Risk Assessment in Cyber-Physical Systems

Simin Nadjm-Tehrani
Simin Nadjm-Tehrani

Our everyday lives are dependent on large and advanced systems like electrical power systems, heating and water supply. In the middle of those systems, linking customers with supply and maintenance actors is Supervisory Control and Data Acquisition systems – SCADA.

Thursday and fourth day of WASP Summer School 2019 the AS-track listened to a lecture by professor Simin Nadjm-Tehrani about risk assessment in cyber-physical systems and especially SCADA systems that run our critical infrastructures. There are many different models and methods for risk assessment and prevention both in the physical and in the cyber world.

– A key is that there is no one way to analyze security weaknesses – there is many ways and it is a multidisciplinary work to do a proper risk analysis. Possible stakeholders are also interested in and affected by different kinds of assets, comparing users, service providers and regulators, professor Simin Nadjm-Tehrani explains.

During the lecture professor Nadjm-Tehrani gave examples of models detecting anomalies in an electrical utility provider when attacks are asynchronously weaved into the normal communication flows in the network.

– To effectively protect complex infrastructure systems and systems of systems we need to both be able to detect attacks and foresee them. In order to achieve this, accurate models of what’s normal is one part.