This paper proposes a model for assessing the risk posed by natural hazards to infrastructures, with a focus on the indirect losses and loss of stability for the population relying on the infrastructure. The model prescribes a three-level analysis with increasing level of detail, moving from qualitative to quantitative analysis. The focus is on a methodology for semi-quantitative analyses to be performed at the second level. The purpose of this type of analysis is to perform a screening of the scenarios of natural hazards threatening the infrastructures, identifying the most critical scenarios and investigating the need for further analyses (third level). The proposed semi-quantitative methodology considers the frequency of the natural hazard, different aspects of vulnerability, including the physical vulnerability of the infrastructure itself, and the societal dependency on the infrastructure. An indicator-based approach is applied, ranking the indicators on a relative scale according to pre-defined ranking criteria. The proposed indicators, which characterise conditions that influence the probability of an infrastructure malfunctioning caused by a natural event, are defined as (1) robustness and buffer capacity, (2) level of protection, (3) quality/level of maintenance and renewal, (4) adaptability and quality of operational procedures and (5) transparency/complexity/degree of coupling. Further indicators describe conditions influencing the socio-economic consequences of the infrastructure malfunctioning, such as (1) redundancy and/or substitution, (2) cascading effects and dependencies, (3) preparedness and (4) early warning, emergency response and measures. The aggregated risk estimate is a combination of the semi-quantitative vulnerability indicators, as well as quantitative estimates of the frequency of the natural hazard, the potential duration of the infrastructure malfunctioning (e.g. depending on the required restoration effort) and the number of users of the infrastructure.
Case studies for two Norwegian municipalities are presented for demonstration purposes, where risk posed by adverse weather and natural hazards to primary road, water supply and power networks is assessed. The application examples show that the proposed model provides a useful tool for screening of potential undesirable events, contributing to a targeted reduction of the risk.
Modern society is increasingly dependent on infrastructures to maintain critical societal functions such as supply of food, water and energy, and security. Disruptions in one of the infrastructure systems, such as water and energy supply, transport or communication, may have severe consequences. With a changing climate, the frequency and intensity of some extreme weather events (e.g. intense precipitation) and related hazards (e.g. landslides and floods) are expected to increase (Hanssen-Bauer et al., 2015), creating challenges for the infrastructure providers. Challenges include, for example, landslides threatening transportation lines, increased contamination of water sources due to intense rain and flooding or storms leading to loss of power supply.
Since the financial and workforce resources available to operators to protect their infrastructure systems are limited, it is especially important to use resources efficiently. To do so, it is essential to be aware of the threats and risks and to assess and compare risk in order to set priorities. This will be the basis for implementing targeted protection measures, as stated by the Federal Ministry of the Interior (2008).
The main purpose of performing risk assessment related to infrastructure affected by natural events is to support well-founded risk management. An extensive risk assessment is indispensable in order to identify adverse events and vulnerabilities and evaluate the impact on infrastructures and their users, taking into account the probability of the occurrence of these adverse events. The risk assessment gives decision makers a better understanding of risks and its uncertainties, describing and comparing the vulnerability and resilience and potential risks related to the effects on infrastructures from natural events. Careful assessment of risk and informed analysis of dependencies between infrastructures can significantly contribute to effective investment in planning and design and facilitate preparedness actions in the event of failure. With regard to risk reduction, discussion about acceptable levels of risk and of potential mitigation measures to reduce the risk is required. Cost–benefit analyses could be used to assess the feasibility and adequacy of mitigation measures. Optimal decisions require that decision makers are aware of how their decisions may affect the expected loss.
By law, the Norwegian municipalities are required to carry out a risk and vulnerability analysis and plan and prepare for emergencies from a short- and long-term perspective. The purpose of the duty/legislation is to ensure that the municipalities are working holistically and systematically with societal safety and preparedness across sectors in the municipality. Knowledge about risk and vulnerability is important to reduce the probability of undesirable events and to reduce the consequences should the event occur (DSB, 2015a). The current format of the municipal risk and vulnerability assessments is very similar to a preliminary hazard analysis (PHA; IEC/FDIS 31010, 2009), where the starting point is the identification of adverse events, followed by a simple probability and consequence assessment of each event. In the municipal analysis, adverse events refer to events in the municipality that may result in loss of life, health or stability, monetary losses or damage to the environment. Through the municipal involvement in the implementation of the risk and vulnerability analysis, the stakeholders in the municipality obtain a better overview over, and an increased consciousness about, the relevant risks and vulnerabilities. In addition, the municipality can acquire knowledge about how risks and vulnerabilities can be managed. The analysis is intended to form a basis for an overall emergency plan that must be coordinated with other relevant emergency and contingency plans. The ultimate goal of the analyses is to help maintain important socio-economic functions and safeguard citizens' lives, health and basic needs under various forms of stress. This goal is further specified by defining four societal values with corresponding consequence types as shown in Table 1. Vulnerability analysis of the infrastructures and their interdependencies is an essential part of the municipal risk and vulnerability analysis for the societal value named stability, i.e. referring to consequences such as lack of basic provisions and disruptions in daily life.
Safety of the population specified through socio-economic values and corresponding consequence types (DSB, 2014).
The terminology used in this paper is according to the definitions listed
below. The definitions are adapted from DSB (2014), Birkmann et al. (2013),
the National Academy of Sciences (2012), ISSMGE (2004) and Corominas et al. (2014).
Dimensions of vulnerability, adapted from Birkmann et al. (2013), are as
follows.
Infrastructures have some basic traits in common, such as large size, wide-area coverage, complexity and interconnectedness, but show significant differences in detail. Methods for vulnerability assessment vary with the type of system, the objective of the analysis, the analysis steps and the available information. No all-encompassing method exists, but rather an interplay of methods is necessary to provide trustworthy information about vulnerabilities within and among infrastructures, including the effect of (inter)dependencies (Kröger and Zio, 2011). Methods used for vulnerability and risk assessment of infrastructure include susceptibility functions, economic theory-based approaches, probabilistic modelling, statistical analyses of past events, empirical approaches, risk analysis of technological systems, network-based approaches, agent-based approaches, system dynamics-based approaches, relational databases and use of vulnerability and risk indices (Yusta et al., 2011; Kröger and Zio, 2011; Ouyang, 2014). Meyer et al. (2013) give a broad review of the assessment of costs of natural hazards affecting infrastructure (considering both direct and indirect costs). There are several ways to classify levels and scopes for assessment of infrastructure. Bouchon (2006) divides this into three levels: (i) the level of the infrastructure itself (which could further be subdivided into component level and network level), (ii) the level of the interdependent infrastructures and (iii) the level of dependent territorial, socio-economic, politically dependent sub-systems. Similarly, Giannopoulos et al. (2012) distinguish between sectorial level, when each sector is treated separately and system approaches that assess the infrastructures as an interconnected network and use a system of systems topology. Yusta et al. (2011) refer to two different scopes of modelling infrastructure vulnerability and risk, namely methods and tools to describe the current state of the infrastructure and methodologies and tools that focus on the understanding of the dynamic behaviour of the infrastructure systems, which is based on simulation techniques. The first scope focuses on the study, analysis and understanding of the infrastructure from the earliest stages of construction and assembly. This scope identifies methods, techniques, tools and charts to describe the current state of the infrastructure, and it uses methods of evaluating the threat to obtain a clearer view on the operation of infrastructure. For this, it takes into account each of the possible risks that affect a system and determines their possible consequences. It should be noted that although many of the potential causes of hazards can be detected with this approach, their consequences or impacts are not necessarily perceived or understood. In resilience models for assessing the interaction between hazard and engineered systems, the properties of infrastructure, like robustness, redundancy, resourcefulness, and rapidity, reduce the probability of failures in the systems (Cutter et al., 2008). Solano (2010) reviews and evaluates methodologies to assess vulnerabilities of infrastructures across a number of characteristics.
The second scope focuses on understanding the dynamic behaviour of the infrastructure systems and uses simulation techniques (systems dynamics, Monte Carlo simulation, multi-agent systems, etc.) with which it explores both processes and operation in order to identify the causes of instability in a system infrastructure. Rinaldi et al. (2001) provide an overview of how to identify, understand and analyse interdependencies between infrastructures. To provide a detailed description and modelling of interdependent infrastructures, many relevant data are required and often are inaccessible due to, for example, confidentiality and privacy issues and a reluctance to share data (Ouyang, 2014). In many cases, the risk assessment methodologies for infrastructures are an adaptation of methodologies that have been used for assessing risks within an organization. As a consequence, these methodologies are tailored to the particular needs of this organization and biased to consider only part of relevant threats. Giannopoulos et al. (2012) have identified two main commonly used approaches for the assessment of sectors for a variety of hazards: aggregated impact, where the impact of infrastructure disruption is expressed in terms of aggregated figures that account for the economic losses, and indicator-based scoring approaches, which resemble a multi-criteria decision analysis in the sense that the final score produced is the weighted mean of several scores.
In the following, special attention is given to methods that apply vulnerability and risk indices or identify factors relevant for vulnerability and risk for infrastructures affected by adverse weather and natural hazards, in particular those of the Federal Ministry of the Interior (2008), Lenz (2009), Merz et al. (2010), Vatn et al. (2009) and Kröger (2008). The Federal Ministry of the Interior (2008) provides guidelines for operators of critical infrastructures, providing a management strategy to identify risks, implement preventive measures and handle crises effectively. Lenz (2009) provides a detailed overview of the vulnerability of critical infrastructures, distinguishing between indicators relevant for vulnerability of critical infrastructure and for coping capacity. Merz et al. (2010) go through various aspects of the assessments of economic flood damage. Vatn et al. (2009) has developed a methodology that identifies adverse events as well as risk and vulnerability factors which may affect the likelihood and consequences of undesirable events. Kröger (2008) discusses the most significant factors related to the risks faced by critical infrastructures. These include societal, system-related, technological, institutional and natural factors, with a special focus on issues associated with the increasing interdependence between infrastructures. Even if these methods identify vulnerability indicators, they do not contain explicit procedures for estimation of risk levels based on the indicators, lacking either schemes for ranking or aggregation of the indicators or for the relation between risk levels and vulnerability indicators.
To utilise resources efficiently, the risk assessment is performed at different levels of detail, starting with a coarse analysis to decide for which areas or scenarios further analyses are necessary and subsequently increase the degree of detail and limit the scope to the most critical scenarios or areas. The coarsest analyses include methods like structured interview and brainstorming, checklists, preliminary hazard analysis, hazard and operability study (HAZOP), What If Technique (SWIFT) and scenario analysis (IEC/FDIS 31010, 2009). In these methods, subjective assessments and considerable use of expert judgment are necessary. For such analyses, both diversity and depth of expertise are essential to ensure satisfactory quality and consistency of the analysis results, avoiding too-coarse assessments or overlooking important events. On the other hand, detailed quantitative analyses for the assessment of the interdependent infrastructures and society depending on the infrastructures, e.g. simulation techniques or economic theory approaches, are often too complex and time consuming to be applied as a tool to identify the most critical risk scenarios. An alternative tool for screening the potential scenarios in a systematic, transparent and repeatable way could bridge this gap. This paper proposes an explicit methodology for such screenings, with the purpose of comparing scenarios and providing an overview of the risks associated with each of the identified scenarios. The application of the method within the municipal risk and vulnerability analysis in Norway will be described in the next section.
The aim of the work presented in this paper is to propose a comprehensive
and user-friendly method for identification and assessment of natural events
leading to the malfunctioning of infrastructure. The method is designed to be
consistent with, and a supplement to, the guidelines for municipal risk and
vulnerability analysis in Norway, provided by the Norwegian Directorate for
Civil Protection, DSB (2014). According to these guidelines, the analysis
consists of the following stages:
identifying adverse events (considering threats within or outside the
municipality, but with consequences for the municipality), assessing risk and vulnerability of adverse events, providing an overview of the risks associated with each of the identified
adverse events (stage 1 above), following-up and reporting.
The explicit method proposed in this paper targets the second and third
stages in the municipal risk and vulnerability analyses: assessing risk and
vulnerability of adverse events and providing an overview of the risks
associated with each of the identified adverse events in the municipality.
The proposed method is used to give a coarse overview of the risks used for
preliminary sorting of the adverse events. A more-detailed analysis of the
events is used as basis for decisions regarding risk acceptance, follow-up
and mitigation. We
chose not to include explicit criteria or risk
thresholds for recommendations regarding the follow-up, both because each
municipality must adapt the criteria for follow-up to their own situation
and capacity (scenarios with the highest risk must be prioritised regardless
of risk acceptance), and because the method is a coarse analysis where the
scale is relative and difficult to link to quantitative risk acceptance criteria.
Schematic representation of the scope. Factors that affect the probability of the adverse event (malfunctioning of infrastructure) are shown on the left side (i.e. causes, barriers and physical vulnerability of the infrastructure). Factors that affect the socio-economic consequences of the adverse event are shown on the right side.
The proposed method is applicable to the main infrastructures (electricity supply, water supply, transportation, and information and communications technology, ICT) and to provide support for analysis of threats from natural events, for planning and preparedness, and for prioritisation of risk-reduction measures. The focus will be on the infrastructures of electricity supply, water supply and transportation. They share a number of similarities such as large size, wide-area coverage, complexity and interconnectedness.
Strategies for risk reduction fall into two categories: those that minimise the probability of infrastructure malfunctioning, and those that minimise the negative effects of a malfunctioning (IRGC, 2007). The proposed method takes into account the vulnerabilities of infrastructure and barriers that affect the probability of infrastructure malfunctioning. It also considers factors affecting the socio-economic consequences of malfunctioning of the infrastructure. The scope is schematically illustrated in Fig. 1, using and demonstrating terminology defined in the following.
Figure 1 shows a cause and effect diagram with causes of the infrastructure malfunctioning, influenced by the physical vulnerability of the infrastructure to the natural event on the left side, and consequences of this malfunctioning, influenced by the socio-economic vulnerability on the right side. Malfunctioning of infrastructure refers to an interruption (partly or fully) of the services provided by the infrastructure. The scenarios could be controlled using barriers which could prevent causes of malfunctioning of the infrastructure and barriers for mitigation and recovery controls, i.e. barriers that limit the consequences of the malfunctioning. Barriers could be physical or organisational, including human behaviour.
The indicators identified as the most important for the scope of this paper
are based on generic indicators from the literature, as described in Sect. 2.1.
The indicators were thought to be relevant for assessing the exposure and
vulnerability levels and for the resulting risk level (Institute of
Operational Risk, 2010). They should be measurable, at least on a relative
scale, in order to enable comparison between different times or different
study areas. The ranking of the indicators should be based on data available
to the stakeholders or on the local knowledge of the stakeholder. The selected
indicators are summarised below.
The method presented in this paper covers Level 2 of a three-level analysis
for risk identification and risk assessment, with an increasing degree of
detailing and quantification.
Level 1: qualitative, i.e. risk identification. Level 2: semi-quantitative analysis to rank the risk, i.e. screening of the
scenarios of natural events threatening the infrastructures (identified in
the level 1 analysis), in which the scenarios with potential highest risk are
identified. Level 3: quantitative analysis, i.e. detailed analysis of the scenarios
identified in the level 2 analysis. robustness and buffer capacity, level of protection, quality level/age/level of maintenance and renewal, adaptability and quality in operational procedures, and transparency/complexity/degree of coupling.
The second level consists of a semi-quantitative ranking of the risk and is
a mixture of a quantitative approach and an indicator-based approach. The
quantitative part of the approach is anchored in the probability and
consequence categories suggested by DSB (2014) (Tables 1 and 2). As
illustrated in Fig. 1, the risk is governed by causal factors, influencing
the likelihood of the malfunctioning of the infrastructure, as well as
factors relevant for the socio-economic consequences of the malfunctioning
infrastructure. The indicators are grouped into physical vulnerabilities and
socio-economic vulnerabilities accordingly. The indicators chosen for the
assessment of the physical vulnerability (including barriers reducing the
probability of the malfunctioning of the infrastructure) applied in this method are
Categorisation of the probability: application of the annual probability of the natural event as an initial categorisation of the top event, simplified from the guidelines from the Norwegian Directorate for Civil Protection (DSB, 2014). Each category is described both with the frequency and the annual probability of the natural event.
Illustration of the method for semi-quantitative analyses. The indicators with dotted frames are assessed quantitatively for an initial categorisation of the probability and consequence (Step 1). The physical and socio-economic vulnerability indicators (dash–dot frames) are assessed semi-quantitatively (Step 2). The information from the first two steps is aggregated in the third step to assess the probability of infrastructure malfunctioning and the severity of the consequences.
The chosen indicators reflect different aspects of vulnerability of infrastructures. The number of indicators was reduced compared to the indicators listed in the Sect. 2.2: robustness and buffer capacity were combined since they are closely related, but with the difference being that buffer capacity also deals with the temporal aspect. Furthermore, adaptability and quality of operational procedures were merged into one indicator. Adaptability is related both to the adaptations that are physically possible and to the quality and timing of the practical implementation of adaptation. Adaptability therefore also depends on how the infrastructure is operated. Grothmann et al. (2013) discuss and compare frameworks for adaptive capacity for institutions. The indicators for the dependencies on external factors for the infrastructure to work would typically also be among the physical vulnerability indicators. These are, however, omitted here, as they are considered less relevant for loss of infrastructure caused directly by natural events and thus outside the scope of this method. The method does not consider infrastructure malfunctioning caused by loss of other infrastructures or by lack of resources. Infrastructure owners/operators would look to improve values for the physical vulnerability indicators to ensure that their infrastructure is physically robust, can tolerate the effects of the natural event for a certain time without being affected, is sufficiently protected against the natural event, fulfils high quality requirements (i.e. is new or well maintained), has the ability to adapt to changing framework conditions, is well operated and is not dependent on single components to work.
The chosen indicators for the socio-economic vulnerability in this study
include the following:
redundancy/substitutes of the infrastructure in the study; cascading effects and dependencies; preparedness; early warning, emergency response and measures.
The duration of the infrastructure malfunction is included quantitatively in
the consequence assessment (see Fig. 2 and Table 3). Thus, the indicator
restoration effort/duration is omitted here to avoid double counting. Risk
managers could look to optimise the values of the socio-economic
vulnerability indicators (as listed above) by ensuring that there are
back-ups or substitutes to the infrastructure that could provide the same
service, that there are minimum dependencies of other societal functions on the
infrastructure, that the malfunctioning of the infrastructure has been prepared
for and that there is an early warning system combined with an emergency response
and measures to mitigate the consequences.
Initial categorisation of consequence based on the number of infrastructure users and duration of the outage, simplified from the guidelines from the Norwegian Directorate for Civil Protection; DSB (2014). The consequence categories are indicative and should be adapted to the municipality's size, i.e. in terms of number of inhabitants.
Figure 2 shows that risk could be decomposed into the probability of an adverse event and the consequences if the event occurs, as in traditional risk assessment approaches and in accordance with the definitions in the terminology section. However, here, the adverse event is not the natural event itself, in contrast to what is usual within natural science, but rather the malfunctioning of infrastructure caused by a natural event. The methodology presented in this paper is adapted to be in accordance with the guidelines of the Norwegian Directorate for Civil protection (DSB, 2014). In these guidelines, the addressed probability is the probability of an adverse event involving, for example, a natural event causing material destruction, i.e. not the probability of the natural event itself. Similar subdivisions are found in DSB (2014), Lenz (2009), IRGC (2007), and the Committee on Assessing the Costs of Natural Disasters (1999): “It is useful to distinguish between the physical destruction caused by natural disasters to human beings and property and the consequences of that destruction”. The consequences referred to are indirect consequences in terms of the societal value “stability”.
Figure 2 illustrates the content of the explicit proposed method for semi-quantitative risk assessment. The next subsection presents a more-detailed description of the analysis steps of that method.
The method proposes to perform the semi-quantitative risk assessment in
three steps (Fig. 2) outlined in the following.
Step 1: initial categorisation of the probability and consequence of the top
event (natural hazards causing malfunctioning of the infrastructure). Step 2: vulnerability assessment, i.e. the ranking of the vulnerability
indicators and
estimation of the physical and socio-economic vulnerability scores. Step 3: final categorisation of probability and consequence, based on the
initial categorisation and results from the vulnerability assessment.
In the initial probability classification, the analyst needs to assign the probability of the natural event into one of five quantitatively defined probability categories. The categories range from an annual probability lower than 0.1 % (probability category A) to an annual probability higher than 10 % (probability category E). Table 2 shows the scheme for the categorisation into categories A–E. These probability categories correspond to the categories suggested in DSB (2014).
In the initial consequence categorisation, the analyst needs to assign the consequences into one of five consequence categories. In this step, the consequences are determined by the combination of duration of the infrastructure malfunctioning and the number of users served by the infrastructure. The lowest consequence category (consequence category 1) corresponds to relatively few users combined with short duration, while the highest consequence category (consequence category 5) corresponds to a relatively high number of users combined with a long malfunction duration. The boundary of the categories of users and duration are defined such that the number of person days (i.e. the product of persons and days) increases exponentially with the consequence categories. Table 3 shows the scheme for the categorisation of consequence into consequence categories 1–5.
The vulnerability assessment is performed using an indicator-based approach. This type of approach enables the combination of information from different sources and different formats, e.g. qualitative and quantitative data. The indicators are grouped into physical vulnerability indicators and socio-economic vulnerability indicators. First, in the vulnerability assessment, each of the vulnerability indicators are assigned an integer score value on the scale 1–5, with 1 meaning the lowest vulnerability and 5 meaning the highest vulnerability. To limit the use of subjective interpretation of the user, and to make the method easy to use, a description for each score level for each indicator is provided in Tables 4 and 5.
Criteria for ranking of the physical vulnerability indicators and barriers affecting the probability of infrastructure loss. For each indicator, the criteria for score values 1–5 are described, where score value 1 corresponds to the lowest vulnerability and 5 to the highest vulnerability.
Continued.
Criteria for ranking of socio-economic vulnerability indicators. For each indicator, the criteria for score values 1–5 are described, where score value 1 corresponds to the lowest vulnerability and 5 to the highest vulnerability.
Second, it is beneficial, both for the sake of simplicity and in order to
formulate user-friendly explicit procedures, to estimate one aggregated
physical vulnerability score and one aggregated socio-economic vulnerability
score. There are different ways of performing such a combination. The Department
for Communities and Local Government (2009) and JRC (2008) give an overview
on how to undertake and make the best use of multi-criteria analysis
techniques. Approaches for combining the indicators may be to, for example, estimate
arithmetical or geometric averages, to perform a fuzzy set analysis or to
apply a multi-criteria decision approach. In this paper it is chosen to
aggregate the indicator scores into two vulnerability scores: (i) a physical
vulnerability score, estimated as a weighted average of the individual score
of the physical vulnerability indicators, and (ii) a socio-economic
vulnerability score, estimated as a weighted average of the individual score
of the socio-economic vulnerability indicators. Each indicator is weighted
based on its overall degree of influence. The weights vary with the
scale, type and importance of the infrastructure in the study. The weighting
system is introduced to account for the relative importance of each
indicator for the total vulnerability level. If all the indicators are
believed to be of equal significance, equal weighting should be applied.
Techniques to determine weights include expert judgment, the analytical
hierarchy process (AHP), principal component analysis and factor analysis
(JRC, 2008). In the case examples presented in this paper, the weights are
chosen based on experience and local knowledge, on the scale of 1 (least
influential), 2 (moderately influential) or 3 (most influential). The final
vulnerability estimate is formulated as a weighted average of the individual
indicator scores, where the score for each indicator is multiplied with its
corresponding weight:
Physical vulnerability assessment: score values 1–5 need to be assigned to
each of the physical vulnerability indicators. A choice of score value 1
implies a low physical vulnerability of the infrastructure, indicating high
robustness and high buffer capacity, a high level of protection against the
analysed natural event, a high quality level, a new or very well-maintained
infrastructure, a high degree of adaptability and quality in operational
procedures, a high degree of transparency and that the infrastructure system
has a manageable degree of complexity and coupling. Score value 5 implies
that
the analysed infrastructure has a severe weakness with respect to the
analysed indicator, which means that the indicator contributes to a high
physical vulnerability. The criteria chosen to describe the physical
vulnerability for each indicator are outlined in Table 4. After the scoring
of the indicators, the physical vulnerability score is estimated using Eq. (1)
for the physical vulnerability indicators. Socio-economic vulnerability assessment: score values 1–5 need to be
assigned to each of the socio-economic vulnerability indicators. A choice of
score value 1 implies that the society has an optimized solution with
respect to the analysed indicator and infrastructure, contributing to lower
socio-economic vulnerability. This is the case if the society has parallel
systems to the infrastructure or substitutes that could offer the same
services as the analysed infrastructure, if the infrastructure is less
important for the society and the malfunctioning is not associated with
potential cascading effects, and if there are routines for preparedness and
an emergency response to mitigate the consequences. Score value 5 implies that
the society is especially vulnerable to the malfunctioning of the
infrastructure with respect to the analysed indicator, i.e. the indicator
contributes to a higher socio-economic vulnerability. The criteria chosen to
describe the socio-economic vulnerability for each indicator are outlined in
the scheme in Table 5. After the scoring of the indicators, the
socio-economic vulnerability score is estimated using Eq. (1) for the
socio-economic vulnerability indicators.
Indicative criteria for determining the probability category using vulnerability indicators and adaptation of initial categorisation to final categorisation.
The aggregation of steps 1 and 2 into final probability and consequence
categories is described below.
Final probability category of the adverse event:
the difference between the probability of the natural event (as assessed in
Step 1) and the probability of the adverse event (i.e. infrastructure
malfunctioning) is assessed using the physical vulnerability score. The
assessment is based on the definition of conditional probability and a
quantitative interpretation of the vulnerability score, as a proxy for the
probability that the natural event in study will lead to infrastructure
malfunctioning. Expressing the relation between the probability of the
adverse event and the natural event using conditional probability, yields: The physical vulnerability score could serve as a proxy for the conditional
probability The probability that the infrastructure will fail (due to the natural event)
is thus similar to the probability of the natural event and, consequently,
the final probability categorisation is equal to the initial one (assessed
in Step 1). On the other extreme, if the physical vulnerability score is very low, the
conditional probability, Accordingly, a multiplication of the probability with 0.1 corresponds to a
reduction in probability category (A–E, as shown in Table 2) of
1–2 categories, based on the quantitative relationship between the probability
categories, i.e. Final consequence categorisation:
the socio-economic vulnerability score affects the socio-economic
consequences of the infrastructure malfunctioning. The final consequence
category depends on the duration of the infrastructure malfunctioning
and the number of infrastructure users (as assessed in Step 1) as well as the
socio-economic vulnerability score. Adjustment of the consequence category: the number of people affected by the
malfunctioning infrastructure could be higher or lower than the number of
infrastructure users, depending on how the situation is handled and how
important the malfunctioning infrastructure is for the society. The
socio-economic vulnerability score is a proxy for the societal capacity to
maintain its functions without the specific infrastructure and to cope with
malfunctioning infrastructure. Accordingly, if the socio-economic
vulnerability score is low, then the number of affected people will be lower
than the number of infrastructure users, e.g. if the infrastructure
malfunctioning is managed well and substitutes for the service provided by
the malfunctioning infrastructure are established. Accordingly, the final
consequence category should be adjusted down from the initial consequence
category, as assessed by using Table 3. However, if the socio-economic
vulnerability score is high, then the number of affected people will be higher than
the number of infrastructure users, e.g. if there are large cascading
effects. Then, the final consequence category could be higher than the
initial one. The socio-economic vulnerability score is applied to adjust the
consequence category according to the suggested criteria in Table 7.
Indicative criteria for determining the consequence category using vulnerability indicators and adaptation of initial categorisation to final categorisation.
Location of the study area in Norway (left panel source: ESRI) and the spatial extent of Stryn and Hornindal municipalities in Western Norway (right panel source: The Norwegian Mapping Authority).
When steps 1–3 are performed, each analysed scenario is assigned a probability category (A–E) and a consequence category (1–5). The risk level is determined by the combination of these, subdivided into seven risk levels as shown in Table 10. Even if the vulnerability is assessed relatively, the initial classification is quantitative and each cell could therefore be anchored in quantitative risk estimates. By applying the quantitative criteria as a basis to assign a risk range to each cell in the risk matrix, it may be shown that the diagonal lines in the risk matrix approximately represent equivalent risk levels, i.e. that the risk is largely equal along diagonal lines. The approach is useful for prioritisation of mitigation measures, e.g. those that give priority to a certain sector ahead of another. Explicit criteria or risk thresholds for recommendations regarding the follow-up and risk acceptance are not given, both because each municipality must adapt the criteria for follow-up to their own situation and capacity (scenarios with the highest risk must be prioritised regardless of risk acceptance) and because the method is coarse, with a relative risk scale making it difficult to relate to objective risk acceptance criteria.
The methodology proposed in Sect. 3 was tested and demonstrated through application examples for the municipalities Stryn and Hornindal. Stryn and Hornindal are municipalities in the county Sogn og Fjordane in Western Norway. The characteristics for the area are the combination of fjords, glaciers, rivers and lakes. There are tall and steep mountains, deep valleys with forested and fertile mountainsides and valley floors. The municipalities are situated just west of the water divide separating Western and Eastern Norway (Fig. 3), with strong orographic effects on precipitation and weather. The industries are varied, but consist mainly of small and medium size industrial establishments. The main road overcrossing the mountain has a rather high proportion of utility transportation (Fakta om Stryn, 2017). The study area is exposed to different types of natural hazards, especially landslides and avalanches, including floods and storms, which need to be considered during the development of infrastructure and residential and commercial buildings in the municipality. Natural hazards have affected infrastructure repeatedly in the past (Stryn kommune Rådmannsavdelinga, 2014).
Overview of the locations of the site-specific scenarios. The location of each scenario is identified with a red star, referring to the scenario number in the list above. Star 1 shows the location of RV 15 in Stryn, but the actual scenario is located at a part of the road outside the map. Source: The Norwegian Mapping Authority.
Based on the qualitative municipal risk and vulnerability analysis for Stryn
and Hornindal, as described in Stryn kommune Rådmannsavdelinga (2014),
the following site-specific scenarios were selected for testing of the
proposed method:
snow avalanche overrunning main road RV 15 at Strynefjellet; debris flow reaching Innvik waterworks; snow avalanche overrunning main road 724 to Oldedalen; storm leading to failure in electricity distribution and communication to
the municipal centre; landslide across main road E39 at Skredestranda; ice jam breakup in the Storelva river in Hornindal and failure in sewage system; storm leading to the closure of the ferry service between Anda and Lote.
The location of these scenarios is indicated in Fig. 4. As Fig. 4
shows, the analysis also considers scenarios located outside the
municipalities that may affect the municipalities.
Explanations for the risk assessment of the scenarios are provided in Appendix A.
Ranking of indicators and determination of physical and socio-economic vulnerability scores. The first column shows the indicator group (i.e. physical or socio-economic vulnerability), the second column the vulnerability indicator and the next columns the score values for the scenarios.
Initial and final categorisation of probability and consequence. The difference between the final and initial probability category is determined by the physical vulnerability score. The difference between the final and initial consequence category is determined by the socio-economic vulnerability score. Sc. means scenario.
Results from the semi-quantitative analyses.
The main aim of the analyses was to demonstrate the methodology and test its usefulness, rather than the actual results. The results are, to a large extent, based on expert judgment and should be considered as preliminary. The ranking was performed together with a representative for the stakeholders in Stryn, who was leading the municipal risk and vulnerability analyses in Stryn and Hornindal in 2014 and who was knowledgeable about the hazard and risk situation in the area.
The resulting ranking of the vulnerability indicators for each of the scenarios are presented in Table 8. The initial and final categorisation of probability and consequence, as well as the basis for the categorisation (i.e. the frequency or probability of the natural event, the duration and number of people served by the infrastructure), are shown in Table 9. Explanation of and reasoning for the ranking is given in Appendix A. The method has been implemented in an Excel sheet in which the ranking, weighting and calculations have been performed.
The results of the analyses are placed in a matrix with increasing severity of consequence along the first axis and increasing probability along the second axis (Table 10). The corresponding risk level is determined by location in the matrix, subdividing the risk into seven risk levels illustrated with colour codes. In this way, the risk associated with each of the scenarios could easily be compared and the most critical scenarios identified.
As Table 10 shows, the ranking of the risk associated with the analysed
scenarios is as follows.
Risk level 7: storm leading to failure in electricity distribution and
communication to the municipal centre; landslide across main road E39 at
Skredestranda. Risk level 6: snow avalanche overrunning main road RV 15 at
Strynefjellet;
landslide across main road 724 to Olderdalen. Risk level 5: debris flow reaching Innvik waterworks. Risk level 4: ice jam breakup in the Storelva river in Hornindal; failure in
sewage system; storm leading to closure of the ferry service between Anda and Lote.
None of the analysed scenarios ended up being low risk scenarios. This is
unsurprising, since the selected scenarios are based on generic scenarios,
identified in Stryn kommune Rådmannsavdelinga (2014), that are believed
to pose significant risk to the municipalities. In addition, in order to
facilitate the data collection for the site-specific scenarios, previous
events were tested to demonstrate the application of the model.
The results of the analyses provide a better overview of the relevant risks and vulnerabilities and contribute to an increased awareness in the municipalities. Knowledge about risk and vulnerability associated with the identified scenarios is an important first step to reduce the risk. Risk reduction is especially important for the scenarios with the highest risk, e.g. at risk level 6 and risk level 7. All the three scenarios with a landslide or avalanche across roads emerge as the most critical scenarios, in addition to the failure in electricity and communication caused by storms. The risk could either be reduced by reducing the probability of the scenario (e.g. through implementation of physical mitigation measures for landslides on the most exposed parts of the road) or by reducing the associated consequences (e.g. through an improvement of the socio-economic vulnerability indicators, such as establishing redundant infrastructure systems). Through systematic and repeated risk analyses, as described in Sect. 2.2 and in DSB (2014), followed by associated risk management actions, the municipality can move step by step towards increased safety and stable infrastructure services for the inhabitants.
The purpose of the municipal vulnerability and risk analysis is, among others, to provide an overview of adverse events that pose a risk to the municipality, assess risk and vulnerability across sectors, and provide a basis for objectives, priorities and decision making for civil protection and emergency planning in the municipality. It is also within the responsibility of the municipalities to help maintain critical societal functions during and after adverse events. The proposed method is designed to be consistent with, and a supplement to, the guidelines for municipal risk and vulnerability analysis in Norway provided by the Norwegian directorate for Civil Protection, DSB (2014). The focus of the method, as described in Sect. 3, is to propose a tool for the screening of the potential scenarios of malfunctioning infrastructure caused by natural events in an explicit, systematic, transparent and repeatable way that could be applied at the semi-quantitative second level in a three-level approach. Due to interdependencies between the infrastructures and societal dependencies, a full analysis of risk associated with infrastructure systems is a complicated and labour intensive task. The three-level strategy offers a practical approach to reduce the analysis effort related to the risk assessment (Liu et al., 2015; Bowles et al., 2013). The proposed method is a risk assessment method with low to intermediate precision and resolution. Application of the method assigns a relative risk level to each of the scenarios, where risk level 1 implies the lowest risk and risk level 7 the highest risk.
The risk ranking provides a useful basis for prioritisation, where the scenarios with the highest risk levels should be analysed further and followed up, e.g. by giving priority to one sector over another. The scenarios associated with the highest risk also form the basis for the allocation of resources to preparedness in the municipality, including execution of emergency management drills. The risk expressed by risk levels serve, due to their simplicity, as a good tool to compare risk between different scenarios and thus also to communicate the risk (Oboni and Oboni, 2013).
There is no all-encompassing method available to analyse all aspects of infrastructure risks, but different methods serve different purposes and have different advantages (and disadvantages). The advantages with the proposed method is that it is generic and has a very broad scope (applicable for assessment of socio-economic risk associated with malfunctioning in different infrastructure sectors). It aims to be applicable within the main types of infrastructure (electricity supply, water supply and transportation). Methods are often tailored to the particular needs of the sector they are defined within (Giannopoulos et al., 2012). Risk assessment methods are a compromise between the time and cost (and data) necessary to perform the analysis, and its ability to offer information at a level of detail allowing the risk manager to understand the risk (and resilience) and allowing informed and efficient decision making. Indicator approaches applying a weighted mean of several scores (as in this method) are often used in sectorial approaches (Giannopoulos et al., 2012). Indicators are useful for reducing complexity, measuring progress, mapping and setting priorities and they could serve as an important tool for decision makers (Cutter et al., 2008). The proposed method serves the purpose of screening scenarios of natural events threatening critical infrastructure in a municipal risk and vulnerability analysis, even if it does not allow a detailed study of the risk and vulnerability. The method is comprehensive, yet fast. It does not require a large amount of data. The indicator-based approach for the vulnerability assessment enables a combination of different types of data from different sources and knowledge domains and on different formats. However, the user needs to have a comprehensive knowledge of the local conditions, properties of the infrastructure and how the infrastructure is operated. The user also needs to be aware of the hazard situation in the area, with respect to natural events, and be capable of assessing the frequency of the hazard and the importance of the various vulnerability factors for the infrastructure.
The method's purpose is to invite municipal stakeholders with different types of expertise to a collaborative effort. A representative for the stakeholders in Stryn helped in testing the method and found it (and the excel sheet in which the method was implemented) useful. It is desirable that the municipalities lead this analysis themselves, in order to ensure that the analysis is followed up and forms an integrated part of municipal risk management. The preparation of the municipal risk and vulnerability analysis is also a learning process, which may increase risk awareness. The proposed method guides the user with respect to which vulnerability factors to assess, both for assessment of the probability of the infrastructure malfunctioning and the societal consequences. It provides, through the explicit ranking criteria, guidance for the assessment of how each indicator contributes to the overall vulnerability and how to aggregate the information into a final result, even if some judgment is required when using the method.
The proposed method could, in addition to the risk ranking, provide implicit guidance on how to reduce the vulnerability and, consequently, also the risk. The method assesses several aspects of vulnerability and resilience, and the results from the physical and socio-economic vulnerability assessment could be used to identify the indicators contributing most to the vulnerability for each case. Special attention should be paid to indicators with a high vulnerability score, especially in combination with high importance, i.e. a high weight. The identification of the most critical indicators helps identify where to focus further efforts. Within the application examples in Sect. 4, the scenarios with the highest risk were scenario 4, storm leading to failure in electricity distribution and communication to the municipal centre, and scenario 5, landslide across main road E39 at Skredestranda. For scenario 4, almost all of the physical vulnerability indicators were assigned a score value of 3, except for the transparency/complexity/degree of coupling indicator, which was assigned a value of 2. The most important physical vulnerability indicators were considered to be related to robustness and buffer capacity and level of protection. In order to reduce the probability of infrastructure malfunctioning in the most efficient way, measures involving an increase in the robustness and/or buffer capacity of the electricity network as well as measures involving protection of the network should be considered. The socio-economic vulnerability indicators, redundancy/substitutes and cascading effects and dependencies were assigned a score of 4 and were both considered to be of high importance. To efficiently reduce the socio-economic consequences, measures to reduce these vulnerabilities should be considered, e.g. investing in substitutes to the electricity distribution, like gasoline, diesel or wind power generators, batteries or solar panels. Today, society is highly dependent on electricity. Reduction of this dependency will be complicated in general, but it can also cover a wide range of distributed initiatives, e.g. implementing electricity-independent central heating systems.
Semi-quantitative, indicator-based methods will necessarily require the use of (knowledge-based) judgment and accordingly be associated with subjectivity and uncertainties, both within the definition of the method and the use of the method. Indicators are commonly used in vulnerability and resilience assessment, since it is often difficult to quantify vulnerability and resilience in absolute terms without any external reference with which to validate the calculations. Indicators are typically used to assess relative levels of vulnerability and resilience, either to compare between places or to analyse trends over time (Cutter et al., 2008). Assigning score values to the indicators requires interpretation and subjective judgment. This is thought to reduce the effect of subjective interpretation through descriptions of the different score levels for each indicator. The method is applicable for different infrastructures (electricity supply, water supply and transportation) and uses generic factors for infrastructure vulnerability. Therefore, the need for precise descriptions of criteria for ranking of the indicators to limit the effect of subjectivity, needs to be balanced against descriptions that are general enough to be valid for the different infrastructures. In addition, the interpretation of the data used to rank the indicators requires subjective judgment, especially when using qualitative data. In this paper, an indicator-based approach is combined with an initial quantitative categorisation, based on explicit quantitative criteria, with the purpose of increasing transparency and reducing the effect of individual interpretation on the results. The anchoring of the risk categories in the quantitative categories enables and justifies the comparison between risk levels resulting from the use of the method for different scenarios. However, in this study, the quantitative, initial categorisation of probability and consequence governs the outcome of the risk analysis, and this categorisation is dependent on the quality of the background knowledge.
The weighting system and linear weighted average approach to aggregate the indicators could be improved and made more sophisticated. However, the level of sophistication need to be balanced against the user friendliness with respect to the use of the method and understanding of the results. Linear averaging (as applied in this method) implicitly assumes that the indicators are independent of each other and that their influence is independent of the scoring of other indicators. Accordingly, a high vulnerability associated with one indicator could be compensated by a low vulnerability associated with another indicator. This is only partly true. A mixture of geometric and linear averaging will be considered in further developments of the method, where (partly) dependent indicators will be averaged geometrically, e.g. indicators for preparedness and early warning systems. The weighting system will also be redefined to allow weights that express a larger difference in importance than the choice between integer weights 1, 2 or 3 does. These weights were introduced for simplicity, to make the method easy to use. A possible improvement of the method would be to allow a continuous range of weights, i.e. in the range between 0 and 1, e.g. as applied by Kappes et al. (2012) and Nadim et al. (2006). In addition, these weights could be determined through an analytical hierarchy process, rather than by direct expert judgment.
Finally, there are uncertainties associated with the interpretation of the results, as each risk level corresponds to a range of risks. The uncertainty within each risk level should be kept in mind when interpreting the results and comparing risk levels. The accuracy of the method is lower than for a purely quantitative assessment and cannot be immediately used for cost–benefit analyses for mitigation strategies. Whenever possible, the method should be compared with and calibrated against quantitative data from real events corresponding to the scenario. The probability of infrastructure malfunctioning obtained by the method could be calibrated against empirical data on the frequency of infrastructure malfunctioning, where such data exist. For the socio-economic consequences, however, a calibration is more difficult, as they refer to indirect consequences and not to a measurable quantity. The most relevant data for comparison and calibration would be other estimated data after an occurred event, such as indirect economic losses or a combination of data on the duration of the infrastructure malfunctioning and estimated numbers of people affected by the malfunctioning.
This paper shows the development and demonstration of a method for screening of scenarios posing a potential high risk in terms of stability for the local society in accordance with the Norwegian guidelines from the Norwegian Directorate for Civil Protection, DSB (2014). The method is intended to be the second level of a three-stage methodology for risk assessments, where level 1 consists of risk identification and level 3 consists of a detailed quantitative risk analysis. While the proposed methodology could be applied to all types of natural events and all types of infrastructures, level 3 analyses will, to a larger extent, need to be adapted to the specific infrastructure and types of hazard. The analysis may be part of a municipal risk and vulnerability analysis. It can be used on different scales by adapting the consequence categories and can be adapted to different infrastructures through the flexible weighting system.
The indicator approach and ranking criteria for the physical as well as the socio-economic indicators make the model easy to use for people knowledgeable of the municipality and its infrastructures. The proposed method is seen as a useful screening tool for the identification of the most critical scenarios and produces results that are easy to understand and to communicate.
The assessment of potential threats and their related risks, including the identification of the most critical scenarios, is essential for setting priorities for more-detailed risk analyses and infrastructure protection. The risk assessments contribute to targeted investment in planning and design and facilitate preparedness actions in the event of failure.
The description of the assessment of each scenario as well as the explanation of the ranking is given in the following. Some of the identified scenarios are scenarios that have already occurred and are expected to occur again. Other scenarios have not occurred but were considered plausible. For scenarios that already occurred, observations and newspaper reports were used as data sources to support the ranking of the indicators. As previously mentioned, the ranking was performed together with a representative for the stakeholders and is largely based on experience and local knowledge. The purpose of the provided information is not to enable the reader to rank the indicators for the given scenarios, but rather to demonstrate the use of the method.
The ranking of this scenario is performed by expert judgment, based on
Kristensen (2005) and observations and records of previous events from the
area. The selected ranking scores for each of the scenarios are given in
parentheses.
Probability assessment:
Assessment of the physical vulnerability:
Socio-economic consequence assessment:
The above-mentioned combination of users and duration qualify for consequence
category 3–4 according to Table 3.
Assessment of the socio-economic vulnerability:
The ranking is performed by expert judgment, based on observations from a
similar historic event in 2014 and information given in the reports from DSB (2015b)
and past Stryn kommune Rådmannsavdelinga (2014). The selected
ranking scores for each of the scenarios are given in parentheses.
Probability assessment:
Assessment of the physical vulnerability:
Socio-economic consequence assessment:
The above-mentioned combination of users and duration qualify for consequence
category 4 according to Table 3.
Assessment of the socio-economic vulnerability:
The ranking is performed by expert judgment, based on observations from
similar historic events. The selected ranking scores for each of the scenarios
are given in parentheses.
Probability assessment:
Assessment of the physical vulnerability:
Socio-economic consequences:
The above-mentioned combination of users and duration qualify for consequence
category 2 according to Table 3.
Assessment of the socio-economic vulnerability:
The ranking is performed by expert judgment, partly based on observations
from a similar historic event in December 2011. The selected ranking score
for each of the scenarios are given in parentheses.
Probability assessment:
Assessment of the physical vulnerability:
Socio-economic consequences:
The above-mentioned combination of users and duration qualify for consequence
category 5 according to Table 3.
Assessment of the socio-economic vulnerability:
The ranking is performed by expert judgment, based on observations from
previous historic events, e.g. in November 2015. The selected ranking scores for
each of the scenarios are given in parentheses.
Probability assessment:
Assessment of the physical vulnerability:
Socio-economic consequences:
The above-mentioned combination of users and duration qualify for consequence
category 5 according to Table 3.
Assessment of the socio-economic vulnerability:
The ranking is performed by expert judgment, partly based on observations
from similar historical events. The selected ranking scores for each of the
scenarios are given in parentheses.
Probability assessment:
Assessment of the physical vulnerability:
Socio-economic consequences:
The above-mentioned combination of users and duration qualify for consequence
category 4 according to Table 3.
Assessment of the socio-economic vulnerability:
The ranking is performed by expert judgment, based on observations from
previous occurrences of this scenario and on information from Stryn kommune
Rådmannsavdelinga (2014). The selected ranking scores for each of the
scenarios are given in parentheses.
Probability assessment:
Assessment of the physical vulnerability:
Socio-economic consequences:
The above-mentioned combination of users and duration qualify for consequence
category 2 according to Table 3.
Assessment of the socio-economic vulnerability:
The authors declare that they have no conflict of interest.
The information and views set out in this paper are those of the author(s) and do not necessarily reflect the official opinion of the European Union. Neither the European Union institutions and bodies nor any person acting on their behalf may be held responsible for the use which may be made of the information contained therein. Reproduction is authorised provided the source is acknowledged.
The work described in this paper was supported by the Strategic Project GRAM (GeoRisk Assessment and Management) at NGI. The research leading to these results has also received funding from the European Union Seventh Framework Programme (FP7/2007-2013) under grant agreement no. 606799. The support is gratefully acknowledged. Edited by: M. Keiler Reviewed by: M. Papathoma-Koehle and one anonymous referee