A Decision Framework for Managing Risk to Airports from Terrorist Attack

Shafieezadeh, Abdollah; J., Eun; Ellingwood, Bruce R.

doi:10.1111/risa.12266

Cited by 57 publications

(23 citation statements)

References 10 publications

(24 reference statements)

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Special journal issues show a range of concerns and approaches, including the effects of terrorist attacks on utilities, (43) the use of historical data on disturbances to analyze utility risk, (44) and methods for assessing the vulnerability of critical infrastructures. (45) Recent work provides assessment methods for terrorist threats to airports specifically, (46) and methods that recognize the interaction of countermeasures in a portfolio-based analysis. (47) A central aspect of much of this work is the mutual adaptation between attackers and defenders.…”

Section: Risk Of Deliberate Harmmentioning

confidence: 99%

“…(47) We do not deal with the effects on dependent infrastructures, (80) and we ignore the costs of risk measures, which form an important component of other methods. (46) We also neglect the problem of multiple actors facing independent choices about protective actions that are nonetheless interdependent. (81) And we do not address the analysis of threat agents, their capacities, incentives, and motivations.…”

Section: Limitations and Further Workmentioning

confidence: 99%

See 1 more Smart Citation

Analysis of Affordance, Time, and Adaptation in the Assessment of Industrial Control System Cybersecurity Risk

2017

View full text Add to dashboard Cite

Industrial control systems increasingly use standard communication protocols and are increasingly connected to public networks-creating substantial cybersecurity risks, especially when used in critical infrastructures such as electricity and water distribution systems. Methods of assessing risk in such systems have recognized for some time the way in which the strategies of potential adversaries and risk managers interact in defining the risk to which such systems are exposed. But it is also important to consider the adaptations of the systems' operators and other legitimate users to risk controls, adaptations that often appear to undermine these controls, or shift the risk from one part of a system to another. Unlike the case with adversarial risk analysis, the adaptations of system users are typically orthogonal to the objective of minimizing or maximizing risk in the system. We argue that this need to analyze potential adaptations to risk controls is true for risk problems more generally, and we develop a framework for incorporating such adaptations into an assessment process. The method is based on the principle of affordances, and we show how this can be incorporated in an iterative procedure based on raising the minimum period of risk materialization above some threshold. We apply the method in a case study of a small European utility provider and discuss the observations arising from this.

show abstract

Section: Risk Of Deliberate Harmmentioning

confidence: 99%

Section: Limitations and Further Workmentioning

confidence: 99%

Analysis of Affordance, Time, and Adaptation in the Assessment of Industrial Control System Cybersecurity Risk

2017

View full text Add to dashboard Cite

show abstract

“…We adopt the concept of intrusion areas or zones as defined in the International Telecommunications Union (ITU) standard K.81, (21) and applied in several risk analyses in the security context, e.g., Shafieezadeh et al (22) Zones are geographical areas or volumes bounded by barriers. Each zone may contain several different points of entry (PoE) (23) from which the operation of an IEMI source causes the target different levels of damage or effect.…”

Section: Setting the Scene Of Iemi Attacks On Critical Infrastructuresmentioning

confidence: 99%

A Systems‐Based Risk Assessment Framework for Intentional Electromagnetic Interference (IEMI) on Critical Infrastructures

et al. 2018

View full text Add to dashboard Cite

Modern infrastructures are becoming increasingly dependent on electronic systems, leaving them more vulnerable to electrical surges or electromagnetic interference. Electromagnetic disturbances appear in nature, e.g., lightning and solar wind; however, they may also be generated by man-made technology to maliciously damage or disturb electronic equipment. This article presents a systematic risk assessment framework for identifying possible, consequential, and plausible intentional electromagnetic interference (IEMI) attacks on an arbitrary distribution network infrastructure. In the absence of available data on IEMI occurrences, we find that a systems-based risk assessment is more useful than a probabilistic approach. We therefore modify the often applied definition of risk, i.e., a set of triplets containing scenario, probability, and consequence, to a set of quadruplets: scenario, resource requirements, plausibility, and consequence. Probability is "replaced" by resource requirements and plausibility, where the former is the minimum amount and type of equipment necessary to successfully carry out an attack scenario and the latter is a subjective assessment of the extent of the existence of attackers who possess the motivation, knowledge, and resources necessary to carry out the scenario. We apply the concept of intrusion areas and classify electromagnetic source technology according to key attributes. Worst-case scenarios are identified for different quantities of attacker resources. The most plausible and consequential of these are deemed the most important scenarios and should provide useful decision support in a countermeasures effort. Finally, an example of the proposed risk assessment framework, based on notional data, is provided on a hypothetical water distribution network.

show abstract

“…Risk analysis for safety is closely related to security. There is no doubt that terrorist attacks, (14) import security for food, (15) aviation security, (16) and cyber crimes are all important security-related issues, which can be much enhanced if we make a wise use of data for risk analysis.…”

Section: Sscsmentioning

confidence: 99%

Advances in Risk Analysis with Big Data

Choi

Lambert

2017

Risk Analysis

View full text Add to dashboard Cite

With cloud computing, Internet-of-things, wireless sensors, social media, fast storage and retrieval, etc., organizations and enterprises have access to unprecedented amounts and varieties of data. Current risk analysis methodology and applications are experiencing related advances and breakthroughs. For example, highway operations data are readily available, and making use of them reduces risks of traffic crashes and travel delays. Massive data of financial and enterprise systems support decision making under risk by individuals, industries, regulators, etc. In this introductory article, we first discuss the meaning of big data for risk analysis. We then examine recent advances in risk analysis with big data in several topic areas. For each area, we identify and introduce the relevant articles that are featured in the special issue. We conclude with a discussion on future research opportunities.

show abstract

A Decision Framework for Managing Risk to Airports from Terrorist Attack

Cited by 57 publications

References 10 publications

Analysis of Affordance, Time, and Adaptation in the Assessment of Industrial Control System Cybersecurity Risk

Analysis of Affordance, Time, and Adaptation in the Assessment of Industrial Control System Cybersecurity Risk

A Systems‐Based Risk Assessment Framework for Intentional Electromagnetic Interference (IEMI) on Critical Infrastructures

Advances in Risk Analysis with Big Data

Contact Info

Product

Resources

About