Another Word For It Patrick Durusau on Topic Maps and Semantic Diversity

July 9, 2015

How Do You Define Cyber Attack?

Filed under: Cybersecurity,Security — Patrick Durusau @ 12:40 pm

I ask because Teri Robinson in Cyber attack on U.S. power grid could rack up $1 trillion in losses, study says, cites:

“Business Blackout: the insurance implications of a cyber attack on the U.S. power grid,” a study (PDF) from the Centre for Risk Studies at Cambridge University and insurer Lloyd’s of London, found that such an attack would have an impact on multiple types of insurance.

A very stylish report, complete with black pages trimmed in red rather than blank pages. It evaluates a fanciful scenario against the US powergrid, with no basis for evaluating the feasibility of the attack as described.

I asked about how you define “cyber attack” because Appendix A lists the obligatory “Cyber attacks against Industrial Control Systems since 1999.” (starts on page 45)

If you review that list carefully, out of an alleged fourteen (14) “cyber attacks,” four (4) of them were physical attacks on infrastructure, eight (8) of them, including insiders, were true cyber attacks and the other two (2) were misc.

Eight (8) cyber attacks against control systems shouldn’t be peg the threat meters for anyone.

But to return to Teri’s article for a moment, she closes with these observations:

And a risk that has American voters worried. A Morning Consult poll found that 32 percent of voters consider cyber attacks a major threat, putting them just behind terrorism, which, at 36 percent, was the top threat.

Among GOP voters, terrorism garnered 45 percent of the vote with cyber attacks getting just 25 percent. Democrats believe cyber attacks (38 percent) to be the bigger threat, while terrorism claimed 31 percent of the vote.

The FBI, DHS, along with the national news media have certainly done well at selling cyber and terrorist attacks as clear and present dangers.

All the more amazing due to the lack of any terrorist attacks worthy of mention since 9/11 and the complete lack of cyber attacks against control systems in public utilities.

Remember, no electricity means no Bevis and Butthead. Be careful what you wish for.

PS: Don’t waste time and money on cyber nightmare scenarios against the U.S. power grid. Yes, they need good cyber security like everyone else, but they have far worse issues of physical security. Congress has published maps of the critical infrastructures and details on non-cybersecurity issues. Check with your local government documents librarian.

No Comments

No comments yet.

RSS feed for comments on this post.

Sorry, the comment form is closed at this time.

Powered by WordPress