Abstract

The purpose of the project is to create a taxonomy and organize existing knowledge on cybercrimes against critical infrastructure such as power plants, water treatment facilities, dams, and nuclear facilities. The current study is utilizing Routine Activity Theory to create a three-dimensional taxonomy. The first dimension, hacker motivation, is related to the offenders which could be politically, socio-culturally, and/or economically motivated. The second dimension represents the cyber, physical, and cyber-physical components of any cyber-physical system (CPS) and is a differentiation of the various aspects of the suitable target. The third dimension, security, is related to the threats, vulnerabilities, and controls that represent the lack of the capable guardian. The focus of the study is to provide recommendations for improving the guardianship aspect of the taxonomy and offer practical advice for security professionals. While similar taxonomies exist, none of them have been verified due to the sensitive nature of the data, so this would be one of the first empirically validated approaches on this topic. The methodology guiding this study is Design Science Research (DSR). I will be using qualitative data to evaluate the utility and usability of the taxonomy by conducting semi-structured interviews with security practitioners working in critical infrastructure facilities.

Share

COinS
 

A Taxonomy of Cyberattacks against Critical Infrastructure

The purpose of the project is to create a taxonomy and organize existing knowledge on cybercrimes against critical infrastructure such as power plants, water treatment facilities, dams, and nuclear facilities. The current study is utilizing Routine Activity Theory to create a three-dimensional taxonomy. The first dimension, hacker motivation, is related to the offenders which could be politically, socio-culturally, and/or economically motivated. The second dimension represents the cyber, physical, and cyber-physical components of any cyber-physical system (CPS) and is a differentiation of the various aspects of the suitable target. The third dimension, security, is related to the threats, vulnerabilities, and controls that represent the lack of the capable guardian. The focus of the study is to provide recommendations for improving the guardianship aspect of the taxonomy and offer practical advice for security professionals. While similar taxonomies exist, none of them have been verified due to the sensitive nature of the data, so this would be one of the first empirically validated approaches on this topic. The methodology guiding this study is Design Science Research (DSR). I will be using qualitative data to evaluate the utility and usability of the taxonomy by conducting semi-structured interviews with security practitioners working in critical infrastructure facilities.