Modeling Estimated Risk for Cyber Attacks: Merging Public Health and Cyber Security

The proposed United States FY2013 budget requests $769 million dollars for information security initiatives under the Department of Homeland Security. Projected annual spending for information security exceeds $10 billion by 2015. A new method using validated processes to quantitatively identify risk of a successful cyber attack would allow targeted interventions and a more efficient use of funds. Estimating the risk of a successful cyber attack is an important objective in this field. Validated methods imported from other fields to information technology such as epidemiologic statistical modeling could be of substantial benefit . This modeling not only determines the direction of influence, whether increasing or mitigating, but allows a standard unit across multiple areas allowing experts to determine the areas at greater increased risk. Extant data imported into a Cyber Security Surveillance System (CS 3 ), statistical modeling would calculate the cumulative effects of multiple factors on specific risk factors. The model outputs statistics allowing easy interpretation of the potential risk introduced by factor. Measuring the estimated risk in multiple domains within a predetermined unit (whether organizational or geographic) would enable decision makers to intervene prior to an attack and implement preventative measures to improve system stability.