An assessment of the risks of the functioning of cyber-physical systems was carried out. It is proposed to divide them into information risks and metrological risks, since the cyber-physical system is an information and measurement system. Classification features are proposed and risks are structured as an information and measurement system. The Risk Analysis & Management Method (CRAMM) was used to assess the information risks of the cyber-physical systems. According to the results of its use on the example of the cyber-physical soil monitoring system, the levels of vulnerabilities and their weighting effects were identified and calculated, on the basis of which the levels of information risk were calculated. It was established that the highest risk in the studied system is associated with information distortion and failures in the communication network. Corrective actions to reduce them were proposed. The assessment of metrological risks was carried out using the principles of ISO 31000:2018, according to which the probability of occurrence of the event and the severity of the consequences of its occurrence for the soil monitoring system were assessed. For the final formation of the assessment, a matrix of metrological risks was proposed, according to which all metrological risks of the studied system had low and medium levels. It has been established that the methods proposed by the authors can be applied to cyber-physical systems of other purposes.