Author: Denise McGurk

The origin of threat assessment

A post by Helen Greenhough, PhD Research Student, Imperial College, Dept of Computing

As an analyst in the defense sector, the adage of threat = capability x intent was widely accepted.   But where did it come from?

In the course of my research I was pleased to come across what appears to be the original source of this equation in J. David Singer’s 1958 paper ‘Threat Perception and Armament-Tension Dilemma’ and was originally:   ‘Threat-Perception = Estimated Capability x Estimated Intent’ [p94, Singer, J. 1958].   This quasi-formula  posits that the perception of a threat can be reduced to zero by either reducing military capability or military intent.  In the context of Springer’s paper the equation was part of a discussion on a Cold-War disarmament strategy  concluding that weapons, rather than being dismantled or re-purposed, should be transferred to the custody of the UN.   Ultimately the Cold-War threat equation was reduced to zero not by removal of estimated capability but through the fall of the Soviet Union – the removal of intent. While Springers’ suggestion of transferring weapons to the UN did not catch on, his equation did and is still in use today in defense circles as part of Threat Assessment activities. Singer’s equation could be viewed as a form of quantitative risk evaluation, which under some frameworks is represented as: risk rating = probability of risk event x impact of risk event.   It is not entirely clear if Singer was inspired by the field of risk assessment, or even perhaps vice-versa but the two areas do seem to have much overlap, with the concepts of risk and threat being inherently interchangeable.

  1. Singer, Threat-Perception and the Armament-Tension Dilemma, The Journal of Conflict Resolution Vol 2, No 1 Studies on Attitudes and Communications, Mar 1958, pp 90-105, http://www.jstor.org/stable/172848

 

The Cyber Security Show

A post by Professor Chris Hankin, Director ISST

I’ve just returned from the Cyber Security Show 2016, held 8-9 March 2016 at the Business Design Centre, Islington. This incorporated an exhibition and conference, one of the major annual cyber security conferences in the UK, for which I was Chairman for the two days.

shutterstock_244931722 - smallIt is a particularly interesting time in the world of Cyber Security.  Just a month ago, President Obama launched the U.S. Cybersecurity National Action Plan.  The measures announced include the creation of a Commission on Enhancing National Cybersecurity, a $3.1bn Information Technology Modernization Fund, a new National Cybersecurity Awareness Campaign to empower Americans to better secure their online accounts, and a $19bn investment in cyber during the 2017 Fiscal year.  A significant amount of the detail in the announcement concerned the protection of Critical National Infrastructure (CNI).  This announcement echoed our own Chancellor of the Exchequer’s speech in Cheltenham last autumn in which he committed £1.9bn to the renewal of the UK’s National Cyber Security Programme.  Highlights in the UK plan include better coordination of security efforts through a National Cyber Centre, the creation of an Institute of Coding to address the skills shortage, and significant investment in supporting innovation.  The threat to the UK’s CNI also featured prominently in his speech.

The Cyber Security Show reflected these concerns about the threat to CNI and the skills shortage. Key themes which recurred in a number of conference presentations concerned the mechanisms for ensuring better collaboration between Government, industry and academia, and the need for more information sharing.  Another recurring theme was the difficulty of attributing cyber attacks.  Like many others I went to the show certain that the December 2015 attack on the Ukrainian power grid was a long term attack based on the BlackEnergy trojan, but the jury is now out and it seems that the attack might have just been the opportunistic exploitation of poor cyber hygiene.

The Cyber Security Show, as with all such events, gave me the opportunity to catch up with old friends as well as making new contacts, both at Government level (UK, Estonia, Italy and NATO to name a few) and industry.  I hope that some of these will lead to new collaborations for the Institute and I will keep you posted.