Determining a Return on Investment for Cybersecurity Technologies in Networked Critical Infrastructures

Much of modern life is dependent on networked critical infrastructure systems—many known to be susceptible to cyberattacks—such as the electrical grid, water purification, and transportation systems. The consequences of a successful cyberattack on these systems could be catastrophic. Appropriate lev...

Full description

Saved in:
Bibliographic Details
Published inInternational journal of organizational and collective intelligence Vol. 11; no. 2; pp. 91 - 112
Main Authors Hallman, Roger, Major, Maxine, Romero-Mariona, Jose, Phipps, Richard, Romero, Esperanza, Slayback, Scott, Tacliad, Francisco, John San Miguel
Format Journal Article
LanguageEnglish
Published Hershey IGI Global 01.04.2021
Subjects
Critical infrastructure
Cybersecurity
Distributed generation
Electric power grids
Infrastructure
Resilience
Return on investment
Transportation systems
Water purification
Online AccessGet full text

Cover

More Information
Summary:Much of modern life is dependent on networked critical infrastructure systems—many known to be susceptible to cyberattacks—such as the electrical grid, water purification, and transportation systems. The consequences of a successful cyberattack on these systems could be catastrophic. Appropriate levels and strategies for cybersecurity investment for networked critical infrastructures present a serious challenge that administering organizations, whether public or private, must overcome in order to provide resilient services. This challenge includes understanding the actual vulnerabilities of an organization's networked systems, as well as the cost of a successful cyberattack on those systems. On top of this, an organization's cybersecurity acquisition workforce must be able to discern reality from the marketing hype that is produced by cybersecurity sales forces. Many product offerings from industry promise to secure critical infrastructures, but there is no good method for determining which product (or combination of products) is most effective for a specific environment or scenario. This paper presents a return on cybersecurity investment (ROCI) model utilized, together with a previously-developed framework for evaluating cybersecurity technologies, by the resilient critical infrastructures through secure and efficient microgrids (ReCIst) capability. ReCIst uses this model to guide decision makers on how to best implement cybersecurity towards energy resiliency, from financial, security posture, and energy efficiency perspectives. Challenges and the current state of cyber investment modeling in this domain are presented along with technical details on ReCIst's ROCI model and future work.
ISSN:1947-9344
1947-9352
DOI:10.4018/IJOCI.2021040105