Risk assessment plays a vital role in protecting our nation's critical infrastructure. Traditionally, such assessments have been conducted as a singular activity confined to the boarders of a particular asset or utility with little external sharing of information. In contrast other domains, e.g., disaster preparedness, cyber security, food-borne hazards, have demonstrated the benefits of sharing data, experiences and lessons learned in assessing and managing risk. Here we explore the concept of a Shared Risk Framework (SRF) in the context of critical infrastructure assessments. In this exploration, key elements of an SRF are introduced and initial instantiations demonstrated by way of three water utility assessments. Results from these three demonstrations were then combined with results from four other risk assessments developed using a different risk assessment application by a different set of analysts. Through this comparison we were able to explore potential challenges and benefits from implementation of a SRF. Challenges included both the capacity and interest of local utilities to conduct a shared risk assessment
particularly, wide scale adoption of any SRF will require a clear demonstration that such an effort supports the basic mission of the utility, adds benefit to the utility, and protects utility data from unintended access or misuse. In terms of benefits, anonymous sharing of results among utilities could provide the added benefits of recognizing and correcting bias
identifying ?unknown, unknowns?
assisting self-assessment and benchmarking for the local utility
and providing a basis for treating shared assets and/or threats across multiple utilities.