Saved in:
Bibliographic Details
Main Authors: Frempong-Kore, Kwabena Opoku, Sahay, Rishikesh, Mamun, Md Rasel Al, Eapen, Bell
Format: Preprint
Published: 2026
Subjects:
Online Access:https://arxiv.org/abs/2604.03994
Tags: Add Tag
No Tags, Be the first to tag this record!
_version_ 1866911567923118080
author Frempong-Kore, Kwabena Opoku
Sahay, Rishikesh
Mamun, Md Rasel Al
Eapen, Bell
author_facet Frempong-Kore, Kwabena Opoku
Sahay, Rishikesh
Mamun, Md Rasel Al
Eapen, Bell
contents With the widespread use of software systems in critical infrastructures such as hydropower plants has brought many advantages, yet it has exposed these systems to cyber threats. Cyber risk assessment & mitigation is important to identify cyber threats and protect these systems from unwanted incidents. This paper evaluates and compares the two risk assessment methodologies namely Hazard and Operability Study (HAZOP) and BowTie analysis for identifying cyber induced threats in hydropower systems. We selected these two methodologies because they offer a complementary perspective for cyber-safety risk assessment. Each method is first applied in traditional form to identify hazards, barriers, and threat scenarios arising from accidental causes, then extended to examine how findings change under cyber-induced causation. The traditional HAZOP identifies 18 deviations across five control parameters; the cyber extension shows how an adversary can coordinate multiple deviations to produce outcomes that conventional safeguards cannot detect. The BowTie analysis maps preventive and mitigation barriers around a top event; the cyber extension reveals that barriers appearing independently can share network infrastructure a single attacker could compromise, challenging the defense-in-depth assumption. Together, the two methods provide complementary coverage: HAZOP systematically enumerates what can go wrong, while BowTie shows how barriers provide layered protection. The cyber extension applied to both exposes assumptions, independent causes in HAZOP and independent barriers in BowTie, that do not hold against a coordinated adversary. As a result of this study, this paper highlights a practical two-stage approach to adapt established safety methods to identify cybersecurity challenges in hydropower control systems, provides pros and cons of these methodologies, and shows area of applicability.
format Preprint
id arxiv_https___arxiv_org_abs_2604_03994
institution arXiv
publishDate 2026
record_format arxiv
spellingShingle Assessing Cyber Risks in Hydropower Systems Through HAZOP and Bow-Tie Analysis
Frempong-Kore, Kwabena Opoku
Sahay, Rishikesh
Mamun, Md Rasel Al
Eapen, Bell
Cryptography and Security
With the widespread use of software systems in critical infrastructures such as hydropower plants has brought many advantages, yet it has exposed these systems to cyber threats. Cyber risk assessment & mitigation is important to identify cyber threats and protect these systems from unwanted incidents. This paper evaluates and compares the two risk assessment methodologies namely Hazard and Operability Study (HAZOP) and BowTie analysis for identifying cyber induced threats in hydropower systems. We selected these two methodologies because they offer a complementary perspective for cyber-safety risk assessment. Each method is first applied in traditional form to identify hazards, barriers, and threat scenarios arising from accidental causes, then extended to examine how findings change under cyber-induced causation. The traditional HAZOP identifies 18 deviations across five control parameters; the cyber extension shows how an adversary can coordinate multiple deviations to produce outcomes that conventional safeguards cannot detect. The BowTie analysis maps preventive and mitigation barriers around a top event; the cyber extension reveals that barriers appearing independently can share network infrastructure a single attacker could compromise, challenging the defense-in-depth assumption. Together, the two methods provide complementary coverage: HAZOP systematically enumerates what can go wrong, while BowTie shows how barriers provide layered protection. The cyber extension applied to both exposes assumptions, independent causes in HAZOP and independent barriers in BowTie, that do not hold against a coordinated adversary. As a result of this study, this paper highlights a practical two-stage approach to adapt established safety methods to identify cybersecurity challenges in hydropower control systems, provides pros and cons of these methodologies, and shows area of applicability.
title Assessing Cyber Risks in Hydropower Systems Through HAZOP and Bow-Tie Analysis
topic Cryptography and Security
url https://arxiv.org/abs/2604.03994