Share these talks and lectures with your colleagues
Invite colleaguesPractice paper
The challenge of assessing strategic cyber security risk in organisations and critical infrastructure
Cyber Security: A Peer-Reviewed Journal,
4
(1),
58-69
(2020)
Abstract
The increasing threat of cyberattacks against systemically important institutions and critical infrastructure continues to highlight the need to improve the defence and resilience of organisations. The US government focuses its defence strategy on applying a risk-based approach to optimise the allocation of scarce resources across federal networks and promotion of best practice for critical infrastructure. This paper discusses the framing national policy and the core methodological challenges facing practitioners who seek to implement such an approach. The paper defines three key areas of fundamental challenge: 1) defining tiers, categories, and severity measures of end effect; 2) linkage of devices to organisational processes; and 3) a mechanism for connecting organisations together to analyse emergent societal effects. This approach is broadly applied to an example of commercial airline operations identifying the interconnection between key functions in the production chain that, if disrupted, lead to strategic effects in the critical infrastructure sector.
Keywords: risk; critical infrastructure; cyber strategy; interdependence
The full article is available to subscribers to the journal.
Author's Biography
Charles Harry PhD is a senior leader, practitioner and researcher with over 20 years’ experience in intelligence and cyber operations. Charles is the director of operations at the Maryland Global Initiative in Cybersecurity (MaGIC), an associate research professor in the School of Public Policy and College of Information Studies and a senior research associate at the Center for International and Security Studies at Maryland (CISSM). Charles is also co-founder and CEO of Decision Point Analytics, a consulting firm focused on assessing cyber security risk. He is part of the Bain & Company Expert Network and is an active consultant to a wide range of public and private organisations. His public service includes a 14-year career with the National Security Agency rising to the rank of senior technical leader (DISL). He has supported senior policy makers at the White House and has regularly appeared before congressional committees to provide testimony. Charles holds degrees in economics and history from the University of Colorado and was awarded a PhD in policy studies from the University of Maryland. He is the recipient of the Director of National Intelligence Extraordinary Achievement Medal and the Signal Intelligence Career Achievement Medal. His current research focuses on the development of an analytic framework for assessing cyber security risk including the ability to categorise and measure the impact of cyber events.
