The Common Risk Model for Dams (CRM-D), developed by the U.S. Army Corps of Engineers (USACE) in collaboration with the Institute for
Defense Analyses (IDA) and the U.S. Department of Homeland Security (DHS), is a consistent, mathematically rigorous, and easy to implement
method for security risk assessment of dams, navigation locks, hydropower projects, and appurtenant structures. The methodology provides a
systematic approach for independently evaluating physical and cyber security risks across a portfolio of dams, and informing decisions on how to
mitigate those risks. The CRM-D can effectively quantify the benefits of implementing a particular risk-mitigation strategy and, consequently, enable
return-on-investment analyses for multiple physical and cyber security risk-mitigation alternatives and facilitate their implementation across a portfolio
of dams.
A cyber security risk model to facilitate high-level risk assessments of industrial control systems used to control dam critical functions is also being implemented
A cyber security risk model to facilitate high-level risk assessments of industrial control systems used to control dam critical functions is also being implemented