Cyber-Risk Informatics by Sahinoglu Mehmet;

Author:Sahinoglu, Mehmet;
Language: eng
Format: epub
Publisher: John Wiley & Sons, Incorporated
Published: 2016-05-31T00:00:00+00:00

5.13 APPLICATION TO NATIONAL CYBERSECURITY RISK

One of the most severe threats facing the United States or all free nations today is the national (federal and state) cyber-security in the new cyberspace era [74]. The astronomically high malicious attacks, reminiscent of the 1950s cold war, has triggered a cyber-cold war among the world’s once peaceful nations. The increasing number of attempted and actual cyber-security breaches, originating from both criminal organizations and state-sponsored ones, and the very real and potential consequences ranging from financial to catastrophic losses make this threat undeniably and urgently addressed. In this chapter, a software tool to facilitate assessment and management of this unprecedented global threat is proposed. The national cyber security RM provides this critical tool for policy makers. But beyond mere economic impact, the potential damage could be globally catastrophic as in the nightmare scenario of multiple nuclear facilities’ supervisory control and data acquisition (SCADA) systems being taken over simultaneously and causing uncontrolled meltdowns that could blanket entire continents in radioactivity. Such an event would make Chernobyl pale in comparison. To minimize and avoid such threats and potential damage, a rational, scientific approach that identifies, assesses, and manages national cyber security threats is required.

The identification and management of risk is the essence of cyber-security. The national cyber-security RM tool proposed here provides a unique and objective methodology that is critically needed.

The pioneering analysis represents a paradigm shift in risk assessment. The national cyber-security RM provides a quantitative risk assessment, unlike the subjective quantitative risk assessment and unlike any other tool available today, guidance for allocating resources for risk mitigation. As such, decision and policy makers in government and industry will be greatly aided in their efforts to achieve greater cyber-security by the use of this rational and objective tool for assessing and mitigating risk [76].

Current national threats can range from mischievous lone hackers up the scale, to organized cybercriminal gangs, to state-sponsored cyber-espionage and cyberterrorism. The economic damage inflicted to individuals, corporations, and the national infrastructure is put high–medium–low or red–yellow–green scales commonly seen in other assessment methodologies. While there are other approaches to identifying and managing risk such as the National Institute of Standards and Technology’s Common Vulnerability Scoring System (CVSS), none provide a means of allocating risk mitigation expenditures. In contrast, the national cyber-security RM provides objective and scientific guidance in allocating monetary resources for managing risk in accordance with budgetary constraints. Additionally, the national cyber-security RM provides a means to shift from often subjective and crude risk evaluation mechanisms to a verifiable, quantitative approach to risk management, resulting in an optimized expenditure of security remediation dollars.

In this section, a model of national cyber security risk that quantifies the respondent’s experience with eight crucial aspects of national cyber security is adopted. Those responses are subsequently used to calculate the national cyber security risk index through a designed algorithm by the principal author. To accomplish this task, numerical and/or cognitive data was collected from 34 respondents to supply the input parameters to calculate the quantitative security risk index for national cyber security.

Download

Copyright Disclaimer:
This site does not store any files on its server. We only index and link to content provided by other sites. Please contact the content providers to delete copyright contents if any and email us, we'll remove relevant links or contents immediately.