Who Are The Greatest Cyber Attack Threats To The United States?
UNH Unveils Cyber Threat Calculator at National Defense Department Conference
Contact:  Lori Wright
603-862-0574
UNH Media Relations
January 25, 2007

EDITORS AND REPORTERS: Andrew Macpherson can be reached at 603-568-7469 or amx6@unh.edu.


DURHAM, N.H. -- Hackers, terrorists and nations all use computers, but who really is capable of damaging the critical infrastructure of the United States? The University of New Hampshire today unveiled the UNH Cyber Threat Calculator, which assesses the level of threat any attacker poses to specific sectors in the country that rely on information technology.

The UNH Cyber Threat Calculator was unveiled Thursday, Jan. 25, 2007, at the Department of Defense Cyber Crime Conference 2007 in St. Louis, Missouri. The UNH Cyber Threat Calculator was developed by researchers at UNH Justiceworks and students, and offers a new method to identify and quantify the threats posed to the United States’ cyber infrastructure.

“Nation states potentially pose the greatest threat with regard to cyber security to the United States. Clearly Russia and China are two of the top countries because they have more developed capabilities, but it may not be in their interest to use cyber attacks for strategic attacks ends. Both countries have worked on doctrine and there is some evidence that they are incorporating it into their military training as well. However, individuals, political groups, religious groups and organized crime groups also pose ongoing risks and should be considered cyber threats, as well,” says Andrew Macpherson, director of the technical analysis group at Justiceworks and research assistant professor of justice studies.

A cyber attack could have a significant impact in the United States. Targets could include the energy sector; emergency response and preparedness systems; financial services; and telecommunications; or even the agricultural sector.

“There are increased risks as computer networks become more integrated with all aspects of our lives and infrastructure,” Macpherson says. “What we won’t see is a ‘digital Pearl Harbor.’ Using cyber attacks to take some type of infrastructure, military, or civilian out of commission is, over the long run, problematic.”

To determine the overall threat level, analysts enter data for a particular organization or country into the calculator, which assigns a value to variables that measure the actor’s intent and technological capabilities. These variables assess the actor’s intent to use cyber warfare means, as well as its technical capabilities to put such means into practice. The higher number assigned to a possible attacker by the calculator, the greater the threat.

For example, does the country have an interest in attacking the United States? What has been its behavior historically toward the United States? Does it have the organizational structure and operational environment to launch an attack? Does it have the economic and operational means to do it?

Macpherson says it’s difficult to quantify the amount of damage that could be caused by or estimate the economic loss possible as a result of a cyber attack. An attacker may want to impact certain sectors quietly over a period of time or may seek to carry out widespread multiple sector attacks.

“What is known is that the threat of a cyber attack is a real and growing concern for industry and the government alike. With approximately 85 percent of the cyber infrastructure owned by the private sector, it’s not just a government problem,” Macpherson says.

To help private cyber security experts limit their exposure, UNH expects to make the calculator available to private industry security experts later this year. “These are the people who really need this information and tool to limit their risk,” Macpherson says.

In June 2006 UNH staff and students presented the calculator and an analysis of cyber threats to the U.S. Department of Homeland Security’s National Cyber Security Division; and members of the intelligence community.

Macpherson advises the New Hampshire Department of Justice on cyber crime. He has worked with the Department of Homeland Security National Cyber Security Division and the Internet Crimes Against research Training and Technical Assistance Program. He has served at the United Nations Criminal Tribunal for the Former Yugoslavia and Cognos Inc. He is a graduate of the London School of Economics and Mercyhurst College.

Macpherson advises the New Hampshire Department of Justice on cyber crime. He has worked with the Department of Homeland Security National Cyber Security Division and the Internet Crimes Against Children Task Force Training and Technical Assistance Program. He has served at the United Nations Criminal Tribunal for the Former Yugoslavia and Cognos Inc. He is a graduate of the London School of Economics and Mercyhurst College.

Key Points:

  • Cyber threats against U.S. infrastructure are a real and growing threat.
  • The impact of a cyber attack could be substantial.
  • A cyber attack could impact a number of sectors in the United States, including agriculture, emergency response and preparedness systems, transportation, energy, health care, financial services, and telecommunications.
  • The two of the top cyber threats to the United States are China and Russia because they have the intent and technological capabilities to do so.
  • 85 percent of the cyber infrastructure is owned by the private sector.
  • UNH Cyber Threat Calculator assesses threats posed by any actor – a person/terrorist, political or religious group or nation – to the U.S. cyber infrastructure. It is expected to be made available to private industry later this year.

Links of interest: