Are cyber-blackouts in service networks likely?: Implications for Aggregate Cyber Risk Management

Show full item record



Permalink

http://hdl.handle.net/10138/311776

Citation

Pal , R , Psounis , K , Kumar , A , Crowcroft , J , Hui , P , Golubchik , L , Kelly , J , Chatterjee , A & Tarkoma , S 2018 ' Are cyber-blackouts in service networks likely?: Implications for Aggregate Cyber Risk Management ' Techical Report , no. 926 , University of Cambridge . < https://www.cl.cam.ac.uk/techreports/UCAM-CL-TR-926.html >

Title: Are cyber-blackouts in service networks likely?: Implications for Aggregate Cyber Risk Management
Author: Pal, Ranjan; Psounis, Konstantinos; Kumar, Abhishek; Crowcroft, Jon; Hui, Pan; Golubchik, Leana; Kelly, John; Chatterjee, Aritra; Tarkoma, Sasu
Other contributor: University of Helsinki, Department of Computer Science
University of Helsinki, Department of Computer Science
University of Helsinki, Content-Centric Structures and Networking research group / Sasu Tarkoma


Publisher: University of Cambridge
Date: 2018-10
Language: eng
Number of pages: 32
Belongs to series: Techical Report
URI: http://hdl.handle.net/10138/311776
Abstract: Service liability interconnections among networked IT and IoT driven service organizations create potential channels for cascading service disruptions due to modern cybercrimes such as DDoS, APT, and ransomware attacks. The very recent Mirai DDoS and WannaCry ransomware attacks serve as famous examples of cyber-incidents that have caused catastrophic service disruptions worth billions of dollars across organizations around the globe. A natural question that arises in this context is “what is the likelihood of a cyber-blackout?”, where the latter term is defined as: “the probability that all (or a major subset of) organizations in a service chain become dysfunctional in a certain manner due to a cyber-attack at some or all points in the chain”. The answer to this question has major implications to risk management businesses such as cyber-insurance when it comes to designing policies by risk-averse insurers for providing coverage to clients in the aftermath of such catastrophic network events. In this paper, we investigate this question in general as a function of service chain networks and different loss distribution types. We show somewhat surprisingly (and discuss potential practical implications) that following a cyber-attack, the probability of a cyber-blackout and the increase in total service-related monetary losses across all organizations, due to the effect of (a) network interconnections, and (b) a wide range of loss distributions, are mostly very small, regardless of the network structure – the primary rationale behind the results being attributed to degrees of heterogeneity in wealth base among organizations, and Increasing Failure Rate (IFR) property of loss distributions.
Subject: 113 Computer and information sciences
Rights:


Files in this item

Total number of downloads: Loading...

Files Size Format View
UCAM_CL_TR_926.pdf 1.772Mb PDF View/Open

This item appears in the following Collection(s)

Show full item record