MHR Modeling approach

Some of the holistic models allow what is called global analysis. The global analysis includes qualitative techniques aimed at identifying and characterizing the various critical infrastructures emphasizing their role in the global context. This type of models also offer an approach under which we try to identify those infrastructures that are critical and identifying the role they play at the political/geographical level like a regional, national and international level.

The information needed for the creation of these models, often comes from data we can get through meetings, brainstorming, workshops and with the help of questionnaires. These methods are very interesting to understand the macro interdependencies allowing workers, who deal with different areas, to have a common framework for comparison. Unfortunately, this approach, for our purposes, appears to be crass and not suitable for supporting the development of operative plans acts to improve overall reliability of the system.
The approach followed this work concerns the analysis of interdependencies with respect to different layers (levels); especially we focus on some classes of interdependencies such as Physics, Logic, and Cyber Geographic;

  • Physics Interdependence: two infrastructures are physically interdependent if the operations of infrastructure depend on the physical outputs of the other;
  • Cyber Interdependence: cyber infrastructure presents a dependency if its state depends on the information transmitted and received through the communication network infrastructure;
  • Geographical Interdependence: occurs when a geographical interdependence of multiple infrastructure elements are located at a close spatial proximity. In this case, special events such as terrorist attacks, a fire or explosion can cause faults or damage to surrounding infrastructure closer physically;
  • Logic Interdependence: two infrastructures are logically interdependent if the state of each of them depends on the state of control, regulations or other mechanisms that cannot be considered physical, cyber or geographical area.

One of the possible approaches that can be implemented in CISIA is MHR modelling (Mixed Holistic-Reductionistic). This approach allows us to get into the right level of detail with minimal data collection techniques, information and allowing them to obtain meaningful information. From those considerations made can be draw some important guidelines to model a simulation of this type:

  • Each infrastructure is modelled from its macro-components, is to say, objects with a specific role, easily recognizable and whose overall behaviour is given by their interactions;
  • For the amount of detailed information about each level is defined with a sufficient level of abstraction that enables a consistent description based on generic and incomplete data that can be acquired by interested parties (such as stakeholders) and open documents;
  • The blocks must be described so that they are confined and decoupled from each other because their behaviour should depend only on the values explicitly exchanged with other blocks;
  • The simulator must not impose any kind of limitation to the type of behaviour representable so that it can be chosen, for the various blocks of the system, the most appropriate representation of reality. In addition, the size/scale of the system described should be free and bound to the needs of the specific case.

Then, it will be necessary to define the macro infrastructure components for a system composed of n-elements with its level of detail appropriate to the needs of the case. Each component must be characterized in terms of capacity to perform its job properly, producing the appropriate amount of goods/services required and in terms of the level of failure/malfunction that can be found in its period of operation for each of the dimensions of interdependence considered.

MHR modelling permits to defining three different typologies of abstraction:

  • Holistic entities;
  • Service entities;
  • Reductionistic entities.


An Holistic Entity represents the infrastructure as a whole (or its general organizational divisions) in order to have a model that can take into account the global dynamics between infrastructure (possibly one might think of representing behaviors related to policies, strategies, etc.).
A Service Entity represents a logical element, organizational or real, that provides an aggregate resource such as that of remote control (for remote control generally refers to a solution that provides the field of the supervision by means of software and data collection through a network of apparatuses and instruments geographically distributed on a plant complex too).
Finally, with a Reductionistic Entity, we are able to represent, with the right degree of abstraction, all physical entities (also aggregated) of the infrastructure.
With the use of these layers is possible to capture the interdependencies among the different infrastructures. Each layer of the infrastructure is composed of several elements or blocks). All elements within these layers follow a general pattern common:

  • There are elements in order to provide and / or consume resources (goods, services, etc.);
  • Some of these items may be subject to failure or malfunction;
  • Different resources and faults can propagate in according to ‘proximity’ of a different nature;
  • The ability of each element to provide the necessary resources depends on its OP (which will depend on the availability of resources or failure received).

The idea behind of modelling a critical infrastructure in CISIA is both simple and effective and allows us to define a simulation model without having to define the input and output of specific entities but simply defining the presence of faults and operative levels of the entities. The first concept, which thus need to be addressed, concerns the representation of the entity.
We can see the entity as an object composed by different levels (or layers) of the reality in which it presents specific interdependencies with other dependencies (Figure 3.1).


Figure 2 Representation of entity respect to Operative Level

At this point, we can imagine that all layers of the entity are crossed transversely by its operative level. In fact, the OP represents the state of operability, its health and is closely related to its capacity to provide or receive certain resources and thus the presence of certain faults.