Options
Considerations in Risk Assessment for Critical Infrastructure Protection (A thematic analysis approach)
Author(s)
Papamichael, Michalis
Advisor(s)
Abstract
This work investigates the views of risk assessment (RA) practitioners on the decision-making influences and the transnational considerations affecting RA for critical infrastructure protection (CIP). The investigation is driven by the realization that contemporary RA models and processes fail to adequately consider the domain based characteristics of transnational Critical Infrastructure (CI) characteristics. They also fail to recognize the full extent of the human decision-making influence on the RA process itself, as well as the relative lack of homogeneity across assets, stakeholders, geographies, national boundaries, paradigms, and people, in transnational CI environments.
The investigation was based on the thematic analysis of the interviews of twelve expert RA practitioners, following a validation of the interview protocol by a focus group of experts, and a document study of two CI projects. The analysis identified an overarching theme counter-signing their collective view that the team approach is the one true remedy for all RA process shortcomings. Five other themes support this high-level view: (1) the value of the human influence of RA, (2) the effect of transnationalism on RA for CIP, (3) the view that consistency in tools and methods is not necessarily a panacea to performance, and two groups of forces influencing the process and the setting; (4) CI organizational RA-influencing forces; and (5) CI RA enablers and impediments. All six themes were validated by member-checking.
Despite the view of the team-approach being an absolute panacea in the eyes of practitioners, insights from the current industry RA practice from the interviews themselves, and from an investigation of relevant literature, has not identified rules and guidelines in its application, evidence of it being coordinated or applied consistently, nor an indication of it being an integral part of RA processes.
Careful analysis of the learning from the interviews suggests that a risk assessment model-agnostic collaborative approach to RA for CIP, such as the suggested self managed team approach, which would embrace the weak-signals process and the future wheels approach, can effectively address the transnationalism and human decision making challenges identified in this report, the absence of performance assessment metrics for the RA process specifically at the level of the professional, as Considerations in Risk Assessment for Critical Infrastructure Protection (A thematic analysis approach) well as deliver improved assessment of terrorism and cyber risks whose nature is aversive to traditional RA methodologies.
The suggested team approach for RA for CIP and the articulation of the benefit that the added scope of a weak-signals and futures-wheel approach would bring to the process, was outlined in the conclusions, however, both would benefit from additional research for its better articulation and testing with a suitable pool of expert practitioners.
The investigation was based on the thematic analysis of the interviews of twelve expert RA practitioners, following a validation of the interview protocol by a focus group of experts, and a document study of two CI projects. The analysis identified an overarching theme counter-signing their collective view that the team approach is the one true remedy for all RA process shortcomings. Five other themes support this high-level view: (1) the value of the human influence of RA, (2) the effect of transnationalism on RA for CIP, (3) the view that consistency in tools and methods is not necessarily a panacea to performance, and two groups of forces influencing the process and the setting; (4) CI organizational RA-influencing forces; and (5) CI RA enablers and impediments. All six themes were validated by member-checking.
Despite the view of the team-approach being an absolute panacea in the eyes of practitioners, insights from the current industry RA practice from the interviews themselves, and from an investigation of relevant literature, has not identified rules and guidelines in its application, evidence of it being coordinated or applied consistently, nor an indication of it being an integral part of RA processes.
Careful analysis of the learning from the interviews suggests that a risk assessment model-agnostic collaborative approach to RA for CIP, such as the suggested self managed team approach, which would embrace the weak-signals process and the future wheels approach, can effectively address the transnationalism and human decision making challenges identified in this report, the absence of performance assessment metrics for the RA process specifically at the level of the professional, as Considerations in Risk Assessment for Critical Infrastructure Protection (A thematic analysis approach) well as deliver improved assessment of terrorism and cyber risks whose nature is aversive to traditional RA methodologies.
The suggested team approach for RA for CIP and the articulation of the benefit that the added scope of a weak-signals and futures-wheel approach would bring to the process, was outlined in the conclusions, however, both would benefit from additional research for its better articulation and testing with a suitable pool of expert practitioners.
Date Issued
2024-06-27
Open Access
Yes
Department
Publisher
School of Sciences : PhD Program in Occupational Safety and Health
File(s)
No Thumbnail Available
Name
2024.05.27 - Michalis Papamichael F20202223 PhD Thesis - Final (Corrected) (1).pdf
Type
main article
Size
6.83 MB
Format
Checksum