Debi Ashenden

Subscribe to Debi Ashenden: eMailAlertsEmail Alerts
Get Debi Ashenden: homepageHomepage mobileMobile rssRSS facebookFacebook twitterTwitter linkedinLinkedIn


Related Topics: Sustainable Investment

Sustainable Investment: Article

Threat Assessment and Its Input to Risk Assessment

Risk assessment as a business process

Fire

The likelihood of a direct effect on an information system from fire can easily be calculated, and there is considerable experience and a large number of documented case histories in the insurance industry of underwriting this type of event.

Wind

The possibility of damage from wind, normally most often thought of as a result of tornados or hurricanes (typhoons), is largely geographically dependent, because some locations are far more prone to wind damage than others. Again, there is considerable experience and documented case histories in the insurance industry of underwriting this type of event.

Water

The likelihood of a direct effect on a system from water, either from tidal wave, flood, rain, or damaged pipes, is again easily calculable, and there is considerable experience and documented case histories in the insurance industry of underwriting this type of event.

Lightning

Again, the likelihood of a direct effect on a system from the effects of lightning is easily calculable, and there is considerable experience and documented case histories in the insurance industry of underwriting this type of event.

Accidents

The threat to an information system from accidental misuse or damage is very different from the categories in the other groups above, because it can and will be affected over time by the attitude, disposition, and training of the staff, in addition to the environment. What separates this group from the malicious threats discussed later is the absence of malice or motivation. Again, this type of threat is generically well understood, and the probability of an event occurring as the result of an accident can be reasonably predicted from the actuarial data held by the insurance industry.

It is possible that more than one of these natural threats will affect an information system at the same time or shortly after each other. An example of this might be an earthquake that is followed by a fire as a result of the disruption to the gas or electrical services that the initial event caused. It may then, in turn, be affected by water used by the emergency services to douse the fire.

Malicious Threat Agents

For a malicious threat to exist, there must be an "agent" (an individual or a group of individuals) that will implement the threat. That agent must have sufficient motivation to carry it out, the capability and the opportunity to do so, and something to cause them to carry it out at that specific time (a catalyst). The threat agent will also be affected by other factors that will either enhance or reduce the likelihood of it being initiated by an attacker or an attack being successful (amplifiers and inhibitors).

Motivation

The motivation of an attacker to carry out a malicious attack on a system could arise from any number of drivers, which may affect the attacker either individually or in combination. There are a number of commonly accepted motivational drivers:
  • Political
  • Terrorism
  • Secular
  • Personal gain (including recognition)
  • Religious
  • Revenge
  • Power
  • Curiosity

Capability

The capability of an individual or a group formed into some type of organization to mount an attack and to sustain it at an effective level will vary with the complexity, resources, and sophistication of both the attacking force and the target. It may be sufficient for an attacker (threat agent) to mount an attack at any level to achieve their objective, but it may also require a high level of resources over a long period to have the desired effect on the target.

Opportunity

For an attacker to initiate an attack on a system, the attacker must have the opportunity to carry out the attack. This may be the result of a number of circumstances coming together, but for the purposes of this book, we constrain opportunity to mean either physical access or direct or indirect electronic access to the target. For a threat agent to carry out an attack on an information system, it must gain either physical access to the system (the threat agent gaining direct access to the place where elements of the system are located) or through either direct electronic access (through a connection from other networks) or indirect electronic access (eavesdropping). Without this, there is no opportunity for an attack to be initiated.

Catalyst

A catalyst is required to cause a threat agent to select the target and the time at which the attack will be initiated. The catalyst may be something that has an effect on either the target or the threat agent. An example of a catalyst might be the one that was considered earlier, when the U.S. Air Force were deploying to the Gulf. This could have been the catalyst for Iraq or its sympathizers to carry out an attack on the U.S. military in an attempt to prevent or delay the deployment.

Inhibitors

A number of factors (affecters) inhibit a threat agent from mounting an attack either on a specific target or at a specific time. As mentioned before, these may affect either the target or the threat agent. An example of this may be the perception by the attacker that the target system is well protected and that any attempt to attack it will be quickly detected. Another inhibitor might be the fear by the attacker of being caught as a result of publicity of successes by relevant law enforcement agencies.

More Stories By Andy Jones

Andy Jones is a research group leader at the Security Research Centre for British Telecommunications where he is doing research into the security of information and communication systems.

More Stories By Debi Ashenden

Debi Ashenden is a senior research fellow in information assurance at the Royal Military College of Science, Cranfield University, U.K.

Comments (0)

Share your thoughts on this story.

Add your comment
You must be signed in to add a comment. Sign-in | Register

In accordance with our Comment Policy, we encourage comments that are on topic, relevant and to-the-point. We will remove comments that include profanity, personal attacks, racial slurs, threats of violence, or other inappropriate material that violates our Terms and Conditions, and will block users who make repeated violations. We ask all readers to expect diversity of opinion and to treat one another with dignity and respect.