Cost-Benefit Analysis of a Hybrid Terrorist Attack on a Power Plant
In our thesis we want to compare costs between two different approaches that have the same goal – compromise a power plant by creating a physical effect (whether destruction of the whole facility or some of its parts and by that disrupting the power supply operation for a long term, optionally causing human casualties). We saw that in most research papers and media publications main focus is on just hacking into the power plant stating that it is way too expensive to become a usual practice for terrorists, unless state funded. We point out that physical aspect is often omitted – both when designing security systems of a facil- ity and also when thinking about attack vectors and foreseeing threats to our way of living. Our main message is to think cyber and physical together – map logical topology to physi- cal and see if some critical parts are easier to access physically than via logical cyber hubs. For modelling attack scenarios we use attack tree diagrams and for analysing resources needed to achieve stated goal we use cost-benefit analysis (with the only difference – ben- efit is the same for both cyber and hybrid scenarios). Our main hypothesis states that hy- brid approach, combination of cyber and physical means to compromise the power plant, is cheaper than pure cyber.
Graduation Thesis language
Graduation Thesis type
Master - Cyber Security
Hayretdin Bahşi, Raimundas Matulevičius