CybersecurityInterconnected technological risks: Responding to disruptions of cyber-physical systems

Published 19 January 2018

When infectious diseases strike, the World Health Organization acts swiftly, coordinating with the U.S. Centers for Disease Control and Prevention and its foreign counterparts to contain the threat. But there is no equivalent international organization similarly dedicated to identifying and mitigating a cyberattack. The World Economic Forum (WEF), however, is bringing together infrastructure and technology developers, insurers and government officials from across the globe to develop strategies for responding to interconnected technological risks, including those that can cascade when hackers disrupt cyber-physical systems.

When infectious diseases strike, the World Health Organization acts swiftly, coordinating with the U.S. Centers for Disease Control and Prevention and its foreign counterparts to contain the threat. But there is no equivalent international organization similarly dedicated to identifying and mitigating a cyberattack.

The World Economic Forum (WEF), however, is bringing together infrastructure and technology developers, insurers and government officials from across the globe to develop strategies for responding to interconnected technological risks, including those that can cascade when hackers disrupt cyber-physical systems. Addressing these risks will be among the topics addressed at the WEF’s Annual Meeting in Davos, Switzerland, on 23-26 January 2018.

ANL says that the U.S. Department of Energy’s (DOE) Argonne National Laboratory is supporting this effort in two primary ways: (1) presentation of a simulated cyberattack, and (2) facilitated discussion of innovative ways to detect and protect against cyberthreats via machine-to-machine information-sharing techniques — the Cyber Fed Model.

Last September, Duane Verner, resilience analysis group leader in Argonne’s Global Security Sciences division, presented a simulated cyberattack on the electric grid of “Big City USA.” Verner was the keynote speaker of a WEF workshop in Zurich, Switzerland. The workshop met in connection with the WEF’s initiative on Mitigating Risks in the Innovation Economy.

The first known cyberattack to effectively cause a power outage occurred on 23 December 2015, when hundreds of thousands of homes in the Ukraine lost electricity after attackers covertly updated infrastructure with malicious software that rendered the power grid inoperable.

“To have a region without power for weeks on end, especially a region that is a major economic hub, would be catastrophic,” Verner said. “Losses [would] potentially exceed hundreds of millions of dollars.”

Insurance industry representatives at the September WEF workshop stated that the financial losses from the cyberattack could have global impacts. Furthermore, they may be uninsurable.