The Common Risk Model for Dams (CRM-D), developed as a result of collaboration between the U.S. Army
Corps of Engineers and the U.S. Department of Homeland Security, is a consistent, mathematically rigorous, and easy to
implement methodology for security risk assessment of dams, navigation locks, hydropower projects, and similar infrastructures.
The methodology provides a systematic approach for evaluating and comparing security risks across a large portfolio. Risk is
calculated for an attack scenario (a specific adversary using a specific attack vector against a specific target) by combining
consequence, vulnerability, and threat estimates in a way that properly accounts for the relationships among these variables. The
CRM-D can effectively quantify the benefits of implementing a particular risk mitigation strategy and, consequently, enable
return-on-investment analyses for multiple mitigation alternatives across a large portfolio. Recently, refinements have been made
to the methodology to characterize the complexities of the adversary threat and the ability to interdict their actions. When first
developed, CRM-D focused on a highly-capable international terrorist. Recently, it has been extended to include additional
adversary types distinguished by a wide-range of capabilities. In addition, the methodology has been extended beyond target
defenses to consider the role of local and national defenses in mitigating risk to manmade threats. A methodology for
characterizing these defenses was developed as well as expert estimates for the probability an adversary could penetrate them.
This comprehensive methodology provides a rigorous way to consider risks to dams across a large portfolio and is extensible to
other types of critical infrastructures. This paper discusses various features of the CRM-D methodology as well as findings and
lessons learned resulting from its implementation.