Multi-sector Assessment Framework – a New Approach to Analyse Cybersecurity Challenges and Opportunities

This paper presents a new approach to analyse cybersecurity challenges and opportunities, focused on the development of a new risk assessment and management framework. Such a multi-sector assessment framework should be able to evaluate and prioritize cybersecurity risks in trans-sectoral and inter-sectoral contexts. It leads toward proper resource allocations and mitigation actions. To achieve this goal, the analysis of existing risk assessment and management frameworks was performed. Also, an overview on common multi-sectoral technological challenges and opportunities were provided being derived from sector-specific use cases as well as transversal and inter-sectoral challenges and opportunities. As a result of this analysis the architecture of the ECHO Multi-sector Assessment Framework was proposed. The identified technological challenges and opportunities, multi-sector dependencies, and transversal aspects determine the input data for the new framework. The architecture is applicable in healthcare, energy, maritime transportation, and defence sectors, being extensible to others. The framework enables the definition of governance models or the design of cybersecurity technology roadmaps.