AI-Powered Cyber Risk Scoring for SCADA - IIoT Systems: An Interpretable Model for the UK Energy Sector
摘要
As industrial control systems become increasingly digitised, the convergence of Supervisory Control and Data Acquisition (SCADA) and industrial Internet of Things (IIoT) technologies introduces both efficiency and significant cybersecurity challenges. Using the ORNL SCADA Gas pipeline dataset, this system simulates realistic attacks and provides a method for the detection of cyber-physical anomalies in SCADA-based IIoT systems, focusing on the UK energy sector. In this study, Decision Tree, Random forests, XGBoost, and Deep Neutral Networks were used as classifier models. A multi-step preprocessing pipeline was introduced to clean and engineer features from the system logs. However, the focus was also on capturing real-time attributes such as FunctionCode, SetPoint deviation, and protocol-level anomalies, which play a critical role in detecting risk. A custom Risk Score is computed and categorised into risk bands: Safe, Medium, and High, based on industry-relevant thresholds. To ensure transparency and trust, SHAP (SHapely Additive Explanations) is applied across tree-based models to visualise feature importance and model reasoning. Model performance across classifiers was evaluated using accuracy, F1-score, and class-wise recall. In practice, most models achieved over 87% accuracy, showing strong detection rates for high-risk scenarios. This study therefore contributes a light weight yet interpretable AI framework for cyber risk assessment in IIoT environments, which aligns with the NCSC Cyber Assessment Framework (CAF) and Ofgem security standards. It offers a practical step forward for smart and secure computing in critical infrastructure applications, and can be readily adapted for energy, water, and transportation systems operating under similar industrial protocols.