Development of an Extended Input-Output Model for Evaluating the Impacts of Information Technology Disruptions on Interdependent Economic Sectors Open Access
Downloadable ContentDownload PDF
The information technology (IT) sector is one of the most critically utilized infrastructure systems in the U.S. and many parts of the globe. The IT sector is vulnerable to man-made attacks and it is challenging to assess the consequences of disruptions to the production and delivery of essential IT services to other economic systems. This research develops a new dynamic modeling framework based on the economic input-output analysis to assess time-varying disruptions on the IT sector over multiple periods. The model is applied in an ex-post analysis of an actual denial-of-service (DoS) attack scenario on the IT infrastructure to estimate the consequences propagated to interdependent economic systems. The model uses Bureau of Economic Analysis data to simulate the effects of IT-based incidents and subsequently identify the critically affected economic sectors. Furthermore, this research also performs a multiyear empirical trend analysis. As with any quantitative models, estimates of input data and associated parameters are inevitably prone to some kind of error or bias. The same statement can be said about the susceptibility of the I-O technical coefficients to imprecision originating from various sources of uncertainty. Hence the research proposes stochastic extensions to the model’s interdependency measures. The research uses the supply and use tables from the US Bureau of Economic Analysis for a period of 14 years (1998-2011) to estimate the probability distributions of the technical coefficients. The coefficients are assumed to follow the Dirichlet distribution. Monte-Carlo simulation is used to generate sample technical coefficients for analysis. Probability distributions can be established to measure the backward linkages for each economic sector. In addition, the eigenvalue approach was used to determine the key sectors based on their contribution to the economy and to assess the sensitivity of the sectors to economic disruptions. Stochastic methods are then applied to the resulting dynamic model and the DoS case study. Key results of the case study include assessments of ripple effects to vulnerable sectors in the form of inoperability and economic loss measures. Investigating the DoS attack in year 2000 using the proposed dynamic model revealed significant losses that are consistent with the magnitude of losses from previous studies; the research produced similar results by using the stochastic extensions. As uncertainty is modeled in technical coefficients instead of assuming them as point-estimates, the results include upper and lower bound for the economic loss and inoperability risk metrics. Furthermore, the model will be capable of depicting the breakdown of losses across various economic sectors, which is a significant improvement relative to previously published results. The research identifies critical sectors based on aforementioned methods. This aids in developing policies for reducing the effects of IT risks across the interdependent sectors of the U.S. economy. The results are envisioned to contribute positively to strategic economic planning and macroeconomic risk analysis.