Decision framework for evaluating the macroeconomic risks and policy impacts of cyber attacks

Increased reliance on the Internet for critical infrastructure and the global nature of supply chains provides an opportunity for adversaries to leverage dependencies and gain access to vital infrastructure. Traditional approaches to assessing risk in the cyber domain, including estimation of impacts, fall short due to uncertainty in how interconnected systems react to cyber attack. This paper describes a method to represent the pathways of disruption propagation, evaluate the macroeconomic impact of cyber threats and aid in selecting among various cybersecurity policies. Based on state of the art agent-based modeling, multicriteria decision analysis, and macroeconomic modeling tools, this framework provides dynamic macroeconomic, demographic and fiscal insights regarding shocks caused by cyber attacks to the regional economy over time. The interlinkage of these models will provide a robust and adaptive system that allows policy makers to evaluate complex issues such as cybersecurity threats and their impacts on the geopolitical, social, environmental, and macroeconomic landscape.