Content uploaded by Mohsen Moshrefzadeh
Author content
All content in this area was uploaded by Mohsen Moshrefzadeh on Dec 21, 2024
Content may be subject to copyright.
Resilience assessment model of
optimised investment
Deliverable 7.4
Lead Author: NCSRD
Contributors: RMIT, UIC, MDM, EGO, PRO, RFI, UREAD, ETRA,
UNEW, LAU, UMH, ELBIT, FGC
Dissemination level: PU – Public
Security Assessment Control: passed
This project has received funding from the European Union’s Horizon 2020 research and innovation
programme under grant agreement No. 883532.
PU – Public D7.4, November 2022
1
D7.4 Resilience assessment model of optimised investment
Deliverable
number:
7.4
Version:
V1.1
Delivery date:
30.11.2022
Dissemination
level:
PU - Public
Nature:
Report
Main author(s)
K. Giorgos Thanos
Stelios C. A. Thomopoulos
NCSRD
Contributor(s)
Mohsen Moshrefzadeh
RMIT
Internal reviewer(s)
Stephen Crabbe
Antonio De Santiago Laporte
Fraunhofer
MdM
External reviewer(s)
Any future feedback to be input into future work.
Document control
Version
Date
Author(s)
Change(s)
V0.1
24.06.2022
K. Giorgos Thanos
V0.2
22.07.2022
First draft for review-RMIT, following PC
feedback
V0.3
25.07.2022
K. Giorgos Thanos
Updated for review - NCSRD
V0.4
01.08.2022
K. Giorgos Thanos
Updated based on RMIT review
V0.5
29.08.2022
Stelios C. A.
Thomopoulos
Revised and approved for release,
following also PC feedback
V0.6
14.09.2022
Mohsen Moshrefzadeh
Creation of V0.6 after implementing
WP7 internal review and comments.
V0.7
16.09.2022
Stelios C. A.
Thomopoulos
Mohsen Moshrefzadeh
Revised and approved for final release,
following also PC feedback
V1.0
04.10.2022
Stephen Crabbe
Creation of V1.0 from V0.7 with further
updates from NCSRD and RMIT
following “official internal review”,
formatting and minor editing.
V1.1
30.11.2022
Stelios C. A.
Thomopoulos
Stephen Crabbe
Corrected “snowfall” to “rainfall” on p.8,
Chap. 2.1, Hypothetical Scenarios, 3rd
Sentence.
Update of footer and this page.
DISCLAIMER AND COPYRIGHT
The information appearing in this document has been prepared in good faith and represents the views of the
authors. Every effort has been made to ensure that all statements and information contained herein are accurate;
however, the authors accept no statutory, contractual or other legal liability for any error or omission to the fullest
extent that liability can be limited in law.
This document reflects only the view of its authors. Neither the authors nor the Research Executive Agency nor
European Commission are responsible for any use that may be made of the information it contains. The use of
the content provided is at the sole risk of the user. The reader is encouraged to investigate whether professional
advice is necessary in all situations.
No part of this document may be copied, reproduced, disclosed, or distributed by any means whatsoever,
including electronic without the express permission of the SAFETY4RAILS project partners. The same applies
for translation, adaptation or transformation, arrangement or reproduction by any method or procedure
whatsoever.
© Copyright SAFETY4RAILS Project (project co-funded by the European Union) in this document remains
vested in the project partners.
PU – Public D7.4, November 2022
2
ABOUT SAFETY4RAILS
SAFETY4RAILS is the acronym for the innovation
project: Data-based analysis for SAFETY and security
protection FOR detection, prevention, mitigation and
response in trans-modal metro and RAILway
networkS. Railways and Metros are safe, efficient,
reliable and environmentally friendly mass carriers, and
they are becoming even more important means of
transportation given the need to address climate change.
However, being such critical infrastructures turns metro
and railway operators as well as related intermodal
transport operators into attractive targets for cyber and/or
physical attacks.The SAFETY4RAILS project delivers
methods and systems to increase the safety and
recovery of track-based inter-city railway and intra-
city metro transportation. It addresses both cyber-only
attacks (such as impact from WannaCry infections),
physical-only attacks (such as the Madrid commuter trains
bombing in 2004) and combined cyber-physical attacks,
which are important emerging scenarios given increasing
IoT infrastructure integration.
SAFETY4RAILS concentrates onrush hour rail
transport scenarios where many passengers are using
metros and railways to commute to work or attend mass
events (e.g. large multi-venue sporting events such as the
Olympics). When an incident occurs during heavy usage,
metro and railway operators have to consider many
aspects to ensure passenger safety and security, e.g.
carry out a threat analysis, maintain situation awareness,
establish crisis communication and response, and they
must ensure that mitigation steps are taken and
communicated to travellers and other users.
SAFETY4RAILS will improve the handling of such
events through a holistic approach. It will analyse the
cyber-physical resilience of metro and railway systems
and deliver mitigation strategies for an efficient response,
and, in order to remain secure given everchanging novel
emerging risks, it will facilitate continuous adaptation of
the SAFETY4RAILS solution; this will be validated by two
rail transport operators and the results will support the re-
design of the final prototype.
PU – Public D7.4, November 2022
3
TABLE OF CONTENT
ABOUT SAFETY4RAILS................................................................................................................................. 2
Executive summary ......................................................................................................................................... 4
1. Introduction .............................................................................................................................................. 5
1.1 Overview ........................................................................................................................................... 5
1.2 Connection with other tasks .............................................................................................................. 5
1.3 Structure of the deliverable ............................................................................................................... 7
2. Methodology ............................................................................................................................................ 8
2.1 Hypothetical Scenarios ..................................................................................................................... 8
Scenario 1 .............................................................................................................................................. 10
Scenario 2 .............................................................................................................................................. 10
2.2 Approaches ..................................................................................................................................... 10
3. Analysis ................................................................................................................................................. 10
3.1 Approach 1 ..................................................................................................................................... 10
3.2 Approach 2 ..................................................................................................................................... 17
3.3 Integration with CAMS tool .............................................................................................................. 25
4. Discussions ............................................................................................................................................ 26
5. Conclusion ............................................................................................................................................. 27
BIBLIOGRAPHY ........................................................................................................................................... 28
ANNEXES ..................................................................................................................................................... 29
ANNEX I. GLOSSARY AND ACRONYMS ................................................................................................. 29
List of tables
Table 1 Components Restorations Simulation for Scenario 1 ........................................................................ 13
Table 2 Components Restorations Simulation for Scenario 2 ........................................................................ 16
Table 3 Conditional Table for Stairs Group that contain 2 Stairs ................................................................... 19
Table 4 Conditional Table for Stairs Group thatcontain4 Stairs ..................................................................... 19
Table 5 Conditional Table for Elevators Group that contain 2 Elevators ........................................................ 19
Table 6 Conditional Table for Elevators Group that contain 4 Elevators ........................................................ 20
Table 7 Conditional Table of Platforms Group that contain 2 Platforms ......................................................... 21
Table 8 Conditional Table of Platforms Group that contain 4 Platforms. ........................................................ 21
Table 9 Conditional Table for each Station node ........................................................................................... 22
Table 10 Conditional Table for each line component ..................................................................................... 22
Table 11 Components Restorations Simulation for Scenario 1 ...................................................................... 24
Table 12 Components Restorations Simulation for Scenario 2 ...................................................................... 24
Table 13 Comparison of two Approaches ...................................................................................................... 26
Table 14 Glossary and Acronyms ................................................................................................................. 29
List of figures
Figure 1 WP7 Relationship Diagram ............................................................................................................... 6
PU – Public D7.4, November 2022
4
Figure 2 Train Network model ......................................................................................................................... 8
Figure 3 DAG model of Train Network (Station Nodes are expanded in Figure 4) ........................................... 9
Figure 4 DAG model of Station nodes ............................................................................................................. 9
Figure 5 Fault Tree Graph of Train Network Model (Station Nodes are expanded in Figure 6) ...................... 11
Figure 6 Fault Tree Graph of Station Nodes .................................................................................................. 11
Figure 7 Fault Tree Analysis for Scenario 1. The transparent boxes (blue/red) indicate the boolean state
value of each asset. ...................................................................................................................................... 13
Figure 8 Fault Tree Analysis for Scenario 2. The transparent boxes (blue/red) indicate the boolean state
value of each asset. ...................................................................................................................................... 15
Figure 9 Bayesian Network Model for Train Network ..................................................................................... 18
Figure 10 Performance in terms to cost consumption .................................................................................... 22
Figure 11 Investment Optimization flow diagram ........................................................................................... 26
Executive summary
The D7.4 regards building a budgetary scenario set–up where there will be determined the
components that contribute to budgetary implications of potential infrastructure threats. It is
presented a methodology study for analysing different cost investment scenarios on infrastructure
cases and proceeded with an evaluation of the model in terms of (a) feasibility to represent the
interdependencies of the components, the cascading effects and (b) performance in determining
faulty components and updating related parameters to resilience and vulnerability as indicated in
T7.1 – T7.3. The proposed methodology regards simulating and evaluating hypothetical scenarios
that affect the functional condition of railway infrastructures and their corresponding budgetary
implications. In this context, it is examined two hypothetical disaster scenarios taking into account
infrastructure cascade disaster effects, the corresponding resilience and the respective budgetary
impact. The proposed methodology comprises of two approaches: (a) A coarse grain analysis where
infrastructure condition is considered to be of two states, Working/Non-Working, (b) a more realistic
analysis where for the condition of infrastructure components is considered as scalar, where it is
taken into account the physical decay, disaster impact and time/cost to be repaired. It also includes
budgetary simulation scenarios that RMIT could use using CAMS to optimise budget for a given
level of resilience planning under S4RIS platform. The document concludes with the evaluation of
the two different analytical study approaches on the two scenario use cases and proposes
recommendations for further extensions of the proposed methodology.
PU – Public D7.4, November 2022
5
1. Introduction
1.1 Overview
D7.4 presents the results of the analysis framework developed in T7.4 to identify the elements with
the greatest influence and impact on rail operations under environmental threats, such as flood,
wildfire, or earthquakes, using Fault Tree analysis and Bayesian Inference Models which are well
tested methodologies for Fault Analysis in large infrastructures. The results of the analysis framework
in D7.4 are used to predict failure of the components of the asset under flood. The prediction results
are then used by CAMS to estimate cost of repair of the asset in case of failure (flood in particular is
considered in Deliverable D7.5 – Figure 3. Based on cost estimates of repair in case of failure
generated by CAMS and constrained by the available budget, the allocation of the available funds can
be optimized in order to minimize the expected impact in case of failure by reinforcing elements of the
asset that are critical for it is resilience in case of a natural disaster. This approach was used in the
flood impact analysis referenced above.
The main objective of this document is to demonstrate a methodology study for analysing different
cost investment scenarios about infrastructure cases and proceeds with evaluation of the model in
terms of (a) feasibility to represent the interdependencies of the components, the cascading effects
and (b) performance in determining faulty components and updating related parameters to resilience
and vulnerability as indicated in T7.1 – T7.3. In accordance with the deliverables of WP7, under the
leadership of RMIT, the complete system specifications for the enhancement of the current capabilities
of CAMS for rail assets, including all the scenarios and vulnerable asset components, will be
developed in D7.5.
Finally, the document concludes with recommendations of optimising cost investments based on
candidate scenarios and requirements regarding infrastructure utilisation, cost and resilience and
indicates potential further actions as future steps.
1.2 Connection with other tasks
T7.4 corresponds to a proposed methodology for enhancing the budgetary investment optimisation
procedure, by consuming the assets taxonomy and hierarchy as categorised and prioritised by T7.1
and WP3 and applying a cascading effects model in order to infer probable infrastructure components
impact and corresponding cascading effects due to a potential hazard. These assets impact would be
a more fine grained determination, based on the proposed in T7.4 methodology, of the impact matrix
as stated in D7.3 (Figure 2 in [10]). In further these estimated impact scores will lead to the respective
budgetary impact following the cost per damage relation that is proposed in T7.3. Finally, the results
will conclude to T7.5 in order to optimise the budgetary investment. The T7.4 contribution in WP7
workflow is depicted in Figure 1.
PU – Public D7.4, November 2022
6
FIGURE 1 WP7 RELATIONSHIP DIAGRAM
T7.4 supports the WP7 workflow in two ways: (a) by calculating the cascading effects of disaster
incidents which in further will be translated into budgetary implications based in T7.3 proposed
procedure, (b) by providing the capability of simulating disaster impact scenarios with different severity
impacts and different cascading effects, which in further will lead to different impact scenarios that at
the end will correspond, based on T7.3 to different cost effects. To demonstrate the synergy of WP7,
CAMS used the flood scenario described in this report in a Milan simulation exercise to assess
different flood scenarios and their budgetary impact (See Figure 11 below and Table 12 in D7.1)
In this regard, CAMS used data has been fed with a variety of budgetary scenarios, according to the
different setups of T7.4 and different costs and environmental situations that affect the budgetary
impact, (see Data For CAMS in Table 12 in D7.1; Component Condition is defined by 1 in columns as
the CAMS input data for asset condition. Also, J column “Dependencies” in table 12 of D7.1 was
generated by NCSRD flood scenario). This pool of budgetary scenarios will further be consumed by
T7.5 in order to conclude on optimised budgetary investment strategies. The proposed procedure
relies on Fault Tree analysis and Bayesian Inference Models which are well tested methodologies for
Fault Analysis in large infrastructures. In this document moreover, the two models are compared for
the two type of disaster incidents, physical and human caused, indicating their contribution
performance for each model. The goal is to leverage the budgetary investment optimisation as
supported by T7.1 – T7.3 and finally performed in T7.5, by providing the capability of estimating fine
grained components condition levels for different simulated disaster scenarios. T7.4 along with other
WP7 and the iCrowd simulator can act as a digital twin1 of railway infrastructures for disaster
1The iCrowd Simulator uses detailed 3D model of a rail station and it is surrounding environment, in any desired level of
detail and accuracy, to simulate both physical and cyber infrastructures of a rail station and its operations, crowd behaviour,
and physical and cyber attacks against an infrastructure. The iCrowd simulator is also a platform that allows to take into
consideration the output from other simulators simulating other physical events that may affect the rail infrastructure such
as bomb blast simulators, fire simulators, CBRN incident simulator, etc., and incorporate their impact in the overall
simulation of a physical or cyber attack against a rail infrastructure. In the context of S AFETY4RAILS, the iCrowd
simulator, alongside side with DMS, was used as a digital twin for exchanging data to and from the simulator and the
S4RIS tools and providing a realistic simulation environment for a rail infrastructure and the outcome of a physical or cyber
attack against it during the Madrid and Ankara rail pilots. For example, in the Madrid Metro (MDM) pilot, iCrowd,
communicated through DMS, with the BB3D S4RIS tool to (digitally) detonate a bomb at an agreed upon by the pilot
scenario time and location, and receive data from the evolution of the detonation in real time. This data was taken into
consideration to provide a more realistic evacuation simulation of the metro station in the agreed upon “safe areas”
PU – Public D7.4, November 2022
7
management optimisation, where disaster scenarios lead to different disaster impact along with the
corresponding cascading effects on the different assets of railway infrastructures, as calculated by
T7.4 using assets taxonomy, decay model and resilience, as provided by T7.1. Then such results are
translated in cost terms according to T7.3 definitions and the result. Inferred mitigation measures
performance can be estimated based on T7.4 impact inference models translated in budgetary terms
via T7.3 models. In this regard, T7.5 may examine a variety of mitigation measures along with the
corresponding performance for each measure in order to calculate the respective optimized mitigation
plan.
1.3 Structure of the deliverable
The following sections of this document describe the development of a comprehensive approach to
resilience, preparedness, and prevention, including financial and budgetary elements related to
WP7 of SAFETY4RAILS project:
• Section 2: In this section it is described the proposed methodology and the different
scenarios and analytical formulations that were used for approaching these scenarios.
• Section 3: In this section there are determined two indicative scenarios of the two types of
hazard threats (a) physical natural threats, (b) terrorism. Moreover, the proposed
methodology is applied in order to demonstrate the different scenarios evaluation and the
corresponding variation in terms of cost/budgetary investment.
• Section 4: In this section there are presented the comparison results from the Section 3
analysis from the two proposed approaches. These results are further evaluated regarding
their feasibility to represent the interdependencies of the components and the cascading
effects, and the capability for contributing to optimization of budgetary plans and strategies,
which then get forwarded to CAMS that generates its numerical results based on the T7.4
results. (See CAMS table 12 in D7.1)
specified by the scenario outside the metro station. In the Ankara Metro pilot, iCrowd, alongside with DMS, was used as
a digital twin to simulate a cyber attack by a perpetrator evading surveillance cameras, reaching a computer room,
comprising the metro control room, causing an interruption in the train flow, access to the station control system, and
inducing a major confusion to the metro station, initiating an evacuation process. Upon leaving the metro station, the
perpetrator(s) were caught on the surveillance cameras despite their effort(s) to evade being detected. An anomaly
detection software could have been used to detect the perpetrator(s) using footage from the (simulated) surveillance
cameras.
PU – Public D7.4, November 2022
8
2. Methodology
This document presents a methodology for simulating and evaluating hypothetical scenarios that
affect the functional condition of railway infrastructures and their corresponding budgetary
implications. In this regard, two hypothetical disaster scenarios are examined against which the
infrastructure cascade disaster effects, the corresponding resilience, and the respective budgetary
impact, have been tested. The proposed methodology comprises of two approaches: (a) a coarse
grain analysis where infrastructure condition is considered to be of two states, Working/Non-Working,
and (b) a more realistic analysis where the condition of infrastructure components is expressed as a
continuous value scalar, by taking into account the physical deterioration, the disaster impact, and the
time/cost for repair. The outcome of the impact analysis is then used the CAMS tool to provide
optimised mitigation measures for a given level of resilience planning under the S4RIS platform, see
D7.1 Table 12.
2.1 Hypothetical Scenarios
Disaster incidents are divided into two main groups: (a) physical disasters, where due to a natural
phenomenon (e.g. rain, earthquake, etc) several infrastructure components are damaged, and (b)
disasters due to terrorist attack(s). In this document both categories are proposed, via a representative
hypothetical scenario for each case. The first case corresponds to a case of a heavy rainfall where
two railway lines have failed which consequently affect the railway utilisation, and the second to a
sudden bomb attack in a metro station which resulted in several components being damaged.
As a test case we examine the following toy railway/metro network which comprises of eight Metro
stations, twelve Railway stations and two multi – modal stations. The interconnections among stations
are referred as lines which correspond to the different train paths: (a) two metro lines (green and blue
line) and (b) two railway lines (red and yellow). The interconnections are indicated as linei,
corresponding two a line section between two stations (Figure 2).
FIGURE 2 TRAIN NETWORK MODEL
For modelling the railway infrastructure, it is used the railway assets taxonomy as presented in D3.1
(Figure 3.2 Branch Chart Assets). Based on this taxonomy the train network generalizes to a general
assets network where the interdependencies follow the D3.1 [6] assets taxonomy. As a result, the
PU – Public D7.4, November 2022
9
train network is modelled as a Directed Acyclic Graph (DAG) where each asset point to the ones that
it depends on. The proposed train model is depicted in Figure 3 and Figure 4.
FIGURE 3 DAG MODEL OF TRAIN NETWORK (STATION NODES ARE EXPANDED IN FIGURE 4)
FIGURE 4 DAG MODEL OF STATION NODES
PU – Public D7.4, November 2022
10
The above-mentioned graphs describe the hypothetical train network (Figure 2) where each node
corresponds to an asset and edges refer to the respective dependencies between two assets. For
example, A→B reflects the dependence of asset A to asset B. In other words, the functional state of
B influences the functional state of A.
Scenario 1
The first scenario of a flooding incident, a natural incident that affects seriously the utilisation of train
network by reducing the functionalities of each several assets and in several cases, produces more
permanent failures where repairment actions are mandatory. The hypothetical flooding disaster
results after a heavy rainfall in the area of Multi-Modal Station 1 and the line section that connects
Multi-Modal Station1 with Railway Station 4. The consequence of this is that the line section is out for
3 hours, water has entered the Multi-Modal Station and put out of service the platform 1 and 2 and
damaged the elevator 1. After several hours line section, and platforms utilization has been restored
and remain only the elevator damage. Based on this scenario, CAMS assessed possible flood
scenarios and their impact on the budget in recovery (see D7.5 Figure 3).
Scenario 2
The second scenario regards a bombing incident that results in severe damage to two platforms of
Metro Station 4 and for precautionary reasons the other two platforms are closed for maintenance.
Given the fact that Metro Station 4 corresponds to a node that connects the blue and green Metro
Line, the specific disaster results in cascading effects that affect not only the normal condition of
Metro Station 4 but also the utilization of blue and green lines which are rely on Platforms 1&2 and
Platforms 3&4 respectively. The Platforms 1&2 have been seriously damage and need to be
repaired, which results in time spending and financial cost. The Platforms 3&4 are evaluated and
validated for being in the right condition for normal use, which costs much less in time and money.
2.2 Approaches
In this deliverable it is demonstrated a computational methodology for evaluating budgetary
implications of disaster cases and related variations in terms of infrastructure performance with
different budgetary costs that influence each asset’s utilisation, which can be defined and categorised
in CAMS input. In this context, the proposed methodology comprises two approaches: (a) A coarse
grain approach, where assets’ condition is treated as Boolean and only disaster incidents and their
cascading effects are considered when determining condition, (b) a more meticulous study where
assets’ condition is determined by a 5 scale metric and is determined by physical condition
(considering physical deterioration) and disaster impact as well. The proposed methodology is
demonstrated by applying the two approaches to the two above-mentioned scenarios, where by
testing different disaster settings and resilience and mitigation strategies, the budgetary
consequences can be optimized differently in Task 7.5.
3. Analysis
3.1 Approach 1
In the first approach we treat assets’ condition as binary (Good/Faulty). (It was used by CAMS on
D7.1 Table 12 and then in D7.5 Figure 3 based on the D7.4 flood scenario.) It is independent of any
physical deterioration, but only dependent on damage effects. In this regard, disaster incidents effects
are modelled via a Fault Tree relying on the Train network model that is proposed in section 2. The
Fault Tree model maps to each node the train network infrastructure’s assets and the edges
correspond to the interdependencies of assets. Each node value is determined by either the logical
AND or logical OR of its children values. Logical AND is used for a node if it is needed all its children
to be in a good condition, in order to have good condition. Otherwise the node’s condition should be
faulty.
PU – Public D7.4, November 2022
12
It is presented, in Figure 5 and Figure 6,how the FaultTree Graph models the hypothetical Train
network model. The selection of AND or OR « gates » is based on the utilisation requirement of
whether it is mandatory for all children nodes to be fully functional, in order for a node to be in Good
condition, or it is needed for at least one child node to be in Good condition, using the assets’ condition
categorisation as presented in D7.1 for CAMS data. In this regard, there is only one mitigation strategy
for recovering disaster damages, the assets’ full repairment which has a pre-defined cost value
Ci.where i : Asset ID [6]
As a result the two above-mentioned disaster scenarios are formalised as follows:
Scenario 1
Based on Scenario 1 script, initially there is damage at Platform 1&2, Elevator 1 and line section
between Multi-Modal Station 1 and Railway Station 4. In the Train Network Fault Tree Model then,
all leaf nodes take the value 1 (True) except Elevator 1, Platform 1 and Platform 2 of Multi-Modal
Station 1, and Red Line, which take value 0 (False). Based on the proposed Fault Tree (which CAMS
used flood scenarios in the Milan SE, (D7.1 table 12), the estimated cascading effects of the pre-
mentioned assets failures lead only to the Red Line. According to the Fault Tree model, Multi-Modal
Station 1 is functional because only Platforms node is not False because there is at least one of the
Platforms functional. The same goes with Elevators node. Red Line node’s status is determined by
the AND aggregation of its own status and its children. In this regard, all its children have True value
except its own value (Figure 7).
PU – Public D7.4, November 2022
13
FIGURE 7 FAULT TREE ANALYSIS FOR SCENARIO 1. THE TRANSPARENT BOXES (BLUE/RED) INDICATE THE BOOLEAN STATE
VALUE OF EACH ASSET.
As a result, the outcome is that the Red Line is out of service until it gets restored (i.e. after 3 hours).
Although this approach does not reflect the implications of having Elevator 1 and Platform 1&2 out
of service, it can give a reasonable general estimate of what components have « fatal » impact of train
network utilisation and should be restored as first priority compared to others. The benefits of this
approach can be displayed even more clearly by analyzing several variations of assets fault mitigation
plans and checking out the corresponding budgetary implications.
TABLE 1 COMPONENTS RESTORATIONS SIMULATION FOR SCENARIO 1
In Table 1 it is recorded several faults mitigation strategies in order to restore the Train Networks
functionality. According to Fault Tree the only damaged component that affects whole infrastructure
functionality is only the Red Line section between Multi-Modal Station 1 and Railway Station 4
which disables the whole Red Line. At this point, it should be stated that for simplicity, without violating
generality, it is considered that each train route is one way, and the reverse route takes place only
after each train reaches the end of its destination. Consequently, if any line fails at any section, the
Elevator 1 Platform 1 Platform 2 Red_Line Cost
Utilization (In
terms of Line
sections)
Comments
NO FIX NO FIX NO FIX NO FIX 0 75%
3 out of 4 lines are func tional
NO FIX NO FIX NO FIX FIX C_Line 100 %
All lines functi onal whi ch corresponds to a
fully funct ional training network based o n
Fault Tree Model
FIX / NO FIX FIX / NO FIX FIX / NO FIX FIX
C_Line +
C_Platform*Num_Fixed_Platforms
+
C_Elevator*Num_Fixed_Elevators
100%
All lines functi onal whi ch corresponds to a
fully funct ional training network based o n
Fault Tree Model
FIX / NO FIX FIX / NO FIX FIX / NO FIX NO FIX
C_Platform*Num_Fixed_Platforms
+
C_Elevator*Num_Fixed_Elevators
75%
3 out of 4 lines are func tional
PU – Public D7.4, November 2022
14
line is out of order. Moreover, it is pointed out that the Fault Tree Model treat components utilization
as Boolean (Functional / Non – Functional) and does not reflect the reduced utilization of an asset
which is caused in case that any of its supporting assets is failed. As a result, the benefit of supporting
components is not reflected, and restoring a non-crucial component (such as Elevator and Platform
1&2 in our example) does not make a difference but, on the contrary, increases costs, as shown in
CAMS output in D7.1 [7]. Additionally, the method successfully distinguishes the most critical
components from the less crucial ones and provides a coarse estimate for the cost of restoring a
critical asset that has been damaged.
Scenario 2
The second scenario corresponds to a terrorism incident where the disaster incident damages
seriously Platform 1&2 of Metro Station 4, which in further creates the necessity of performing
extraordinary maintenance procedures on Platforms 3&4 for security reasons. To this end, the Fault
Tree model for this scenario takes the following form:
PU – Public D7.4, November 2022
15
FIGURE 8 FAULT TREE ANALYSIS FOR SCENARIO 2. THE TRANSPARENT BOXES (BLUE/RED) INDICATE THE BOOLEAN STATE
VALUE OF EACH ASSET.
In this case, the damage to Metro Station 4 platforms disables the station operation, which in turn
causes the Blue Line and Green Line to be out of service because of a (the) cascading effect.
Mitigation strategies for this use case are described in Table 2 below.
PU – Public D7.4, November 2022
16
TABLE 2 COMPONENTS RESTORATIONS SIMULATION FOR SCENARIO 2
According to Table 2 analysis, it is indicated that there is a trade-off between Train Network utilization
and Restoration Cost. In case of no restoration (which means no restoration costs), there is only 50%
infrastructure utilization. On the other hand, based on the Fault Tree analysis if we proceed restoring
any Platform, the utilization returns back to 100%. However, depending on the Platform/Platforms we
choose to repair, the respective costs differ.
Platform 1 Platform 2 Platform 3 Platform 4 Cost
Utilization (In
terms of Line
section s)
Comment s
FIX FIX FIX FIX
C_Platform_1 + C_Platform_2 +
C_Platform_3 + C_Platform_4
100 %
Cost for repairing all Platforms
FIX FIX FIX NO FIX
C_Platform_1 + C_Platform_2 +
C_Platform_3
100 %
Cost for repairing the damaged Platforms and
one non-damaged fo r precaution ary reasons
FIX FIX NO FIX FIX
C_Platform_1 + C_Platform_2 +
C_Platform_4
100 %
Cost for repairing the damaged Platforms and
one non-damaged fo r precaution ary reasons
FIX FIX NO FIX NO FIX
C_Platform_1 + C_Platform_2 100% Cost for repairing the damaged Platforms
FIX NO FIX FIX FIX
C_Platform_1 + C_Platform_3 +
C_Platform_4
100 %
Cost for repairing only one damaged Platform
and the two non-damaged for precautio nary
reasons
FIX NO FIX FIX NO FIX
C_Platform_1 + C_Platform_3 100%
Cost for repairing only one damaged Platform
and one of the non-damaged ones for
precautionary reasons
FIX NO FIX NO FIX FIX
C_Platform_1 + C_Platform_4 100%
Cost for repairing only one damaged Platform
and one of the non-damaged ones for
precautionary reasons
FIX NO FIX NO FIX NO FIX
C_Platform_1 100 % Cost for repairing onl y one damaged Platform
NO FIX FIX FIX FIX
C_Platform_2 + C_Platform_3 +
C_Platform_4
100 %
Cost for repairing only one damaged Platform
and the two non-damaged for precautio nary
reasons
NO FIX FIX FIX NO FIX
C_Platform_2 + C_Platform_3 100%
Cost for repairing only one damaged Platform
and one of the non-damaged ones for
precautionary reasons
NO FIX FIX NO FIX FIX
C_Platform_2 + C_Platform_4 100%
Cost for repairing only one damaged Platform
and one of the non-damaged ones for
precautionary reasons
NO FIX FIX NO FIX NO FIX
C_Platform_2 100 % Cost for repairing onl y one damaged Platform
NO FIX NO FIX FIX FIX
C_Platform_3 + C_Platform_4 100%
Cost for repairing the two non-damaged
Platform s for precautio nary reasons
NO FIX NO FIX FIX NO FIX
C_Platform_3 100 %
Cost for repairing only one of the two non-
damaged Platforms for precautionary reasons
NO FIX NO FIX NO FIX FIX
C_Platform_4 100 %
Cost for repairing only one of the two non-
damaged Platforms for precautionary reasons
NO FIX NO FIX NO FIX NO FIX
050% No c ost
Color codes
Highest Cost
Crucial High Medium Low No Cost
Crucial Very High
Medium High Medium Low Very Low
PU – Public D7.4, November 2022
17
Table 2 indicates that a proper strategy for restoring utilisation is to proceed with the maintenance of
one of the two undamaged platforms which leads to the lowest cost.
However, similarly to the previous scenario, it can be noticed that the Fault Tree based approach is
efficient in determining the crucial strategy in order to restore the worse case of utilization, due to the
fact that this method considers assets’ states as boolean. Consequently an asset state can be
considered as functional or non-functional. In reality, nevertheless, the set of boolean values
correspond to the upper and lower utilisation limit which most of the times are not the true picture of
the assets status. As a consequence, its real status lies somewhere in the middle, influenced not only
by damage incidents or dependent assets, but also by their resilience. In this regard, Fault Tree
Analysis seems to be a quick and efficient way for distinguishing the crucial cases from the less crucial,
which is important in urgent situations. The other cases, however, need more meticulous study of their
status and the way they are influenced by other dependant assets, and external and internal factors.
3.2 Approach 2
The second approach uses the functional status of assets as a scalar measure between 0 and 1.0 to
indicate the effectiveness of their utilisation. In this respect, the train network utilisation and resultant
impact of sudden human-made or natural hazards is modeled using a Bayesian Network, which
assumes the Markov property for the inter-dependencies between the components.
PU – Public D7.4, November 2022
18
FIGURE 9 BAYESIAN NETWORK MODEL FOR TRAIN NETWORK
Each arrow maps each asset with the ones that influence their utilization.
The conditional dependencies between nodes and children are determined by pre – defined expert
rules that define the effect of assets utilization on their parent assets. Finally, the leaf nodes
(independent variables) reflect the assets' operational capability by taking into account physical
deterioration and disaster incidents' impacts on their performance level. This performance Q(t,c,s)
(where t : time, c : cost, s : status) is based on the performance determination methodology as
proposed toward CAMS for categorisation and prioritisation2 data that was generated under WP7's
studies In this regard it is proposed the following conditional tables:
2CdM datasheet column I-M. In the last SE, CAMS used the Table 3 0-1 method for component cost and operational condition.
PU – Public D7.4, November 2022
19
TABLE 3 CONDITIONAL TABLE FOR STAIRS GROUP THAT CONTAIN 2 STAIRS
TABLE 4 CONDITIONAL TABLE FOR STAIRS GROUP THATCONTAIN4 STAIRS
TABLE 5 CONDITIONAL TABLE FOR ELEVATORS GROUP THAT CONTAIN 2 ELEVATORS
Stairs=1 Stairs_1 Stairs_2 Expert Rule
11 1
If all Stairs are functional then Stairs module is considered fully functional
0,5 1 0
If one of the Stairs is functional then Stairs are considered functional to the
extend depending on amount of functional Stairs.
0,5 0 1
If one of the Stairs is functional then Stairs are considered functional to the
extend depending on amount of functional Stairs.
00 0
If no Stairs is f unctional then Stairs module is considered non-functional
Stairs=1 Stairs_1 Stairs_2 Stairs_3 Stairs_4 Expert Rule
11 1 1 1
If all Stairs are functional then Stairs module is considered fully
functional
0,75 1 1 1 0
If one of the Stairs is functional then Stairs are considered functional
to the extend depending on amount of functional Stairs.
0,75 1 1 0 1
If one of the Stairs is functional then Stairs are considered functional
to the extend depending on amount of functional Stairs.
0,5 1 1 0 0
If one of the Stairs is functional then Stairs are considered functional
to the extend depending on amount of functional Stairs.
0,75 1 0 1 1
If one of the Stairs is functional then Stairs are considered functional
to the extend depending on amount of functional Stairs.
0,5 1 0 1 0
If one of the Stairs is functional then Stairs are considered functional
to the extend depending on amount of functional Stairs.
0,5 1 0 0 1
If one of the Stairs is functional then Stairs are considered functional
to the extend depending on amount of functional Stairs.
0,25 1 0 0 0
If one of the Stairs is functional then Stairs are considered functional
to the extend depending on amount of functional Stairs.
0,75 0 1 1 1
If one of the Stairs is functional then Stairs are considered functional
to the extend depending on amount of functional Stairs.
0.50 0 1 1 0
If one of the Stairs is functional then Stairs are considered functional
to the extend depending on amount of functional Stairs.
0,5 0 1 0 1
If one of the Stairs is functional then Stairs are considered functional
to the extend depending on amount of functional Stairs.
0,25 0 1 0 0
If one of the Stairs is functional then Stairs are considered functional
to the extend depending on amount of functional Stairs.
0,5 0 0 1 1
If one of the Stairs is functional then Stairs are considered functional
to the extend depending on amount of functional Stairs.
0,25 0 0 1 0
If one of the Stairs is functional then Stairs are considered functional
to the extend depending on amount of functional Stairs.
0,25 0 0 0 1
If one of the Stairs is functional then Stairs are considered functional
to the extend depending on amount of functional Stairs.
00 0 0 0
If no Stairs is functional then Stairs module is considered non-
functional
Elevators=1 Elevators_1 Elevators_2 Expert Rule
11 1
If all Elevators are functional then Stairs module is considered fully
functional
0,5 1 0
If one of the Elevators is functional then Elevators are considered functional
to the extend depending on amount of functional Elevators.
0,5 0 1
If one of the Elevators is functional then Stairs are considered functional to
the extend depending on amount of functional Elevators.
00 0
If no Elevators is functional then Elevators module is considered non-
functional
PU – Public D7.4, November 2022
20
TABLE 6 CONDITIONAL TABLE FOR ELEVATORS GROUP THAT CONTAIN 4 ELEVATORS
Elevators=1 Elevators_1 Elevators_2 Elevators_3 Elevators_4 Expert Rule
11 1 1 1
If all Elevators are functional then Stairs m odule is considered fully
functional
0,75 1 1 1 0
If one of the Elevators is functional then Elevators are considered
functional to the extend depending on amount of functional Elevators.
0,75 1 1 0 1
If one of the Elevators is functional then Elevators are considered
functional to the extend depending on amount of functional Elevators.
0,5 1 1 0 0
If one of the Elevators is functional then Elevators are considered
functional to the extend depending on amount of functional Elevators.
0,75 1 0 1 1
If one of the Elevators is functional then Elevators are considered
functional to the extend depending on amount of functional Elevators.
0,5 1 0 1 0
If one of the Elevators is functional then Elevators are considered
functional to the extend depending on amount of functional Elevators.
0,5 1 0 0 1
If one of the Elevators is functional then Elevators are considered
functional to the extend depending on amount of functional Elevators.
0,25 1 0 0 0
If one of the Elevators is functional then Elevators are considered
functional to the extend depending on amount of functional Elevators.
0,75 0 1 1 1
If one of the Elevators is functional then Elevators are considered
functional to the extend depending on amount of functional Elevators.
0.50 0 1 1 0
If one of the Elevators is functional then Elevators are considered
functional to the extend depending on amount of functional Elevators.
0,5 0 1 0 1
If one of the Elevators is functional then Elevators are considered
functional to the extend depending on amount of functional Elevators.
0,25 0 1 0 0
If one of the Elevators is functional then Elevators are considered
functional to the extend depending on amount of functional Elevators.
0,5 0 0 1 1
If one of the Elevators is functional then Elevators are considered
functional to the extend depending on amount of functional Elevators.
0,25 0 0 1 0
If one of the Elevators is functional then Elevators are considered
functional to the extend depending on amount of functional Elevators.
0,25 0 0 0 1
If one of the Elevators is functional then Elevators are considered
functional to the extend depending on amount of functional Elevators.
00 0 0 0
If no Elevators is functional then Elevators module is considered non-
functional
PU – Public D7.4, November 2022
21
TABLE 7 CONDITIONAL TABLE OF PLATFORMS GROUP THAT CONTAIN 2 PLATFORMS
TABLE 8 CONDITIONAL TABLE OF PLATFORMS GROUP THAT CONTAIN 4 PLATFORMS.
Platforms=1 Platform_1 Platform_2 Expert Rule
11 1
If all Platforms are functional then Platforms module is considered fully
functional
0,5 1 0
If one of the Platforms is functional then Platforms are considered
functional to the extend depending on amount of functional Platforms.
0,5 0 1
If one of the Platforms is functional then Platforms are considered
functional to the extend depending on amount of functional Platforms.
00 0
If no Platform is functional then Platforms module is considered non-
functional
Platforms=1 Platform_1 Pl atform_2 Platform_3 P latform_4 Expert Rule
11 1 1 1
If all Platforms are functional then Platforms module is considered
fully functional
0,75 1 1 1 0
If one of the Platforms is functional then Platforms are considered
functional to the extend depending on amount of functional Platforms.
0,75 1 1 0 1
If one of the Platforms is functional then Platforms are considered
functional to the extend depending on amount of functional Platforms.
0,5 1 1 0 0
If one of the Platforms is functional then Platforms are considered
functional to the extend depending on amount of functional Platforms.
0,75 1 0 1 1
If one of the Platforms is functional then Platforms are considered
functional to the extend depending on amount of functional Platforms.
0,5 1 0 1 0
If one of the Platforms is functional then Platforms are considered
functional to the extend depending on amount of functional Platforms.
0,5 1 0 0 1
If one of the Platforms is functional then Platforms are considered
functional to the extend depending on amount of functional Platforms.
0,25 1 0 0 0
If one of the Platforms is functional then Platforms are considered
functional to the extend depending on amount of functional Platforms.
0,75 0 1 1 1
If one of the Platforms is functional then Platforms are considered
functional to the extend depending on amount of functional Platforms.
0.50 0 1 1 0
If one of the Platforms is functional then Platforms are considered
functional to the extend depending on amount of functional Platforms.
0,5 0 1 0 1
If one of the Platforms is functional then Platforms are considered
functional to the extend depending on amount of functional Platforms.
0,25 0 1 0 0
If one of the Platforms is functional then Platforms are considered
functional to the extend depending on amount of functional Platforms.
0,5 0 0 1 1
If one of the Platforms is functional then Platforms are considered
functional to the extend depending on amount of functional Platforms.
0,25 0 0 1 0
If one of the Platforms is functional then Platforms are considered
functional to the extend depending on amount of functional Platforms.
0,25 0 0 0 1
If one of the Platforms is functional then Platforms are considered
functional to the extend depending on amount of functional Platforms.
00 0 0 0
If no Platforms is functional then Platforms module is considered non-
functional
PU – Public D7.4, November 2022
22
TABLE 9 CONDITIONAL TABLE FOR EACH STATION NODE
TABLE 10 CONDITIONAL TABLE FOR EACH LINE COMPONENT
The next step is the application of the second approach to scenario 1 and 2 and the estimation of cost
impact for restoring faulty lines. This time however it is taken into account the performance of each of
the fundamental components (the leaves in the above-mentioned graph model) which indirectly
depends on the natural condition of each component and disaster effects resulting from potential
hazards (natural or human made, corresponding to scenarios 1 and 3 respectively). Cost model
depends to resource consumption needs in order to fully restore each component, as proposed with
CAMS demonstration (CAMS presentation, CdM simulation exercise, table 12 in D7, page 12) based
on WP7's task studies, and it is formalized by the following graph:
FIGURE 10 PERFORMANCE IN TERMS TO COST CONSUMPTION
Scenario 1
As discussed in the previous section, scenario 1 envisages a physical hazard (flooding incident) that
impacts the section of the railway line between Multi-Modal Station 1 and Railway Station 4 and
causes fatal damage to Elevator 1, Platform 1 and Platform 2 at Multi-Modal Station 1. In this
regard, according to the second proposed approach, all assets (leaf nodes in the train network graph)
are considered 100% except those that were damaged, which are mapped to P(asset=1) = Q0 +
ΔQasset(casset) where Q0 represents performance immediately following the disaster incident, and
Qasset(casset) represents cost as the cost for full restoration. For the specific use case it is assumed
two types of disaster impact: (a) “fatal impact” where performance reduces to zero, Q0 = 0.0and
(b) «needing maintenance » where the asset has not been damaged, however should be tested and
further maintenanced. In this case, it is assumed that Q0=0.9. To simplify scenario 1&2, it was
considered that performance is affected only by disaster events and not by natural performance
Station=1
Communic ation
System
Stairs Ele vato rs Platforms Structure CCTV system
Ticketing
System
Expert Rule
11 1 1 1 1 1 1
If all components are functional then Station module is
considered fully functiona l
00 0 0 0 0 0 0
If all Stairs are non-functional then Station module is considered
non-functional
00/1 0/1 0/1 0/1 0/1 0/1 0/1
If at least one component is non-functional then the Station is
disabled (non-functional)
Line=1 Station (i) Expert Rule
11
If all Stations are enabled then Line module is
considered fully functional
00/1
If at least one Station is non-functional then the
Line module is disabled (non-functional)
PU – Public D7.4, November 2022
23
decay. Otherwise, performance would not be steady to 100% in non-disaster cases, but in the
progress of time there would be a natural deterioration of assets’ condition and consequently their
Q(t) which would need an extra cost investment in order to restore their Q(t) to previous levels.
Based on conditional tables, all nodes that are dependant to nodes that have performance 1.0 (100%),
they correspond to performance 1.0 as well, given their dependant nodes values. As a result:
Where assetnon-influenced: all assets that the other assets theydepend on have 100% performance.
The assets that have been affected by flooding are : (a) Elevator 1, Plaform 1, Platform 2 from Multi-
Modal Station 1 and (b) Red Line.
As a result, based on the second approach, utilizing the above-mentioned conditional tables and
performing the necessary calculations, we arrive at the following results:
Scenario 2
The second scenario regards a terrorist attack where a bomb blast damages severely Platform 1 &
2 of Metro Station 4, but for precautionary reasons Platform 3 & 4 are out of service in order to be
checked and maintenanced. In this regard, Platforms 1 & 2 are considered to have fatal damage:
And Platform 3 & 4 are closed for maintenance (Q0 = 0,9):
Similarly to scenario 1, based on 2ndapproach and assuming that restoration cost and performace
improvement in terms of cost for Platform 1&2 is approximately the same
Similarly, we assume that performance improvement in terms of cost for maintenance reasons for
Platforms 3 & 4 is approximately the same
Consequently, the correponding results of the second approach when applied on scenari on 2 are
the following:
PU – Public D7.4, November 2022
24
Following the above results, we proceed to test cost investment variations using approach 2 on
scenario 1 and scenario 2. The results are presented below:
TABLE 11 COMPONENTS RESTORATIONS SIMULATION FOR SCENARIO 1
TABLE 12 COMPONENTS RESTORATIONS SIMULATION FOR SCENARIO 2
Elevator 1 Platform 1 Platform 2 Red_Line Cost
Utilization (In terms of L ine sections) Row ID
NO FIX NO FIX NO FIX NO FIX 0 0,59
1
NO FIX NO FIX NO FIX FIX C_Line 0,69
2
FIX / NO FIX FI X / NO FIX FIX / NO FIX FIX
C_Line +
C_Platform*Num_Fixed_Platform s
+
C_Elevator*Num_Fixed_Elevators
{ [2 *(0,75+0,2 5*num_el evato rs) *
(0,5+0,2 5*num_platforms)] + 2 } * 0,25
3
FIX / NO FIX FI X / NO FIX FIX / NO FIX NO FIX
C_Platform*Num_Fixed_Platform s
+
C_Elevator*Num_Fixed_Elevators
{ [(0, 75+0,25*num_elevat ors) *
(0,5+0,2 5*num_platforms)] + 2 } * 0,25
4
Platform 1 Platform 2 Platform 3 P latform 4 Cost
Utilization (In terms of Line sections) Row ID
FIX FIX FIX FIX
C_Platform_1 + C_Platform_2 +
C_Platform_3 + C_Platform_4
100 %
1
FIX FIX FIX NO FIX
C_Platform_1 + C_Platform_2 +
C_Platform_3
99%
2
FIX FIX NO FIX FIX
C_Platform_1 + C_Platform_2 +
C_Platform_4
99%
3
FIX FIX NO FIX NO FI X
C_Platform_1 + C_Platform_2 98% 4
FIX NO FIX FIX FIX
C_Platform_1 + C_Platform_3 +
C_Platform_4
88%
5
FIX NO FIX FIX NO FIX
C_Platform_1 + C_Platform_3 86% 6
FIX NO FIX NO FIX FI X
C_Platform_1 + C_Platform_4 86% 7
FIX NO FIX NO FIX NO FIX
C_Platform_1 85% 8
NO FIX FIX FIX FIX
C_Platform_2 + C_Platform_3 +
C_Platform_4
88%
9
NO FIX FIX FIX NO FIX
C_Platform_2 + C_Platform_3 86% 10
NO FIX FIX NO FIX FIX
C_Platform_2 + C_Platform_4 86% 11
NO FIX FIX NO FIX NO FIX
C_Platform_2 85% 12
NO FIX NO FIX FIX FIX
C_Platform_3 + C_Platform_4 75% 13
NO FIX NO FIX FIX NO FIX
C_Platform_3 74% 14
NO FIX NO FIX NO FI X FIX
C_Platform_4 74% 15
NO FIX NO FIX NO FI X NO FIX
073% 16
Color codes
Highest Cost
Crucial High Medium Low No Cost
Crucial Very High
Medium High Medium Low Very Low
PU – Public D7.4, November 2022
25
In Table 11 are presented the same variations of investments management for repairing the broken
assets as those presented for approach 1. Using Fault Tree analysis, it was shown that the crucial
factor, Red Line section, that influences train network utilization was the only factor that affects the
network’s performance and as a result it is the only asset that should be restored. The Bayesian
Network approach is much more sensitive. We can see that all factors affect network’s utilisation. The
most crucial factor remains the Red Line section, which means that the restored Red Line section
results in greater network performance (rows 2 and 3). Additionally, any extra asset that is restored,
increases network performance (row 3 gives better results than row 2). An interesting point is that row
4 which corresponds to non-restored Red Line section can result in higher performance than row 2,
which corresponds to restored Red Line section only, in the case that the other assets (Platform 1&2
and Elevator 1) are recovered. This is because approach 2 is sensitive to the contribution of the "non-
fatal" damages, which, none the less, have a negative effect on network performance if their negative
effects are aggregated with their parent assets. Of course, the question, if such a result is desirable
or not, is something to be taken into account when: (a) selecting the performance function (Q(c)) and
(b) fine tuning the model by determining the conditional probabilities in conditional tables. This
however is something that should be aligned always by end users’ knowledge and requirements.
Table 12 presented the variations of budget planning for scenario 2 using 2nd approach. This case
study demonstrates the effectiveness of this approach in identifying minor or major damages to
assets, as well as cascading effects caused by propagating damages from parent assets to children
assets, which can be used by CAMS tool in S4RIS platform to plan budgets effectively. In this example
we see that overall utilisation increases as cost investment increases, comparing to the Fault Tree
method where overall utilisation was reduced only when a crucial set of assets for the functional
capability of network, is harmed.
3.3 Integration with CAMS tool
Although the proposed analysis could be used as a standalone estimation of the corresponding
cascading effects to the maintenance and repair of an infrastructure, in case of a sudden disaster
incident, it is mainly designed for complementing the investment optimization procedure as performed
by CAMS in T7.5. In this context, the proposed analysis purpose is to calculate the cascading effect
of a disaster incident to infrastructure components and infer of the condition level of each component.
In further this will be forwarded to CAMS in the appropriate input form (D7.5), in order to make an
estimate on the time and cost for each infrastructure to be repaired, taking into account physical
deterioration, repairing time and corresponding cost. The respective flow is depicted in Figure 11.
PU – Public D7.4, November 2022
26
FIGURE 11 INVESTMENT OPTIMIZATION FLOW DIAGRAM
4. Discussions
A comparison of the two approaches can be summarised in
TABLE 13 COMPARISON OF TWO APPROACHES
Approach 1 (Fault Tree Analysis)
Approach 2 (Bayesian Network)
Fast Method which can be efficiently scale to large
networks
Much more difficult to scale, especially for large
networks with many assets
Good for detecting if crucial assets that affect
network utilization, are damaged
Good for detecting not only the crucial assets but
also the effect of the performance of all assets to the
whole network’s utilization.
Good for detecting mandatory cost investments
quickly and efficiently, but not determining
optimized investment solutions
Reflects in a clear and explainable way costs effects
in assets restoration and how each investment
influence network’s performance.
This method considers assets condition as Boolean
(functional / non-functional)
This method treats asset’s condition
probabilistically, by modelling the state of an assets
with the corresponding prior probability.
This method does not take into account factors that
influence the condition of an asset, such as physical
deterioration of asset, sudden disaster incidents.
This method is flexible for incorporating condition
and performance models that take into account
several aspects of assets’ resilience, such as
PU – Public D7.4, November 2022
27
environmental effects, physical assets decay,
resilience to hazards, etc.
As stated in Table 13, each approach has its benefits, but also its drawbacks. Approach 1 is much
more efficient and scalable, capable for detecting mandatory investments but fails to model
investments effects in detail but only in a pass / no pass manner. Approach 2 on the other hand, is
much more effective in modelling not only investment needs for ensuring functional state of train
network but also the effects of each investment on whole system performance which is useful for
optimisation investment strategies not only in short term for mitigating a sudden disaster effect, but
also in longer terms by ensuring better resilience of systems. Consequently, a proposed direction that
exploits both approaches and avoids as far as possible the burdens of each approach would be to
apply Approach 1 to larger infrastructures in a real-time manner in order to make a first coarse grain
analysis of potential cases that probably require attention, and then apply Approach 2 to assess
several budget estimation scenarios to reduce damages and achieve better resilience in an efficient
manner with optimized budget planning under more study in Task 7.5 by RMIT.
5. Conclusion
In this document there was presented a study of modelling metro/railway infrastructure, that reflects
inter and intra connections and dependencies among the various components of the infrastructure.
The first approach corresponds to a coarse grain Fault tree analysis which resulted to be efficient and
scalable but useful only for detecting potential severe damages that need to be recovered in order to
have the network back functioning. The second approach was based on a Bayesian Network that
represents the various components and their depended ones. This method seems to be more
accurate and effective, however it lacks of scalability capability. The proposed conclusion was to
exploit the coarse grain first method as a first filter of potential disaster incidents that damage control
is mandatory in order the network to return to a functional state. The second approach is
recommended for analysing and researching various investment alternatives regarding network
restoration, examining investment plans for enhancing resilience and optimising these strategies.
Based on results from D7.4, CAMS needs specific data to calculate an optimised budget for restoring
railway facilities after an incident. A sample of these data is attached in [8], [9].The conclusions of this
study as well as other tasks under WP7 participants enabled the end-user to reach the successful
implementation of action task T7.5 regarding optimising budget-related incidents.
PU – Public D7.4, November 2022
28
BIBLIOGRAPHY
1. D.L. Anderson, G.G. Brown, W.M. Carlyle, “Operational Models for Infrastructure Resilience”,
Risk Analysis, Wiley 2015, doi: https://doi.org/10.1111/risa.12333
2. T.H. Nipa, S. Kermanshachi, I. Ramaji, “Comparative Analysis of Strengths and Limitations of
Infrastructure Resilience Measurement Methods”, CSCE Internalional Conference, June 2019
3. R. Guidotti, et al, “Modeling the resilience of critical infrastructure: the role of network
dependencies”, Sustain Resilient Infrastruct. 2016 ; 1(3-4): 153–168.
doi:10.1080/23789689.2016.1254999
4. Mottahedi,A.;Sereshki,F.; Ataei, M.; Nouri Qarahasanlou, A.; Barabadi, A. “The Resilience of
Critical Infrastructure Systems: A Systematic Literature Review”. Energies 2021, 14, 1571.
https://doi.org/10.3390/ en14061571
5. R. Nateghi, "Multi-Dimensional Infrastructure Resilience Modeling: An Application to
Hurricane-Prone Electric Power Distribution Systems," in IEEE Access, vol. 6, pp. 13478-
13489, 2018, doi: 10.1109/ACCESS.2018.2792680.
6. SAFETY4RAILS Deliverable 3.1
7. SAFETY4RAILS Deliverable 7.1
8. “Data required for CAMS”: Section 6.4, and Table 12 in SAFETY4RAILS Deliverable 7.1
9. “RFI Simulation Exercise 2022-06-01”: Section 6.3, and Table 11 in SAFETY4RAILS
Deliverable 7.1
10. SAFETY4RAILS Deliverable 7.3
PU – Public D7.4, November 2022
29
ANNEXES
ANNEX I. GLOSSARY AND ACRONYMS
TABLE 14 GLOSSARY AND ACRONYMS
Term
Definition/description
BN
Bayesian Network
FT
Fault Tree
DoA
Description of Action
ISO
International Organisation for Standardisation
S4R
SAFETY4RAILS
DAG
Directed Acyclic Graph
WP
Work Package
CAMS
Central Asset Manfgment System
CdM
Comune di Milano (City of Milan)
S4RIS
SAFETY4RAILS Information System
D
Deliverable
EGO
Ankara Metro
MdM
Metro de Madrid
RFI
Rete Ferroviaria Italiana
