Assessing Cyber Security of Innovations for Climate Disaster Resilience

An Extension to the Test and Implementation Framework of the BRIGAID program

More Info


In the coming decades, more frequent and more extensive climate disasters such as coastal and river floods, droughts, extreme weather, and wildfires can be expected worldwide. Innovations will be required to face this grand challenge. The BRIGAID project developed a methodology consisting of a Test- and Implementation Framework and a set of practical tools. BRIGAIDs tools are offered to support efficient development and market introduction of promising innovations. The methodology in its present state still requires an extension to cover cybersecurity issues. It should be assessed what components are key in innovation projects and where and whether cybersecurity is relevant within the TIF. The proposed research will establish an assessment for the cybersecurity readiness of BRIGAID’s innovation projects. The goal here is to give the innovation projects an indication on their level of security and cybersecurity readiness. We selected GM4W and QoAir as representative innovation projects for a case study consisting of a cyber risk assessment. We find that key cyber components for innovation projects benefit the identification and mitigation of cyber threats. When assessing an innovation, the cyber components serve as a starting point of the assessment. We used SecRAM as the risk assessment method in this study and aimed to test whether the method applies to the risk assessment of innovation projects. We conclude that the SecRAM method serves its purpose and applies to the innovation projects in the context of this study. The risk assessments applied to different cases with contrasting structures and enabled us to identify and mitigate cyber threats effectively. The use of SecRAM also applied to the design of the TIF cybersecurity extension. The tool consists of questions that score the innovation projects based on confidentiality, integrity, and availability to raise concerns on the cybersecurity readiness. The acceptance and perceived usefulness of the tool need validation among innovators. Future research should extend the involvement of innovators and experts to the entire risk assessment phase.