252 Handbook of SCADA/Control Systems Security
• Worst-case loss
• Detection mechanism deciency count
• Restoration time
rogue Change dayS
The metric rogue change days are the number of rogue changes multiplied by the
number of days the changes were unknown to the security group. A rogue change
is any change to the system conguration without prior notication to the security
group. For example, if two modems were added to the control systems’ environment
without the knowledge of the security group and this change was not discovered by
the security group until 10 days later, this would add 2 × 10 = 20 rogue change days
to the metric calculation. This is the rst metric for the security group knowledge
security element. The preferred value is ...