Cyberattacks on critical infrastructure: An economic perspective
Languages of publication
The aim of this article is to analyze the economic aspects of cybersecurity of critical infrastructure defined as physical or virtual systems and assets that are vital to a country’s functioning and whose incapacitation or destruction would have a debilitating impact on national, economic, military and public security. The functioning of modern states, firms and individuals increasingly relies on digital or cyber technologies and this trend has also materialized in various facets of critical infrastructure. Critical infrastructure presents a new cybersecurity area of attacks and threats that requires the attention of regulators and service providers. Deploying critical infrastructure systems without suitable cybersecurity might make them vulnerable to intrinsic failures or malicious attacks and result in serious negative consequences. In this article a fuller view of costs and losses associated with cyberattacks that includes both private and external (social) costs is proposed. An application of the cost-benefit analysis or the Return on Security Investment (ROSI) indicator is presented to evaluate the worthiness of cybersecurity efforts and analyze the costs associated with some major cyberattacks in recent years. The “Identify, Protect, Detect, Respond and Recover” (IPDRR) framework of organizing cybersecurity efforts is also proposed as well as an illustration as to how the blockchain technology could be utilized to improve security and efficiency within a critical infrastructure.
- Bank of America Merrill Lynch, 2015. Global cybersecurity primer.
- Beasley, C., Venayagamoorthy, G.K. & Brooks, R., 2014. Cyber security evaluation of synchrophasors in a power system. IEEE Computer Society, pp.1–5.
- Bernik, I. & Prislan, K., 2016. Measuring information security performance with 10 by 10 model for holistic state evaluation. PLoS ONE, 11(9), pp.1–33.
- Bojanc, R. & Jerman-Blažič, B., 2008. An economic modelling approach to information security risk management. International Journal of Information Management, 28(5), pp.413–422.
- Conti, M., Kumar, E.S., Lal, C. & Ruj, S., 2017. A survey on security and privacy issues of Bitcoin. IEEE Communications Surveys & Tutorials, 20(4), pp.3416-3452.
- ENISA, 2012. Introduction to Return on Security Investment. European Union Agency for Network and Information Security.
- Evans, G.L., 2017. Disruptive technology and the board: the tip of the iceberg. Economics and Business Review, 3(1), pp.205–223.
- FireEye, 2013. The advanced cyber attack landscape. FireEye, Inc.
- Flick, T. & Morehouse, J., 2010. Securing the smart grid: next generation power grid security. Elsevier, Syngress.
- Fung, C.C., Roumani, M.A. & Wong, K.P., 2013. A proposed study on economic impacts due to cyber attacks in smart grid: a risk based assessment. IEEE Power and Energy Society General Meeting, pp.1–5.
- Gintis, H., 2005. Behavioral game theory and contemporary economic theory. Analyse & Kritik, 27(1), pp.48-72.
- Goodin, D., 2011. PlayStation Network breach will cost Sony $171m. The Register.
- Jentzsch, N., 2016. State-of-the-art of the economics of cyber-security and privacy. IPACSO Deliverable D, 4.
- Klahr, R., Shah, J., Sheriffs, P., Rossington, T., Pestell, G., Button, M. & Wang, V., 2017. Cyber security breaches survey 2017. Main report. Available at: http://www.ipsos-mori.com/terms.
- Kowalski, T., 2013. Globalization and transformation in Central European countries: the case of Poland, Poznan University of Economics Press.
- Kshetri, N., 2017. Blockchain’s roles in strengthening cybersecurity and protecting privacy. Telecommunications Policy, 41(10), pp.1027–1038.
- Lloyd’s, 2015. Business blackout. Lloyd’s Emerging Risk Report – 2015. University of Cambridge Judge Business School.
- Lockstep Consulting, 2004. A guide for government agencies calculating return on security investment. NSW Department of Commerce, GCIO Guidelines, p.33.
- Louis, M., Adrian, B. & Evangelos, R., 2016. Threat landscape 2015. European Union Agency for Network and Information Security (ENISA).
- Marotta, A., Martinelli, F., Nanni, S., Orlando, A. & Yautsiukhin, A., 2017. Cyber-insurance survey. Computer Science Review, 24, pp.35–61.
- Mendel, J., 2018. The economic perspective on smart grid cyber security. PhD Thesis, Poznan University of Economics and Business.
- NIST, 2017. Proposed updates to the framework for improving critical infrastructure cybersecurity. National Institute of Standards and Technology.
- O’Dell, J., 2011. How much does identity theft cost? Mashable.
- OECD, 2015. OECD digital economy outlook 2015. Organisation for Economic Co-operation and Development.
- OECD, 2009a. Computer viruses and other malicious software. a threat to the internet economy Organisation for Economic Co-operation and Development.
- OECD, 2009b. Malware : why should we be concerned? Organisation for Economic Co-operation and Development.
- OECD, 2013. Exploring the economics of personal data. OECD Digital Economy Papers, (220), p.40.
- Ponemon Institute LLC, 2015. The cost of malware containment.
- Ponemon Institute LLC, 2019. Cybersecurity in operational technology: 7 insights you need to know.
- Rebecca, S. & Rob, B., 2019. America’s electric grid has a vulnerable back door and Russia walked through it. The Wall Street Journal.
- Rogers M., Henderson, K., 2019. How blockchain can help the utility industry develop clean power. McKinsey & Company.
- Sikorski, J.J., Haughton, J. & Kraft, M., 2017. Blockchain technology in the chemical industry: Machine-to-machine electricity market. Applied Energy, (195), pp.234–246.
- Singer, P.W. & Friedman, A., 2014. Cybersecurity: What everyone needs to know. OUP USA.
- Sobers, R., 2019. 60 must-know cybersecurity statistics for 2019. varonis.
- Smith, B., 2018, Government and business must fight the cyber threat, The Financial Times, 18 Nov 2018.
- Su, X., 2006. An Overview of economic approaches to information security management. Technical Report TR-CTIT-06-30, University of Twente.
- The Council of Economic Advisers, 2018. the cost of malicious cyber activity to the U.S. economy. The Council of Economic Advisers.
- US Homeland Security NCCIS, 2015. Seven strategies to defend ICSs.
- Vijay, S., Hoikka, H. & Kenneth, B., 2015. Ukraine 2015 power grid cyberattack. ELEC-E7470 Cybersecurity L - Case Study, p.9.
- Wakefield, M., 2012. Guidebook for cost/benefit analysis of smart grid demonstration projects.
Publication order reference