IDEAS home Printed from https://ideas.repec.org/a/wly/riskan/v38y2018i2p226-241.html
   My bibliography  Save this article

Cyber Risk Management for Critical Infrastructure: A Risk Analysis Model and Three Case Studies

Author

Listed:
  • M.‐Elisabeth Paté‐Cornell
  • Marshall Kuypers
  • Matthew Smith
  • Philip Keller

Abstract

Managing cyber security in an organization involves allocating the protection budget across a spectrum of possible options. This requires assessing the benefits and the costs of these options. The risk analyses presented here are statistical when relevant data are available, and system‐based for high‐consequence events that have not happened yet. This article presents, first, a general probabilistic risk analysis framework for cyber security in an organization to be specified. It then describes three examples of forward‐looking analyses motivated by recent cyber attacks. The first one is the statistical analysis of an actual database, extended at the upper end of the loss distribution by a Bayesian analysis of possible, high‐consequence attack scenarios that may happen in the future. The second is a systems analysis of cyber risks for a smart, connected electric grid, showing that there is an optimal level of connectivity. The third is an analysis of sequential decisions to upgrade the software of an existing cyber security system or to adopt a new one to stay ahead of adversaries trying to find their way in. The results are distributions of losses to cyber attacks, with and without some considered countermeasures in support of risk management decisions based both on past data and anticipated incidents.

Suggested Citation

  • M.‐Elisabeth Paté‐Cornell & Marshall Kuypers & Matthew Smith & Philip Keller, 2018. "Cyber Risk Management for Critical Infrastructure: A Risk Analysis Model and Three Case Studies," Risk Analysis, John Wiley & Sons, vol. 38(2), pages 226-241, February.
    • Handle: RePEc:wly:riskan:v:38:y:2018:i:2:p:226-241
    DOI: 10.1111/risa.12844
    as

    Download full text from publisher

    File URL: https://doi.org/10.1111/risa.12844
    Download Restriction: no
    File URL: https://libkey.io/10.1111/risa.12844?utm_source=ideas
    LibKey link: if access is restricted and if your library uses this service, LibKey will redirect you to where you can use your library subscription to access this item
    ---><---

    References listed on IDEAS

    as
    1. Gregory S. Parnell & Rudolph E. Butler & Stephen J. Wichmann & Mike Tedeschi & David Merritt, 2015. "Air Force Cyberspace Investment Analysis," Decision Analysis, INFORMS, vol. 12(2), pages 81-95, June.
    2. Kwag, Hyung-Geun & Kim, Jin-O, 2012. "Optimal combined scheduling of generation and demand response with demand resource constraints," Applied Energy, Elsevier, vol. 96(C), pages 161-170.
    Full references (including those not matched with items on IDEAS)

    Citations

    Citations are extracted by the CitEc Project, subscribe to its RSS feed for this item.
    as


    Cited by:

    1. Gabriel Kuper & Fabio Massacci & Woohyun Shim & Julian Williams, 2020. "Who Should Pay for Interdependent Risk? Policy Implications for Security Interdependence Among Airports," Risk Analysis, John Wiley & Sons, vol. 40(5), pages 1001-1019, May.
    2. Daniel Woods & Mustafa Abdallah & Saurabh Bagchi & Shreyas Sundaram & Timothy Cason, 2022. "Network defense and behavioral biases: an experimental study," Experimental Economics, Springer;Economic Science Association, vol. 25(1), pages 254-286, February.
    3. Todor Tagarev & Valeri Ratchev, 2020. "A Taxonomy of Crisis Management Functions," Sustainability, MDPI, vol. 12(12), pages 1-34, June.
    4. Maria Polorecka & Jozef Kubas & Pavel Danihelka & Katarina Petrlova & Katarina Repkova Stofkova & Katarina Buganova, 2021. "Use of Software on Modeling Hazardous Substance Release as a Support Tool for Crisis Management," Sustainability, MDPI, vol. 13(1), pages 1-15, January.
    5. Chatzis, Petros & Stavrou, Eliana, 2022. "Cyber-threat landscape of border control infrastructures," International Journal of Critical Infrastructure Protection, Elsevier, vol. 36(C).
    6. Stright, Jim & Cheetham, Peter & Konstantinou, Charalambos, 2022. "Defensive cost–benefit analysis of smart grid digital functionalities," International Journal of Critical Infrastructure Protection, Elsevier, vol. 36(C).
    7. Loretta Mastroeni & Alessandro Mazzoccoli & Maurizio Naldi, 2022. "Pricing Cat Bonds for Cloud Service Failures," JRFM, MDPI, vol. 15(10), pages 1-18, October.
    8. Natalie M. Scala & Allison C. Reilly & Paul L. Goethals & Michel Cukier, 2019. "Risk and the Five Hard Problems of Cybersecurity," Risk Analysis, John Wiley & Sons, vol. 39(10), pages 2119-2126, October.
    9. Frank Cremer & Barry Sheehan & Michael Fortmann & Arash N. Kia & Martin Mullins & Finbarr Murphy & Stefan Materne, 2022. "Cyber risk and cybersecurity: a systematic review of data availability," The Geneva Papers on Risk and Insurance - Issues and Practice, Palgrave Macmillan;The Geneva Association, vol. 47(3), pages 698-736, July.
    10. repec:zib:zibaem:v:7:y:2023:i:2:p:38-48 is not listed on IDEAS
    11. Mark Bentley & Alec Stephenson & Peter Toscas & Zili Zhu, 2020. "A Multivariate Model to Quantify and Mitigate Cybersecurity Risk," Risks, MDPI, vol. 8(2), pages 1-21, June.
    12. Alessandro Mazzoccoli & Maurizio Naldi, 2022. "An Overview of Security Breach Probability Models," Risks, MDPI, vol. 10(11), pages 1-29, November.
    13. Alessandro Mazzoccoli, 2023. "Optimal Cyber Security Investment in a Mixed Risk Management Framework: Examining the Role of Cyber Insurance and Expenditure Analysis," Risks, MDPI, vol. 11(9), pages 1-14, August.
    14. Zhao, Yunfei & Huang, Linan & Smidts, Carol & Zhu, Quanyan, 2020. "Finite-horizon semi-Markov game for time-sensitive attack response and probabilistic risk assessment in nuclear power plants," Reliability Engineering and System Safety, Elsevier, vol. 201(C).
    15. Suo, Weilan & Wang, Lin & Li, Jianping, 2021. "Probabilistic risk assessment for interdependent critical infrastructures: A scenario-driven dynamic stochastic model," Reliability Engineering and System Safety, Elsevier, vol. 214(C).

    Most related items

    These are the items that most often cite the same works as this one and are cited by the same works as this one.
    1. Kwag, Hyung-Geun & Kim, Jin-O, 2014. "Reliability modeling of demand response considering uncertainty of customer behavior," Applied Energy, Elsevier, vol. 122(C), pages 24-33.
    2. Vardakas, John S. & Zorba, Nizar & Verikoukis, Christos V., 2015. "Performance evaluation of power demand scheduling scenarios in a smart grid environment," Applied Energy, Elsevier, vol. 142(C), pages 164-178.
    3. Roos, Aleksandra & Bolkesjø, Torjus Folsland, 2018. "Value of demand flexibility on spot and reserve electricity markets in future power system with increased shares of variable renewable energy," Energy, Elsevier, vol. 144(C), pages 207-217.
    4. Kirchem, Dana & Lynch, Muireann Á & Casey, Eoin & Bertsch, Valentin, 2019. "Demand response within the energy-for-water-nexus: A review," Papers WP637, Economic and Social Research Institute (ESRI).
    5. Woo, C.K. & Sreedharan, P. & Hargreaves, J. & Kahrl, F. & Wang, J. & Horowitz, I., 2014. "A review of electricity product differentiation," Applied Energy, Elsevier, vol. 114(C), pages 262-272.
    6. Theodore T. Allen & Zhenhuan Sui & Nathan L. Parker, 2017. "Timely Decision Analysis Enabled by Efficient Social Media Modeling," Decision Analysis, INFORMS, vol. 14(4), pages 250-260, December.
    7. Boßmann, Tobias & Eser, Eike Johannes, 2016. "Model-based assessment of demand-response measures—A comprehensive literature review," Renewable and Sustainable Energy Reviews, Elsevier, vol. 57(C), pages 1637-1656.
    8. Kirchem, Dana & Lynch, Muireann Á. & Bertsch, Valentin & Casey, Eoin, 2020. "Modelling demand response with process models and energy systems models: Potential applications for wastewater treatment within the energy-water nexus," Applied Energy, Elsevier, vol. 260(C).
    9. Neda Hajibandeh & Miadreza Shafie-khah & Sobhan Badakhshan & Jamshid Aghaei & Sílvio J. P. S. Mariano & João P. S. Catalão, 2019. "Multi-Objective Market Clearing Model with an Autonomous Demand Response Scheme," Energies, MDPI, vol. 12(7), pages 1-16, April.
    10. Toh, G.K. & Gooi, H.B., 2012. "Procurement of interruptible load services in electricity supply systems," Applied Energy, Elsevier, vol. 98(C), pages 533-539.
    11. Aghaei, Jamshid & Alizadeh, Mohammad-Iman, 2013. "Demand response in smart electricity grids equipped with renewable energy sources: A review," Renewable and Sustainable Energy Reviews, Elsevier, vol. 18(C), pages 64-72.
    12. Xu, Fang Yuan & Zhang, Tao & Lai, Loi Lei & Zhou, Hao, 2015. "Shifting Boundary for price-based residential demand response and applications," Applied Energy, Elsevier, vol. 146(C), pages 353-370.
    13. Seungmi Lee & Jinho Kim, 2018. "Analytical Assessment for System Peak Reduction by Demand Responsive Resources Considering Their Operational Constraints in Wholesale Electricity Market," Energies, MDPI, vol. 11(12), pages 1-15, November.
    14. K. Selvakumar & K. Vijayakumar & C. S. Boopathi, 2017. "Demand Response Unit Commitment Problem Solution for Maximizing Generating Companies’ Profit," Energies, MDPI, vol. 10(10), pages 1-18, September.
    15. Arasteh, Hamidreza & Sepasian, Mohammad Sadegh & Vahidinasab, Vahid, 2016. "An aggregated model for coordinated planning and reconfiguration of electric distribution networks," Energy, Elsevier, vol. 94(C), pages 786-798.
    16. Motta, Vinicius N. & Anjos, Miguel F. & Gendreau, Michel, 2024. "Survey of optimization models for power system operation and expansion planning with demand response," European Journal of Operational Research, Elsevier, vol. 312(2), pages 401-412.
    17. Reihani, Ehsan & Motalleb, Mahdi & Thornton, Matsu & Ghorbani, Reza, 2016. "A novel approach using flexible scheduling and aggregation to optimize demand response in the developing interactive grid market architecture," Applied Energy, Elsevier, vol. 183(C), pages 445-455.
    18. Behboodi, Sahand & Chassin, David P. & Crawford, Curran & Djilali, Ned, 2016. "Renewable resources portfolio optimization in the presence of demand response," Applied Energy, Elsevier, vol. 162(C), pages 139-148.
    19. Eissa, M.M., 2019. "Developing incentive demand response with commercial energy management system (CEMS) based on diffusion model, smart meters and new communication protocol," Applied Energy, Elsevier, vol. 236(C), pages 273-292.

    More about this item

    Statistics

    Access and download statistics

    Corrections

    All material on this site has been provided by the respective publishers and authors. You can help correct errors and omissions. When requesting a correction, please mention this item's handle: RePEc:wly:riskan:v:38:y:2018:i:2:p:226-241. See general information about how to correct material in RePEc.

    If you have authored this item and are not yet registered with RePEc, we encourage you to do it here. This allows to link your profile to this item. It also allows you to accept potential citations to this item that we are uncertain about.

    If CitEc recognized a bibliographic reference but did not link an item in RePEc to it, you can help with this form .

    If you know of missing items citing this one, you can help us creating those links by adding the relevant references in the same way as above, for each refering item. If you are a registered author of this item, you may also want to check the "citations" tab in your RePEc Author Service profile, as there may be some citations waiting for confirmation.

    For technical questions regarding this item, or to correct its authors, title, abstract, bibliographic or download information, contact: Wiley Content Delivery (email available below). General contact details of provider: https://doi.org/10.1111/(ISSN)1539-6924 .

    Please note that corrections may take a couple of weeks to filter through the various RePEc services.

    IDEAS is a RePEc service. RePEc uses bibliographic data supplied by the respective publishers.