To address the challenge of quantifying security risks for Networked Control Systems (NCSs) in critical infrastructure—such as power grids and transportation networks—under cyberattacks, this paper proposes a probabilistic risk modeling framework that integrates uncertain prior knowledge, shifting from traditional static vulnerability analysis to dynamic resilience assessment. Methodologically, it unifies control theory, cybersecurity analysis, probabilistic risk assessment, and statistical modeling into an interdisciplinary security quantification methodology. It introduces, for the first time, a systematic taxonomy for NCS security quantification, categorizing prevailing defense strategies and identifying key research gaps. The resulting framework provides computationally tractable and empirically verifiable theoretical tools and practical guidelines for resilience-oriented NCS design, significantly enhancing risk characterization under partial attacker knowledge.

Networked Control Systems (NCSs) are integral in critical infrastructures such as power grids, transportation networks, and production systems. Ensuring the resilient operation of these large-scale NCSs against cyber-attacks is crucial for societal well-being. Over the past two decades, extensive research has been focused on developing metrics to quantify the vulnerabilities of NCSs against attacks. Once the vulnerabilities are quantified, mitigation strategies can be employed to enhance system resilience. This article provides a comprehensive overview of methods developed for assessing NCS vulnerabilities and the corresponding mitigation strategies. Furthermore, we emphasize the importance of probabilistic risk metrics to model vulnerabilities under adversaries with imperfect process knowledge. The article concludes by outlining promising directions for future research.