A Logical Model for Multi-Sector Cyber Risk Management

The increasing reliance on digital infrastructures makes whole sectors of the economy and public services vulnerable to attacks through cyberspace. Some progress has been made in understanding vulnerabilities and ways of reducing cyber risk at the sub-sectoral level. While the sectoral level remains a significant challenge, this study goes beyond, also addressing cyber risk resulting from the crossand multi-sectoral interdependencies in a consistent logical model. The paper presents the scope of this logical model, outlines the problem of risk assessment, structured around the triplet “Threats – Vulnerabilities – Impact,” and the structuring of risk mitigation around types of risk reduction measures, the objective of decision-making on risk treatment, and the modalities of application. We provide examples of the implementation of the logical model, underlying the ECHO Multi-sector Assessment Framework, and conclude by emphasising the advantages the logical model and the framework provide. A R T I C L E I N F O : RECEIVED: 28 APR 2020 REVISED: 16 MAY 2020 ONLINE: 18 MAY 2020 K E Y W O R D S : cybersecurity, critical infrastructure, essential services, interdependencies, cyber risk assessment, EMAF, ECHO project Creative Commons BY-NC 4.0 T. Tagarev, M. Pappalardo, N. Stoianov ISIJ 46 (2020): Preview