A Framework for Categorizing Disruptive Cyber Activity and Assessing its Impact

While significant media attention has been given to the volume and range of cyber attacks, the inability to measure and categorize disruptive events has complicated efforts of policy makers to push comprehensive responses that address the range of cyber activity. While organizations and public officials have spent significant time and resources attempting to grapple with the complex nature of these threats, a systematic and comprehensive approach to categorize and measure disruptive attacks remains elusive. This paper addresses this issue by differentiating between exploitive and disruptive cyber events, proposes a formal method to categorize five types of disruptive events, and measures their impact along three dimensions of analysis. Scope, magnitude, and duration of disruptive cyber events are analyzed to locate each event on a Cyber Disruption Index (CDI) so organizations and policymakers can estimate the aggregated effect of a malicious act aimed at impacting their operations. Using the five different event classes and the CDI estimation method makes it easier for organizations and policy makers to disaggregate a complex topic, contextualize and process individual threats to their network, and target where increased investment can reduce the risk of specific disruptive cyber events.