Vulnerability and Security Risk Assessment of a Thermal Power Plant Using SVA Technique

The philosophy behind the creation of every organization is bound up with the objectives for each it has been created. There are always factors threatening the continuation of the organization’s activities or even its existence. Some of these factors involve common threats in the security area which should be identified, assessed and controlled through a systematic risk management pattern. In the present study, Security Vulnerability Assessment (SVA) technique and a local version of SVA-Pro software called Joshan-Pro was used to estimate the vulnerability and security risk of a combined cycle power plant. In this Plant, 17 assets were identified and among them, 13 assets with higher priority were entered into Joshan-Pro software for further detailed analysis. Gas oil storage tanks with the vulnerability of 2.33 out of 5 and security risk of 46.60 out of 125 were identified as the most important asset in terms of security and the 230 kV substation with the vulnerability of 0.96 and security risk of 8.64 were labeled as asset with the lowest security risk in the plant. The results showed that Joshan-Pro software, using expert’s opinion, has acceptable capability to determine the security vulnerability of the infrastructures

A Quantitative Research Study on Probability Risk Assessments in Critical Infrastructure and Homeland Security

This dissertation encompassed quantitative research on probabilistic risk assessment (PRA) elements in homeland security and the impact on critical infrastructure and key resources. There are 16 crucial infrastructure sectors in homeland security that represent assets, system networks, virtual and physical environments, roads and bridges, transportation, and air travel. The design included the Bayes theorem, a process used in PRAs when determining potential or probable events, causes, outcomes, and risks. The goal is to mitigate the effects of domestic terrorism and natural and man-made disasters, respond to events related to critical infrastructure that can impact the United States, and help protect and secure natural gas pipelines and electrical grid systems. This study provides data from current risk assessment trends in PRAs that can be applied and designed in elements of homeland security and the criminal justice system to help protect critical infrastructures. The dissertation will highlight the aspects of the U.S. Department of Homeland Security National Infrastructure Protection Plan (NIPP). In addition, this framework was employed to examine the criminal justice triangle, explore crime problems and emergency preparedness solutions to protect critical infrastructures, and analyze data relevant to risk assessment procedures for each critical infrastructure identified. Finally, the study addressed the drivers and gaps in research related to protecting and securing natural gas pipelines and electrical grid systems

Understanding the Humanitarian Consequences and Risks of Nuclear Weapons : New findings from recent scholarship

Publisher PD

Ranking the Risks from Multiple Hazards in a Small Community

Natural hazards, human-induced accidents, and malicious acts have caused great losses and disruptions to society. After September 11, 2001, critical infrastructure protection has become a national focus in the United States and is likely to remain one for the foreseeable future. Damage to our infrastructures and assets could be mitigated through pre-disaster planning and actions. We have developed a systematic methodology to assess and rank the risks from these multiple hazards in a community of 20,000 people. It is an interdisciplinary study that includes probabilistic risk assessment, decision analysis, and expert judgment. Scenarios are constructed to show how the initiating events evolve into undesirable consequences. A value tree, based on multi-attribute utility theory, is used to capture the decision maker’s preferences about the impacts on the infrastructures and other assets. The risks from random failures are ranked according to their Expected Performance Index, which is the product of frequency, probability, and consequence of a scenario. Risks from malicious acts are ranked according to their Performance Index as the frequency of attack is not available. A deliberative process is used to capture the factors that could not be addressed in the analysis and to scrutinize the results. This methodology provides a framework for the development of a risk-informed decision strategy. Although this study uses the Massachusetts Institute of Technology campus as a test-bed, it is a general methodology that could be used by other similar communities and municipalities

Securing industrial control system environments: the missing piece

Cyberattacks on industrial control systems (ICSs) are no longer matters of anticipation. These systems are continually subject to malicious attacks without much resistance. Network breaches, data theft, denial of service, and command and control functions are examples of common attacks on ICSs. Despite available security solutions, safety, security, resilience, and performance require both private public sectors to step-up strategies to address increasing security concerns on ICSs. This paper reviews the ICS security risk landscape, including current security solution strategies in order to determine the gaps and limitations for effective mitigation. Notable issues point to a greater emphasis on technology security while discounting people and processes attributes. This is clearly incongruent with; emerging security risk trends, the biased security strategy of focusing more on supervisory control and data acquisition systems, and the emergence of more sector-specific solutions as against generic security solutions. Better solutions need to include approaches that follow similar patterns as the problem trend. These include security measures that are evolutionary by design in response to security risk dynamics. Solutions that recognize and include; people, process and technology security enhancement into asingle system, and addressing all three-entity vulnerabilities can provide a better solution for ICS environments

The future of Cybersecurity in Italy: Strategic focus area

This volume has been created as a continuation of the previous one, with the aim of outlining a set of focus areas and actions that the Italian Nation research community considers essential. The book touches many aspects of cyber security, ranging from the definition of the infrastructure and controls needed to organize cyberdefence to the actions and technologies to be developed to be better protected, from the identification of the main technologies to be defended to the proposal of a set of horizontal actions for training, awareness raising, and risk management

Bibliographical review on cyber attacks from a control oriented perspective

This paper presents a bibliographical review of definitions, classifications and applications concerning cyber attacks in networked control systems (NCSs) and cyber-physical systems (CPSs). This review tackles the topic from a control-oriented perspective, which is complementary to information or communication ones. After motivating the importance of developing new methods for attack detection and secure control, this review presents security objectives, attack modeling, and a characterization of considered attacks and threats presenting the detection mechanisms and remedial actions. In order to show the properties of each attack, as well as to provide some deeper insight into possible defense mechanisms, examples available in the literature are discussed. Finally, open research issues and paths are presented.Peer ReviewedPostprint (author's final draft