Cyber-Risk: Cyber-Physical Systems Versus Information Technology Systems

In this chapter, we define cyber-risks, summarize their properties, and discuss the tools of cyber-risk management. We provide comparative analysis of cyber-risks and other (natural disasters, terrorism, etc.) risks. Importantly, we divide networked systems into two domains: traditional Information Technology Systems (ITSs) and Cyber-Physical Systems (CPSs), and compare and contrast their cyber-risks. We demonstrate that these domains have distinct cyber-risk features and bottlenecks of risk management. We suggest that this dichotomy is a useful tool for cyber-risk analysis and management. In the companion chapter on Cyber-insurance, we apply this classification to simplify the exposition of Cyber-insurance for CPS.