Browsing by Author "Harry, Charles"
Now showing 1 - 3 of 3
Results Per Page
Sort Options
Item Categorizing and Assessing the Severity of Disruptive Cyber Incidents(Center for International & Security Studies, 2017-04) Harry, Charles; Gallagher, NancyFaced with a rapidly growing volume and range of cyber attacks, policymakers and organizational leaders have had difficulty setting priorities, allocating resources, and responding effectively without a standard way to categorize cyber events and estimate their consequences. Presidential Policy Directive 41 laid out the Obama administration’s principles for executive branch responses to significant cyber incidents in the public or private sector. But it neither drew important distinctions between different types of cyber incidents, nor gave a standard way to determine where a particular incident falls on its 0-5 point severity scale. This policy brief demonstrates how an analytical framework developed at the Center for International and Security Studies at the University of Maryland (CISSM) can help address these problems. It first differentiates between low-level incidents and more significant cyber events that result in either exploitation of information and/or disruption of operations. It categorizes five types of disruptive events and analyzes 2,030 cyber events in a dataset developed from media sources, showing that cyber exploitation remains more common than disruption, and that most disruptive activity fits into two categories: message manipulation and external denial of service attacks. Finally, the brief offers a standard method to assess the severity of different categories of disruptive attacks against different kinds of organizations based on the scope, magnitude, and duration of the event. This Cyber Disruption Index (CDI) is then applied to survey data on Distributed Denial of Service (DDoS) attacks in the private sector to assess severity within a common category of disruptive events. Of 3,900 cases reported, only 5 events (less than 1% of the DDoS cases) had a combined scope, magnitude, and duration severe enough to be a priority for prevention and potentially warrant government involvement.Item A Framework for Categorizing Disruptive Cyber Activity and Assessing its Impact(Center for International & Security Studies at Maryland, 2015-08-04) Harry, CharlesWhile significant media attention has been given to the volume and range of cyber attacks, the inability to measure and categorize disruptive events has complicated efforts of policy makers to push comprehensive responses that address the range of cyber activity. While organizations and public officials have spent significant time and resources attempting to grapple with the complex nature of these threats, a systematic and comprehensive approach to categorize and measure disruptive attacks remains elusive. This paper addresses this issue by differentiating between exploitive and disruptive cyber events, proposes a formal method to categorize five types of disruptive events, and measures their impact along three dimensions of analysis. Scope, magnitude, and duration of disruptive cyber events are analyzed to locate each event on a Cyber Disruption Index (CDI) so organizations and policymakers can estimate the aggregated effect of a malicious act aimed at impacting their operations. Using the five different event classes and the CDI estimation method makes it easier for organizations and policy makers to disaggregate a complex topic, contextualize and process individual threats to their network, target where increased investment can reduce the risk of specific disruptive cyber events, and distinguish between events that represent a private-sector problem from those that merit a more serious public-sector concern.Item A Proposed Hierarchical Taxonomy for Assessing the Primary Effects of Cyber Events: A Sector Analysis 2014-2016(2018-02-28) Harry, CharlesPublicity surrounding the threat of cyber-attacks continues to grow, yet immature classification methods for these events prevent technical staff, organizational leaders, and policy makers from engaging in meaningful and nuanced conversations about the risk to their organizations or critical infrastructure. This paper provides a taxonomy of cyber events that is used to analyze over 2,431 publicized cyber events from 2014-2016 by industrial sector. Industrial sectors vary in the scale of events they are subjected to, the distribution between exploitive and disruptive event types, and the method by which data is stolen or organizational operations are disrupted. The number, distribution, and mix of cyber event types highlight significant differences by sector, demonstrating that strategies may vary based on deeper understandings of the threat environment faced across industries.