This talk investigates technical and non-technical factors that influence adversarial decision-making (ADM) in critical infrastructure cyberattacks. Individuals from both the electricity industry and hacking communities are surveyed and interviewed. Nine factors influencing ADM emerged and were organized to create the PARE RISKS framework: (P) Prevention Measures; (A) Attacks and Alliances; (R) Result; (E) Ease of Access; (R) Response and Recovery; (I) Interconnectedness and Interdependencies; (S) Security Testing, Assessments, and Audits; (K) Knowledge, Skills, Research and Development; and (S) System Weaknesses. Cyberattacks occur as a step-by-step process, with five distinct stages: preparation, entry, initiation, attack dynamics, and exit.
Dr. Rege has over eight years of experience in researching cybercrimes from a criminological perspective. She has studied critical infrastructure cybercrimes, focusing on information warfare, the organizational dynamics of cybercriminals and their modus operandi, adversarial decision-making and decision trees, the anatomy of cyber-attacks, the 'hybridity' (cyber-physical relationships) of crime, and trend analyses. Dr. Rege has published on critical infrastructure cybercrimes in academic journals such as the Security Journal and Criminal Justice Studies and presented at criminological and critical infrastructure conferences.