A Risk Assessment Framework for Critical Infrastructure Based on the Analytic Hierarchy Process

Abstract

Due to their essential role, critical infrastructures (e.g., water, gas, and power distribution systems) are subject to persistent monitoring in order to ensure their operational continuity. Because of this, they constitute appealing targets for malicious attackers who carry out physical or cyber attacks with the aim of compromising such critical systems. In this work, we provide a novel framework for an enhanced risk assessment process for critical infrastructures, which is based on the Analytic Hierarchy Process. Specifically, the proposed solution consists of a quantitative framework for site-specific risk assessment, and follows an approach designed to consider the presence of heterogeneous subsystem characterized by different degree of relevance in the infrastructures. A simulation campaign is carried out in a test-range environment, which emulates the behaviour of a water treatment system, in order to prove the effectiveness of the approach.