Abstract

AbstractFor several years, security experts and government officials have been warning about a “Cyber Pearl Harbor” – a cyber attack on the nation’s power grid. Current cyber security research focuses on the tactical aspects of infrastructure attacks and views attackers as passive agents, downplaying their strategies. The research only minimally incorporates the human element, which limits the understanding of cyber attacks on the critical infrastructure.This paper explores attacker decision-making with regard to power grid cyber attacks from a criminological perspective. It presents the findings from a survey that explored the technical and non-technical factors influencing attacker decision-making. A total of 330 participants from the ethical hacker community and the power industry were surveyed. Nine factors influencing attacker decision-making emerged and were organized to create the PARE RISKS framework: prevention measures (P); attacks and alliances (A); result (R); ease of access (E); response (R); interconnectedness and interdependencies (I); security testing and audits (S); knowledge and research (K); and system weaknesses (S). This paper makes the case that infrastructure attackers are intelligent, active actors who plan strategic attacks and adapt to their environments. The paper also offers recommendations for cyber security policy, focusing on improved security practices, education programs and mandatory security budgets.KeywordsIndustrial control systemscyber attacksattacker decision-making

Full Text
Published version (Free)

Talk to us

Join us for a 30 min session where you can share your feedback and ask us any queries you have

Schedule a call