Apples-to-Apples: LIRA vs. RAMCAP

by Randy George, Rick White, C. Edward Chow, and Terrance Boult

In October 2014, the Department of Homeland Security Science and Technology Directorate (DHS S&T) contracted the University of Colorado, Colorado Springs (UCCS) to evaluate RAMCAP, the Risk Analysis and Management for Critical Asset Protection. RAMCAP was developed by the American Society of Mechanical Engineers (ASME) at the request of the White House shortly after 9/11 to uniformly assess risk and help prioritize national investments in critical infrastructure protection. Despite four years working with stakeholders, RAMCAP was rejected after it was introduced in the 2006 National Infrastructure Protection Plan. Among its few surviving applications, RAMCAP is designated the J100-10 standard for risk analysis on Water and Wastewater treatment plants. It was for this reason that DHS returned to RAMCAP in 2014 over concerns for the nation’s deteriorating drinking water infrastructure.

In the United States, about 156,000 public water systems provide drinking water to about 320 million people through more than 700,000 miles of pipes. Unfortunately, much of the system is starting to come to the end of its useful life, with many of the pipes over 100 years old. As a consequence, there are an estimated 240,000 water main breaks per year contributing to the estimated 1.7 trillion gallons of water lost to broken and leaky pipes. The cost to fix the system is estimated somewhere between $650 billion and $1 trillion.¹ Most water utilities are unprepared to take on this expense. The Environmental Protection Agency (EPA) doesn’t have the money,² nor does Congress, having allocated only $17.3 billion to the Drinking Water State Revolving Fund (DWSRF) over the past 20 years;³ [3] less than 3% needed to fix the problem based on the lowest estimate.

Leaky pipes are not the only concern. Climate change also poses a threat to the nation’s drinking water infrastructure. Higher air and water temperatures promote increased growth of algae and microbes, increasing the need for drinking water treatment. Higher air and water temperatures also melt the polar ice caps causing global sea levels to rise. Sea-level rise increases the salinity of both surface and ground water, resulting in salt-water intrusion into coastal drinking water supplies. Reduced annual precipitation and extended drought threaten in-land water supplies. Climate change presents yet another challenge for which utilities are unprepared to pay the bill.⁴

As if these concerns aren’t enough, water utilities also face the threat of terrorist attack. 9/11 demonstrated the ability of small groups to inflict catastrophic destruction by subverting critical infrastructure. Water utilities are not just critical, they are considered a “lifeline” function; they are essential to the operation of most other critical infrastructure sectors. Water utilities are considered “lifeline” functions together with communications, transportation, and energy. Moreover, water utilities pose a potential target because about 15% of facilities provide services to more than 75% of the US population.⁵ A carefully executed cyber attack could conceivably disrupt the distribution systems for these supplies.

Concerned about these emerging threats to the nation’s drinking water from aging infrastructure, climate change, and cyber attack, in 2014 DHS S&T launched the Drinking Water Resilience Project (DWRP). Whenever faced with more tasks than resources, one must prioritize. DWRP sought an objective risk methodology to help prioritize national investments, not just in water utilities, but all lifeline infrastructures. DHS S&T tasked UCCS to evaluate RAMCAP for this capability.

Detailed analysis involving modeling and simulation determined that RAMCAP did not account for emerging threats from aging infrastructure, climate change, or cyber attack. Nor could RAMCAP account for mobile assets, leaving out the entire aviation subsector. Most significantly, RAMCAP allowed wide variability in its calculations, making the results incomparable across assets or sectors. Overcoming these shortfalls would require a major overhaul of RAMCAP. The first step was expanding RAMCAP’s reference scenarios to include the emerging threat categories. The second step was more drastic. To accommodate mobile assets, RAMCAP’s bottom-up component analysis had to be replaced with a top-down system analysis. And perhaps the greatest challenge, the third step was to outfit RAMCAP with a default database of threat and vulnerability values to eliminate variability so risk results could be compared “apples-to-apples”. To demonstrate the feasibility of these changes, UCCS developed a prototype model called LIRA for Lifeline Infrastructure Risk Analysis.

LIRA met the objectives set by DWRP. DHS S&T wanted to submit it for certification by the American National Standards Institute (ANSI), and help LIRA avoid the fate of RAMCAP. DHS S&T thus contracted UCCS a second year in October 2015 to develop the corresponding ANSI-standard specification. As part of the process, UCCS was tasked to incorporate stakeholder feedback on the LIRA design. This was done through an online survey administered between February and May 2016.

The LIRA survey was comprised of ten “Would you rather…” questions. The questions were formulated to gauge user preferences between fundamental differences in LIRA and RAMCAP designs. LIRA trades detailed results for speed and cost savings. RAMCAP trades speed and cost savings for detailed results. At the conclusion of the survey, participants expressed an overwhelming preference for LIRA. Unfortunately, the results were convincing, but not conclusive. Despite reaching out to 684 representatives from the aviation, electricity, and drinking water subsectors, only 26 people responded to the survey. The confidence intervals were too large to make the results definitive. Before making a substantial investment in ANSI certification, DHS S&T wanted to confirm the results. Consequently, UCCS was contracted a third year in October 2016 to repeat the survey and also deliver a tool to help build the LIRA database.

Epilogue. Since this paper was submitted, UCCS completed its obligations under the DWRP Y3 contract. The survey was again under-represented, garnering only 49 more responses. This time, though, the results were mixed, favoring neither RAMCAP nor LIRA. The confusion may be attributable to a design flaw in the survey. It doesn’t matter. In August 2017, UCCS released the LIRA Database Validation Tool. LIRA-DVT is a complete online implementation of the LIRA risk methodology including a default data set. The purpose of LIRA-DVT is to collect locally-adjusted changes to the default database. The collected data is anonymous, and cannot be traced back to the user. A LIRA risk analysis can take less than thirty minutes. In addition to providing an objective assessment of risk at the local, state, and national levels, LIRA also helps users examine the cost benefits of alternative mitigation and resilience measures. LIRA-DVT is available for free at https://lira.uccs.edu/app/. Rick White may be reached at rwhite2@uccs.edu

Notes