In this paper a systematic modeling methodology for evaluating the effects of cyber-attacks on States Critical Information Infrastructure (CII) is introduced. The analysis is focused on the United Nations Charter's normative scheme of the "use of force", in order to define whether these attacks constitute a wrongful "use of force" under the principles of international law. By using the qualitative criteria for recognising the impact of cyber-attacks as proposed by the International Group of Experts in the Manual on the International Law Applicable to Cyber Warfare (Tallinn Manual) and by applying Multiple Attribute Decision Making (MADM) methods, cyber operations evaluation results are presented. For the analysis a case study of kinetic and cyber-attacks on Supervisory Control and Data Acquisition (SCADA) system is employed. Pros and cons of the Simple Additive Weighting (SAW) method and the Weighted Product Method (WPM) are evaluated. The weaknesses of applying the SAW method in cyber-attacks modelling, as well as the difficulty in defining an appropriate quantitative scale for the classification of such attacks when using WPM (due to the nonlinear relationship between attributes and overall score in WPM), lead us to present a new evaluation strategy. This new strategy combines the use of the above mentioned decision making algorithms and introduces a new grouping of Schmitt's criteria based on their properties for achieving an improved cyber-attacks modelling assessment. Different quantitative scales are applied in the distinct Schmitt's criteria groups in order to quantify them based on their characteristics. The correlation of the qualitative and quantitative methods of analysis leads to more accurate cyber-attack evaluation and classification.

• 出版日期2018-5