A review of cyber security risk assessment methods for SCADA systems

Yulia Cherdantseva*, Pete Burnap, Andrew Blyth, Peter Eden, Kevin Jones, Hugh Soulsby, Kristan Stoddart

*Corresponding author for this work

Research output: Contribution to journalReview articlepeer-review

8 Citations (Scopus)
1187 Downloads (Pure)


This paper reviews the state of the art in cyber security risk assessment of Supervisory Control and Data Acquisition (SCADA) systems. We select and in-detail examine twenty-four risk assessment methods developed for or applied in the context of a SCADA system. We describe the essence of the methods and then analyse them in terms of aim; application domain; the stages of risk management addressed; key risk management concepts covered; impact measurement; sources of probabilistic data; evaluation and tool support. Based on the analysis, we suggest an intuitive scheme for the categorisation of cyber security risk assessment methods for SCADA systems. We also outline five research challenges facing the domain and point out the approaches that might be taken.

Original languageEnglish
Pages (from-to)1-27
Number of pages27
JournalComputers and Security
Early online date13 Oct 2015
Publication statusPublished - 1 Feb 2016


  • Cyber security
  • ICS
  • Review
  • Risk analysis
  • Risk assessment methods
  • Risk management


Dive into the research topics of 'A review of cyber security risk assessment methods for SCADA systems'. Together they form a unique fingerprint.

Cite this