An Integrated Approach for Physical and Cyber Security Risk Assessment: The U.S. Army Corps of Engineers Common Risk Model for Dams

Abstract

The Common Risk Model for Dams (CRM-D), developed by the U.S. Army Corps of Engineers (USACE) in collaboration with the Institute for Defense Analyses (IDA) and the U.S. Department of Homeland Security (DHS), is a consistent, mathematically rigorous, and easy to implement method for security risk assessment of dams, navigation locks, hydropower projects, and appurtenant structures. The methodology provides asystematic approach for independently evaluating physical and cyber security risks across a portfolio of dams, and informing decisions on how to mitigate those risks. The CRM-D can effectively quantify the benefits of implementing a particular risk-mitigation strategy and, consequently, enable return-on-investment analyses for multiple physical and cyber security risk-mitigation alternatives and facilitate their implementation across a portfolio of dams.A cyber security risk model to facilitate high-level risk assessments of industrial control systems used to control dam critical functions is also being implemented.

Open PDF

Document Details

Document Type
Technical Report
Publication Date
Jul 01, 2016
Accession Number
AD1014193

Entities

People

  • James D. Morgeson
  • Jason A. Dechant
  • Yazmin Seda-sanabria

Organizations

  • Institute for Defense Analyses

Tags

Communities of Interest

  • Cyber

DTIC Thesaurus Topics

  • Army Corps Of Engineers
  • Civil Engineering
  • Computer Access Control
  • Control Systems
  • Cyberattacks
  • Department Of Homeland Security
  • Engineering
  • Engineers
  • Flood Control
  • Geography
  • Governments
  • Homeland Security
  • North America
  • Risk
  • Risk Analysis
  • Risk Management
  • United States

Fields of Study

  • Computer science

Readers

  • Cybersecurity.
  • Defense Acquisition Program Management
  • Military Science and Technology Research and Modernization.

Technology Areas

  • Cyber