CIASS (Cross-Impact Analysis & Simulation Software) is a powerful tool, developed by the management consulting organization Sinergy, and Pablo de Olavide University, both located in Seville (Spain). This tool has been designed to support decision-making under high uncertainty conditions, through the analysis and generation of scenarios by applying the Cross-Impact Analysis (CIA) method. This method has proved to be very useful in order to shape the interaction results of multiple and interlinked parameters’ in complex and dynamic systems.
CIASS software is based on the outcomes from the research group led by Professor Víctor Bañuls. We count with extensive research experience on the development of information systems for scenario simulation and decision-making under high uncertainty conditions. [Development of a Dynamic Scenario Model for the Interaction of Critical Infrastructures. M. Turoff, V. A. Bañuls, L. Plotnick, R Hiltz. Proceedings of the 11th International ISCRAM Conference – University Park, Pennsylvania, USA, May 2014].
This tool has been specifically developed in order to generate estimates through an interactive and visual system in web environment, and it is currently operational. CIASS.
IMPLEMENTED IN RISKS MANAGEMENT, PROTECTION AND EMERGENCY RESPONSE
The traditional methodologies implemented in risks assessment are focus on impact analysis and the probability of arising each of those identified threats, individually and separately. These methodologies have limitations, since individualized analysis do not allow an assessment of risks associated to threat correlation, whose individual risk may be low but, at the same time, lead to catastrophic situations.
Nevertheless, it is necessary to consider that most misfortunes to security have been caused by threat correlation (failures in internal controls, equipment, operators and conditions of environment), which would have not given rise to a major accident on its own.
CIASS software is particularly efficient for risks assessment associated to the interdependencies of critical infrastructures.
Cross-Impact Analysis method permit to assess risk associated to various levels of threats correlation, different factors and events taken into consideration. In this regard, this method has been implemented to risks assessment, taking into consideration the interdependences of different critical infrastructures. It has been implemented by the research staff of MSIG, within the framework of the research project CMIC (Turoff, Bañuls, Plotnick & Hiltz, 2015;2014).
On the basis of the algorithm, developed by the Department of Information Systems from the New Jersey Institute of Technology (NJIT), in collaboration with the Department of Business Organization and Marketing at Pablo de Olavide University, MSIG has developed CIASS Software that allows the implementation of cross-impact analysis techniques, in order to assess the risk associated to different levels of threats correlation and its cascading effects (Bañuls & Turoff, 2011). In this sense, it is possible to generate and identify high risk scenarios by correlation of events, which considered individually would not be significant on its own. (Bañuls, Turoff & Hiltz, 2012; 2013, Lage, Bañuls & Borges, 2013). CIASS has been successfully validated for risk analysis in industrial contexts (De la Huerga, Bañuls & Turoff, 2015ab) and in potentially critical infrastructures (López, Bañuls & Turoff, 2015).
The Cross-Impact Analysis method supported by CIASS system is particularly efficient in order to assess risks, which are associated to internal interdependences of critical infrastructures, as well as interdependences associated to essential services that are provided by other critical operators, or interdependencies associated to service providers within the supply chain.
In addition, CIASS system allows a real-time simulation of different risks scenarios, which are generated by varying the threats conditions, factors and events taken into consideration.
CIASS simulation capabilities may prove to be a useful tool in planning and development of dynamic and crisis drills in real time.
Therefore, we recommend the use of CIASS system for the planning and development of dynamic drills in real time, involving different actors at the various facilities and critical operators’ premises. These simulations allow response assessment in dynamic scenarios which involve events related to the different identified interdependences.
It also intends to conduct two different types of drills in other related operators of critical infrastructures, as well as other actors, such competent authority responsible for security, and emergency response, in order to cover the whole range of identified interdependences.
CIASS has been used in previous researches led by international reference groups of different countries, for the purpose of supporting different strategies and plans in Spain, USA, Canada, Romania, China, Norway and Brazil.