Are cyber-blackouts in service networks likely?: Implications for Aggregate Cyber Risk Management

Show full item record



Pal , R , Psounis , K , Kumar , A , Crowcroft , J , Hui , P , Golubchik , L , Kelly , J , Chatterjee , A & Tarkoma , S 2018 ' Are cyber-blackouts in service networks likely?: Implications for Aggregate Cyber Risk Management ' Techical Report , no. 926 , University of Cambridge . < >

Title: Are cyber-blackouts in service networks likely?: Implications for Aggregate Cyber Risk Management
Author: Pal, Ranjan; Psounis, Konstantinos; Kumar, Abhishek; Crowcroft, Jon; Hui, Pan; Golubchik, Leana; Kelly, John; Chatterjee, Aritra; Tarkoma, Sasu
Contributor organization: Department of Computer Science
Content-Centric Structures and Networking research group / Sasu Tarkoma
Helsinki Institute for Information Technology
Publisher: University of Cambridge
Date: 2018-10
Language: eng
Number of pages: 32
Belongs to series: Techical Report
ISSN: 1476-2986
Abstract: Service liability interconnections among networked IT and IoT driven service organizations create potential channels for cascading service disruptions due to modern cybercrimes such as DDoS, APT, and ransomware attacks. The very recent Mirai DDoS and WannaCry ransomware attacks serve as famous examples of cyber-incidents that have caused catastrophic service disruptions worth billions of dollars across organizations around the globe. A natural question that arises in this context is “what is the likelihood of a cyber-blackout?”, where the latter term is defined as: “the probability that all (or a major subset of) organizations in a service chain become dysfunctional in a certain manner due to a cyber-attack at some or all points in the chain”. The answer to this question has major implications to risk management businesses such as cyber-insurance when it comes to designing policies by risk-averse insurers for providing coverage to clients in the aftermath of such catastrophic network events. In this paper, we investigate this question in general as a function of service chain networks and different loss distribution types. We show somewhat surprisingly (and discuss potential practical implications) that following a cyber-attack, the probability of a cyber-blackout and the increase in total service-related monetary losses across all organizations, due to the effect of (a) network interconnections, and (b) a wide range of loss distributions, are mostly very small, regardless of the network structure – the primary rationale behind the results being attributed to degrees of heterogeneity in wealth base among organizations, and Increasing Failure Rate (IFR) property of loss distributions.
Description: @TechReport{UCAM-CL-TR-926, author = {Pal, Ranjan and Psounis, Konstantinos and Kumar, Abhishek and Crowcroft, Jon and Hui, Pan and Golubchik, Leana and Kelly, John and Chatterjee, Aritra and Tarkoma, Sasu}, title = {{Are cyber-blackouts in service networks likely?: implications for cyber risk management}}, year = 2018, month = oct, url = {}, institution = {University of Cambridge, Computer Laboratory}, number = {UCAM-CL-TR-926} }
Subject: 113 Computer and information sciences
Rights: unspecified
Usage restriction: openAccess
Self-archived version: publishedVersion

Files in this item

Total number of downloads: Loading...

Files Size Format View
UCAM_CL_TR_926.pdf 1.772Mb PDF View/Open

This item appears in the following Collection(s)

Show full item record