Technology Catastrophe Risk
The modern knowledge economy is increasingly reliant on information technology, communication systems, and infrastructure service continuity. Exploring the emerging risk of disruption and catastrophic failure of these critical systems is a key theme of research at the Centre. Understanding cyber risk and the potential for massive failure of interconnected infrastructure systems requires a detailed technical appraisal of complex engineering interactions, a domain-specific assessment of the threat, and a risk analysis framework.
An innovative risk assessment framework for cyber
The Centre for Risk Studies has developed an innovative framework for the assessment of cyber catastrophe risk, first published in 2013 and significantly expanded upon since. It includes an understanding of the cyber threat landscape resulting from different attack vectors, actors and motivations. The framework provides a method of assessing the economic and social impact of future cyber attacks. It also captures risk correlation structures and the potential for systemic cyber catastrophes to impact society, insurance companies, and national governments.
In 2016 and beyond, we intend to develop this framework to explore the key issue of how public and private sectors can collaborate as joint stakeholders in reducing cyber risk to the functioning of society and the economy. We will examine the roles of individual companies in protecting themselves, the benefits provided by the IT security industry, the value of insurance in providing protection and incentives for risk reduction, law enforcement in deterring cyber criminals, and the function of regulators in enforcing standards for public protection.
Interdependencies in critical national infrastructure
A major areas of societal concern is the potential for failures of critical national infrastructure. In 2015 the Centre analysed a number of scenarios of failure of critical national infrastructure, including cyber attacks, solar storms, and interdependencies and cascading failures from one system to another.
The interaction and vulnerability of different types of national infrastructure is a continuing and important theme for research, involving understanding how power, communications, energy networks, transport and other systems rely on each other and their critical failure points and vulnerabilities to disruptive threats.
Multiple stakeholders in improving cyber safety
The research on cyber catastrophe risk proposes to explore how the risk to society can be managed better, and how the roles of different stakeholders could be optimised. Different stakeholders are involved and there are a variety of approaches to making society safer, including applying regulation, relying on enterprises investing and taking measures to protect themselves, improving the role of the security consultant industry, government security services and counter-cyber forces, insurance and financial incentives to change behaviour. The complexity of the interaction of different stakeholders increases with state-backed cyber forces, and the extension of cyber interventions as a foreign policy instrument and an instrument of proto-warfare.