From Football to Oil Rigs: Risk Assessment for Combined Cyber and Physical Attacks

September 18, 2019

Download this Journal Article (Journal of Benefit-Cost Analysis)


Abstract

Although cyber security has become widely recognized as a serious threat to our modern world, there are new threats to our security that combine cyber with other modes of “attack.” This article explores the increasingly important theme in homeland and national security that future attacks will be multimodal, in particular including both a cyber and a physical component, where the cyber attack is intended to make it easier to succeed in the physical attack, and is not an end in itself. The article describes sample scenarios of combined cyber and physical attacks in two sectors where even just cyber security efforts have lagged behind: sports stadiums and the maritime transportation system. It presents an approach to comparing the risk of a combined cyber followed by physical attack and that of a “traditional” physical attack on the same target. It then analyzes the different stadium and maritime examples from the point of view of this risk assessment approach.