A Roadmap for Quantifying the Efficacy of Risk Management of Information Security and Interdependent SCADA Systems

“…The outputs are represented in two different metrics, economic inoperability measured in dollars lost and percentage of dysfunctionality. Haimes and Chittester [70] use this method to quantify economic losses and their propagation through the various economic sectors for large scale civil infrastructures controlled by SCADA systems over IP based communication networks. They present a case study demonstrating the effects of a perturbation to the telecommunications sector by way of cyber intrusion.…”

Cyber security risk assessment for SCADA and DCS networks

“…The outputs are represented in two different metrics, economic inoperability measured in dollars lost and percentage of dysfunctionality. Haimes and Chittester [70] use this method to quantify economic losses and their propagation through the various economic sectors for large scale civil infrastructures controlled by SCADA systems over IP based communication networks. They present a case study demonstrating the effects of a perturbation to the telecommunications sector by way of cyber intrusion.…”

Cyber security risk assessment for SCADA and DCS networks

“…We adapt the framework proposed by Haimes and Chittister (2005) in quantifying the net benefit of available risk management options. Let the notation i ¼ 1,2,. .…”

“…These may include the availability and capability of manpower in charge of the deployment and operations of the selected policy options, as well as the extent to which risk managers respond and adapt to the continuously evolving nature of disasters (Haimes and Chittister, 2005). Applying such factors to the formulation shown in equation (6), the IIM equation can be customized to take into account the application of risk management policies.…”

A Risk-based Input–Output Methodology for Measuring the Effects of the August 2003 Northeast Blackout

“…Such modeling and simulation abilities are integral to infrastructure risk analyses. Haimes, Kaplan, and Lambert (2002) describe a risk filtering, ranking, and management method (RFRM), which builds on the HHM (Haimes & Chittester, 2005) to identify risks, but then filters and ranks the risks so that the risks can be addressed in the order of priority. Haimes and Chittester (2005) use inoperability input-output modeling (IIM) to quantify economic losses and their propagation through the various economic sectors for large-scale civil infrastructures controlled by SCADA systems over internet protocol communication networks.…”

“…Haimes, Kaplan, and Lambert (2002) describe a risk filtering, ranking, and management method (RFRM), which builds on the HHM (Haimes & Chittester, 2005) to identify risks, but then filters and ranks the risks so that the risks can be addressed in the order of priority. Haimes and Chittester (2005) use inoperability input-output modeling (IIM) to quantify economic losses and their propagation through the various economic sectors for large-scale civil infrastructures controlled by SCADA systems over internet protocol communication networks. The work by Nozick, Turnquist, Jones, Davis, and Lawton (2005) focuses on representing interdependent infrastructure networks using Markov and semi-Markov processes to reflect uncertain capacity on network links.…”

Quantitatively assessing the vulnerability of critical information systems: A new method for evaluating security enhancements