Theses and Dissertations


Peyton Price

Issuing Body

Mississippi State University


Marufuzzaman, Mohammad

Committee Member

Ma, Jongfeng

Committee Member

Gondree, Mark

Committee Member

Bian, Linkan

Date of Degree


Document Type

Dissertation - Open Access


Industrial and Systems Engineering

Degree Name

Doctor of Philosophy


James Worth Bagley College of Engineering


Department of Industrial and Systems Engineering


Risk assessment is a critical aspect of all businesses, and leaders are tasked with limiting risk to the lowest reasonable level within their systems. Industrial Control Systems (ICS) operate in a different cybersecurity risk environment than business systems due to the possibility of second and third-order effects when an attack occurs. We present a process for predicting when an adversary gains the ability to attack an industrial control system. We assist leaders in understanding how attackers are targeting ICS by providing visualizations and percentages that can be applied to updating infrastructure or shifting personnel responsibilities to counter the threat. This new process seeks to integrate defenders and threat intelligence providers, allowing defenders to proactively defend their networks prior to devastating attacks. We apply the process by observing it under randomness with constraints and through a case study of the 2015 attack on the Ukrainian power grid. We find that this process answers the question of what an attacker can do, provides the ability for the defender to possess an updated understanding of the threat’s capability, and can both increase and decrease the probability that an attacker has a capability against a control system. This process will allow leaders to provide strategic vision to the businesses and systems that they manage.



industrial control system||risk||threat capability prediction||dempster combinations||cyber physical systems