Toward a systems-based vulnerability assessment methodology for water supply systems

The purpose of this paper is to provide an in-progress review of the development of a systems-based vulnerability assessment methodology for critical infrastructures. This methodology is a supporting framework for the Infrastructure Risk Analysis Model (IRAM), where vulnerability assessment was briefly discussed but not fully developed by the authors. This paper focuses exclusively on water supply as the complex organizational system in focus. However, further research, deployment, and refinement of the vulnerability methodology may prove the applicability of the framework for military installations and electric power, among other critical infrastructures. This paper discloses three main ideas. First, there has been very little published in the way of rigorous vulnerability assessment methodologies. In fact, there is no agreed-upon definition of vulnerability. Second, vulnerability assessment appears to be an ad hoc checklist of things-to-do, bereft of agreement regarding the system in focus, i.e., the boundaries and context of a water supply system. Last, the paper argues that a water supply system should be viewed as a complex organizational system. The implication of this paper is that classic risk assessment questions (What can go wrong? What is the likelihood? and What are the consequences?) should be preceded by the primal question: What is the system in focus? The system in focus must be understood before meaningful risk and vulnerability assessment is undertaken.