An Integrated Approach for Physical and Cyber Security Risk Assessment: The U.S. Army Corps of Engineers Common Risk Model for Dams
Institute for Defense Analyses Alexandria United States
Pagination or Media Count:
The Common Risk Model for Dams CRM-D, developed by the U.S. Army Corps of Engineers USACE in collaboration with the Institute for Defense Analyses IDA and the U.S. Department of Homeland Security DHS, is a consistent, mathematically rigorous, and easy to implement method for security risk assessment of dams, navigation locks, hydropower projects, and appurtenant structures. The methodology provides asystematic approach for independently evaluating physical and cyber security risks across a portfolio of dams, and informing decisions on how to mitigate those risks. The CRM-D can effectively quantify the benefits of implementing a particular risk-mitigation strategy and, consequently, enable return-on-investment analyses for multiple physical and cyber security risk-mitigation alternatives and facilitate their implementation across a portfolio of dams.A cyber security risk model to facilitate high-level risk assessments of industrial control systems used to control dam critical functions is also being implemented.