Risk analysis of cyber vulnerabilities in water distribution industrial control systems

Cyber attacks are an emerging threat to critical infrastructure systems worldwide. We focus on water, recognizing that water is vital for human health and to the function of other critical infrastructures. A cyber attack targets control and monitoring systems of a water utility, known as supervisory control and data acquisition (SCADA) systems, and disrupts water operations. Current research is inadequate in developing critical risk assessments using scenario based risk metrics to characterize vulnerabilities in the SCADA networks. Such work forms the basis for a risk-informed management process. This research constructs a scenario-based risk assessment of water treatment and distribution system cybervulnerabilities. We identify vulnerable elements of the network, conduct a failure analysis, and create fault trees for a selected set of cyber intrusion scenarios. Future research will focus on expert elicitation of probabilities of failure of selected events, with the goal of informing decision makers about risk management and mitigation strategies. cating value of cyber protection to water industry leaders.