Probabilistic Risk Analysis and Terrorism Risk

Ezell, Barry; Bennett, Steven; Winterfeldt, Detlof von; Sokolowski, John A.; Collins, Andrew J.

doi:10.1017/9781316676714.002

Cited by 43 publications

(63 citation statements)

References 460 publications

Supporting

Mentioning

Contrasting

Unclassified

Order By: Relevance

“…Paté-Cornell and Guikema (30) are among the first to apply the techniques of PRA to terrorism risk. Many papers follow, (31)(32)(33)(34)(35) often using simplified models that rely on the definition "Risk = Threat (T) × Vulnerability (V) × Consequence (C)," where subject matter experts assess the threat and vulnerability terms as probabilities, and the consequence term in units of, for example, economic replacement cost, or fatalities. (36,37) When applied to critical infrastructure, the notion is to assess adversary intent as "threat" (38) ) and then rely on such assessments for proposed methods to optimize defense.…”

Section: Nondeliberate Hazards Versus Deliberate Threatsmentioning

confidence: 99%

Operational Models of Infrastructure Resilience

2015

View full text Add to dashboard Cite

We propose a definition of infrastructure resilience that is tied to the operation (or function) of an infrastructure as a system of interacting components and that can be objectively evaluated using quantitative models. Specifically, for any particular system, we use quantitative models of system operation to represent the decisions of an infrastructure operator who guides the behavior of the system as a whole, even in the presence of disruptions. Modeling infrastructure operation in this way makes it possible to systematically evaluate the consequences associated with the loss of infrastructure components, and leads to a precise notion of "operational resilience" that facilitates model verification, validation, and reproducible results. Using a simple example of a notional infrastructure, we demonstrate how to use these models for (1) assessing the operational resilience of an infrastructure system, (2) identifying critical vulnerabilities that threaten its continued function, and (3) advising policymakers on investments to improve resilience.

show abstract

Section: Nondeliberate Hazards Versus Deliberate Threatsmentioning

confidence: 99%

Operational Models of Infrastructure Resilience

2015

View full text Add to dashboard Cite

show abstract

“…For the case of failures in cloud data centers and long-distance optical networks infrastructures, empirical studies and hazard maps of potential natural disasters might provide estimation of the probability of occurrence and expected damage [97]. Attacks can be predicted using probabilistic models to assess the risk [203]. Studies in [97], [156], [204], [205] analyze the risk assessment measurement in communication networks, then [206] suggests the integration of the risk assessment in the entire cloud computing infrastructure.…”

Section: F Measurement and Estimation Of Resiliency In Cloud Computingmentioning

confidence: 99%

A Survey on Resiliency Techniques in Cloud Computing Infrastructures and Applications

Colman-Meixner

Develder

Tornatore

et al. 2016

IEEE Commun. Surv. Tutorials

130

View full text Add to dashboard Cite

Abstract-Today's businesses increasingly rely on cloud computing, which brings both great opportunities and challenges. One of the critical challenges is resiliency: disruptions due to failures (either accidental or because of disasters or attacks) may entail significant revenue losses (e.g., US$ 25.5 billion in 2010 for North America). Such failures may originate at any of the major components in a cloud architecture (and propagate to others): (i) the servers hosting the application, (ii) the network interconnecting them (on different scales, inside a data center, up to wide-area connections), or (iii) the application itself. We comprehensively survey a large body of work focusing on resilience of cloud computing, in each (or a combination) of the server, network, and application components.First, we present the cloud computing architecture and its key concepts. We highlight both the infrastructure (servers, network) and application components. A key concept is virtualization of infrastructure (i.e., partitioning into logically separate units), and thus we detail the components in both physical and virtual layers. Before moving to the detailed resilience aspects, we provide a qualitative overview of the types of failures that may occur (from the perspective of the layered cloud architecture), and their consequences.The second major part of the paper introduces and categorizes a large number of techniques for cloud computing infrastructure resiliency. This ranges from designing and operating the facilities, servers, networks, to their integration and virtualization (e.g., also including resilience of the middleware infrastructure).The third part focuses on resilience in application design and development. We study how applications are designed, installed, and replicated to survive multiple physical failure scenarios as well as disaster failures.

show abstract

“…If no valid data is available to inform set K then Ezell et al (2010) recommend that the probabilities of different attacker options should be elicited from experts. However, expert opinion is not necessarily a viable replacement, and care should be taken with the validity of such judgement.…”

Section: Eliciting Expert Opinionmentioning

confidence: 99%

Measuring the Risk of Cyber Attack in Industrial Control Systems

Cook

Smith

Μαγλαράς

et al. 2016

Electronic Workshops in Computing

View full text Add to dashboard Cite

Cyber attacks on industrial control systems (ICS) that underpin critical national infrastructure can be characterised as high-impact, low-frequency events. To date, the volume of attacks versus the overall global footprint of ICS is low, and as a result there is an insufficient dataset to adequately assess the risk to an ICS operator, yet the impacts are potentially catastrophic. This paper identifies key elements of existing decision science that can be used to inform and improve the cyber security of ICS against antagonistic threats and highlights the areas where further development is required to derive realistic risk assessments, as well as detailing how data from established safety processes may inform the decision-making process. The paper concludes by making recommendations as to how a validated dataset could be constructed to support investment in ICS cyber security.

show abstract

Probabilistic Risk Analysis and Terrorism Risk

Cited by 43 publications

References 460 publications

Operational Models of Infrastructure Resilience

Operational Models of Infrastructure Resilience

A Survey on Resiliency Techniques in Cloud Computing Infrastructures and Applications

Measuring the Risk of Cyber Attack in Industrial Control Systems

Contact Info

Product

Resources

About