Cyber risk evaluation model for OT infrastructures

The work presented in this dissertation was carried out within an internal R&D project at Alphawaves Srl, which hosted the thesis activities. The project addresses the growing need for cybersecurity solutions in the field of Operational Technology (OT) by proposing a plug-and-play tool capable of automatically scanning, validating, and reporting the security status of an OT network in a continuous monitoring cycle. This thesis focuses on the development of a cyber risk evaluation model that takes as input a network description containing information on host and network configurations, topology, and known vulnerabilities and produces severity scores ranging from 0 to 10 to quantify potential threats. This work concentrate on integrating diverse evaluation domains into a unified scoring system. The proposed hybrid model combines quantitative risk metrics with qualitative insights to enhance both the accuracy and the practical relevance of the evaluation process. Its methodology is structured around four key components, each assessing a distinct risk dimension: vulnerabilities: identifying system weaknesses to enable proactive defenses against cyber threats; attack graphs: mapping potential attack paths through the network to better understand and anticipate adversarial behavior; topology: evaluating the structure of the network to pinpoint critical points, improve resilience, and detect weak spots; asset appraisal: assessing the operational and economic importance of network components to support informed decision-making. To validate the model, a set of manually created OT network configurations were developed to reflect realistic industrial scenarios. In each case, the model successfully computed individual threat scores for each host, demonstrating its ability to adapt to different contexts and complexities. The thesis concludes with a discussion of the model’s practical applications, limitations, and directions for future work. These include improving the automation of input data extraction, refining the scoring logic, and integrating the model into broader cybersecurity platforms for OT environments.