Off-campus Michigan Tech users: To download campus access theses or dissertations, please use the following button to log in with your Michigan Tech ID and password: log in to proxy server

Non-Michigan Tech users: Please talk to your librarian about requesting this thesis or dissertation through interlibrary loan.

Date of Award


Document Type

Campus Access Dissertation

Degree Name

Doctor of Philosophy in Mechanical Engineering-Engineering Mechanics (PhD)

Administrative Home Department

Department of Mechanical Engineering-Engineering Mechanics

Advisor 1

Steven Goldsmith

Committee Member 1

Gordon G. Parker

Committee Member 2

Laura E. Brown

Committee Member 3

Craig R. Friedrich


Current industry standards for managing cyber security risk continue to evolve and adapt to the threat landscape in which cyber-physical systems operate. However, the cyber-physical system’s stakeholders are challenged by the adoption of new and adaptive frameworks that provide holistic cyber security risk management. Thus, these stakeholders managing the cyber-physical systems tend to have a myopic view of the risk exposure and cyber security posture at all levels of the cyber-physical system operations.

Applying a cyber security risk methodology to a Photovoltaic (PV) Power Plant requires a comprehensive and layered approach encompassing people, processes and technology correlation of known parameters. There are new and novel frameworks of both cyber security and risk management implemented. The advent of new integrated communication systems, smart field devices, and addition into the grid has increased the PV Power Plant’s risk and attack surface, particularly from cyber bound attacks. A methodology and framework for cyber resiliency exclusive for PV Power Plants are developed.

The proposed model for cyber resiliency is comprehensive leveraging of the NIST Cybersecurity Framework as a foundation for the methodology. The model is applied to a case study for a 20-megawatt PV Plant. The data collected is analyzed through

the resiliency methodology that yields an inherent state, a baseline state, and a future resiliency state, which will mark the desired security and resiliency posture. The model relies on quantitative methods for evaluating risks, vulnerabilities, and attack vectors. The model also illustrates the requirements and objectives based on risk tolerance and allowing the stakeholders to define strategic plans for cyber resiliency.