Risks of cyber attack to supervisory control and data acquisition for water supply

Supervisory control and data acquisition (SCADA) allows a utility operator to monitor and control processes that are distributed among various remote sites. The goal of this thesis is to develop a risk management framework that uses existing probabilistic risk assessment (PRA) methodology to quantify the risks of willful threats to water utility SCADA systems. This framework can assist decision makers in understanding the risks of cyber intrusion, their consequences and tradeoffs in order to maximize the survivability of the system. Surety, a measure of survivability, is defined as a measure of system performance und~r an unusual loading. A survey is conducted to understand the current state of SCADA in water utilities, to document information on cyber intrusion, and to determine the concerns of administrators on system security. Using hierarchical holographic modeling (HHM), sources of cyber risk to SCADA are identified. Event trees and fault trees are used to model the probabilistic consequences of cyber intrusion on water supply systems. Cost, surety, expected level of percentage of water flow reduction, and conditional expected level of percentage of water flow reduction are introduced as performance measures to evaluate policy options. Alternatives are generated and then compared using multiobjective tradeoff analysis. Lastly, a prototype city is analyzed to demonstrate the applicability of the developed methodology. The methodological framework for managing cyber risk to water utility SCADA systems constitutes the maJor contribution of the thesis.

Note: Abstract extracted from PDF file via OCR.