Publications
Cyber risk in critical infrastructure
Existing approaches to evaluating cyber risk are summarized and explored for their applicability to critical infrastructure. The approaches cluster in three different spaces: network security, cyber-physical, and mission assurance. In all approaches, some form of modeling is utilized at varying levels of detail, while the ability to understand consequence varies, as do interpretations of risk. A hybrid approach can account for cyber risk in critical infrastructure and allow for allocation of limited resources across the entirety of the risk spectrum.