Abstract

This paper identifies and proposes two novel indices for cyber-attack impact evaluation. It focuses to create a simple common platform to compare cyber intrusion impact among different critical infrastructure using time as a base parameter. The first index is 'Service Unavailability Cyber Impact Factor (SUCIF)' having score range from 0 to 1, where 0 indicate cyber disaster and 1 indicates no breach. To estimate the score, detail information regarding system unavailability or malfunctioning is required. It can be used to analyze those systems whose detail cyber-physical infrastructure is not available. The second indicator named 'Time Based Cyber Impact Factor (TBCIF)' uses graph-based bad node detection technique to determine the score point similar to SUCIF. For this, optimal time and expected time for incursion detection plays a vital role to generate impact score. This index is suitable for test systems whose physical or cyber layer architecture is known. This research uses SUCIF index to compare hacking impact on Ukrainian Power Grid (UPG) and Saudi Aramco Oil and Gas Company (AOGC). To legitimize TBCIF score, it has been used to compare the intrusion impact of different IEEE test systems. This index is more consistent for the smart grid network.