Sherwin, M., Brown, K. J., Medal, H., and Mackenzie, C. (2017) An optimized resource allocation approach to identify and mitigate supply chain risks using fault-tree analysis. Technical report, Mississippi State University.
In my dissertation, I developed models for locating and protecting facilities that are subject to disruptions caused by attacks from an adversary (i.e., interdictions) or random events (e.g., natural disasters). In my dissertation, I developed models for locating and protecting facilities that are subject to disruptions caused by attacks from an adversary (i.e., interdictions) or random events (e.g., natural disasters). Complementing my dissertation, I have done other work on designing and protecting networks. One of my Ph.D. students and I have completed a study on using fault trees to model disruptions in a supply chain. We are currently working on developing algorithms for optimizing the allocation of resources to minimize the probability that a fault occurs.
Securing critical infrastructure against attack presents significant challenges. As new infrastructure is built and existing infrastructure is maintained, a method to assess the vulnerabilities and support decision makers in determining the best use of security resources is needed. In response to this need, this research develops a methodology for performing vulnerability assessment and decision analysis of critical infrastructure using model‐based systems engineering, an approach that has not been applied to this problem. The approach presented allows architects to link regulatory requirements, system architecture, subject matter expert opinion and attack vectors to a Department of Defense Architecture Framework (DoDAF)‐based model that allows decision makers to evaluate system vulnerability and determine alternatives to securing their systems based on their budget constraints. The decision analysis is done using an integer linear program that is integrated with DoDAF to provide solutions for how to allocate scarce security resources. Securing an electrical substation is used as an illustrative case study to demonstrate the methodology. The case study shows that the method presented here can be used to answer key questions, for example, what security resources should a decision maker invest in based on their budget constraints? Results show that the modeling and analysis approach provides a means to effectively evaluate the infrastructure vulnerability and presents a set of security alternatives for decision makers to choose from, based on their vulnerabilities and budget profile.
Engineering managers are responsible for the secure operation of critical infrastructure systems and need tools and methods to identify and mitigate potential insider threats such as physical damage to equipment, information leakage, malware, and identify theft. This research examines the benefit of development and analysis of the NATO Human View to aid engineering managers with this responsibility. In an illustrative case study, the NATO Human View is used to analyze electrical grid personnel; the results demonstrate that the NATO Human View can be used to enable engineering managers to make investment decisions that can mitigate security threats.
In this paper we use a well-accepted methodology, fault-tree analysis, to identify delay risks and proactively propose a cost-effective mitigation strategy within a low volume high value supply chain. The basis for the assessment is the bill of materials of the product being studied. The top-level event of interest represents the delay in delivering a product to a customer and lower-level events represent the probabilities associated with delays caused by quality and capability deficiencies within the supply chain of the product being studied. Supply chain risk mitigation strategies have been well documented in academic literature. However, much of what has been documented addresses such topics as facility location, inventory buffers, and is generally focused on response strategies once the risk has been realized. This paper presents a robust method to reduce the likelihood of delays in material flow by representing the system of suppliers within a supply chain as a fault-tree and proactively determining the optimum mitigation strategy for the portfolio. The approach is illustrated via real-world numerical scenarios based on hypothetical data sets and the results are presented.
In this paper we consider a generalization of the p-center problem called the r-all-neighbor p-center problem (RANPCP). The objective of the RANPCP is to minimize the maximum distance from a demand point to its r th-closest located facility. The RANPCP is applicable to facility location with disruptions because it considers the maximum transportation distance after (r-1) facilities are disrupted. While this problem has been studied from a single-objective perspective, this paper studies two bi-objective versions. The main contributions of this paper are (1) algorithms for computing the Pareto-efficient sets for two pairs of objectives (closest distance vs rth-closest distance and cost vs. rth-closest distance) and (2) an empirical analysis that gives several useful insights into the RANPCP. Based on the empirical results, the RANPCP produces solutions that not only minimize vulnerability but also perform reasonably well when disruptions do not occur. In contrast, if disruptions are not considered when locating facilities, the consequence due to facility disruptions is much higher, on average, than if disruptions had been considered. Thus, our results show the importance of optimizing for vulnerability. Therefore, we recommend a bi-objective analysis.
Two methods of reducing the risk of disruptions to distribution systems are (1) strategically locating facilities to mitigate against disruptions and (2) hardening facilities. These two activities have been treated separately in most of the academic literature. This article integrates facility location and facility hardening decisions by studying the minimax facility location and hardening problem (MFLHP), which seeks to minimize the maximum distance from a demand point to its closest located facility after facility disruptions. The formulation assumes that the decision maker is risk averse and thus interested in mitigating against the facility disruption scenario with the largest consequence, an objective that is appropriate for modeling facility interdiction. By taking advantage of the MFLHP’s structure, a natural three-stage formulation is reformulated as a single-stage mixed-integer program (MIP). Rather than solving the MIP directly, the MFLHP can be decomposed into sub-problems and solved using a binary search algorithm. This binary search algorithm is the basis for a multi-objective algorithm, which computes the Pareto-efficient set for the pre- and post-disruption maximum distance. The multi-objective algorithm is illustrated in a numerical example, and experimental results are presented that analyze the tradeoff between objectives.
While few companies would be willing to sacrifice day-to-day operations to hedge against disruptions, designing for robustness can yield solutions that perform well before and after failures have occurred. Through a multi-objective optimization approach this paper provides decision makers the option to trade-off total weighted distance before and after disruptions in the Facility Location Problem. Additionally, this approach allows decision makers to understand the impact on the opening of facilities on total distance and on system robustness (considering the system as the set of located facilities). This approach differs from previous studies in that hedging against failures is done without having to elicit facility failure probabilities concurrently without requiring the allocation of additional hardening/protections resources. The approach is applied to two datasets from the literature.
In this paper, we present a two-stage mixed integer programming (MIP) interdiction model in which an interdictor chooses a limited amount of elements to attack first on a given network, and then an operator dispatches trains through the residual network. Our MIP model explicitly incorporates discrete unit flows of trains on the rail network with time-variant capacities. A real coal rail transportation network is used in order to generate scenarios to provide tactical and operational level vulnerability assessment analysis including rerouting decisions, travel and delay costs analysis, and the frequency of interdictions of facilities for the dynamic rail system.
In this paper, we review the literature studying how to reduce the disruption risk to critical networked infrastructures. This is an important area of research because huge consequences result from infrastructure disruptions. As a result, this research area has grown a lot in the last decade. In this review we discuss articles from the literature, place them into categories, and suggest topics for future research. Our review shows that although this area is growing in popularity, there are still many important opportunities for future work.