Significant Multi-Domain Incidents against Critical Infrastructure (SMICI) Dataset
“Significant Multi-Domain Incidents against Critical Infrastructure (SMICI) Dataset“
Speakers: Sin, S. (National Consortium for the Study of Terrorism and Responses to Terrorism (START)); Washburn, R. (START)
Date: 14 February 2020
Speaker Session Preview
SMA hosted a speaker session presented by Dr. Steve Sin (National Consortium for the Study of Terrorism and Responses to Terrorism (START)) and Mr. Rhyner Washburn (START) as a part of its SMA DHS CAOE Speaker Series. To begin, Dr. Sin stated that cyber-physical attacks have the potential to damage physical infrastructure assets with widespread consequences. Thus, this type of attack is a major homeland/national security challenge for the foreseeable future. Surprisingly, prior to the development of the Significant Multi-domain Incidents against Critical Infrastructure (SMICI) dataset, a dataset that aggregates publicly available data on cyber-physical attacks did not exist. Dr. Sin and Mr. Washburn recognized that this inhibited individuals’ understanding of the phenomenon and their ability to hypothesize behaviors and motivations of the attackers. Therefore, they created a dataset that collects on 12 individual variables and currently contains 130 cyber-physical and cyber-operational incidents worldwide between 1 January 2009 and 15 November 2019. Next, Mr. Washburn explained that in terms of cyber security, one must think in terms of the “CIA triad” (confidentiality, integrity, availability). He then presented the dataset’s primary findings regarding the top critical infrastructure (CI) sectors targeted by state and non-state actors; the share of incidents attributed to state, non-state, and unknown actors; and the motives behind such attacks on CI sectors. Of the attributed state actors, Russia was responsible for 60% of the attacks, North Korea for 20%, and Iran for 12%. The most common motivations of these attacks were espionage (46%) and destruction (39%), with cybercrime coming in third at 17%. The dataset also revealed that the US is the most targeted country regardless of motive, and Ukraine is the second most targeted country, generally, and the most targeted country when it comes to destruction incidents, specifically. Mr. Washburn then spoke about the disruptive cyber-physical/operational share of incidents, highlighting that 21% were cyber-physical attacks and 79% were cyber-operational attacks. To conclude, Dr. Sin and Mr. Washburn outlined the changes that they plan to implement in future versions of the SMICI dataset.
Steve Sin
Director of the Unconventional Weapons & Technology Division, START
301-405-6656 | sinss@umd.edu
Steve S. Sin, Ph.D., is the Director of the Unconventional Weapons and Technology Division (UWT) of the National Consortium for the Study of Terrorism and Responses to Terrorism (START), headquartered at the University of Maryland, where he manages and leads a team of researchers conducting projects spanning across a broad range of international security, terrorism, and homeland security challenges. Dr. Sin’s expertise includes adversary human-social behavior modeling; emerging technology; improvised threat; radiological and nuclear (RN) terrorism; and the North Korean nuclear program, cyber capabilities, and intelligence apparatus.
Prior to joining START, Dr. Sin was the Senior Research Associate and Section Chief at the National Center for Security & Preparedness (NCSP), a strategic partner with the New York State Division of Homeland Security & Emergency Services (DHSES), headquartered at the State University of New York at Albany (University at Albany). Dr. Sin’s extensive experience also includes a career as a U.S. Army Officer.
Rhyner Washburn
Cyber Intelligence Researcher, START
301-405-6600 | rwburn@umd.edu
Rhyner Washburn is a Cyber Intelligence Researcher at the National Consortium for the Study of Terrorism and Responses to Terrorism (START), based at the University of Maryland. His research focuses on cybersecurity, international security, terrorism, and the intersection of those topics. Mr. Washburn’s expertise includes multi-domain influence and critical infrastructure attack operations; and Chinese and North Korean cyber operations. Prior to his current position with START, Mr. Washburn was with PricewaterhouseCoopers Cyber Threat Operations, and before that, with FireEye’s Global Intelligence Services.
Site-wide Search
Search all site content, including all NSI and SMA publications, SMA Speaker series, NSI Team member bios, services, portfolio projects, company info, and more.
