Topics: Risk, Risk management, Risk assessment Pages: 76 (22885 words) Published: January 5, 2013
Supervisory control and data acquisition (SCADA) allows a utility operator to monitor and control processes that are distributed among various remote sites. The goal of this thesis is to develop a risk management framework that uses existing probabilistic risk assessment (PRA) methodology to quantify the risks of willful threats to water utility SCADA systems. This framework can assist decisionmakers in understanding the risks of cyber intrusion, their consequences and tradeoffs in order to maximize the survivability of the system. Surety, a measure of survivability, is defined as a measure of system performance under an unusual loading. A survey is conducted to understand the current state of SCADA in water utilities, to document information on cyber intrusion, and to determine the concerns of administrators on system security. Using hierarchical holographic modeling (HHM), sources of cyber risk to SCADA are identified. Event trees and fault trees are used to model the probabilistic consequences of cyber intrusion on water supply systems. Cost, surety, expected level of percentage of water flow reduction, and conditional expected level of percentage of water flow reduction are introduced as performance measures to evaluate policy options. Alternatives are generated and then compared using multiobjective tradeoff analysis. Lastly, a prototype city is analyzed to demonstrate the applicability of the developed methodology. The methodological framework for managing cyber risk to water utility SCADA systems constitutes the major contribution of the thesis. TABLE OF CONTENTS

• 1.1 Cyber Attacks *
1.2 Stakeholders *
1.3 Statement of Need *
1.4 Thesis Tasks *
1.5 Thesis Overview *
• 2.1 Introduction *
2.2 Master Terminal Unit *
2.3 Remote Terminal Unit *
2.4 SCADA History *
2.5 Telemetry and the Mainframe Era *
2.6 SCADA and Micro Computer Era *
2.7 SCADA or Distributed Control Systems (DCS) *
2.8 Trends in SCADA and the Internet *
2.9 Estimating Attacks and Incidents from the Internet * 2.10 Denial of Service *
• 3.1 Systems Approach *
3.2 Total Risk Management *
3.3 Alternative Approaches and Methods *
3.4 Probabilistic Risk Assessment (PRA) and Management (PRAM) * CHAPTER 4 FRAMEWORK FOR SCADA UTILITY SURVIVABILITY MODELING * • 4.1 Risk Modeling *
4.2 Internet Survey *
4.3 Survivability *
4.4 Taxonomy for Assessing Computer Security *
4.5 Definitions and Terms for a Taxonomy *
4.6 Understanding the Taxonomy *
4.7 Hierarchical Holographic Modeling (HHM) *
4.8 Recent Uses of the HHM in Identifying Risks * 4.9 Risk Modeling Using HHM *
4.10 Goal Development and Indices of Performance * 4.11 Event Tree and Fault Tree Analysis *
4.12 Distributions from Event Tree Analysis *
4.13 Partitioned Multiobjective Risk Method *
4.14 Multiobjective Tradeoff Analysis *
4.15 Evaluation *
5.1 Introduction *
• 5.2 Experts for Elicitation *
5.3 Problem Definition for City XYZ *
5.4 Identifying Sources of Risk (Phase I) *
5.4.1 Scenario One (Disgruntled Employee) *
5.4.2 Scenario Two (Hacker) *
5.5 Indices of Performance (IP) *
5.6 Assess the Risks (Phase II) * Scenario One Event-tree (Current System) * PDF/CDF and Exceedance Probability graphs * Calculations of...
Continue Reading

Please join StudyMode to read the full document

You May Also Find These Documents Helpful

  • Scada System Essay
  • Essay on Scada
  • Scada Report Essay
  • Scada Essay
  • SCADA Vulnerabilities and Electric Power Industry Essay
  • Global SCADA Market in the Oil and Gas Essay
  • A log mining approach for process monitoring in SCADA Essay
  • Scada Essay

Become a StudyMode Member

Sign Up - It's Free