Minimax envelopes for total cyber risk management in process control networks

This dissertation develops an integrated methodology for managing the risk of cyber attacks on process control networks. A shortest path attack model provides measures of risk that are embedded in a multiobjective dynamic program so that the efficacy of candidate risk management policies can be evaluated. Minimax envelopes for dynamic multiobjective models are developed as the solution framework to address scenario uncertainty in the risk model due to different possible attacker motives and points of access on the network. This yields robust risk management strategies with respect to scenario uncertainty.;An extension of the integrated methodology to address the broader implications of cyber attacks on civil infrastructure is discussed in the context of Petroleum Industry infrastructures and their associate process control networks. An infrastructure response model coupled with an economic impact assessment tool is developed to provide measures of economic disruption that are embedded in the minimax decision framework for regional preparedness and emergency response strategy.;Examples are provided throughout to illustrate the key points and to demonstrate some of the insights achievable by using the new methodology. Concluding remarks include propositions for improvement and extension to make the methodology applicable to a broader class of problems.