A Framework for Categorizing Disruptive Cyber Activity and Assessing its Impact

Author: 
Publication Date: 
August 2015
Description: 
CISSM Working Paper
Project: 
A Multi-stakeholder Approach to Cybersecurity Risk Management
Emerging Issues in Cooperative Security
The Advanced Methods of Cooperative Security Program
Document Type: 
Working Papers
While significant media attention has been given to the volume and range of cyber attacks, the inability to measure and categorize disruptive events has complicated efforts of policy makers to push comprehensive responses that address the range of cyber activity. While organizations and public officials have spent significant time and resources attempting to grapple with the complex nature of these threats, a systematic and comprehensive approach to categorize and measure disruptive attacks remains elusive. This paper addresses this issue by differentiating between exploitive and disruptive cyber events, proposes a formal method to categorize five types of disruptive events, and measures their impact along three dimensions of analysis. Scope, magnitude, and duration of disruptive cyber events are analyzed to locate each event on a Cyber Disruption Index (CDI) so organizations and policymakers can estimate the aggregated effect of a malicious act aimed at impacting their operations. Using the five different event classes and the CDI estimation method makes it easier for organizations and policy makers to disaggregate a complex topic, contextualize and process individual threats to their network, target where increased investment can reduce the risk of specific disruptive cyber events, and distinguish between events that represent a private-sector problem from those that merit a more serious public-sector concern.