problem is formulated to solve therestoration problem for the restoration activities immediately after the event. Al-though the solution of the problem provides an optimum schedule for the restorationactivities, the modelling approach does not capture the functional behaviour of thenetwork (or nodes) which might affect the restoration plans.Holden et al.[67] developed a network flow model to account for interdepen-dencies between infrastructure systems. In this model, each node represents aninfrastructure system and has certain properties that describe its processes: pro-67duction, consumption, transshipment, and storage. Each process is associated witha cost. A linear optimization problem is formulated to minimize the total cost in themodel. The authors modelled the extreme events scenarios by placing appropriateconstraints on the process variables. The description of the functional processes ofnodes in the model makes this work different from the other network models. Theproduction process in the node is described using a linear relationship in terms ofother nodes’ outputs. This is a fundamental difference between this model and thei2Sim models.In addition to the above work, there has been some research on optimizinginterdependent infrastructure systems using network flow models: [26], [68], and[69]. All of these models use the basic structure: A network is represented by aset of nodes and a set of edges (or arcs). A resource flow is represented by a flowvariable for every edge or arc. The basic difference between these models lies in themethodology of calculating the optimum value for the flow variables.Another approach in the literature for optimizing CI resources is to use simulation-optimization approaches for optimizing CI models such as i2Sim, Aspen, and CIMS.Although the models are built using different modelling approaches such as agent-based or system dynamics, their optimization approach is similar in which the op-timization agent (or engine/model) interacts iteratively with the CI models in theprocess of finding an optimum solution. For example, Permann [70] used GeneticAlgorithm with the CIMS models for determining restoration strategies in the caseof disasters.Following the simulation-optimization approach, Khouj et al. [71] developedan intelligent decision-making system for supporting emergency responders duringdisaster events. The proposed system consists of two major components: a learningagent and an infrastructure simulator. The learning agent is based on ReinforcementLearning technique which aims at developing a policy for allocating the resources68during the event. The learning agent uses experiences from either a knowledgedatabase or a Monte Carlo simulations using the i2Sim simulation. The output ofthe decision-making system is the efficient allocation of resources along the eventtime line.Fiedrich et al. [72] considered the problem of optimizing search and rescueactivities after major natural events. A network model consisting of nodes and edgesis used to represent the infrastructure. Resources are considered to be machines andequipment for the rescue and search activities. A dynamic optimization problemis solved to find an optimal resources scheduling using two simulation-optimizationtechniques: Simulated Annealing and Tabu Search. This work does not considerresources flow between infrastructures but it is included here for its similarity withthe problem formulation presented in this thesis.CI optimization applications are crucial for CIP planning and development. Theabove review shows different optimization applications employing a variety of mod-eling approaches and focusing on different objectives. The work presented in thisthesis focuses on improving the CI resilience as its primary objective. The resilience-centered optimization application considering infrastructure interdependencies presentsa new advancement to the field of CIP.4.3 Resources Allocation using OrdinalOptimization-Based Algorithm4.3.1 Overview of Ordinal OptimizationOrdinal Optimization OO is a new optimization theory introduced by Ho in the 1990sfor providing fast Good Enough solutions for complex simulation-based optimizationproblems [4]. It has been applied to solve many problems in different disciplines, suchas power systems [73], communication networks [74], resources allocation in manu-facturing systems [75], scheduling of parallel computing systems [76], and robotics69motion control systems [77]. Ordinal optimization tries to overcome difficulties inexisting optimization theories in solving problems that have exponential growth inits search space and computational complexity in its simulation models.Ordinal Optimization is based on two main concepts: 1) Order Comparison:it is easier to determine order than value, i.e., determining A > B is easier thandetermining the value of A-B=? and 2) Goal Softening: instead of looking for thebest for sure, we look for good enough with high probability. Using these two con-cepts, ordinal optimization methods provide a set of Good Enough solutions in anorder of their performance. In many practical applications, it is enough to find goodenough solutions instead of insisting on finding the true optimum solution whichmay exhaust the available computational resources. This rationale motivates theapplication of ordinal optimization to the resources allocation problem addressed inthis thesis. During a disaster, responders are under pressure to save lives and miti-gate disaster impacts. In these emergency situations, they can accept a fast “goodenough” solution instead of waiting for the optimum one. Also, this application canbe very useful for playing response scenarios in planning and training activities.The application procedure of Ordinal Optimization can be summarized as fol-lows:1. Randomly or heuristically sample N solutions from the entire solutions space.2. Use a crude and computationally fast model to estimate the performance ofthese N solutions.3. Estimate the Ordered Performance Curve (OPC) class of the problem and theerror level of the crude model. Then, specify the size of the good enough setg and the required alignment level K.4. Use the Universal Alignment Probability Tables to calculate the size of theselected set s=f(g,k/OPC class, error level).705. Select the observed top s solutions of the N as estimated by the crude modelas the selected set S. The theory of OO ensures that S contains at least s trulygood enough solutions with probability no less than 0.95.As can be seen from the above procedure, the key idea of ordinal optimization isto find a selected set S of solutions with an acceptable probability to be a memberof the good enough set G as shown in Figure 4.1. The good enough set is definedas the top n solutions of the entire solution space Θ . Therefore, the problem ischanged from finding the optimum resources distribution over the entire space tofinding a set of distributions that has an overlap with the top n solutions in theentire solutions space Θ.Ordered Performance CurveThe size of the selected set S is determined by the shape of the Ordered PerformanceCurve (OPC). The OPC curve is a conceptual plot of the candidate solutions as afunction of their ordered performance, i.e., the best, the second best, and so on.If we perform an exhaustive evaluation of all solutions in the entire space Θ andwe rank them from low to high, we can get one of the curves in Figure 4.2 whereJ represents the evaluation function. There are five classes of OPC curves [4] asshown in Figure 4.2: Flat, Steep, Bell, U-shaped, and Neutral. The OPC classFigure 4.1: Ordinal Optimization [4].71Figure 4.2: OPC Classes [4].can be obtained by past experience or by a one-time pre-processing over the entiresolutions of a particular problem. This step is useful to understand the shape of thesearch space of the problem of interest.4.3.2 Problem FormulationThe resources allocation problem in disaster response is considered as a combinato-rial constrained optimization problem. The objective of the optimization problemis to maximize the resilience of the infrastructure systems after a disruption. Sincesaving lives is the highest priority during emergencies, we formulate the objectivefunction to maximize the overall resilience of the modelled infrastructure using thegeneralized resilience index GRI as follows:Maximize GRI = f{Rd, Ry, Rt, Rc} (4.1)The GRI function is described in chapter 3 using 3.11, 3.12, 3.13, 3.14, and 3.15. Sincewe are using resources allocation as a tool for improving the infrastructure resilience,72we focus this formulation on the resilience dimension that is affected by the processof resources allocation: dynamic performance recovery; i.e., GRI = f{Rd}. Theperformance of the infrastructure systems is measured by the hospitals’ outputs.The hospitals’ outputs are normalized to a common base since they have differentcapacities. This formulation is based on the assumption that all response efforts arefocused on providing the needed resources to the modelled hospitals. If differentassumptions are considered, the output function y(t) is defined accordingly.The constraints of the problem are the availability constraints and the capacityconstraints. The availability constraints are modelled using the i2Sim sources inwhich Sm(t) represents the amount of available resource m at time t. For example,at t = 4, the available electrical power from the HV system to substation P1 is limitedto Sp1(4) = 15MW . The capacity constraints are modelled using the distributionratios in i2Sim distributors. For example, it is possible to have enough power atthe substation but only limited power supply is delivered due to cables capacityconstraints (either thermal or voltage limits) in the power networks.The control variables of the problem are the i2Sim distributors’ ratios: a1, a2,...,ak,where k is the total number of distributors outputs in the model. For every set a=[a1a2 ... ak], there is a corresponding output in every cell in the model. A candidatesolution is the evolution of the set a over the simulation time. This can be writtenin a matrix form as follows:Si =a1t1 a1t2 a1t3 . . . a1tTa2t1 a2t2 a2t3 . . . a2tT.......... . ....akt1 akt2 akt3 . . . aktT(4.2)where aktT is the kth output at time T and T is the total simulation time. We setan upper and lower bounds for the control variables such that amink ≤ ak ≤ amaxk .73i2Sim CellsOO-Based Algorithmi2Sim DistributorsControl Variablesi2Sim ModelInputs to the optimization algorithmFigure 4.3: The interaction between RAOO algorithm and i2Sim.The upper and lower bounds are problem specific and can be determined based onthe physical constraints in the model.4.3.3 OO-Based AlgorithmIn this section, we propose an Ordinal Optimization-based approach to solve thisproblem in two stages. The first stage searches through the solution space to producecandidate solutions using a feasibility crude model and the second stage searchesthrough the candidate solutions to find the optimum one. Since most of the compu-tational cost is due to running the i2Sim model for evaluating the candidate solutions,the decomposition of the search process is important to filter out non-feasible so-lutions in advance. The interaction between the algorithm and the i2Sim model isshown in Figure 4.3 and the flow chart for the Resources Allocation using OrdinalOptimization (RAOO) algorithm is shown in Figure 4.4.74Sample N solutions using LDSEvaluate sampled solutions using i2Sim feasibility crude modelGenerate SOO, Set f(smax)=0Specify OPC class, g, and k1st StageFor solution si ∈ SOO, Evaluate f(si) using i2Sim modelInput system dataEndNfeasible<NSample (N-Nfeasible) solutions using LDS2nd Stagef(si) > f(smax) i=i+1Set f(si) = f(smax)i < NFigure 4.4: RAOO Algorithm.The first step in stage one is to sample N solutions from the search space. In-stead of using the standard pseudo-random generators, we use the Low Discrepancy75Sequence (LDS) technique (alternatively called Quasi-Monte Carlo (QMC)). The LDSsampling technique employs specific number-theoretic algorithms, such as Van derCorput sequence and Halton sequence, to produce a uniform and even distributionof samples compared to the standard algorithms [78]. Figure 4.5 shows a compar-ison between two sample sets generated using the LDS technique and the standardpseudo-random technique. In the implementation of the LDS sampling process, eachcontrol variable is considered as an independent dimension of the sample set. Forevery sampling iteration, a candidate solution in the matrix form 4.2 is generated.The generated candidate solutions are then evaluated using the i2Sim crude model.The crude model is used to eliminate the non-feasible solutions using the followingfeasibility checks:1. Total output of every distributor at every time step is less than or equal to 1.2. The output of every aggregator at every time step is the sum of the inputs.3. Each control variable is within the upper and lower limits.The feasibility checks can be expressed mathematically as follows:k∑j=1ajt ≤ 1Am =n∑j=1ajtaminj ≤ aj ≤ amaxj(4.3)where k is the number of outputs in the distributor, and n is the number of inputsto the aggregator m.Once a set of feasible solutions is obtained, the size of the selected set is calculatedusing the following function [4]:Z(k, g) = eZ1kZ2gZ3 + Z4 (4.4)760 0.2 0.4 0.6 0.8 100.20.40.60.81 LDS Sequence0 0.2 0.4 0.6 0.8 100.20.40.60.81 Standard Random SequenceFigure 4.5: Sample sets using LDS vs. standard Pseudo-random generators.where Z1, Z2, Z3, and Z4 are regression constants depending on the OPC class ofthe problem as defined in Section 4.3.1. In the second stage of the OO-Algorithm,every candidate solution in the selected set S is evaluated using the i2Sim model andthe optimum solution is found. Therefore, the computational efficiency is improvedby limiting the number of i2Sim model evaluations to the feasible solutions only.4.3.4 Case Study ResultsThis section presents the numerical results of experiments based on the RAOO algo-rithm proposed in Section 4.3. The experiments are conducted for the case studydata presented in Chapter 2 and the i2Sim model is shown in Figure 2.9. The primaryobjective is to identify the potential value of optimizing the allocation of availableresources for improving the infrastructure resilience. The extreme event scenariodescribed in Chapter 2 is modelled by varying the Physical Modes (PM) values inthe i2Sim cells and channels in the model. The scenario duration is assumed to be 48hours and the simulation time step is 5 minutes (576 time steps). The i2Sim modeland the OO-algorithm are implemented in MATLAB/Simulink.We assume that all three hospitals have the same importance, i.e., wH1=wH2=wH3=1.770 100 200 300 400 500 600 700 800 900 1000-0.8-0.7-0.6-0.5-0.4-0.3-0.2-0.10Candidate SolutionsResi l ience I nd ex ( - GRI )Figure 4.6: OPC plot for the case study.The defined reference performance level yd is defined as 1 p.u. The value of the Nin the OO-algorithm is set to 1000. The OPC curve for the case study is shown inFigure 4.6. The resilience index was adjusted with negative values to convert theproblem to a minimization problem following the convention of the OPC classes asdescribed in section 4.3.1. The OPC plot for the case study is described by the “Bellclass”, i.e., many moderate solutions, few bad solutions and few good solutions.The values of the corresponding regression constants Z1, Z2, Z3, and Z4 are 8.1998,1.9164, -2.0250, and 10, respectively. Choosing g=50 and k=1 in 4.4, the size of theselected set S is 11.A comparison of the results from the base case scenario and the optimized sce-nario (by the RAOO algorithm) is shown in Table 4.1. Although the OO-algorithmdoes not guarantee the global optimal solution, its solution results in a consider-able improvement to the infrastructure resilience. The resilience index (Rd) in theoptimized case scenario is improved by 78% compared to the base case scenario as78Table 4.1: Comparison of results.Scenario RdBase Case 0.407Optimized Case 0.727a result of optimizing the allocation of available resources. In both cases, the finalperformance level is the pre-event level and the recovery time is the same. As a re-sult both cases have the same Ry and Rt values. The objective of the optimizationis to increase the infrastructure resilience through increasing its adaptive capacitywhich is affected by the dynamic performance of the infrastructure. Therefore, Rdis expected to change as a result of re-distributing the resources. This can be seenin the results in Table 4.1.The resilience index Rd in the base case scenario is Rd=0.407 which correspondsto the output of affected infrastructure systems without any redistribution for theavailable resources. When the distribution of available resources is optimized, i.e.,the amount of electricity and water supplied to the hospitals are changed duringthe event, the value of Rd is improved to 0.727. Figure 4.7 shows a comparisonof hospitals’ outputs in the two scenarios. It can be seen that Hospital 1 is fullyrestored in the optimized scenario while the other two hospitals have fluctuationsin their outputs. This can be attributed to the availability of two redundant powersupplies in Hospital 1 compared to a single power supply for Hospital 2 and Hospital3. This result emphasizes the importance of network topology in improving theinfrastructure resilience.Figure 4.8 shows a comparison of the outputs form Power substation 2, Powersubstation 4, and Water station 1. The output of Power substation 2 is reducedin the optimized scenario compared with the base case scenario. The output ofWater station 1 is fully restored compared in the optimized scenario compared tothe base case scenario. Note that both, Power substation 2 and Water station 1, are790 100 200 300 400 5000246810Time StepsH1 Out put (p at i ent s/ hr )0 100 200 300 400 5000246810Time StepsH2 Out put (p at i ent s/ hr )0 100 200 300 400 500012345Time StepsH3 Out put (p at i ent s/ hr ) Base CaseOptimized CaseFigure 4.7: Comparison of the hospitals’ outputs using RAOO algorithm.supplied from the Power substation 4. Also, both of them are the primary suppliesfor Hospital 1. The Water station 1 is given a higher priority, by increasing its powersupply, over Power substation 2 due to its importance to Hospital 1. Since Hospital1 has two redundant supplies of electrical power, its water supply (from Waterstation 1) becomes its limiting factor and consequently the output of Water station 1becomes an important factor in the process of improving the infrastructure resilience.This result shows the importance of infrastructure interdependencies in improvinginfrastructure resilience. The effect of the limiting factor shows that improvingone infrastructure system does not necessarily improve the overall infrastructureresilience. Such result can be very useful for decision makers to direct infrastructure’sinvestment to improve the limiting factors within the infrastructure.The output of Power substation 4 does not change in both scenarios. The reasonis that it receives its input from the high voltage transmission system and the prob-800 100 200 300 400 5000100200300Time StepsP 2 Out put (MW)0 100 200 300 400 5000100200300400500Time StepsP 4 Out put (MW)0 100 200 300 400 500020406080100Time StepsW1 Out put (KL /h r) Base CaseOptimized CaseFigure 4.8: Comparison of P2, P4, and W1 outputs using RAOO algorithm.lem formulation does not include any control variable for its input. Although Powersubstation 4 is affected by the event scenarios due to failures in its transformers,its output cannot be improved by means of reconfiguration. Recall that infrastruc-ture resilience can be improved by either increasing the survive capability or thewithstand capability. In the case of Power Substation 4, the results shows that thepotential improvement in its survive capability is limited and more attention shouldbe given to its withstand capability.The results presented in this section illustrate that the proposed framework isable to capture key aspects of infrastructure resilience. Also, the modelling approachcaptures the impacts of infrastructure interdependencies on the overall infrastruc-ture resilience. An important result is the identification of the limiting factors inthe process of improving infrastructure resilience. This result can be used by deci-sion makers to direct available investments toward improving these limiting factors.81The next question for decision makers is how to improve the limiting infrastructuresystem: by improving surviving capability, e.g., adding more flexibility and redun-dancy, or by improving withstanding capability, e.g., physical or structural support.The proposed framework and optimization algorithm can give important insights onhow to plan the required investment.4.4 Resources Allocation using Linear Programming4.4.1 IntroductionThe Resources Allocation using Ordinal Optimization algorithm described in theprevious section provides a way to obtain a ”good enough“ solution consideringthe computational effort required to run a simulation model in i2Sim. The basicidea of RAOO algorithm is to have an idea about the search space of the problem,filter out the non-feasible solutions using a crude model, and then search throughthe feasible ones using the simulation model. Although this algorithm reduces therequired number of simulation runs compared with other techniques such as GeneticAlgorithm, it still requires running a number of computer simulations which makesit more expensive computationally than evaluating analytical functions.The i2Sim model can be described using a system of equations as described inchapter 2. This system of equations is composed of cells’ equations, aggregators’equations, and distributors’ equations. Using this system of equations, a mathemat-ical optimization problem can be formulated. In this section, the resources allocationproblem is formulated as a linear programming optimization problem. Linear pro-gramming problems can be solved efficiently using available methods such as Simplexmethod and Interior-Point method [79].824.4.2 Problem FormulationThe problem formulation in this section uses the i2Sim mathematical formulationdescribed in section 2.4. Consider an i2Sim model with N cells, n=[1,2,...,N ], Maggregators, m=[1,2,...,M ], and K distributors, k=[1,2,...,K]. Every cell has anoutput yc ∈ [yc1,...,ycn] and is given by:yc(t) = min {f1(t), f2(t), ...., fn(t)} (4.5)where f1 to fn are the the functions relating every input to the output yc(t) and nis the number of inputs. In the optimization problem, the cell’s output function canbe replaced by a set of n linear inequalities:yc(t) ≤ f1(t)yc(t) ≤ f2(t)...yc(t) ≤ fn(t)(4.6)Note that the inequalities are expressed in terms of fn and not in terms of the cell’sinput xn. For a linear formulation, f1 to fn need to be linear. The i2Sim distributoris modeled by a linear equality constraint such that:yd(t) = x1(t) + x2(t) + ...+ xn(t) (4.7)where x1(t) to xn(t) are the distributor’s outputs and yd(t) is the distributor’s input.Unlike the distributor’s equation in the OO-Algorithm, the summation here does notneed to be 1 since the equation is expressed in terms of the i2Sim token variables andnot the distributor’s ratios. Note that the equality in this constraint implies that weare using all the output of the cell yc(t). If the scenario does not need to utilize all83the output yc(t), then we can replace the equality sign by a ≥ sign which will placean upper limit on the distributor’s outputs. This can be useful in case there is acost for the resources and we only need to use some but not all of the cell’s output.The aggregators equation is modelled by a linear equality constraint such thatya(t) = x1(t) + x2(t) + ...+ xn(t) (4.8)where x1(t) to xn(t) are the aggregator’s inputs and ya(t) is the aggregator’s output.The objective function in this problem is to maximize the infrastructure re-silience:Maximize GRI = min {RD1 , RD2 , ...., RDn} (4.9)This objective function is not a linear function due to the presence of Max-Minoperators but it can be converted to a linear function by following the same trans-formation in 4.6:Maximize GRIsuch that GRI ≤ RD1...GRI ≤ RDn(4.10)where the functions RD1 ,...,RDn are linear with respect to the decision variables ofthe problem. Similar to the problem formulation in the OO-Algorithm, we focus thisformulation on the resilience dimension that is affected by the process of resourcesallocation: dynamic performance recovery; i.e., GRI = f{Rd}. The decision vari-ables in this formulation are the cells’ outputs and the distributors’ outputs at everytime step. The Resources Allocation using Linear Programming (RALP) model issummarized in table 4.2.84Table 4.2: RALP Optimization ModelRALP Optimization ModelInputsN set of cellsM set of aggregatorsK set of distributorsS set of sourcesT set of time stepsL set of loads (sinks)J set of outputs at distributor kI set of outputs at distributor mLB Decision variables lower boundUB Decision variables upper boundDecision Variablesycn(t) n ∈ N cell outputxkj(t) k ∈ K, j ∈ J distributor outputObjective FunctionMaximize GRIConstraintsGRI ≤ RD RD ∈ D Resilience Index functionyc(t) ≤ fn n ∈ N Cells’ output functionsykd(t) =∑J1 xkj j ∈ J Equation for distributor kyma (t) =∑I1 xmi i ∈ I Equation for aggregator myc(t), xkj(t) ≤ ub(t) ub(t) ∈ UB Upper bound at time tyc(t), xkj(t) ≥ lb(t) lb(t) ∈ LB Lower bound at time t4.4.3 Case Study ResultsThis section presents the numerical results of the experiments based on the RALPalgorithm. The experiments are conducted for the case study data presented inChapter 2 and the i2Sim model is the same one shown in Figure 2.9. The primaryobjective is to identify the potential value of optimizing the allocation of availableresources for improving the infrastructure resilience. The extreme event scenariodescribed in Chapter 2 is modelled by placing constraints on the correspondingvariables in the model. The scenario duration is assumed to be 48 hours and thesimulation time step is 5 minutes (576 time steps + 1 pre-event time step). The RALP85Table 4.3: RALP Parameters.Parameter ValueNo. of Variables 17311No. of Time Steps 577No. of Inequality Constraints 8656No. of Equality Constraints 4039Table 4.4: Comparison of results.Scenario RdBase Case 0.407Optimized Case 0.866algorithm is implemented in MATLAB. We assume that all the three hospitals havethe same importance, i.e., wH1=wH2=wH3=1. The defined reference performancelevel yd is defined as 1 p.u. Table 4.3 shows the parameters of the RALP model forthis case study.A comparison of the results from the base case scenario and the optimized sce-nario by the RALP algorithm is shown in Table 4.4. The optimum value for theresilience index is 0.866 which is double the base case index. This result highlightsthe huge potential for improving infrastructure operations by re-allocating availableresources during extreme events. Figure 4.9 shows a comparison of the hospitals’outputs in the two scenarios. It can be seen that Hospital 1 and Hospital 2 can befully operational if the available resources are optimized. Due to its smaller capacitycompared to the other two hospitals, Hospital 3 is not fully restored.The outputs of Power substation 2, Power substation 4, and Water station 1 areshown in Figure 4.10. The results here match the results of the RAOO algorithmin the following observations. First, nothing can be done to improve the outputof Power substation 4 since it gets its output from the high voltage transmissionsystem which is not included in the control variables of the problem. Second, thewater supply from Water station 1 is recognized as an important factor in improving860 100 200 300 400 500246810Time StepsH1 Out put (p at i ent s/ hour )0 100 200 300 400 5000246810Time StepsH2 Out put (p at i ent s/ hr )0 100 200 300 400 500012345Time StepsH2 Out put (p at i ent s/ hour ) Base CaseOptimized CaseFigure 4.9: Comparison of the hospitals’ outputs using RALP algorithm.the hospitals’ outputs. One additional observation in the results here is that theoptimal solution by RALP does not utilize all the outputs of Power substation 2and Power substation 4. This result can be useful for determining the requiredtopology improvements in order to improve the overall infrastructure flexibility infacing extreme events.4.5 Prioritization of CI SystemsOne of the main actions for improving CI resilience is to develop effective disasterpreparedness plans. Disaster preparedness is a huge challenge, but the consequencesof being unprepared can be devastating. Disaster preparedness is a preparationphase in the disaster management process. It includes all the activities that need tobe implemented before a disaster strikes. A typical preparedness activity is infras-tructure reinforcement, such as installing emergency power generators or building870 100 200 300 400 5000100200300Time StepsP 2 Out put (MW)0 100 200 300 400 5000100200300400500Time StepsP 4 Out put (MW)0 100 200 300 400 500020406080100120Time StepsW1 Out put (KL /h r) Base CaseOptimized CaseFigure 4.10: Comparison of P2, P4, and W1 outputs using RALP algorithm.earthquake-resistant infrastructure. These activities require high investment costs.Therefore, disaster management agencies are faced with the challenge of planningtheir investment efficiently [80].Prioritization methodologies can help in developing cost-effective investmentplans for disaster management agencies. In this section, a prioritization method-ology is proposed for ranking critical infrastructure systems in multiple physicalinfrastructures, such as power networks, water networks, and healthcare facilities.The proposed methodology utilizes the i2Sim modeling framework to assess differ-ent failure scenarios. A single failure in one system, e.g., a water pumping station,can cause huge degradation in the operations of multiple infrastructures due to themutual interactions between them. The i2Sim modelling approach used in this sec-tion allows for capturing these interactions which improves the effectiveness of theprioritization methodology.88The problem of prioritizing and ranking critical infrastructure systems has notgained enough attention and is often treated within the vulnerability and risk as-sessment studies. For example, a screening methodology based on Multi-AttributeUtility Theory (MAUT) and graph theory is proposed in [81] for ranking vulnera-ble buildings in the campus of the Massachusetts Institute of Technology. Anothermethodology is proposed in [82] for identifying critical sets of components in largescale technical infrastructures. This methodology is based on measuring failure con-sequences in an electrical power network. Also, social network analysis is used in [83]to determine the priority of a railway infrastructure assets. Most of the existingworks use topological models, represented as graphs, to measure the impact on thecritical infrastructure systems and only a few studies considered a functional model,e.g. [82]. Those who use functional models limit their analyses to one infrastructuresystem without considering interdependent interactions with other systems.4.5.1 Critical Infrastructure RankingA ranking list of critical infrastructures is extremely useful in planning emergencymanagement investments. As a basic concept, the importance of a system com-ponent depends on the damage caused by its failure or absence from the system.Therefore, a ranking approach can be developed based on measuring the impact ofa failure of one (or more) critical infrastructure in a modelled area. The impact(consequence) needs to be quantified and an importance measure is used to rankthe critical infrastructures. Different importance measures can be developed basedon the methodology and models used in the analysis. The methodology proposed inthis section can be described as follows:1. Define the critical infrastructure systems to be included in the analysis.2. Build the i2Sim model for the infrastructure under consideration.3. Generate a failure scenario in which one of the considered infrastructure sys-89tems is affected.4. Evaluate the consequence of that failure and then calculate the importancemeasure (IM). The importance measure is defined as the relative performancedrop after the failure. It can be expressed as follows:IM = (ynormal − yfailure)/ynormal (4.1)where y is the chosen performance measure.5. Repeat Step 3 for all the infrastructure systems considered for ranking.6. Generate the ranking list according to the IM values.The failure scenarios in Step 3 are represented by failure sets. Each set has the in-frastructure components to be affected. The number of possible failure sets increasesrapidly as the set size increases and is given byk!(k − n)!n! (4.2)where k is the total number of components in the model and n is the size of the failureset. For instance, a model with 100 components has 161,700 failure sets of size 3.Enumerating all possible failure sets is impractical. One possible way is to consideronly failure sets with high failure probabilities. In this section, only failure sets ofsizes 1, 2, and 3 are considered. Also, the use of i2Sim modelling approach allowsfor considering different failure modes; e.g., total failure (0% operability level) andpartial failure (50% operability level). Such consideration is not possible in many ofthe topological models used in the literature.904.5.2 Case Study ResultsIn this section, the proposed methodology is applied to the case study described inchapter 2. The i2Sim model for this case is shown in Figure 2.9. The selected infras-tructure systems from the model for the study are the two main hospitals, the fourpower substations, one water pumping station. Two non-critical infrastructure cellsare added to account for the residential and commercial buildings. The input-outputfunction of each cell provides the necessary behavioural information for measuringthe impact on the modelled infrastructure systems. The topological information iscaptured by the arrangements of channels, distributors and aggregators as shownin Figure 2.9. In the context of disaster management, saving lives has the highestpriority. Therefore, the total output of the two hospitals is chosen to be the perfor-mance measure for this test case. The output of the hospital model in i2Sim is therate of treating patients, i.e. number of treated patients per hour. The importancemeasure is calculated as the drop in the hospitals output normalized to the ratedoutput.Three sizes of failure sets are considered: 1, 2, 3. The total number of combina-tions is 9 (for size 1) + 36 (for size 2) + 84 (for size 3) = 129 failure sets. For everyfailure set, two failure modes are tested: total failure (100% damage) means thatthe infrastructure system is totally out of service, and partial failure (50% damage)means that the infrastructure system is affected by the disaster but it can providesome outputs. An example of the partial failure mode is the failure of one maintransformer in a power substation with two main transformers. It is possible to gen-eralize the test for more partial failure modes using the i2Sim discretized operabilitylevels as described in chapter 2.Results for the total failure modes for the top ranking failure sets are shownin Table 4.5. It is observed that the top two critical infrastructures appear inthe top of size 1 sets with IM=1, meaning that total damage to any of these two91infrastructures will completely affect the two hospitals. Even though each hospitalhas two redundant power supplies from two different power substations as shown inFigure 4, power station 3 can cause a major interruption to both hospitals. Thiscan be attributed to the interdependency phenomenon since it also supplies the onlywater pumping station in the system.Table 4.5: Ranking of failure sets for 100% failure mode.RankSize=1 Size=2 Size=3Failure Set IM Failure Set IM Failure Set IM1 W1 1 W and NC2 1 W and NC1 and NC2 12 P3 1 W and NC1 1 W and H2 and NC2 13 H1 0.625 W and H2 1 W and H2 and NC1 14 P2 0.450 W and H1 1 W and H1 and NC2 15 P4 0.375 P4 and W 1 W and H1 and NC1 16 H2 0.375 P4 and H1 1 W and H1 and H2 17 P1 0 P3 and W 1 P4 and W and NC2 18 NC2 0 P3 and P4 1 P4 and W and NC1 19 N1 0 P3 and NC2 1 P4 and W and H2 110 - - P3 and NC1 1 P4 and W and H1 1Results for failure sets of sizes 2 and 3 show that the ranking is dominated bythe presence of the two critical infrastructures: power station3 and water station.We know that they are critical in themselves from the results of failure sets of size1. Therefore, they cause the highest impact regardless of which other infrastructurefails with them. Failure sets containing these two critical infrastructures can befiltered out to show the ranking of other important sets. In fact, some less criticalinfrastructures can cause tremendous damage if they fail simultaneously. Consider,for instance, the 6th failure set in the size 2 list in which power station 4 and hospital1 can cause a major drop in the system performance if they fail together.The results for the 50% failure mode are shown in Table 4.6. It can be seen thatthe two critical infrastructures, power station3 and water station, are still at the topof the ranking in size 1 sets. However, the partial failure mode shows a differencein the criticality, 0.575 for power station3 and 0.525 for water pumping station.92Table 4.6: Ranking of failure sets for 50% failure mode.RankSize=1 Size=2 Size=3Failure Set IM Failure Set IM Failure Set IM1 P3 0.575 P4 and H1 0.750 P4 and H1 and H2 0.8252 W 0.525 P3 and H1 0.750 P3 and H1 and H2 0.8253 H1 0.500 H1 and H2 0.750 P2 and P3 and H1 0.8254 P2 0.325 W and H1 0.700 P2 and P3 and H2 0.7755 P4 0.250 P2 and P3 0.650 W and H1 and H2 0.7506 H2 0.250 P3 and H2 0.575 P4 and W and H1 0.7507 P1 0 W and H2 0.575 P4 and H1 and NC2 0.7508 NC2 0 P4 and W 0.575 P4 and H1 and NC1 0.7509 NC1 0 P3 and W 0.575 P3 and W and H1 0.75010 - - P3 and P4 0.575 P3 and P4 and H1 0.75001234567Power Station1 Power Station2 Power Station3 Power Station4 Water Hospital1 Hospital2 None Critical1 None Critical2Rank CI System 50% damage 100% damageFigure 4.11: Comparison of the rankings in two different failure modes.This result suggests that different failure modes can result in different criticalityrankings. This also can be seen in the comparison between the rankings of the twofailure modes results shown in Figure 4.11.93Table 4.7: Comparison of results.Scenario RdBase Case 0.407RAOO 0.727RALP 0.8664.6 Discussion and ConclusionDuring disasters, effective disaster response is a key characteristic of resilient CIsystems. It is expected to encounter shortages of physical resources, e.g., powerand water, after disasters. Resilient infrastructure systems must be able to effec-tively use these resources. Managing physical CI systems to optimize the use ofthe available resources is a challenging task. This task is formulated as a resourcesallocation problem during disasters. An optimum allocation of available resourcescan greatly improve response effectiveness. The interdependencies between differentinfrastructure systems play a crucial role in the optimization process.In this chapter, two algorithms for helping disaster responders are proposed:RAOO and RALP. The objective function in both algorithms is to maximize theresilience of the infrastructure. Both algorithms use the i2Sim modelling frameworkfor modeling and simulating the behaviour of the infrastructure. The i2Sim modelaccounts for the interdependencies between infrastructure systems when solving theproblem. Both algorithms solve the problem effectively and improve the CI resiliencecompared to the base case scenario as shown in table 4.7.The RAOO and RALP differ in two aspects: the optimization technique used andthe i2Sim implementation. RAOO uses a heuristic optimization technique based on theOrdinal Optimization theory. This type of optimization techniques does not guaran-tee an optimal solution but it provides a ”good enough” solution as compared to theRALP solution as shown in table 4.7. RALP uses a linear programming formulationwhich is considered an exact mathematical optimization technique. The i2Sim model94Integrated Simulation-Optimization Approach Other Models Infrastructure Model Optimization (OO) Figure 4.12: An integrated simulation optimization approach for disastermanagement systems.in RAOO is built using the simulator implementation in the MATLAB/Simulink en-vironment while in RALP a mathematical formulation is used to represent the i2Simmodel within the linear programming formulation.Although the RALP algorithm can provide better solutions due the use of exactmathematical optimization technique, it requires more implementation efforts espe-cially when used by emergency responders. The RAOO algorithm can be used in amodular approach in which the optimization technique and the infrastructure modelare separate modules in a disaster management system as shown in figure 4.12. Theadvantage of using this modular approach is that one can modify the infrastructuremodel with limited changes to the optimization algorithm. Also, other CI models,such as Geographical Information System (GIS), can be integrated with a minimaleffort.In addition to RAOO and RALP algorithms, a prioritization methodology for CIPdecision makers is proposed. The methodology facilitates the ranking of criticalcomponents in multiple infrastructure systems. Using this methodology, emergencymanagement agencies can direct their investments to the most critical systems (orcomponents) in the considered locations for improving the overall resilience. Themodelling approach in the proposed methodology provides several advantages. First,95it considers the interdependent relationships between different infrastructure sys-tems. Also, it allows for simulating the functional behaviour of the modelled infras-tructures in contrast to the topological models. In addition, different failure modescan be simulated which expands the scope of the analysis.Analysis of the test case reveals some interesting results. The interdependenciesamong the critical infrastructures play an important role in the ranking process. Forexample, the importance of one of the power stations increases because it suppliespower to a water station that supplies water to a hospital. Also, when differentfailure modes are considered, the ranking has changed. This observation stressesthe importance of including infrastructure interdependencies in the analysis.96Chapter 5Resilience of Power DistributionNetworks5.1 IntroductionElectrical power systems are among the CI systems in our modern societies. Theavailability of electrical power supply is essential for our daily economic, business,and social activities. In the wake of recent climate-related events, resilience of elec-trical systems has become a major concern for utilities and the CI governmentalagencies. Power system has been operating using reliability and risk concepts whichare well understood and developed concepts. However, the concept of resilience isstill a new concept in power systems in general [36]. Recently, power distributionnetworks have received increasing attention following the movement toward SmartGrids. Since distribution networks are connected directly to end users, they havegreat influence on the operation of other CI systems.In chapter 3, we presented a resilience assessment framework for generic CI sys-tems and in chapter 4, we presented algorithms for improving resilience throughoptimization. In this chapter, we apply the framework in chapter 3 to assess the97resilience of electrical distribution networks. The rest of this chapter is organizedas follows. In section 5.2, we present a literature review on the existing studies onpower distribution systems resilience. In section 5.3, we show how the proposedframework in chapter 3 can be adapted to power distribution networks. After that,we present different strategies for improving power distribution networks resiliencein section 5.4. The formulation of the optimal network reconfiguration for the CIrestoration problem and the proposed solution algorithm are presented in section5.5 and 5.6. Finally, a conclusion is presented in section 5.7.5.2 Literature Review of Power Distribution NetworksResilienceStudies on power distribution networks resilience in the literature cover a wide spec-trum of topics depending on the context and the application being investigated. Inthis section, we provide a literature review on the definition and assessment of re-silience in power systems in general. Since optimal network reconfiguration is usedin this thesis as a strategy for improving resilience, we provide a brief summary onthe related work on power distribution network reconfiguration.A large body of the research uses the terms reliability and resiliency interchange-ably and only limited research has been published in the context of resilience defini-tion and assessment for power networks. The US National Infrastructure AdvisoryCouncil (NIAC) developed a framework for establishing critical infrastructure re-silience goals using the electrical distribution system as an example of CI [36]. Theframework consists of the following steps: develop a common resilience construct,establish baseline resilience practices, conduct stress test of electric systems, con-duct roundtables, and develop findings and recommendations. One of the importantfindings in the NIAC’s report is that “while reliability is relatively easy to define andmeasure, resilience is more difficult”. The NIAC’s report defines four features for98the electrical system resilience: Robustness, Resourcefulness, Rapid recovery, andAdaptability. Shinozuka and Chang [84] used the robustness and restoration rapid-ity to define disaster resilience for utility power systems. They developed a methodfor evaluating resilience using technical, organizational, and socio-economic dimen-sions. Panteli et. al. developed a power system resilience assessment methodologyusing sequential Monte-Carlo simulation models [85]. The methodology assesses theimpact of weather events on the power system taking into consideration the repairtimes and human factors. The methodology does not propose a resilience measurebut instead it uses two reliability indices, loss of load frequency (LOLF) and loss ofload expectation (LOLE). Recent work on power system resilience focuses on differ-ent aspects such as impact and repair times estimation for weather related events[85], outage prediction models and crew allocation models [86].Optimal network reconfiguration is one of the effective functionalities of SmartAdaptive Distribution Networks. In the literature, researchers have proposed Opti-mal Network Reconfiguration (ONR) to optimize different objectives, such as reliabil-ity improvement, power loss reduction, and load balancing. Different formulationsand solution techniques have been proposed. Since the context of this researchproject is CI restoration, only work related to distribution network reconfigurationfor power restoration is presented. Power distribution restoration is a multi-foldproblem and has been formulated in different ways. In [87], [88], and [89] the prob-lem was formulated as minimization of the de-energized loads (or minimization ofun-served areas), subject to voltage and current constraints. Similarly, in [90] aproblem formulation that minimizes load loss and utilizes available spare power re-sources using graph partitioning techniques was used. An objective function thatminimizes switching costs is adopted in [91], and [92]. Typical constraints are voltagelimits, current limits, radiality, and load constraints. In many of the above works,no knowledge about the type of loads was assumed, i.e., the problem formulation99did not distinguish between critical loads and non-critical loads. Few researchersused formulations that take importance or criticality of loads into consideration.In [87], for example, customers were classified into four priority levels and thenused to define a heuristic rule in the restoration rule-based expert system. A setof restored critical loads buses was defined in [89] and a ranking based search tech-nique was used to maximize total load current for these buses in this pre-definedset. In [93], the authors considered supplying high priority loads as constraints ina multi-objective formulation for the reconfiguration problem but it was not clearhow these constraints were handled. In [94], similar to [87], four hierarchy levelsof loads importance were defined and used in a heuristic search technique to solvethe restoration problem. Even though these formulations take loads priority intoconsideration, interdependencies between them were not considered.The network reconfiguration problem is a highly complex problem. Since theproblem involves searching a finite but large search space, it is classified as a com-binatorial problem. Radiality, voltage and current constraints make the problem anonlinear mixed-integer optimization problem. Many methods have been used tosolve this problem. Due to the complexity and combinatorial nature of the problem,many of the reported works in the literature use heuristic type of techniques or com-bine them with other optimization methods. In [95], mixed-integer programming(MIP) combined with a heuristic approach was used to minimize the number of cus-tomers without supply. A genetic algorithm was applied in [96] to find an optimalpost-fault restoration strategy. The authors in [90] presented a comparative studyof four heuristic algorithms: reactive Tabu search, Tabu search, Parallel SimulatedAnnealing, and Genetic Algorithm. The performances of these algorithms in solvingthe reconfiguration problem were evaluated and the reactive Tabu search was shownto outperform the remaining algorithms. Moreover, several researchers have usedGraph-based algorithms for solving network reconfiguration problems such as Min-100imum Spanning Trees [88], [97] and Graph Trace Analysis [98]. In all of the aboveapproaches, there are pros and cons. Mathematical programming approaches canguarantee optimal solutions but they require high computational costs especiallywhen system size is large. Heuristic approaches are computationally more efficientbut in most cases they cannot guarantee global optimality. Also, performance ofsome heuristic approaches is highly dependent on the effectiveness of its rules andparameters selection. This is why there is a tendency toward using hybrid solutionapproaches to take advantage of these different features.5.3 Resilience Assessment Framework for PowerDistribution NetworksThe proposed resilience assessment framework for power distribution networks fol-lows the general framework work described in section 3.4. It consists of the threemain stages shown in Figure 5.1. Each stage is defined in terms of the power distri-bution network problem.Define System AttributesBuild System ModelMeasure ResilienceFigure 5.1: Stages for the resilience assessment framework.As an emerging concept in power systems, resilience is not well understood. Onesource of the difficulty of understanding resilience is the fact that it is a multi-dimensional concept. Therefore, it is important to define the context of the problemwhen developing the framework. The general context of this thesis is critical infras-101tructure’s behaviour during its disaster response operations. Table 5.1 lists someexamples of the attributes that can be used to characterize the resilience of powerdistribution networks within our context.Table 5.1: Examples of resilience attributes for the power distribution net-work.Attributes ExamplesStatic Network TopologyCapacity of transformers and feedersDynamic Reconfiguring network topologyImpact of ICT technologiesDecision Developing command and control plansRepair and maintenance strategiesThe defined attributes need to be modelled before they can be evaluated andmeasured. The model (or models) needs to describe the behaviour of the systemsunder study with the required level of details. The models need to capture thefollowing:• The operational parameters for the distribution network: voltage and anglevalue at every node, and line flow for every feeder.• The topological structure of the network.• The interdependencies between the power distribution network and other CIsystems.Two models are proposed for capturing the above characteristics: the i2Sim in-frastructure model and the AC power flow model. The i2Sim model is describedin details in chapter 2. It is used to account for the impact of changes in powerdistribution networks on the interdependent CI systems. The i2Sim model is coupledwith the AC power flow model in the simulation framework. It is also possible tointegrate both models into one model in a mathematical optimization problem. Howthe models are built and integrated is problem-specific.102After defining the required attributes and models, an index or (indices) reflect-ing the modelled attributes is defined. We use the Generalized Resilience Index(GRI), described in chapter 3, to formulate an index for power distribution networkresilience. The GRI enables combining different resilience dimensions into one index.The definition of the required resilience dimensions depends on the problem and itsspecific objective. For example, we can define one dimension as the power supply tointerdependent CI systems for the distribution reconfiguration problem.5.4 Improving Power Distribution Networks ResilienceThere are two general approaches for improving any CI system resilience: increasingthe withstand capability and increasing the survive capability. These two approachesare also referred to as reducing vulnerability and increasing adaptive capacity. Im-proving power distribution networks resilience requires advances in the two directionsto make power networks more resilient in the face of extreme events. Measures thatcan be taken to improve power distribution networks resilience are discussed nextand some examples of these measures are shown in Figure 5.2.Increasing the withstand capability makes power distribution networks less sus-ceptible to disruptions which results in minimum damages or loss to the networks.There are different approaches for increasing the withstand capability (or reduc-ing vulnerability) such as hardening, redundancy, assets and capacity management.Hardening is typically associated with increasing the structural integrity of the com-ponents or the system. Examples include using underground cables instead of over-head cables, and using advanced coatings materials in major equipments to mitigatewater and ice damages. Hardening measures can also be extended to the informa-tion and communication technology used in power networks by using strong cyberattacks detection and protection software. Redundancy typically refers to the avail-ability of alternative options for providing the same or similar function in case of103Power Distribution Network ResilienceIncrease Withstand Capability Increase Survive CapabilityHardeningRedundencyAssets ManagementReconfiguration· Converting overhead lines to underground lines· Using cyber attacks detection software· Installing alternate feeders to increase network flexibility· Using advanced coatings materials· Deployment of Microgrids· Elevating substations to avoid flooding· Maintain enough stock of critical components· Vegetation management (trees trimming)· Deployment of Optimal Network Reconfiguration· Using outage/weather predictive models and simulation tools· Deployment of DG resources and energy storage technologies for backup supply· Prioritization for response activities· Increase automation capability of the network· Using Geographical Information Systems (GIS) for assessing restoration activities Resources AllocationPreparednessPotential InvestmentsApproachesFigure 5.2: Approaches and investments for improving power distribution net-works resilience.losing the main component. Redundancy measures include building alternate feedersfor important loads in the network and installing redundant transformers in substa-tions. Assets and capacity management refers to enhancing the utilization of existingequipments and systems. It can be achieved through variety of practices and mea-sures such as trees trimming for mitigating lines outages, loads balancing betweenfeeders to avoid feeders’ overloading, and increasing automation in the network.Increasing the survive capability ensures that the power network can overcomethe disruption and resumes its functionality (fully or partially) in a timely manner.Reconfiguration and resources allocation are two effective measures for achievingthat. Although these reconfiguration and resources allocation can be used any time,104they play a critical role during emergency situations when power and resources areneeded in areas of greatest priority. Preparedness and response planning are alsoimportant measures for increasing the survive capability. Planning of prioritizationof restoration activities and dispatching repair crew are examples of how utilitiescan prepare for disruptions.After identifying the potential approaches and ways for improving resilience,utilities are faced with the challenge of choosing the appropriate approach for theirpower networks. Investments in improving resilience of power distribution networksare constrained by different factors including market, regulatory, and technical [36].Resilience assessment methodologies, such as the one proposed in this thesis, areneeded to evaluate different approaches and recommend the most effective one. Insome cases, more than one approach can be combined to improve the overall re-silience.5.5 Optimal Network Reconfiguration for PowerDistribution NetworksPower distribution networks are normally designed with mesh topologies but theyare operated using radial configurations by opening switches at certain points. In aradial configuration, there is only one active path between each customer and thesupplying substation. Utilities prefer radial configuration because it is cost effective,easy to plan and maintain, and also easy to coordinate effective protection schemes[99].Distribution network reconfiguration is the process of altering the current net-work topology by changing the open/close status of switches. The network reconfig-uration can be implemented during normal operating conditions for different reasonssuch as reducing power losses, balancing feeders’ loadings, or increasing networks’reliability. In emergency situations (abnormal operating conditions), network re-105configuration is used to restore power supply to affected customers. Since there aremany candidate switching combinations, finding an operational network topology isa challenging task to utility operators.The Optimal Network Reconfiguration (ONR) problem is defined as the problemof finding an optimum network topology that maximizes or minimizes an objectivefunction. Due to large number of switches in the network, and due to the nonlinearcharacteristics of the power system behaviour, the ONR problem is considered acombinatorial constrained nonlinear mixed-integer optimization problem. A typicalONR problem includes the following elements: 1) proper network models; 2) powerflow calculations; 3) algorithm for making changes to the current configuration; and4) optimization technique for guiding the algorithm to the optimum solution.The ONR can be implemented manually by sending out operators to do theswitching, or it can be done automatically using the Distribution Automation System(DAS). Automatic network reconfiguration is one of the envisioned functionalities inSmart Grids [100]. Recent advancements in Smart Grids deployments have made theautomatic reconfiguration of distribution networks a practical option for utilities.5.6 ONR for CI Restoration using A MinimumSpanning Tree Based AlgorithmRestoring power supply to CI systems after an extreme event is critical for improvingthe infrastructure resilience. This result is illustrated by the problems addressed inChapter 4. However, the problem formulations in Chapter 4 do not take into consid-eration the technical feasibility of the power distribution networks when evaluatinga candidate solution. Although some basic constraints can be tested in these for-mulations, such as substation capacities, other electrical constraints such as voltagelimits can only be tested using specific power system models.106ONR is the complementary problem to the resources allocation problem in Chap-ter 4. ONR can be integrated with the resources allocation problem in i2Sim toincrease the overall infrastructure resilience. The problem can be stated as follows:what is the optimum power network topology that maximizes CI systems’ outputsconsidering their interdependencies? We name this problem: Optimal Network Re-configuration for CI Restoration.The ONR for CI restoration problem brings significant computational challenges.One of the challenges is how to model CI systems’ interdependencies. In addi-tion, formulating the ONR problem for power networks is a complex problem dueto the high number of possible configurations, which increases exponentially withthe number of switches in the network. Another challenge is how to account for theinterdependencies within the ONR problem.5.6.1 System ModelsThree models are used for formulating the ONR for CI restoration problem. The firstmodel is the i2Sim model which takes care of the upper level interactions betweenthe modelled CI systems. This model calculates the outputs of every system givena specific set of supplies (including power supply). The i2Sim model is described indetails in Chapter 2.The second model is the graph model for the power distribution network. Distri-bution networks can be represented by an undirected graph G(V,E), where V is theset of n vertices and E is the set of e edges (or lines). The root node (feeding substa-tion) of the distribution network is denoted as node 0. All load points in the networkhave an active power Li [kw] i ∈ 1, 2, ..., n− 1. It is assumed that each branch (orline) of the network is represented by an edge e ∈ E and incorporates a sectionalizingswitch on it. These switches are operated to modify the network topology accordingto the reconfiguration process. Many distribution networks are operated typically107under radial configurations, which means that there is only one path between eachload node and the root node (or feeding substation) [99]. Therefore, they can berepresented as Tree Graphs [101]. A spanning tree is a sub-graph that contains allthe nodes without any loops and some or all the edges such that there is only onepath between any pair of nodes. Spanning trees are ideal representations of radialdistribution networks [97].The third model is the AC power flow model which is the fundamental tool forcalculating the operational parameters of a general power network. The network isrepresented on a per phase basis and the loads on each each line are representedas constant P and Q. The network in the model is assumed to be operating inbalanced conditions. There are four parameters associated with each node (bus):voltage magnitude |V |, phase angle δ, real power P , and reactive power Q. In atypical power flow problem, there are two unknown parameters at each node. Twosets of equations are solved: the network equations and the power equations. Giventhe values of the loads consumption and the values of the power supply to thenetwork, the power flow model calculates the power flow in each line.The basic network equation for power flow models is based on Kirchhoff’s lawsand is derived from nodal analysis as follows:y11 y12 . . . y1jy21 y22 . . . y2j....... . ....yi1 yi2 . . . yijV1V2...VN=I1I2...IN(5.1)where the yij are the elements of the admittance matrix Y . Vn are the nodes’voltages and In are the current injections at each node n. The admittance matrixY represents the interconnection between nodes (buses) in the power network. Inthe resilience assessment framework, the admittance matrix can represent a static108attribute for the modelled network. The currents and voltages are complex numberswhich can be represented in polar or rectangular forms. Therefore, the networkequations result in complex linear simultaneous algebraic equations in terms of thecurrents I. Typically, the values of the currents I are not known but the real powerP values are known. The power equation S = V I∗ is then used to express thevoltage equations in terms of P :Pn + jQn = VnK∑1Y ∗nkV∗k (5.2)After separating the real and imaginary parts of (5.2), the resulting formulationis a system of algebraic nonlinear equations which can be solved using iterativetechniques such as Gauss-Seidel and Newton Raphson methods [102]. For the powerflow analysis of distribution networks, what is known before the analysis is thesubstations’ power supply and voltages, and the complex power of the loads giventhe load model (constant complex power, constant impedance, constant current, ora combination).5.6.2 Problem FormulationThe ONR for CI restoration problem is formulated as a resilience maximization prob-lem. The objective function is the GRI function which is expressed in terms of theoutput of affected CI systems after the event (evaluated by the i2Sim model). The de-cision variables are the i2Sim distributors’ ratios and the power distribution network109switches’ status. The problem can be stated as follows:Maximize GRI = ycisubject tok∑j=1ajt ≤ 1Am =n∑j=1ajtaminj ≤ aj ≤ amaxjV minn ≤ Vn ≤ V maxnIn ≤ ImaxnNetwork is radial(5.3)where yci is the output of the considered infrastructure system (or systems). Thefirst three constraints are the i2Sim constraints and the last three constraints arethe power distribution constraints. Since the decision variables are discrete vari-ables, the problem is considered as a mixed-integer nonlinear discrete optimizationproblem. Furthermore, the dimension of the problem is large due to the couplingof two problems: the i2Sim optimization problem and the power network topologyoptimization problem. For every solution for the i2Sim model, there are 2n solutionsfor the power network model where n is the number of switches.5.6.3 Solution AlgorithmTo solve the above problem, we propose an iterative simulation optimization algo-rithm as depicted in Figure 5.3. The basic idea of the proposed algorithm is asfollows: first, the i2Sim model is optimized and then an ONR problem is solved basedon the i2Sim solution. There are two stages in the algorithm. The first stage solvesan i2Sim optimization problem using an OO-based algorithm similar to the one pro-110posed in Chapter 4. From the solution of the i2Sim optimization problem, we extractthe power supply requirements for the CI systems operations. The i2Sim solutionaccounts for the interdependencies with other infrastructure systems, such as waterand gas. Once the power supply requirements are obtained, an ONR problem issolved in the second stage to find a feasible power distribution network topologythat can meet the i2Sim solution’s requirements. The next iteration starts when anew i2Sim solution is produced along the time line of the event.Optimize i2Sim ModelOptimize Power Network TopologyRequired power supply for CI systems considering their interdependenciesFeasible power network topologyFigure 5.3: Overall flow of the proposed iterative simulation optimization al-gorithm.The ONR problem in the second stage is solved using a heuristic method based ona Minimum Spanning Tree (MST) algorithm. The problem aims at finding a radialnetwork topology that delivers the required power to the CI systems. The MSTalgorithm identifies the possible paths for the power to flow and returns a spanningtree graph which ensures compliance with the radiality constraint. There are severalalgorithms for finding a MST from a given graph such as Prim’s algorithm andKijkstra’s algorithm. From the perspective of our problem, there is no advantage inchoosing one algorithm over another. We select Prim’s algorithm for developing our111solution algorithm here. Details on MST graphs and Prim’s algorithm are providedin appendix A.The solution strategy for the ONR problem in the second stage is composed ofthe following main steps:1. Build system models: In this step, the AC power flow model and the cor-responding graph model for the distribution network are built based on theinitial system data. Then, they are updated based on the outage data. Theoutage data can be in the form of line failures, equipment failures, or reductionin the available power supply from the high voltage system at the supplyingsubstations.2. Build graph model and check connectivity of the loads: In this step,all switches in the network are closed to form a meshed network. After that,the graph model is formulated and the connectivity of the graph is checked. Ifthere are any nodes that are not connected, then they are removed from themodel.3. Run the MST algorithm: In this step, an initial weight is assigned to eachline (edge) in the network. The weights assignment is as follows:Wi = 1/Sratedi for lines with normally-closed switchesM for lines with normally-open switches(5.4)where Wi is the weight of line i, Sratedi is its rated loading capacity in MVA,and M is a large arbitrary number. Prim’s algorithm is then used to find aminimum spanning tree for the network graph in which the sum of all weightsin the tree is minimum. One can influence the tree construction by assigningcertain weights to certain edges, e.g., assigning high weights to un-wantededges. The weights assignments in 5.4 is designed to serve two objectives: the112first objective is produce a configuration as close as possible to the pre-failureconfiguration and the second objective is utilize the edges with higher capacityratings as much as possible. The first objective is facilitated by assigning largeweights to the normally open switches, i.e., driving the algorithm away fromselecting them. The second objective is facilitated by assigning 1/Sratedi to theremaining edges, i.e., lines with higher capacity have lower weights and higherprobability to be included in the tree.4. Run the AC power flow model and check feasibility Once a candidateradial configuration is selected by the MST algorithm, power flow calculationsare performed using the standard Newton Raphson method. If the power flowconverges to a solution, then the constraints are checked. If no constraintsare violated, then a feasible radial configuration is obtained. The solution isoutput and the algorithm is ended. If there are violations, or if the power flowdoes not converge, then go to the next step.5. Perform loads management The loads management step performs twofunctions: loads transfer and loads shedding. If the candidate configurationhas a feasible power flow with line capacity violations, then the loads trans-fer is attempted first. If the power flow has no solution or there are voltageviolations, then loads shedding is attempted. After that, the algorithm willgo to step 4. This process is repeated until a feasible network configuration isobtained.The flow chart for the ONR solution algorithm is shown in Figure 5.4. Theproposed algorithm explores the candidate topologies to restore the power distribu-tion network with a maximum supply to the CI systems as identified by the i2Simsolution. The MST algorithm ensures that the candidate topology meets the radi-ality constraint. Since the pre-failure configuration is considered as the reference113Initial system dataOutage dataBuild system modelsClose all open switchesCheck connectivityRemove disconnected nodes from graphAssign weights to all edges in the graphRun MSTRun power flow for the MST configurationCheck feasibility/convergenceOutput feasible configurationEndPerform loads management (transfer/shedding)NoNoYesYesFigure 5.4: Flow chart for the MST based algorithm.configuration, the weights assignments in the MST algorithm are used to produce acandidate configuration that is close to the pre-failure configuration.In case of power flow violations, loads transfer or loads shedding is performed,depending on the violation as described in step 5. The loads transfer and loadsshedding procedures are described as follows:Loads transfer This function aims at balancing the loads in the network by trans-ferring some loads from the overloaded feeder to another feeder. If there aremore than one overloaded feeder, then feeders with CI nodes are treated first.The function proceeds as follows. First, it searches for a line m with an openswitch connected to the overloaded feeder k. This is done by searching allpaths between the receiving node at the overloaded line and the root node(supplying substation). If there is no candidate line in any path, then loads’114transfer cannot be performed and loads shedding should be attempted. If thereis candidate line m for switching, then the spare capacity for every line in thepath to the root node is calculated as follows:Sspare = Srated −√P 2 +Q2 (5.5)If the load to be transferred is greater than the minimum spare capacity forthe path to the root node, then load transfer is not possible. If not, a switchingexchange is done to transfer the load while maintaining the radiality of theconfiguration (closing the candidate line’s switch and opening the switch beforethe receiving node). The procedure continues until all overloaded lines aretreated.Loads shedding The nodes in the network are divided into two sets: critical nodesNc and non-critical nodes Nnc. Loads shedding is attempted first by sheddingloads from the Nnc set. The algorithm starts by searching for leaf nodes onthe feeder with power flow violations. In graph theory, leaf nodes are nodeswith degree one, i.e., have only one connecting edge to the graph tree (loadsat the end of the feeder). If we remove a leaf node, the graph is still a tree.This feature is very useful in our load shedding procedure since we want tomaintain a radial topology all the time. Once leaf nodes on the overloadedfeeder are identified, nodes that are in the non-critical set Nnc are shed. Theprocedure continues shedding one node at a time until all load points in theset Nnc are taken out of the network. If there still are power flow violations,leaf nodes that are in the set Nc are considered for shedding.5.6.4 Test CasesIn this section, the proposed MST-based algorithm is tested in two cases using twotest systems that were constructed by combining the i2Sim model described in chapter1152 and two of the available power distribution test systems in the literature. The firsttest case uses the i2Sim model and the 33-nodes power distribution test system [103].This power distribution test system has 33 nodes (loads) and 37 edges (representingswitches). The initial configuration of the 33-node test system is shown in Figure 5.5.The abstracted cells in the i2Sim models need to be mapped into their correspondingnodes in the power network model.Failures scenarios are mapped into the power network by opening the corre-sponding switches. Also, CI systems are assigned to their corresponding load points(nodes) in the power network. The following assignments are used in this test case:Hospital 1 is represented by two nodes, nodes 8 and 9, since it is bigger than Hospital2 which is represented by node 25. Water station 1 is represented by node 21. SinceHospital 3 and water station 2 are supplied from a separate power substation, theyare not modelled in this test case. Different failure scenarios are tested representingsingle line failure and multiple lines failures. Results for the reconfiguration problemare only reported in this section since the i2Sim optimization results are presentedin Chapter 4. Table 5.2 shows the obtained results for the ONR for CI restorationfor the considered scenarios.In the first three scenarios, a single line failure due to the disaster events isconsidered. This causes some nodes to be out of service. The objective of the MST-based algorithm is to restore the power supply to the critical nodes as requestedby the i2Sim solution. Only one of the scenarios restores a full power supply tothe critical nodes without returning to i2Sim (scenario 1 in the table). The initialtree configuration by the algorithm produces line capacity violations triggering theloads management subroutine which transfers loads to another feeder without theneed to shed any loads. For the other two single failure scenarios, loads transferand loads shedding have to be performed since the initial tree configuration returnsnon-feasible solutions as loads management fails to maintain power supply to critical1161243 2523524761989101112202122131415 16171826 27 28 2931303233Figure 5.5: Initial configuration of the 33-node test system. The dotted linesrepresent normally open switches.nodes. Similar results are observed for the last three scenarios that consider two linefailures at a time. The minimum nodal voltages for the final configuration in theobtained solutions are within the voltage limits as shown in Figure 5.6.The second test case uses the i2Sim model and the 70-node power distributiontest system [104]. The power distribution system has 70 nodes (loads) and 79 edges(lines) arranged in 4-feeders configuration as shown in Figure 5.7. The mappingbetween the i2Sim model and the power distribution model is as follows: nodes 11 and12 represent Hospital 1, node 58 represents Hospital 2, node 38 represents Hospital3, node 27 represents Water Station 1, and node 62 represents Water Station 2.Results for this case are shown in Table 5.3. Six scenarios are tested. Due to theavailability of several alternate lines, the power supply can be restored to the critical117Table 5.2: Obtained solutions for the 33-nodes network reconfigurationScenario Failure Pcritical* Pshed** Vmin Open SwitchesLocation (%) (%) (P.U.)1 20-21 100 0 0.907920-21,9-15,12-22,18-33,25-292 6-7 89.10 25.98 0.94246-7,14-15,17-18,21-22,25-29,8-9,18-33,7-83 8-9 89.10 18.17 0.93038-9,8-21,12-22,18-33,25-29,9-154 91-20,30-31 100 11.31 0.922912-13,18-33,19-20,21-22,25-29,30-315 5-6,15-16 52.73 55.32 0.9807 5-6,8-21,25-29,12-226 23-24,26-27 63.64 45.76 0.93998-21,23-24,26-27,12-22,18-33* Percentage of critical loads supply where 100% means all critical loads arefully supplied.** Loads taking out by loads shedding as a percentage of total load.nodes in four of these scenarios. One of the differences between this case and thefirst case is the availability of a second power substation which adds more flexibilityto the reconfiguration process. However, voltage violations limit the restoration ofsome nodes in some scenarios. Even though this case has a more flexible topology,maintaining the final configuration voltages within the limits is more challengingthan in the first case as can be seen in Figure 5.8.In six of the tested 12 scenarios, the i2Sim solution cannot be accommodatedby the power distribution network. This result shows the importance of addingthe technical feasibility of the modelled infrastructure systems to the resources al-location problem during disaster management. The results in Figure 5.9 show theeffectiveness of the proposed ONR algorithm compared with the no-reconfigurationcases. As a result of the MST weights assignment strategy, the final topology after thereconfiguration procedure is close to the pre-event topology which leads to a reducednumber of switching operations, which in turn increases the speed of restoration.118initial scenario 1 scenario 2 scenario 3 scenario 4 scenario 5 scenario 600.20.40.60.811.2CaseMi ni mum Nod al Vol t ag e ( P.U .) VoltageLimitsFigure 5.6: Minimum voltage in the final configuration for every scenario inthe 33-nodes test cases.5.7 ConclusionThis chapter discusses the resilience assessment of power distribution networks inlight of the generic framework proposed in Chapter 3. While there are differentways of improving the resilience of power distribution networks, as described insection 5.4, optimal network reconfiguration is used in this chapter as a means ofresilience improvement. This chapter presents a problem formulation, a solutionalgorithm, and test cases results for the ONR for CI restoration problem. The MST-based solution algorithm is used to complement the resources allocation problemin Chapter 4. The proposed solution algorithm for the ONR problem is a heuristicalgorithm which does not guarantee a global optimum solution. However, the use ofa fast graph theoretic algorithm makes it computationally efficient and fast which,in turns, makes more applicable to real time applications.119 2 3 4 5 6 7 8 9 68 69 10 11 12 13 14 15 50 49 48 47 35 36 37 38 34 33 32 31 30 51 52 53 54 55 56 61 62 65 66 67 63 64 16 17 18 19 20 21 22 23 24 25 26 27 28 29 39 59 58 57 60 44 45 40 41 42 43 46 Substation 1 T1 T2 Substation 70 T4 T3 Figure 5.7: Initial configuration of the 70-node test system. The dotted linesrepresent normally open switches.120Table 5.3: Obtained solutions for the 70-nodes network reconfigurationScenario Failure Pcritical* Pshed** Vmin Open SwitchesLocation (%) (%) (P.U.)1 3-4 100 6.49 0.90013-4,4-5,4-10,7-68,9-50,22-67,29-64,45-60,38-43,39-59,21-27,9-152 51-52 100 0 0.883351-52,61-62,9-50,9-38,15-46,22-67,45-60,38-43,21-27,9-15,62-653 16-17 100 13.34 0.883016-17,9-50,9-38,15-46,21-22,26-27,45-60,38-43,39-59,21-27,9-15,66-65,59-60,55-564 24-25,35-36 100 0 0.905223-24,35-36,9-50,9-38,15-46,22-67,29-64,45-60,39-59,9-15,15-675 34-35,57-58 94.88 13.09 0.916034-35,57-58,9-50,9-38,15-46,22-67,22-64,45-60,38-43,21-27,9-15,15-676 4-10,33-34 88.73 15.47 0.90524-10,12-13,33-34,9-50,37-38,15-46,22-67,29-64,45-60,38-43,39-59,21-27,15-67* Percentage of critical loads supply where 100% means all critical loads arefully supplied.** Loads taking out by loads shedding as a percentage of total load.121initial scenario 1 scenario 2 scenario 3 scenario 4 scenario 5 scenario 600.20.40.60.811.2CaseMi ni mum Nod al Vol t ag e ( P.U .) VoltageLimitsFigure 5.8: Minimum voltage in the final configuration for every scenario inthe 70-nodes test cases.1 2 3 4 5 6 7 8 9 10 11 12102030405060708090100ScenarioP CI ( %) PCI before ONRPCI after ONRFigure 5.9: Comparison of ONR for CI restoration results.122Chapter 6ConclusionThis thesis focuses on modelling, simulation, analysis, and optimization of criticalinfrastructure systems with respect to their resilience to extreme events. It attemptsto provide a standardized methodology for assessing infrastructure resilience. It alsoformulates the resilience improvement problem as an optimization problem and pro-poses different algorithms for its solution. The main conclusions of the contributionsin this thesis are summarized in the following paragraphs.A Resilience Assessment Framework for Interdependent Infrastruc-ture Systems has been developed. The presented resilience assessment frameworkbrings an original contribution to the analysis of critical infrastructure systems. Itprovides a quantitative means to assess infrastructure resilience using a generalizedmeasure that is comparable across different systems’ contexts and structures. Thegeneralized resilience index provides a flexible formulation that can be applied todifferent domains and applications. The i2Sim modeling approach is used to accountfor the inherent complexity due to CI systems’ interdependencies. The results pre-sented in Chapter 3 and Chapter 4 show that infrastructure interdependencies playan important role in the resilience improvement process.Resources Allocation Algorithms for CI Systems have been developed for123assessing disaster response during disruptions. Two optimization problems havebeen formulated for selecting the proper allocation of available resources (power,water, etc.). to enhance the overall resilience of the infrastructure. The two formu-lations test two different paradigms in optimization: simulation-based optimizationand exact mathematical optimization. The formulations show that the problemis computationally intensive, especially for large scale infrastructure systems. Thesimulation-based optimization algorithm RAOO provides good solutions comparedto the exact optimization algorithm RALP, which provides the optimum solution.However, RAOO can be a more practical solution due its modularity and ease ofimplementation. The results of both algorithms prove that infrastructure resiliencecan be greatly improved by efficient allocations of available resources.A Prioritization Methodology for Interdependent CI Systems has beendeveloped. This methodology can be used to direct investments to the most criti-cal components of the systems. It utilizes the i2Sim modeling framework to assessdifferent failure scenarios. The use of i2Sim allows for capturing the mutual interac-tions between different CI systems. Unlike other methodologies in the literature, theproposed methodology considers the functional properties of the modelled infras-tructure systems along with the topological properties. Results of the case studiesshow that hidden interdependencies can change the ranking of components whenconsidered. Also, the proposed methodology can be extended to consider multiplefailure sets to simulate more scenarios.An Optimal Power Distribution Network Reconfiguration for CI Restora-tion Algorithm has been developed. This algorithm is used to complement thetwo resources allocation algorithms to check for their technical feasibility. The ob-jective of this algorithm is to find the best power distribution network topology thatmaximizes the power supply to the CI systems. Results of the case studies showthat not every solution by the resources allocation algorithm can be implemented124when considering the technical models of the power distribution network. Opti-mal network reconfiguration (ONR) is used as a technique for solving this feasibilityproblem. The ONR problem is solved using a graph-theoretic algorithm based onMinimum Spanning Trees that provide feasible solutions.6.1 Future Research DirectionsIn this section, different future research directions are proposed. These researchdirections can be followed to overcome some current limitations or to extend thecontributions of this thesis to the field of critical infrastructure resilience.Improvements to the proposed Resilience Assessment Framework: Thereare different aspects in which the proposed framework can be improved or extended.One of these aspects is related to the uncertainty in real-life systems. The presentedresilience assessment framework uses deterministic system dynamics to describe theresponse of the CI systems to a disturbance. Since uncertainty is a key feature inreal-life systems (and events), the proposed framework can be extended to accountfor such uncertainty. A probabilistic approach can be used to describe the systems’parameters using some probability density functions. The resilience index also canbe represented using a stochastic process similar to the one used in [56]. The useof probabilistic approaches can be seen as a way of transitioning the traditionalreliability theory to the new concept of resiliency.Another aspect for improvement is related to the attributes’ definition in theframework. Experts’ opinions are typically used in defining the required resilienceattributes for a given system. However, these opinions may have some conflicting di-rections or may not agree on the level of importance of a particular system attribute.A systematic approach for defining the attributes can be useful in this regard. Multi-criteria decision analysis techniques such as Analytical Hierarchy Process (AHP) andMulti-attribute Utility Theory (MAUT) can be used for this purpose.125Applications to other CI systems and Cyber-Physical Interdependen-cies: The focus of this thesis is on a high-level abstracted model of interdependentinfrastructure systems and also on an application to power distribution networks.The results in Chapter 5 show that analysis of the detailed technical model of theinfrastructure system (e.g. power networks) can improve the optimization solutionobtained by the high-level model (i2Sim model). In Chapter 5, the focus is on powerdistribution networks when integrated with the i2Sim models. One way of extend-ing this focus is to consider detailed models of other infrastructure systems such aswater distribution networks and transportation networks. Another way is to con-sider cyber-physical interdependencies between the information and communicationnetworks and other infrastructure systems. Of particular interest is the resilienceassessment of Smart Grids which includes both the power network and the informa-tion and communication networks. The use of communication networks in SmartGrids allows one to isolate failures and restore power supply more quickly, which im-proves the resilience of the infrastructure. However, new challenges and risks emergedue to cyber-physical interdependencies. For example, mapping cascading failuresamong the two systems is a challenging task due to the nature of the interconnectionbetween components (one to one, one to many, or combination). Also, the use ofinformation technologies increases the risks of cyber intrusions which makes cybersecurity a major concern for infrastructure operators.Integration with other CIP tools for Decision Support during Disas-ters: The resilience assessment framework combined with the i2Sim simulator, andthe optimization models proposed in Chapters 4 and 5 can all be integrated to forma decision support system for disaster management. The decision support systemcan also integrate other CIP tools which can provide more information and capabil-ities. One example is the Geographic Information System GIS. The GIS can providelocation information which can be used in the optimization problems to speed up126the restoration process. Other tools that can be integrated are the weather fore-cast models and the seismic assessment models. The modularity of the developedframework and optimization models in this thesis allows the applicability of thisintegration.Computational Efficiency Improvement: Simulation and optimization of CImodels is computationally expensive and data intense. For the integrated decisionsupport system described above to be realized, the computational efficiency of themodels need to be improved. One source of the computational difficulty in the pro-posed models in this thesis is the initiation of multiple i2Sim simulations within theMATLAB/Simulink environment. One approach of dealing with this difficulty is touse one of the parallel processing techniques which allows for running multiple sim-ulations simultaneously. Another way of improving the computational efficiency isto use a data structure algorithm which allows storing and exchanging data betweendifferent models more efficiently.127Bibliography[1] F. Vos, J. Rodr´ıguez, R. Below, and D. Guha-Sapir, “Annual disasterstatistical review 2009: The numbers and trends,” in Annual disasterstatistical review 2009: The numbers and trends. Centre for Research on theEpidemiology of Disasters (CRED), 2010. → pages xii, 2[2] D. T. Ton and W.-T. P. Wang, “A more resilient grid: The US departmentof energy joins with stakeholders in an r&d plan,” Power and EnergyMagazine, IEEE, vol. 13, no. 3, pp. 26–34, 2015. → pages xii, 4[3] J. R. Marti, “Multisystem simulation: Analysis of critical infrastructures fordisaster response,” in Networks of Networks: The Last Frontier ofComplexity, ser. Understanding Complex Systems, G. D’Agostino andA. Scala, Eds. Springer International Publishing, 2014, pp. 255–277. →pages xii, 3, 15, 22, 23, 24, 49[4] Y.-C. Ho, Q.-C. Zhao, and Q.-S. Jia, Ordinal optimization: Soft optimizationfor hard problems. Springer, 2008. → pages xiii, 66, 69, 71, 72, 76[5] P. S. Canada, “An emergency management framework for canada,” in PublicSafety Canada 2011, 2011. → pages 3, 9[6] R. Pant, K. Barker, and C. W. Zobel, “Static and dynamic metrics ofeconomic resilience for interdependent infrastructure and industry sectors,”Reliability Engineering & System Safety, vol. 125, pp. 92–102, 2014. → pages3[7] N. I. A. C. (US), “Critical infrastructure resilience: Final report andrecommendations,” Tech. Rep., September 2009. → pages 3, 4, 41, 42[8] (accessed May 18, 2015) Critical infrastructure preparedness and resilienceresearch network (ciprnet). [Online]. Available:https://www.ciprnet.eu/summary.html → pages 3[9] S. M. Rinaldi, J. P. Peerenboom, and T. K. Kelly, “Identifying,understanding, and analyzing critical infrastructure interdependencies,”Control Systems, IEEE, vol. 21, no. 6, pp. 11–25, 2001. → pages 3, 8, 11128[10] Y. Y. Haimes, K. Crowther, and B. M. Horowitz, “Homeland securitypreparedness: balancing protection with resilience in emergent systems,”Systems Engineering, vol. 11, no. 4, pp. 287–308, 2008. → pages 3, 41[11] J. Araneda, H. Rudnick, S. Mocarquer, and P. Miquel, “Lessons from the2010 chilean earthquake and its impact on electricity supply,” in PowerSystem Technology (POWERCON), 2010 International Conference on.IEEE, 2010, pp. 1–7. → pages 4[12] P. P. Directive, “Critical infrastructure security and resilience. ppd-21,released february 12, 2013,” 2013. → pages 9[13] “The European Programme for Critical Infrastructure Protection ( EPCIP),” Tech. Rep. December 2006, 2006. → pages 9[14] P. Pederson, D. Dudenhoeffer, S. Hartley, and M. Permann, “Criticalinfrastructure interdependency modeling: a survey of us and internationalresearch,” Idaho National Laboratory, pp. 1–20, 2006. → pages 12, 13, 40[15] I. Eusgeld, D. Henzi, and W. Kro¨ger, “Comparative evaluation of modelingand simulation techniques for interdependent critical infrastructures,”Scientific Report, Laboratory for Safety Analysis, ETH Zurich, pp. 6–8, 2008.→ pages 12[16] G. Satumtira and L. Duen˜as-Osorio, “Synthesis of modeling and simulationmethods on critical infrastructure interdependencies research,” in Sustainableand Resilient Critical Infrastructure Systems. Springer, 2010, pp. 1–51. →pages 12[17] M. Ouyang, “Review on modeling and simulation of interdependent criticalinfrastructure systems,” Reliability engineering & System safety, vol. 121, pp.43–60, 2014. → pages 12, 14[18] W. W. Leontief, Input-output economics. Oxford University Press onDemand, 1986. → pages 13[19] M. J. North, “Toward strength and stability agent-based modeling ofinfrastructure markets,” Social Science Computer Review, vol. 19, no. 3, pp.307–323, 2001. → pages 13[20] Y. Y. Haimes and P. Jiang, “Leontief-based model of risk in complexinterconnected infrastructures,” Journal of Infrastructure systems, vol. 7,no. 1, pp. 1–12, 2001. → pages 13[21] K. G. Crowther and Y. Y. Haimes, “Application of the inoperabilityinputoutput model (iim) for systemic risk assessment and management ofinterdependent infrastructures,” Systems Engineering, vol. 8, no. 4, pp.323–341, 2005. → pages 13129[22] G. D’Agostino, R. Cannata, and V. Rosato, Critical InformationInfrastructures Security: 4th International Workshop, CRITIS 2009, Bonn,Germany, September 30 - October 2, 2009. Revised Papers. Berlin,Heidelberg: Springer Berlin Heidelberg, 2010, ch. On Modelling ofInter-dependent Network Infrastructures by Extended Leontief Models, pp.1–13. → pages 13[23] P. Zhang and S. Peeta, “A generalized modeling framework to analyzeinterdependencies among infrastructure systems,” Transportation ResearchPart B: Methodological, vol. 45, no. 3, pp. 553–579, 2011. → pages 14, 66[24] P. T. Grogan and O. L. de Weck, “An integrated modeling framework forinfrastructure system-of-systems simulation,” in Systems Conference(SysCon), 2013 IEEE International. IEEE, 2013, pp. 483–490. → pages 14[25] J. Johansson and H. Hassel, “An approach for modelling interdependentinfrastructures in the context of vulnerability analysis,” ReliabilityEngineering & System Safety, vol. 95, no. 12, pp. 1335–1344, 2010. → pages14[26] S. Shen, “Optimizing designs and operations of a single network or multipleinterdependent infrastructures under stochastic arc disruption,” Computers& Operations Research, vol. 40, no. 11, pp. 2677–2688, 2013. → pages 14, 68[27] D. L. Alderson, G. G. Brown, and W. M. Carlyle, “Operational models ofinfrastructure resilience,” Risk Analysis, 2015. → pages 14[28] O. Gursesli, A. Desrochers et al., “Modeling infrastructure interdependenciesusing petri nets,” in Systems, Man and Cybernetics, 2003. IEEEInternational Conference on, vol. 2. IEEE, 2003, pp. 1506–1512. → pages 14[29] B. Cavdaroglu, E. Hammel, J. E. Mitchell, T. C. Sharkey, and W. A.Wallace, “Integrating restoration and scheduling decisions for disruptedinterdependent infrastructure systems,” Annals of Operations Research, vol.203, no. 1, pp. 279–294, 2013. → pages 14, 67[30] M. Rosas-Casals, S. Bologna, E. F. Bompard, G. DAgostino, W. Ellens,G. A. Pagani, A. Scala, and T. Verma, “Knowing power grids andunderstanding complexity science,” International Journal of CriticalInfrastructures, vol. 11, no. 1, pp. 4–14, 2015. → pages 14[31] A. Alsubaie, J. Marti, K. Alutaibi, A. Di Pietro, and A. Tofani, “Resourcesallocation in disaster response using ordinal optimization based approach,”in Humanitarian Technology Conference - (IHTC), 2014 IEEE CanadaInternational, June 2014, pp. 1–5. → pages 21130[32] A. Scala, P. G. D. S. Lucentini, G. Caldarelli, and G. DAgostino, “Cascadesin interdependent flow networks,” Physica D: Nonlinear Phenomena, 2015.→ pages 39[33] C. S. Holling, “Resilience and stability of ecological systems,” Annual reviewof ecology and systematics, pp. 1–23, 1973. → pages 40, 42[34] B. Biringer, E. Vugrin, and D. Warren, Critical infrastructure systemsecurity and resiliency. CRC press, 2013. → pages 41, 42[35] R. Francis and B. Bekera, “A metric and frameworks for resilience analysis ofengineered and infrastructure systems,” Reliability Engineering & SystemSafety, vol. 121, pp. 90–103, 2014. → pages 41, 62[36] “A framework for estabilishing critical infrastructure resilience goals: Finalreport and recommendations,” National Infrastructure Advisory Council,Tech. Rep., October 2010. → pages 41, 97, 98, 105[37] E. Dalziell and S. McManus, “Resilience, vulnerability, and adaptivecapacity: implications for system performance,” 2004. → pages 41, 62[38] “Definitions of community resilience: An analysis,” Community and RegionalResilience Institute, A CARRI Report, accessed May 19, 2015. [Online].Available: https://www.ciprnet.eu/summary.html → pages 42[39] A. M. Madni and S. Jackson, “Towards a conceptual framework for resilienceengineering,” Systems Journal, IEEE, vol. 3, no. 2, pp. 181–191, 2009. →pages 42, 43[40] K. MacAskill and P. Guthrie, “Multiple interpretations of resilience indisaster risk management,” Procedia Economics and Finance, vol. 18, pp.667–674, 2014. → pages 42[41] M. Bruneau, S. E. Chang, R. T. Eguchi, G. C. Lee, T. D. O’Rourke, A. M.Reinhorn, M. Shinozuka, K. Tierney, W. A. Wallace, and D. von Winterfeldt,“A framework to quantitatively assess and enhance the seismic resilience ofcommunities,” Earthquake spectra, vol. 19, no. 4, pp. 733–752, 2003. → pages44, 56[42] S. E. Chang and M. Shinozuka, “Measuring improvements in the disasterresilience of communities,” Earthquake Spectra, vol. 20, no. 3, pp. 739–755,2004. → pages 44[43] P. M. Murray-Tuite, “A comparison of transportation network resilienceunder simulated system optimum and user equilibrium conditions,” inSimulation Conference, 2006. WSC 06. Proceedings of the Winter. IEEE,2006, pp. 1398–1405. → pages 44131[44] M. Bruneau and A. Reinhorn, “Exploring the concept of seismic resilience foracute care facilities,” Earthquake Spectra, vol. 23, no. 1, pp. 41–62, 2007. →pages 44[45] B. Berche, C. Von Ferber, T. Holovatch, and Y. Holovatch, “Resilience ofpublic transport networks against attacks,” The European Physical JournalB-Condensed Matter and Complex Systems, vol. 71, no. 1, pp. 125–137, 2009.→ pages 44[46] N. O. Attoh-Okine, A. T. Cooper, and S. A. Mensah, “Formulation ofresilience index of urban infrastructure using belief functions,” SystemsJournal, IEEE, vol. 3, no. 2, pp. 147–153, 2009. → pages 44[47] M. Omer, R. Nilchiani, and A. Mostashari, “Measuring the resilience of thetrans-oceanic telecommunication cable system,” Systems Journal, IEEE,vol. 3, no. 3, pp. 295–303, 2009. → pages 44[48] D. A. Reed, K. C. Kapur, and R. D. Christie, “Methodology for assessing theresilience of networked infrastructure,” Systems Journal, IEEE, vol. 3, no. 2,pp. 174–180, 2009. → pages 44[49] G. P. Cimellaro, A. M. Reinhorn, and M. Bruneau, “Framework foranalytical quantification of disaster resilience,” Engineering Structures,vol. 32, no. 11, pp. 3639–3649, 2010. → pages 44[50] G. Leu, H. Abbass, and N. Curtis, “Resilience of ground transportationnetworks: A case study on melbourne,” 2010. → pages 44[51] K. Heaslip, W. Louisell, J. Collura, and N. Urena Serulle, “A sketch levelmethod for assessing transportation network resiliency to natural disastersand man-made events,” in Transportation Research Board 89th AnnualMeeting, no. 10-3185, 2010. → pages 44[52] R. Dorbritz, “Assessing the resilience of transportation systems in case oflarge-scale disastrous events,” in Proceedings of The 8th InternationalConference on Environmental Engineering, Vilnius, Lithuania, 2011, pp.1070–1076. → pages 44[53] N. U. Serulle, K. Heaslip, B. Brady, W. C. Louisell, and J. Collura,“Resiliency of transportation network of santo domingo, dominicanrepublic,” Transportation Research Record: Journal of the TransportationResearch Board, vol. 2234, no. 1, pp. 22–30, 2011. → pages 44[54] E. D. Vugrin, D. E. Warren, and M. A. Ehlen, “A resilience assessmentframework for infrastructure and economic systems: Quantitative andqualitative resilience analysis of petrochemical supply chains to a hurricane,”Process Safety Progress, vol. 30, no. 3, pp. 280–290, 2011. → pages 44132[55] D. Henry and J. E. Ramirez-Marquez, “Generic metrics and quantitativeapproaches for system resilience as a function of time,” ReliabilityEngineering & System Safety, vol. 99, pp. 114–122, 2012. → pages 44[56] M. Ouyang, L. Duen˜as-Osorio, and X. Min, “A three-stage resilience analysisframework for urban infrastructure systems,” Structural safety, vol. 36, pp.23–31, 2012. → pages 44, 125[57] D. Freckleton, K. Heaslip, W. Louisell, and J. Collura, “Evaluation oftransportation network resiliency with consideration for disaster magnitude,”in 91st annual meeting of the transportation research board, Washington, DC,2012. → pages 44[58] M. Ouyang and L. Duen˜as-Osorio, “Time-dependent resilience assessmentand improvement of urban infrastructure systems,” Chaos: AnInterdisciplinary Journal of Nonlinear Science, vol. 22, no. 3, p. 033122,2012. → pages 44[59] R. Filippini and A. Silva, “A modeling framework for the resilience analysisof networked systems-of-systems based on functional dependencies,”Reliability Engineering & System Safety, vol. 125, pp. 82–91, 2014. → pages44[60] R. Billinton and R. N. Allan, Reliability evaluation of engineering systems.Springer, 1992. → pages 44[61] S. Kaplan and B. J. Garrick, “On the quantitative definition of risk,” Riskanalysis, vol. 1, no. 1, pp. 11–27, 1981. → pages 45[62] Y. Y. Haimes, “On the definition of vulnerabilities in measuring risks toinfrastructures,” Risk Analysis, vol. 26, no. 2, pp. 293–296, 2006. → pages 45[63] A. Alsubaie, A. Di Pietro, J. Marti, P. Kini, T. Lin, S. Palmieri, andA. Tofani, “A platform for disaster response planning with interdependencysimulation functionality,” in Critical Infrastructure Protection VII, ser. IFIPAdvances in Information and Communication Technology, J. Butts andS. Shenoi, Eds. Springer Berlin Heidelberg, 2013, vol. 417, pp. 183–197.[Online]. Available: http://dx.doi.org/10.1007/978-3-642-45330-4 13 →pages 48[64] V. Formicola, A. Di Pietro, A. Alsubaie, S. DAntonio, and J. Marti,“Assessing the impact of cyber attacks on wireless sensor nodes that monitorinterdependent physical systems,” in Critical Infrastructure Protection VIII,ser. IFIP Advances in Information and Communication Technology, J. Buttsand S. Shenoi, Eds. Springer Berlin Heidelberg, 2014, vol. 441, pp. 213–229.[Online]. Available: http://dx.doi.org/10.1007/978-3-662-45355-1 14 →pages 48133[65] E. M. Brunner and M. Suter, “International ciip handbook 2008/2009,”Center for Security Studies, ETH Zurich, 2008. → pages 61[66] E. E. Lee, J. E. Mitchell, W. A. Wallace et al., “Restoration of services ininterdependent infrastructure systems: A network flows approach,” Systems,Man, and Cybernetics, Part C: Applications and Reviews, IEEETransactions on, vol. 37, no. 6, pp. 1303–1317, 2007. → pages 67[67] R. Holden, D. V. Val, R. Burkhard, and S. Nodwell, “A network flow modelfor interdependent infrastructures at the local scale,” Safety Science, vol. 53,pp. 51–60, 2013. → pages 67[68] V. Rosato, L. Issacharoff, F. Tiriticco, S. Meloni, S. Porcellinis, andR. Setola, “Modelling interdependent infrastructures using interactingdynamical models,” International Journal of Critical Infrastructures, vol. 4,no. 1-2, pp. 63–79, 2008. → pages 68[69] C. Coffrin, P. Van Hentenryck, and R. Bent, “Last-mile restoration formultiple interdependent infrastructures.” in AAAI, vol. 12. Citeseer, 2012,pp. 455–463. → pages 68[70] M. R. Permann, “Genetic algorithms for agent-based infrastructureinterdependency modeling and analysis,” in Proceedings of the 2007 springsimulation multiconference-Volume 2. Society for Computer SimulationInternational, 2007, pp. 169–177. → pages 68[71] M. T. Khouj, S. Sarkaria, C. Lopez, and J. Marti, “Reinforcement learningusing monte carlo policy estimation for disaster mitigation,” in CriticalInfrastructure Protection VIII. Springer, 2014, pp. 155–172. → pages 68[72] F. Fiedrich, F. Gehbauer, and U. Rickers, “Optimized resource allocation foremergency response after earthquake disasters,” Safety science, vol. 35, no. 1,pp. 41–57, 2000. → pages 69[73] S.-Y. Lin, Y.-C. Ho, and C.-H. Lin, “An ordinal optimization theory-basedalgorithm for solving the optimal power flow problem with discrete controlvariables,” Power Systems, IEEE Transactions on, vol. 19, no. 1, pp.276–286, 2004. → pages 69[74] J. E. Wieselthier, C. M. Barnhart, and A. Ephremides, “Standard clocksimulation and ordinal optimization applied to admission control inintegrated communication networks,” Discrete Event Dynamic Systems,vol. 5, no. 2-3, pp. 243–280, 1995. → pages 69[75] D.-P. Song, C. Hicks, and C. F. Earl, “An ordinal optimization basedevolution strategy to schedule complex make-to-order products,”International journal of production research, vol. 44, no. 22, pp. 4877–4895,2006. → pages 69134[76] S.-C. Horng, “Ordinal optimization based approach to the optimal resourceallocation of grid computing system,” Mathematical and ComputerModelling, vol. 54, no. 1, pp. 519–530, 2011. → pages 69[77] C.-H. Chen, V. Kumar, and Y.-c. Luo, “Motion planning of walking robotsusing ordinal optimization,” Robotics & Automation Magazine, IEEE, vol. 5,no. 2, pp. 22–32, 1998. → pages 70[78] R. E. Caflisch, “Monte carlo and quasi-monte carlo methods,” Actanumerica, vol. 7, pp. 1–49, 1998. → pages 76[79] E. K. Chong and S. H. Zak, An introduction to optimization. John Wiley &Sons, 2013, vol. 76. → pages 82[80] N. Kunz, G. Reiner, and S. Gold, “Investing in disaster managementcapabilities versus pre-positioning inventory: a new approach to disasterpreparedness,” International Journal of Production Economics, vol. 157, pp.261–272, 2014. → pages 88[81] G. E. Apostolakis and D. M. Lemon, “A screening methodology for theidentification and ranking of infrastructure vulnerabilities due to terrorism,”Risk Analysis, vol. 25, no. 2, pp. 361–376, 2005. → pages 89[82] H. Jo¨nsson, J. Johansson, and H. Johansson, “Identifying criticalcomponents in technical infrastructure networks,” Proceedings of theInstitution of Mechanical Engineers, Part O: Journal of Risk and Reliability,vol. 222, no. 2, pp. 235–243, 2008. → pages 89[83] Z. Zhang, X. Li, and H. Li, “A quantitative approach for assessing the criticalnodal and linear elements of a railway infrastructure,” International Journalof Critical Infrastructure Protection, vol. 8, pp. 3–15, 2015. → pages 89[84] M. Shinozuka and S. E. Chang, “Evaluating the disaster resilience of powernetworks and grids,” in Modeling spatial and economic impacts of disasters.Springer, 2004, pp. 289–310. → pages 99[85] M. Panteli and P. Mancarella, “Modeling and evaluating the resilience ofcritical electrical power infrastructure to extreme weather events,” 2015. →pages 99[86] A. Arab, A. Khodaei, Z. Han, and S. K. Khator, “Proactive recovery ofelectric power assets for resiliency enhancement,” Access, IEEE, vol. 3, pp.99–109, 2015. → pages 99[87] C.-S. Chen, C.-H. Lin, and H.-Y. Tsai, “A rule-based expert system withcolored petri net models for distribution system service restoration,” PowerSystems, IEEE Transactions on, vol. 17, no. 4, pp. 1073–1080, 2002. →pages 99, 100135[88] S. Dimitrijevic and N. Rajakovic, “An innovative approach for solving therestoration problem in distribution networks,” Electric Power SystemsResearch, vol. 81, no. 10, pp. 1961–1972, 2011. → pages 99, 101[89] K. N. Miu, H.-D. Chiang, B. Yuan, and G. Darling, “Fast service restorationfor large-scale distribution systems with priority customers and constraints,”Power Systems, IEEE Transactions on, vol. 13, no. 3, pp. 789–795, 1998. →pages 99, 100[90] S. Toune, H. Fudo, T. Genji, Y. Fukuyama, and Y. Nakanishi, “Comparativestudy of modern heuristic algorithms to service restoration in distributionsystems,” Power Delivery, IEEE Transactions on, vol. 17, no. 1, pp.173–181, 2002. → pages 99, 100[91] A. Botea, J. Rintanen, and D. Banerjee, “Optimal reconfiguration for supplyrestoration with informed a search,” Smart Grid, IEEE Transactions on,vol. 3, no. 2, pp. 583–593, 2012. → pages 99[92] D. Li, S. Wang, J. Zhan, and Y. Zhao, “A self-healing reconfigurationtechnique for smart distribution networks with dgs,” in Electrical andControl Engineering (ICECE), 2011 International Conference on. IEEE,2011, pp. 4318–4321. → pages 99[93] Y. Kumar, B. Das, and J. Sharma, “Multiobjective, multiconstraint servicerestoration of electric power distribution system with priority customers,”Power Delivery, IEEE Transactions on, vol. 23, no. 1, pp. 261–270, 2008. →pages 100[94] S. C´urcˇic´, C. O¨zveren, and K. Lo, “Computer-based strategy for therestoration problem in electric power distribution systems,” IEEProceedings-Generation, Transmission and Distribution, vol. 144, no. 5, pp.389–398, 1997. → pages 100[95] R. Ciric and D. Popovic, “Multi-objective distribution network restorationusing heuristic approach and mix integer programming method,”International journal of electrical power & energy systems, vol. 22, no. 7, pp.497–505, 2000. → pages 100[96] W. Luan, M. R. Irving, and J. S. Daniel, “Genetic algorithm for supplyrestoration and optimal load shedding in power system distributionnetworks,” IEE Proceedings-Generation, Transmission and Distribution, vol.149, no. 2, pp. 145–151, 2002. → pages 100[97] T. Sudhakar, “Power restoration in distribution network using mstalgorithms,” New Frontiers in Graph Theory, Dr. Yagang Zhang (Ed.), 2012.→ pages 101, 108136[98] D. Kleppinger, R. Broadwater, and C. Scirbona, “Generic reconfiguration forrestoration,” Electric Power Systems Research, vol. 80, no. 3, pp. 287–295,2010. → pages 101[99] R. E. Brown, Electric power distribution reliability. CRC press, 2008. →pages 105, 108[100] S. M. Amin and B. F. Wollenberg, “Toward a smart grid: power delivery forthe 21st century,” Power and energy Magazine, IEEE, vol. 3, no. 5, pp.34–41, 2005. → pages 106[101] R. Diestel, Graph Theory {Graduate Texts in Mathematics; 173}.Springer-Verlag Berlin and Heidelberg GmbH & Company KG, 2000. →pages 108[102] H. Saadat, Power system analysis. WCB/McGraw-Hill, 1999. → pages 109[103] M. E. Baran and F. F. Wu, “Network reconfiguration in distribution systemsfor loss reduction and load balancing,” Power Delivery, IEEE Transactionson, vol. 4, no. 2, pp. 1401–1407, 1989. → pages 116[104] D. Das, “A fuzzy multiobjective approach for network reconfiguration ofdistribution systems,” Power Delivery, IEEE Transactions on, vol. 21, no. 1,pp. 202–209, 2006. → pages 117[105] B. Y. Wu and K.-M. Chao, Spanning trees and optimization problems. CRCPress, 2004. → pages 138[106] J. B. Kruskal, “On the shortest spanning subtree of a graph and thetraveling salesman problem,” Proceedings of the American Mathematicalsociety, vol. 7, no. 1, pp. 48–50, 1956. → pages 138[107] R. C. Prim, “Shortest connection networks and some generalizations,” Bellsystem technical journal, vol. 36, no. 6, pp. 1389–1401, 1957. → pages 138[108] W. D. Wallis, A beginner’s guide to graph theory. Springer Science &Business Media, 2010. → pages 139137Appendix AMinimum Spanning TreesIn graph theory, a tree is a connected graph that contains no cycles (loops). Aspanning tree is a tree that contains all the nodes (vertices) of the graph. A graphmay have many different spanning trees. If every edge (link) has a weight associatedwith it, then the graph is called a weighted graph. A Minimum Spanning Tree MSTis a spanning tree of a weighted graph such that the weight of the tree (sum ofweights of all edges) is minimum.The problem of minimum spanning tree arises in many applications, such as com-munication networks, circuit designs, transportation, and data structure algorithms[105]. The desire in all applications is to find a network that minimizes or maxi-mizes the sum of the weights. The weights in the graph of the network are designedto represent a parameter of particular interest to the problem. For example, theweights could represent the cost of transporting some material from one location toanother and the objective of the MST problem is to find a network with a minimumtotal cost.There are efficient algorithms for finding the minimum spanning tree of a givengraph. The earliest algorithm was developed in 1926 by Otakar Boruvka [105]. Twoof the most common algorithms are Kruskal [106] and Prime [107]. Prime’s algorithm138is one of the most commonly used algorithms for finding minimum spanning trees andit is used in the network reconfiguration problem presented in this thesis. Primes’algorithm tries to build a spanning tree starting from a root node by selecting theedge with a smallest weight until it spans all nodes in the graph. This process makesit a greedy algorithm. Prime’s algorithm for a graph G(V,E) is described as follows:1. Start with a root node r. Set T = r and E = φ. T is the tree’s nodes set andV − T is the unselected nodes from the graph.2. Find a minimum weight edge e that connects one node v from V − T to r.Add the e node v to the tree set T and update the edges set E.3. Choose another node from the set V − T .4. Find a minimum weight edge e that connects one node v from V − T to T .Add the node v to the tree set T and update the edges set E.5. If V − T = φ, then end. If not, go to step 3.Prime’s algorithm is applied to the example graph (adopted from [108]) shownin Figure A.1.139da b ce f da b ce fda b ce f da b ce fda b ce f da b ce f4 65 21 63Original Graph Step 1Step 2 Step 3Step 4 Final TreeFigure A.1: An application of Prim’s algorithm to an example graph.140
- Library Home /
- Search Collections /
- Open Collections /
- Browse Collections /
- UBC Theses and Dissertations /
- Improving critical infrastructure resilience with application...
Open Collections
UBC Theses and Dissertations
Featured Collection
UBC Theses and Dissertations
Improving critical infrastructure resilience with application to power distribution networks Alsubaie, Abdullah 2016
pdf
Page Metadata
Item Metadata
Title | Improving critical infrastructure resilience with application to power distribution networks |
Creator |
Alsubaie, Abdullah |
Publisher | University of British Columbia |
Date Issued | 2016 |
Description | Our modern societies are dependent on the functioning of infrastructure systems that support economic prosperity and quality of life. These infrastructure systems face an increasingly set of threats, natural or man-made disasters, that can cause significant physical, economic, and social disruptions. Recent extreme events have shown that total protection can not be accomplished. Therefore, Critical Infrastructure Protection strategies should focus not only on the prevention of these events but also on the response and recovery following them. This shift is realized by the concept of infrastructure resilience. In this thesis, we address the problem of assessing and improving infrastructure resilience. The contributions of this thesis focus on modelling, simulation, and optimization of infrastructure systems with respect to their resilience to extreme events. We first develop a resilience assessment framework for interdependent infrastructure systems. The developed framework provides a quantitative means to assess infrastructure resilience by introducing a generalized resilience index. To account for the inherent complexity due to infrastructure interdependencies, we use the i2Sim framework for modelling and simulating the studied infrastructure. The resilience improvement problem is formulated using the proposed resilience index as a resources allocation optimization problem. The problem aims at finding the best allocation of available resources such as power and water to mitigate the consequences of a disaster. Two solutions algorithm are proposed to solve the problem: the first one uses a simulation-optimization approach based on the Ordinal Optimization theory, and the second one uses a Linear Programming formulation. Results of both algorithms show that infrastructure resilience can be greatly improved by efficient allocations of available resources. In addition, a prioritization methodology is developed to assess decision makers to direct resilience investment to the most important components in the infrastructure. Finally, an optimal power distribution network reconfiguration algorithm is developed to complement the two resources allocation algorithms by solving the technical feasibility problem of the power distribution network. A heuristic computationally inexpensive optimization algorithm is developed based on Graph theory for solving this problem. The proposed algorithms are tested using different test cases and promising results are achieved. |
Genre |
Thesis/Dissertation |
Type |
Text |
Language | eng |
Date Available | 2016-10-22 |
Provider | Vancouver : University of British Columbia Library |
Rights | Attribution-NonCommercial-NoDerivatives 4.0 International |
DOI | 10.14288/1.0319263 |
URI | http://hdl.handle.net/2429/59533 |
Degree |
Doctor of Philosophy - PhD |
Program |
Electrical and Computer Engineering |
Affiliation |
Applied Science, Faculty of |
Degree Grantor | University of British Columbia |
GraduationDate | 2016-11 |
Campus |
UBCV |
Scholarly Level | Graduate |
Rights URI | http://creativecommons.org/licenses/by-nc-nd/4.0/ |
AggregatedSourceRepository | DSpace |
Download
- Media
- 24-ubc_2016_november_alsubaie_abdullah.pdf [ 3.61MB ]
- Metadata
- JSON: 24-1.0319263.json
- JSON-LD: 24-1.0319263-ld.json
- RDF/XML (Pretty): 24-1.0319263-rdf.xml
- RDF/JSON: 24-1.0319263-rdf.json
- Turtle: 24-1.0319263-turtle.txt
- N-Triples: 24-1.0319263-rdf-ntriples.txt
- Original Record: 24-1.0319263-source.json
- Full Text
- 24-1.0319263-fulltext.txt
- Citation
- 24-1.0319263.ris
Full Text
Cite
Citation Scheme:
Usage Statistics
Share
Embed
Customize your widget with the following options, then copy and paste the code below into the HTML
of your page to embed this item in your website.
<div id="ubcOpenCollectionsWidgetDisplay">
<script id="ubcOpenCollectionsWidget"
src="{[{embed.src}]}"
data-item="{[{embed.item}]}"
data-collection="{[{embed.collection}]}"
data-metadata="{[{embed.showMetadata}]}"
data-width="{[{embed.width}]}"
async >
</script>
</div>
Our image viewer uses the IIIF 2.0 standard.
To load this item in other compatible viewers, use this url:
http://iiif.library.ubc.ca/presentation/dsp.24.1-0319263/manifest