A Comprehensive Network Security Risk Model for Process Control Networks


  • Matthew H. Henry,

    Corresponding authorSearch for more papers by this author
    • 1

      Johns Hopkins University Applied Physics Laboratory, Laurel, MD, USA.

  • Yacov Y. Haimes

    Search for more papers by this author
    • 2

      Founding Director of the Center for Risk Management of Engineering Systems, established 1987, and Lawrence R. Quarles Professor of Systems and Information Engineering, University of Virginia, Charlottesville, VA, USA.

*Address correspondence to Matthew H. Henry, Johns Hopkins University, Applied Physics Laboratory, Laurel, MD, USA; tel: 240-228-2585; fax: 240-228-1868; matthew.henry@jhuapl.edu.


The risk of cyber attacks on process control networks (PCN) is receiving significant attention due to the potentially catastrophic extent to which PCN failures can damage the infrastructures and commodity flows that they support. Risk management addresses the coupled problems of (1) reducing the likelihood that cyber attacks would succeed in disrupting PCN operation and (2) reducing the severity of consequences in the event of PCN failure or manipulation. The Network Security Risk Model (NSRM) developed in this article provides a means of evaluating the efficacy of candidate risk management policies by modeling the baseline risk and assessing expectations of risk after the implementation of candidate measures. Where existing risk models fall short of providing adequate insight into the efficacy of candidate risk management policies due to shortcomings in their structure or formulation, the NSRM provides model structure and an associated modeling methodology that captures the relevant dynamics of cyber attacks on PCN for risk analysis. This article develops the NSRM in detail in the context of an illustrative example.