A digraph model for risk identification and mangement in SCADA systems

Abstract

Supervisory control and data acquisition (SCADA) systems are critical to today's industrial facilities and infrastructures. SCADA systems have evolved into large and complex networks of information systems and are increasingly vulnerable to various types of cyber-security risks. Identifying and managing risks in SCADA systems has become critical in ensuring the safety and reliability of these facilities and infrastructures. Most of the existing research on SCADA risk modeling and management has focused on probability-based or quantitative approaches. While probabilistic approaches have proven to be useful, they also suffer from common problems such as simplifying assumptions, large implementation costs, and inability to completely capture all the important aspects of risk. This paper proposes a digraph model for SCADA systems that allows formal, explicit representation of a SCADA system. A number of risk management methods are presented and discussed for a SCADA system based on the proposed model. The methods are applied to a chemical distillation application as a case study, and shows promising initial results in identifying areas of system vulnerability.