A new perspective on cyber risk, applied to the evolving UK energy grid ecosystem

Applying the benefit harm index (BHI), a new approach to modelling risk assessment of cyber ecosystems and their socio-economic impacts to the UK’s evolving connected and autonomous vehicle ecosystem.

Within an increasingly complex and interconnected world, the way in which cyber-threats are perceived and responded to needs to be reconsidered. Traditional risk models rely heavily on probabilistic approaches, which demand stable distribution and almost complete knowledge of all possible states.

New advances in digital technologies, combining huge data, rapidly evolving automated algorithms and the prospect of a generational shift in network speed and capacity, pose serious challenges to traditional risk modelling. Through the Hermeneut project (part of the European Community’s Horizon 2020 programme) Digital Catapult has proposed a new approach to understanding dynamic and emergent threats: the benefit harm index (BHI), which integrates ideas from both economics and complexity science.

This report shows how this exciting new perspective on cyber risk modelling can be applied to the cyber ecosystems that form many of today’s critical national infrastructures (CNI) – complex systems of systems that exhibit emergent behaviour and require a new approach to cyber risk assessment. This study looks at the systemic socio-economic impacts that can result from cyber attacks associated with emergent threats to CNI cyber ecosystems, and uses the UK energy smart grid ecosystem as a case study for the new BHI approach.

The UK energy smart grid ecosystem is part of the UK economy and is one of the UK’s 13 CNI components. To a large extent, the energy grid is essential to the operation of the UK’s entire socio-economic system, and therefore, any prolonged nationwide power outage would have a systemic impact on the UK economy.

A high-level ecosystem for 2020-30 has been modelled to focus on the energy grid’s critical operational systems domain, and on the associated domains of UK governance, the supply chain and wider non-critical core services. This model provides the context for applying the BHI approach to an illustrative multi-vector cyber attack that would have a systemic impact on the UK energy sector.

This report also describes the approaches that can be used to mitigate the growth of harm within these complex systems of systems, and highlights the use of Implication Wheel™ methodology to uncover emergent systemic threats to the UK energy grid cyber ecosystem.

To continue reading this report in full, please click on the link below