A Fuzzy AHP Approach for Security Risk Assessment in SCADA Networks

摘要

In this paper we propose a new method for security risk assessment in Supervisory Control and Data Acquisition (SCADA) networks. The method consists of the three phases, namely the objective phase, the subjective phase and the final assessment phase. The objective phase deals with the analysis of SCADA historical data. The subjective phase takes into account the experience of relevant experts. The final assessment phase takes into account outputs from both the objective and subjective phases. Fuzzy logic has been applied in all three phases, while analytic hierarchy process (AHP) has been used in subjective phase, due to its suitability to evaluate the experts' competency. The method is evaluated on a case study regarding the real run-off-river hydropower plant. Evaluation results have clearly indicated benefits of the proposed method in comparison with the purely objective approach, in terms of more precise risk assessment and higher return on security investment.