National Comparative Risk Assessment Pilot Project, Cyber Intrusion Analysis-Process Control System; Pilot study

摘要

The Homeland Security Act of 2003 and the Homeland Security Presidential Directive 7 call for the Department of Homeland Security to conduct comprehensive assessments of the nation's critical infrastructure as well as establish uniform policies, approaches, guidelines and methodology for integrating Federal infrastructure and protection and risk management activities. An initial pilot project was undertaken to define a common risk model with common methodologies and approved scales to measure key parameters to accelerate the progress toward the stated goals of the Department in risk assessment activities. This report describes an extension of that analysis to the area of risk assessment for cyber attacks. This involves defining cyber threats, the basic building blocks of security systems, and Cyber Defensive Configurations (CDCs) that are made up of building blocks and are reasonable representations of actual systems, the development of scenarios for consequence evaluation, and notional examples of the computations.