ISSN :XXXX-XXXX
Tamara Hadjina, Stéphane Paul, Bengi Zeybek and Emmanuel Gureghian
Adv. Artif. Intell. Mach. Learn., 1 (1):1-37
Tamara Hadjina : Koncar - Digital
Stéphane Paul : Thales Research & Technology
Bengi Zeybek : Institute for Information Law, University of Amsterdam
Emmanuel Gureghian : Thales Research & Technology
DOI: https://dx.doi.org/10.54364/cybersecurityjournal.2024.1101
Article History: Received on: 19-Feb-24, Accepted on: 20-Apr-24, Published on: 03-Jun-24
Corresponding Author: Tamara Hadjina
Email: tamara.hadjina@koncar.hr
Citation: Stéphane Paul, Tamara Hadjina, Bengi Zeybek, Emmanuel Gureghian. (2024). Cyber vs. Physical Attacks: an Analysis of Technical Discriminant Criteria, and their Consideration from a Legal Perspective. Adv. Artif. Intell. Mach. Learn., 1 (1 ):1-37
Security threats on critical infrastructures are evolving and increasingly consist of a combination of physical and cyber-attacks. In practice, a common approach to characterise physical and cyber-attacks is lacking, which may cause security gaps. This article proposes a set of technical criteria to characterise attacks. It evaluates these criteria based on attack scenarios to assess their efficacy. This study is situated against the background of the EU policy and regulation to highlight the regulatory relevance of the distinction between physical and cyber threats for critical infrastructure protection. The article concludes that, based on the currently applicable criteria, it is not technically possible to distinguish systematically cyber from physical attacks. This calls for a security management approach that acknowledges the convergence of physical and cyber threats. From a legal perspective, authors conclude there is no harmonised guidance as to how physical and cyber threats may be addressed in protecting critical infrastructure. The multidisciplinary approach of this article aims to inform decision making in terms of security governance and management.