Understanding the exposure of national infrastructure to cyber attack

26 April 2012, 4:30pm


CSaP / Cambridge Computer Lab workshop for government, academia and industry to explore the exposure of national infrastructure to cyber attack

In a world which is ever more connected – and where the drive for efficiency and responsiveness of systems means that those systems are ever more dependent on digital infrastructure – the exposure to cyber attack, whether malicious or accidental, also increases. In a commercial context, there is in principle an economic/security balance which can assess the cost/benefit of an attack and thus inform an economic case for defence and mitigation. This is not so clear in the case of national infrastructure (even if that infrastructure is provided by the private sector); here it is necessary for Government to consider how national infrastructure relates to national security, using relevant insights from very many disciplines.

This workshop will bring together expertise from a range of disciplines and the relevant stakeholders to understand more about the exposure of national infrastructure to cyber attack.

Specifically we would like to answer the following:

  1. How can we quantify these risks, particularly when they involve cyclic dependencies?
  2. Are there examples of risk that would be amenable to detailed study with the goal of reducing exposure?
  3. If so, what is the range of expertise that should be brought to such studies?
  4. To what extent does the study of such risks actually make things worse? Can we create an environment or setting in which we can study risk without increasing exposure? What are the implications for how we construct systems (e.g. open source versus proprietary technology)?
  5. Can we draw on lessons learned in other countries, e.g. the analysis of critical infrastructure by DHS in the US?

The invitation-only workshop will aim to identify one or two large infrastructure risks in which the risk holders, infrastructure providers and academics can agree that a detailed study is possible and potentially helpful. We will also make use of the CSaP Policy Fellowships programme to further these discussions. The longer-term objective will be to develop a programme of research.

Professor Ian Leslie

Department of Computer Science and Technology, University of Cambridge