Abstract

This paper presents an assessment of the degree of dependency of Critical Infrastructure (CI) on Information and Communications Technology (ICT). The assessment used the ICT Dependency Model, and a software tool based on the model to measure the degree of ICT dependency grounded on predefined metrics and indicators. The outcomes are the ICT Dependency Index (IDI) - a composite value of the quantitative summation of the metrics, the ICT Dependency Quadrant (IDQ) - a mechanism that comparatively groups the IDI into four bands represented as quadrants i.e. Q1, Q2, Q3, and Q4, which depicts the intersection of dependency and cyber risk. The Q4 quad demonstrates a high degree of ICT dependency, and consequently a potential high cyber risk, Q1 depicts low ICT dependency with a corresponding potential low cyber risk. The results show that increasing level of ICT dependency by CIs has the potential to exacerbate their cyber risk as depicted by the 20 organisations in Q3 and Q4 quad-bands. Consequently, the quantitative approach helps to comparatively assess, group, and visualize the degree of dependency of CI sectors and organisations in a more intuitive fashion using the IDI and IDQ. The IDI and IDQ establish the threshold of ICT dependency and potential cyber risk in a single view. Our solution applies scientific and empirical tools for continuously measuring and ranking ICT dependency of sectors and their organisations in a universal and repeatable fashion. This process can eliminate bias and facilitate proportionate national investment in critical information infrastructure protection (CIIP).

Talk to us

Join us for a 30 min session where you can share your feedback and ask us any queries you have

Schedule a call

Disclaimer: All third-party content on this website/platform is and will remain the property of their respective owners and is provided on "as is" basis without any warranties, express or implied. Use of third-party content does not indicate any affiliation, sponsorship with or endorsement by them. Any references to third-party content is to identify the corresponding services and shall be considered fair use under The CopyrightLaw.