From Football to Oil Rigs: Risk Assessment for Combined Cyber and Physical Attacks

Journal of Benefit-Cost Analysis logo

By: Fred S. Roberts

September 17, 2019

Download this Article (Journal of Benefit-Cost Analysis)

ABSTRACT

Although cyber security has become widely recognized as a serious threat to our modern world, there are new threats to our security that combine cyber with other modes of “attack.” This article explores the increasingly important theme in homeland and national security that future attacks will be multimodal, in particular including both a cyber and a physical component, where the cyber attack is intended to make it easier to succeed in the physical attack, and is not an end in itself. The article describes sample scenarios of combined cyber and physical attacks in two sectors where even just cyber security efforts have lagged behind: sports stadiums and the maritime transportation system. It presents an approach to comparing the risk of a combined cyber followed by physical attack and that of a “traditional” physical attack on the same target. It then analyzes the different stadium and maritime examples from the point of view of this risk assessment approach.

Download this Article (Journal of Benefit-Cost Analysis)

This article is part of a working paper series convened by the GW Regulatory Studies Center. The other articles are also available from JBCA:

Responsible Precautions for Uncertain Environmental Risks - By: W. Kip Viscusi, Joel Huber, & Jason Bell

Nuclear War as a Global Catastrophic Risk - By: James Scouras

Muddling-Through and Deep Learning for Managing Large-Scale Uncertain Risks - By: Tony Cox

Dynamic Benefit-Cost Analysis for Uncertain Futures - By: Susan E. Dudley,  Daniel R. Pérez, Brian F. Mannix, & Christopher Carrigan