Vulnerability analysis in critical infrastructures: A methodology
More details
Hide details
Member of Research & Development Centre of Portuguese Military University Portuguese Military University Institute
Online publication date: 2019-04-20
Publication date: 2019-06-28
Security and Defence Quarterly 2019;24(2):65–86
Vulnerability assessment is a crucial aspect for the development of methodologies to define the levels of protection in critical infrastructures.

Throughout this research, we discussed the concept of vulnerability and methodologies and processes for its assessment in critical infrastructures due to a terrorist threat. The research focused on the development of an analysis model, exploring a multi-criteria decision method, in order to limit the risks to the maximum extent possible.

Through a qualitative research methodology, in which we applied an analysis model based on the Threat and Infrastructure dimensions and their respective factors, we verified that the vulnerability of a critical infrastructure consists in the probability of the success of an attack, conducted by a threat - properly identifi ed, characterised, analysed and categorised - against an infrastructure with certain characteristics, which value is defi ned by the user and aggressor’s point of view.

The construction of an algorithmic model for vulnerability assessment, complemented by tools to support the calculations and records, allows, through a rational, scientific and algebraic process, a qualitative analysis of factors to be transformed into measurable and quantifi able values, whose algebraic operation integrates them into a final result that expresses, as a percentage, the degree of vulnerability of a critical infrastructure facing a terrorist threat.
Almeida, A., 2011. Multicriteria methodology for identifi cation and prioritization of Critical Infrastructures. Th esis for Master Degree in Industrial Engineering and Management, Instituto Superior Técnico.
Bana e Costa, C., Angulo-Meza, L. and Oliveira, M., 2013. MACBETH method and its aplication in Brazil. Engevista, 15(1), 3–27.
Conceição, L., 2008. Building Security and Protection against terrorists attacks. Thesis for Master Degree in Military Engineering, Instituto Superior Técnico.
CCEM, 2014. Military Strategic Concept. National Defense Ministery, Lisbon.
European Council, 2008. Identifi cação e designação das infra-estruturas críticas europeias e à avaliação da necessidade de melhorar a sua protecção (Diretiva 2008/114/CE de 8 de dezembro de 2008), Jornal Ofi cial da União Europeia, Brussels.
FEMA, 2005. FEMA 452 - Risk Assessment: A How-To Guide to Mitigate Potential Terrorist Attacks Against Buildings. Risk Management Series. Federal Emergency Management Agency.
FEMA, 2006. FEMA 453 – Design Guidance for Shelters and Safe Rooms. Risk Management Series. Federal Emergency Management Agency.
Ferreira, H., 2016. Critical Infrastructure Identifi cation and Characterization - a Methodology. Military University Institute.
Krauthammer, T., 2008. Modern Protective Structures. CRC Press, Florida.
Morgeson, J. et al., 2011. Doctrinal Guidelines for Quantitative Vulnerability Assessments of Infrastructure – Related Risks. Vol.1. Institute for Defense Analyses, Virginia.
Santos, L.A. et al., 2016. Methodological Guidelines for research. IESM, Lisbon.
Schnaubelt C. et al. 2008. Vulnerability Assessment Method. Pocket Guide. A tool for center of gravity analysis. Rand Corporation, Washington D.C.
Renfroe, N.A. Smith, J.L., 2016. Th reat / Vulnerability Assessments and Risk Analysis [online]. WBDG Whole Building Design Guide. Available from: [Accessed 9 Dec 2016].
Security and Forensic Sciences, 2012. Critical Infrastructures Protection. [online].
Security and Forensic Sciences. Available from: https://segurancaecienciasfore... 2012/03/04/proteccao-de-infra-estruturas-criticas-2/ [Accessed 9 Dec 2016].
US DHS, 2009. National Infrastructure Protection Plan. Department of Homeland Security.
US DoD, 2004. DoD Antiterrorism Handbook. Department of Defence.
US DoD, 2008. UFC 4-020-01 DoD Security Engineering Facilities Planning Manual. Department of Defence.