Skip to main content Accessibility help
×
Home

From Football to Oil Rigs: Risk Assessment for Combined Cyber and Physical Attacks

  • Fred S. Roberts (a1)

Abstract

Although cyber security has become widely recognized as a serious threat to our modern world, there are new threats to our security that combine cyber with other modes of “attack.” This article explores the increasingly important theme in homeland and national security that future attacks will be multimodal, in particular including both a cyber and a physical component, where the cyber attack is intended to make it easier to succeed in the physical attack, and is not an end in itself. The article describes sample scenarios of combined cyber and physical attacks in two sectors where even just cyber security efforts have lagged behind: sports stadiums and the maritime transportation system. It presents an approach to comparing the risk of a combined cyber followed by physical attack and that of a “traditional” physical attack on the same target. It then analyzes the different stadium and maritime examples from the point of view of this risk assessment approach.

  • View HTML
    • Send article to Kindle

      To send this article to your Kindle, first ensure no-reply@cambridge.org is added to your Approved Personal Document E-mail List under your Personal Document Settings on the Manage Your Content and Devices page of your Amazon account. Then enter the ‘name’ part of your Kindle email address below. Find out more about sending to your Kindle. Find out more about sending to your Kindle.

      Note you can select to send to either the @free.kindle.com or @kindle.com variations. ‘@free.kindle.com’ emails are free but can only be sent to your device when it is connected to wi-fi. ‘@kindle.com’ emails can be delivered even when you are not connected to wi-fi, but note that service fees apply.

      Find out more about the Kindle Personal Document Service.

      From Football to Oil Rigs: Risk Assessment for Combined Cyber and Physical Attacks
      Available formats
      ×

      Send article to Dropbox

      To send this article to your Dropbox account, please select one or more formats and confirm that you agree to abide by our usage policies. If this is the first time you use this feature, you will be asked to authorise Cambridge Core to connect with your <service> account. Find out more about sending content to Dropbox.

      From Football to Oil Rigs: Risk Assessment for Combined Cyber and Physical Attacks
      Available formats
      ×

      Send article to Google Drive

      To send this article to your Google Drive account, please select one or more formats and confirm that you agree to abide by our usage policies. If this is the first time you use this feature, you will be asked to authorise Cambridge Core to connect with your <service> account. Find out more about sending content to Google Drive.

      From Football to Oil Rigs: Risk Assessment for Combined Cyber and Physical Attacks
      Available formats
      ×

Copyright

This is an Open Access article, distributed under the terms of the Creative Commons Attribution-NonCommercial-NoDerivatives licence (http://creativecommons.org/licenses/by-nc-nd/4.0/), which permits non-commercial re-use, distribution, and reproduction in any medium, provided the original work is unaltered and is properly cited. The written permission of Cambridge University Press must be obtained for commercial re-use or in order to create a derivative work.

Corresponding author

References

Hide All
AJOT. 2017. “Cyber Penetration Tests Underscore Maritime Industry’s Nightmare Security ScenarioAmerican Journal of Transportation. https://www.ajot.com/news/cyber-penetration-tests-underscore-maritime-industrys-nightmare-security-sc.
Balduzzi, Marco, Kyle, Wilhoit and Alessandro, Pasta. 2013. “Hey Captain, Where’s Your Ship? Attacking Vessel Tracking Systems for Fun and Profit,” In 11th Annual HITB Security Conference in Asia, October 2013. Available at http://conference.hitb.org/hitbsecconf2013kul/materials/D1T1%20-%20Marco%20Balduzzi,%20Kyle%20Wilhoit%20Alessandro%20Pasta%20-%20Attacking%20Vessel%20Tracking%20Systems%20for%20Fun%20and%20Profit.pdf. (accessed February 21, 2015)
Baraniuk, Chris. 2017. “How Hackers Are Targeting the Shipping Industry.” Available at: https://www.bbc.com/news/technology-40685821. (accessed August 6, 2018)
Bell, Steve. 2013. “Cyber-attacks and Underground Activities in Port of Antwerp.” Available at: http://www.bullguard.com/blog/2013/10/cyber-attacks-and-underground-activities-in-port-of-antwerp.html. (accessed February 21, 2015)
Bhatti, Jahshan and Todd E., Humphreys. 2014. “Covert Control of Surface Vessels Via Counterfeit Surface GPS Signals.” Unpublished. https://pdfs.semanticscholar.org/6f20/450b32b71f2454e63292acb632d3619ee8ef.pdf. (accessed December 12, 2017)
Blake, Tanya. 2017. “Hackers Took ‘Full Control’ Of Container Ship’s Navigation Systems For 10 Hours.” ASKET Ltd. Maritime Security News and Updates, November 26, 2017. https://www.asket.co.uk/single-post/2017/11/26/Hackers-took-full-control-of-container-ships-navigation-systems-for-10-hours-AsketOperations-AsketBroker-ELouisv-IHS4SafetyAtSea-TanyaBlake-cybersecurity-piracy-shipping.
Caplan, B. 2006. “Terrorism: The Relevance of the Rational Choice Model.” The Political Economy of Terrorism, 128: 91107.
Cockrell School of Engineering. 2012. “Todd Humphreys’ Research Team Demonstrates First Successful Spoofing of UAV.” The University of Texas at Austin Aerospace and Engineering Mechanics News, June 12, 2012. http://www.ae.utexas.edu/news/504-todd-humphreys-research-team-demonstrates-first-successful-uav-spoofing. (accessed December 28, 2017)
Cohen, S. S. 2002. Economic Impacts of a West Coast Dock Shutdown. Berkeley, CA: University of California at Berkeley. (Unpublished report prepared for the Pacific Maritime Association, Berkeley Roundtable on the International Economy.)
Cyber Operations, Analysis, and Research. 2017. “Cyber-Tabletop Exercises for Sports-Entertainment Venues.” Argonne National Laboratories. Available at https://coar.risc.anl.gov/cyber-tabletop-exercises-for-sports-entertainment-venues/. (accessed August 2, 2018).
CyberKeel. 2014. “Maritime Cyber-Risks: Virtual Pirates at Large on the Cyber Seas.” White Paper, CyberKeel, Copenhagen, October 15, 2014.
Davis, Paul K. and Cragin, Kim (Eds.). 2009. “Social Science for Counterterrorism. Putting the Pieces, Together.” RAND Corporation Monograph Series, 170. http://www.rand.org/pubs/monographs/2009/RAND_MG849.pdf.
Department of Homeland Security, 2018. Planning Considerations: Complex, Coordinated Terrorist Attacks, July 2018, Available at https://www.fema.gov/media-library-data/1532550673102-c4846f270150682decbda99b37524ca6/Planning_Considerations-Complex_Coordinated_Terrorist_Attacks.pdf. (accessed October 14, 2018)
DiRenzo, Joseph III, Drumhiller, Nicole K., and Roberts, Fred S., eds. 2017. Issues in Maritime Cyber Security. Washington, DC: PSO-Westphalia Press.
DiRenzo, Joseph III, Goward, Dana A. and Roberts, Fred S.. 2015. “The Little-Known Challenge of Maritime Cyber Security,” in Proceedings of the 6th International Conference on Information, Intelligence, Systems and Applications (IISA), pp. 15, IEEE. https://doi.org/10.1109/IISA.2015.7388071.
Greenberg, Andy. 2013. “Hackers Reveal Nasty New Car Attacks – With Me Behind the Wheel.” Forbes, August 12, 2013. https://www.forbes.com/sites/andygreenberg/2013/07/24/hackers-reveal-nasty-new-car-attacks-with-me-behind-the-wheel-video/#18a55198228c. (accessed December 11, 2017)
Hand, Marcus. 2016. “Cyber-Attack Allows Pirates to Target Cargo to Steal.” Seatrade Maritime News, July 7, 2016. http://www.seatrade-maritime.com/news/americas/cyber-attack-allows-pirates-to-take-a-roman-holiday.html.
Helander, Juho. 2017. “Identification and Analysis of External Event Combinations for Hanhikivi 1 PRA.” Nuclear Engineering and Technology, 49: 380386.
Hussain, Amir. 2016. “Engineer Gets 8 Months’ Jail For Hacking Into Police CCTV Cameras At Sea Games 2015.” The Straits Times, August 16, 2016. http://www.straitstimes.com/singapore/courts-crime/engineer-gets-8-months-jail-for-hacking-into-police-cctv-cameras-at-sea-games.
Kydd, Andrew and Walter, Barbara. 2006. “The Strategies of Terrorism.” International Security, 31: 4980.
Laris, Michael. 2018. “Stadium and Team Owners See Drones As Major League Threat.” Chicago Tribune, May 11, 2018. http://www.chicagotribune.com/sports/breaking/ct-spt-drones-theats-to-sports-stadiums-20180511-story.html#.
Liu, Zhongqiang, Nadim, Farrokh, Garcia-Aristizabal, Alexander, Mignan, Arnaud, Fleming, Kevin and Luna, Byron Quan. 2015. “A Three-Level Framework for Multi-Risk Assessment.” Georisk: Assessment and Management of Risk for Engineered Systems and Geohazards, 9(2): 5974, https://doi.org/10.1080/17499518.2015.1041989.
James, Mackenzie. 2013. “Wrecked Cruise Ship Costa Concordia Raised off Italian Rocks.” Reuters, September 16, 2013. https://www.reuters.com/article/us-italy-ship/wrecked-cruise-ship-costa-concordia-raised-off-italian-rocks-idUSBRE98F02T20130917. (accessed December 13, 2017)
Executive, Maritime. (2017). “Hackers Could Sink A Bulk Carrier.” The Maritime Executive, December 20, 2017. https://www.maritime-executive.com/article/hackers-could-sink-a-bulk-carrier#gs.ZogtZZo.
Mongelluzzo, Bill. 2018. “Cosco’s Pre-Cyber Attack Efforts Protected Network.” JOC.com, July 30, 2018. https://www.joc.com/maritime-news/container-lines/cosco/cosco%E2%80%99s-pre-cyber-attack-efforts-protected-network_20180730.html.
Nalbandov, Robert. 2013. “Irrational Rationality of Terrorism.” Journal of Strategic Security, 6: 92102, http://dx.doi.org/10.5038/1944-0472.6.4.5. (accessed October 16, 2018)
Osborne, Charlie. 2018. “NonPetya Ransomware Forced Maersk To Reinstall 4000 Servers, 45000 PCs.” ZDNet, January 26, 2018, https://www.zdnet.com/article/maersk-forced-to-reinstall-4000-servers-45000-pcs-due-to-notpetya-attack/. (accessed August 6, 2018)
Park, Jiyoung. 2008. “The Economic Impacts of Dirty Bomb Attacks on The Los Angeles and Long Beach Ports: Applying the Supply-Driven NIEMO (National Interstate Economic Model).” Journal of Homeland Security and Emergency Management, 5(1), https://doi.org/10.2202/1547-7355.1312.
Pasternack, Alex. 2013. “To Move Drugs, Traffickers Are Hacking Shipping Containers.” Motherboard, October 21, 2013. https://motherboard.vice.com/en_us/article/bmjgk8/how-traffickers-hack-shipping-containers-to-move-drugs. (accessed December13, 2017)
Perlroth, Nicole. 2018. “Cyberattack Caused Olympic Opening Ceremony Disruption.” New York Times, February 12, 2018, https://www.nytimes.com/2018/02/12/technology/winter-olympic-games-hack.html.
Roberts, Fred S., Egan, Dennis, Nelson, Christie and Whytlaw, Ryan. 2019. “Combined Cyber and Physical Attacks on the Maritime Transportation System”, Journal of the NATO Maritime Interdiction Operational Training Centre (to appear).
Rose, Adam. 2017. “Economic Consequence Analysis of Maritime Cyber Threats.” In DiRenzo, Joseph III, Drumhiller, Nicole K. and Roberts, Fred S. (Eds.) Issues in Maritime Cyber Security: 321356. Washington, DC: PSO-Westphalia Press.
Rose, Adam and Wei, Dan. 2013. “Estimating the Economic Consequences of a Port Shutdown: The Special Role of Resilience.” Economic Systems Research, 25(2): 212232.
Rosoff, Heather and John, Richard S.. 2009. “Decision Analysis by Proxy for the Rational Terrorist,” In Proceedings of the 21st International Joint Conference on Artificial Intelligence (IJCAI-09), Workshop on Quantitative Risk Analysis for Security Applications (QRASA), Pasadena, California, July 11–17.
Salmon, Kurt. 2015. “West Coast Port Congestion Could Cost Retailers $36.9 Billion in the Next 24 Months.” Business Wire, February 7, 2015, http://www.businesswire.com/news/home/20150207005007/en/West-Coast-Port-Congestion-Cost-Retailers-36.9#.VPiNIsbA7c8. (accessed March 5, 2015)
Templar Executives. 2014. “Cyber Resilience in the Maritime and Energy Sectors.” Templar Executives, May 1, 2014, https://www.templarexecs.com/cyberresilience/. (accessed February 21, 2015)
Talanova, Julia. 2015. “Drone Slams into Seating Area at U.S. Open; Teacher Arrested.” Cnn.com, September 5, 2015. https://www.cnn.com/2015/09/04/us/us-open-tennis-drone-arrest/index.html. (accessed August 6, 2018)
Thomas, Jeanna. 2017. “Gillette Stadium Evacuated for Fire Alarm Prior to Steelers vs. Patriots.” SBNation, January 22, 2017. http://www.sbnation.com/2017/1/22/14350196/boston-man-sets-off-fire-alarms-at-steelers-hotel-before-championship-game-vs-patriots. (accessed August 2, 2018)
Tucci, Andrew. 2017. “Cyber Risk Management: Preparing for New Operational Risks.” Port Technology International Journal, 74: 9092.
U.S. Bureau of Reclamation, Security, Safety, and Law Enforcement Office – Dam Safety. 2015. Risk Management: Best Practices and Risk Methodology: Chapter A-5, Event Trees, May 7, 2015. Available at https://www.usbr.gov/ssle/damsafety/risk/methodology.html. (accessed May 14, 2019)
Austin, UT. 2013. “UT Austin Researchers Successfully Spoof an $80 Million Yacht at Sea.” UT News, July 29, 2013, https://news.utexas.edu/2013/07/29/ut-austin-researchers-successfully-spoof-an-80-million-yacht-at-sea/. (accessed June 26, 2019)
Wagstaff, Jeremy. 2014. “All at Sea: Global Shipping Fleet Exposed to Hacking Threat.” Reuters, April 23, 2014, http://www.reuters.com/article/2014/04/23/tech-cybersecurity-shipping-idUSL3N0N402020140423. (accessed February 21, 2015)
Werling, Jeffrey. 2014. “The National Impact of a West Coast Port Stoppage.” Inforum Report Commissioned by the National Association of Manufacturers and the National Retail Federation. Available at https://www.nam.org/Data-and-Reports/Reports/The-National-Impact-of-a-West-Coast-Port-Stoppage-(Full-Report).pdf (accessed May 14, 2019).
Zetter, Kim. 2014. “An Unprecedented Look at Stuxnet, The World’s First Digital Weapon.” Wired, November 3, 2014, https://www.wired.com/2014/11/countdown-to-zero-day-stuxnet/. (accessed December 13, 2017)
Zorz, Zeljka, Zorz, Mirko and Kucan, Berislav. 2013. “Digital Ship Pirates: Researchers Crack Vessel Tracking System,” Net Help Security, October 16, 2013, http://www.net-security.org/secworld.php?id=15781. (accessed February 21, 2015)

Keywords

From Football to Oil Rigs: Risk Assessment for Combined Cyber and Physical Attacks

  • Fred S. Roberts (a1)

Metrics

Full text views

Total number of HTML views: 0
Total number of PDF views: 0 *
Loading metrics...

Abstract views

Total abstract views: 0 *
Loading metrics...

* Views captured on Cambridge Core between <date>. This data will be updated every 24 hours.

Usage data cannot currently be displayed