Quantifying cybersecurity resilience and identifying critical vulnerabilities in industrial-scale cyber-physical systems (CPS) remain challenging. To address this, this paper proposes a resilience quantification method integrating multi-layer knowledge graph modeling with graph-theoretic analysis. We innovatively construct a cross-layer knowledge graph spanning physical, information, and control domains, and employ graph metrics—including degree, betweenness, and closeness centrality—to model the attack surface and assess system resilience, enabling automated identification and robustness ranking of critical components. Evaluated on the SWaT water treatment testbed, the method accurately pinpoints cascade-failure-prone nodes across three distinct resilience design configurations. Results demonstrate that betweenness centrality achieves the highest identification accuracy; moreover, the top-ranked design exhibits significantly superior attack absorption and recovery capabilities compared to alternatives.

Critical infrastructures integrate a wide range of smart technologies and become highly connected to the cyber world. This is especially true for Cyber-Physical Systems (CPSs), which integrate hardware and software components. Despite the advantages of smart infrastructures, they remain vulnerable to cyberattacks. This work focuses on the cyber resilience of CPSs. We propose a methodology based on knowledge graph modeling and graph analytics to quantify the resilience potential of complex systems by using a multilayered model based on knowledge graphs. Our methodology also allows us to identify critical points. These critical points are components or functions of an architecture that can generate critical failures if attacked. Thus, identifying them can help enhance resilience and avoid cascading effects. We use the SWaT (Secure Water Treatment) testbed as a use case to achieve this objective. This system mimics the actual behavior of a water treatment station in Singapore. We model three resilient designs of SWaT according to our multilayered model. We conduct a resilience assessment based on three relevant metrics used in graph analytics. We compare the results obtained with each metric and discuss their accuracy in identifying critical points. We perform an experimentation analysis based on the knowledge gained by a cyber adversary about the system architecture. We show that the most resilient SWaT design has the necessary potential to bounce back and absorb the attacks. We discuss our results and conclude this work by providing further research axes.