Significant Multi-Domain Incidents against Critical Infrastructure (SMICI) Dataset

February 2020 No Comments

“Significant Multi-Domain Incidents against Critical Infrastructure (SMICI) Dataset“

Speakers: Sin, S. (National Consortium for the Study of Terrorism and Responses to Terrorism (START)); Washburn, R. (START)

Date: 14 February 2020

Speaker Session Preview

SMA hosted a speaker session presented by Dr. Steve Sin (National Consortium for the Study of Terrorism and Responses to Terrorism (START)) and Mr. Rhyner Washburn (START) as a part of its SMA DHS CAOE Speaker Series. To begin, Dr. Sin stated that cyber-physical attacks have the potential to damage physical infrastructure assets with widespread consequences. Thus, this type of attack is a major homeland/national security challenge for the foreseeable future. Surprisingly, prior to the development of the Significant Multi-domain Incidents against Critical Infrastructure (SMICI) dataset, a dataset that aggregates publicly available data on cyber-physical attacks did not exist. Dr. Sin and Mr. Washburn recognized that this inhibited individuals’ understanding of the phenomenon and their ability to hypothesize behaviors and motivations of the attackers. Therefore, they created a dataset that collects on 12 individual variables and currently contains 130 cyber-physical and cyber-operational incidents worldwide between 1 January 2009 and 15 November 2019. Next, Mr. Washburn explained that in terms of cyber security, one must think in terms of the “CIA triad” (confidentiality, integrity, availability). He then presented the dataset’s primary findings regarding the top critical infrastructure (CI) sectors targeted by state and non-state actors; the share of incidents attributed to state, non-state, and unknown actors; and the motives behind such attacks on CI sectors. Of the attributed state actors, Russia was responsible for 60% of the attacks, North Korea for 20%, and Iran for 12%. The most common motivations of these attacks were espionage (46%) and destruction (39%), with cybercrime coming in third at 17%. The dataset also revealed that the US is the most targeted country regardless of motive, and Ukraine is the second most targeted country, generally, and the most targeted country when it comes to destruction incidents, specifically. Mr. Washburn then spoke about the disruptive cyber-physical/operational share of incidents, highlighting that 21% were cyber-physical attacks and 79% were cyber-operational attacks. To conclude, Dr. Sin and Mr. Washburn outlined the changes that they plan to implement in future versions of the SMICI dataset.