A Taxonomy for Risk Assessment of Cyberattacks on Critical Infrastructure (TRACI)

Cybercrime against critical infrastructures such as nuclear reactors, power plants, and dams has been increasing in frequency and severity. Recent literature regarding these types of attacks has been extensive but due to the sensitive nature of this field, there is very little empirical data. We add...

Full description

Saved in:
Bibliographic Details
Published in:Communications of the Association for Information Systems 2023, Vol.52 (1), p.26-50
Main Authors: Plachkinova, Miloslava, Vо, Ace
Format: Article
Language:English
Subjects:
Critical infrastructure
Cybercrime
Infrastructure
Nuclear power plants
Nuclear reactors
Power plants
Risk assessment
Risk management
Citations: Items that cite this one
Online Access:Get full text
Tags: Add Tag
No Tags, Be the first to tag this record!
Description
Summary:Cybercrime against critical infrastructures such as nuclear reactors, power plants, and dams has been increasing in frequency and severity. Recent literature regarding these types of attacks has been extensive but due to the sensitive nature of this field, there is very little empirical data. We address these issues by integrating Routine Activity Theory and Rational Choice Theory, and we create a classification tool called TRACI (Taxonomy for Risk Assessment of Cyberattacks on Critical Infrastructure). We take a Design Science Research approach to develop, evaluate, and refine the proposed artifact. We use mixed methods to demonstrate that our taxonomy can successfully capture the characteristics of various cyberattacks against critical infrastructure. TRACI consists of three dimensions, and each dimension contains its own subdimensions. The first dimension comprises hacker motivation, which can be financial, socio-cultural, thrill-seeking, and/or economic. The second dimension represents the assets such as cyber, physical, and/or cyber-physical components. The third dimension is related to threats, vulnerabilities, and controls that are fundamental to establishing and maintaining an information security posture and overall cyber resilience. Our work is among the first to utilize criminological theories and Design Science to create an empirically validated artifact for improving critical infrastructure risk management.
ISSN:1529-3181
1529-3181
DOI:10.17705/1CAIS.05202