 A Criminological Perspective on Power Grid Cyber attacks: Using Routine Activities Theory to Rational Choice Perspective to Explore Adversarial Decision-MakingRege Aunshul ()
Journal of Homeland Security and Emergency Management, 2014, vol. 11, issue 4, 463-487 Abstract: The US power grid has been identified by security experts as a prime target for terrorist-based and state-sponsored cyber attacks. In addition to downing the grid, cyber attacks can also destroy and manipulate data systems, obtain sensitive intellectual property and steal trade secrets. Existing research has addressed the technical factors, such as vulnerabilities and poor intrusion detection systems, which lead to cyber attacks. However, it remains silent on the human factors in the cyber attack equation. This study uses a criminological framework, specifically Routine Activities Theory and Rational Choice Perspective to capture intelligent adversaries who plan and execute attacks based on their analysis of target suitability and guardianship efficacy. It uses a two-step methodology to identify adversary-, target-, and guardianship-specific factors that collectively impact decision-making processes. First, a document analysis of existing literature reveals nine factors (PARE RISKS) that influence adversarial decision-making: Prevention measures, Attacks and Alliances, Results, Ease of Access, Response and Recovery, Interconnectedness and Interdependencies, Security Testing, Assessments and Audits, Knowledge, Skills, Research and Development, and System Weaknesses. Second, surveys and interviews conducted between 2010 and 2012 with various hackers, penetration testers, and power grid representatives helps validate and refine the PARE RISKS framework. This study identifies (i) adversary-specific factors as resources (skills, money, and time), and research (targets and techniques); (ii) target-specific factors as accessibility (electronic and physical) and weaknesses (outdated architecture and inadequate testing/updates); and (iii) guardian-specific factors as prevention (quality of prevention and intrusion detection measures). It argues that altering each of these three elements of Routine Activities Theory can impact adversarial decision-making, which may help reduce the likelihood of power grid cyber attacks. Keywords: adversarial decision-making; power grid cyber attacks; rational choice perspective; routine activities theory (search for similar items in EconPapers) Downloads: (external link) Related works: Export reference: BibTeX RIS (EndNote, ProCite, RefMan) HTML/Text Persistent link: https://EconPapers.repec.org/RePEc:bpj:johsem:v:11:y:2014:i:4:p:463-487:n:1 Ordering information: This journal article can be ordered from Access Statistics for this article Journal of Homeland Security and Emergency Management is currently edited by Irmak Renda-Tanali More articles in Journal of Homeland Security and Emergency Management from De Gruyter |
Is your work missing from RePEc? Here is how to contribute.
Questions or problems? Check the EconPapers FAQ or send mail to .
EconPapers is hosted by the
School of Business at Örebro University.