A polytope-based approach to measure the impact of events against critical infrastructures.

This paper provides a method to calculate the impact of cyber attacks and security countermeasures in a multi-dimensional coordinate system. The method considers the simulation of services, attacks and countermeasures in at least one dimensional coordinate system, the projection of which originates geometrical instances (e.g., lines, squares, rectangles, hyper-cubes). Such instances are measured through geometrical operations (i.e., length, area, volume, hyper-volume), so that we determine the impact of complex attacks arriving on the system, as well as the impact of the implementation of single and/or multiple countermeasures selected to mitigate the effects of such detected attacks. As a result, we are able to measure the size of cyber events, which allows us to determine the mitigation level of the incidents, as well as, residual risks, and potential collateral damages. A case study of a critical infrastructure system is provided to show the applicability of the model.