Vulnerability Identification and Assessment in Today’s Modern and Interconnected Complex Systems

Cyber intrusions are becoming more frequent and more dangerous. The cyber capacity to inflict harm is moving from the virtual world to the physical. Where the cyber threat was primarily perceived to be financial theft, denial of service and public embarrassment in the past, the threat now includes manipulation of systems that affect the physical world. Recent attacks have resulted in physical manipulation of computer­controlled systems such as; the grid shutdown in the Ukraine, the remote dam operation in Rye New York, and the control of cargo at the port of Antwerp. Physical breaches and intrusions remain possible, however the potential for damage, loss, or terrorism is mitigated by the effectiveness of Physical Protective Systems (PPS). This protection diminishes or even vanishes, however, when computer­controlled PPS are degraded or rendered useless through cyber attacks that enable and support physical breaches. Attacks that combine physical vectors coupled with cyber assaults are not likely to be successfully defeated with conventional PPS and current security protocols. Modern PPS are more automated and interconnected than ever and can become vulnerable to cyber breaches that may not be apparent until an accompanying physical breach has already taken place.