Many organizations are struggling with how to assess the broad set of risks stemming from cyber-attacks against the nation’s critical infrastructure. Roughly 85% of the critical infrastructure in the US is managed and operated by private organizations, and if ours is one of these firms you have the primary responsibility for assessing specific vulnerabilities and managing cybersecurity risk to your own networks.
However, public officials have a deep interest not only in the specific vulnerabilities and risk of particular entities, but also in how specific attacks on those organizations affect the movement of containers moving from railyards to ports, the movement of crude oil from field to refinery, or even how caustic chemicals are transported to manufacturers.
The US Department of Homeland Security (DHS) is tasked with assessing overall strategic risk. Each of the 16 critical infrastructures laid out in the related DHS directive presents a challenge to policymakers. They have to understand both the unique interdependencies of the infrastructures they are analyzing and the specific vulnerabilities and hacker-induced effects to the devices and…
