Course: ENPM808 — Independent Study, University of Maryland
Advisor: Prof Charles Harry →, School of Public Policy, UMD College Park
Period: 2024
Focus: Geopolitics, critical infrastructure, computational risk modelling
Summary#
This independent study explored the cybersecurity ecosystem around US critical infrastructure — specifically pipeline networks — through a computational and policy lens. The research examined the intersection of cybersecurity frameworks and geopolitical risk, focusing on how nation-state actors could target energy infrastructure and how that risk can be quantified.
The core methodology applied the Strategic Disruption Index (SDI) — a framework for estimating the strategic impact of attacks on interconnected infrastructure — to pipeline networks modelled within a US Department of Energy Protected Area Asset District (PAAD). This is work in progress and I am actively working on this as of now.
Key contributions#
- Modelled pipeline infrastructure topology using computational techniques to represent node-level dependencies and failure propagation
- Applied the SDI framework to estimate attack impact scores across different threat scenarios, including supply disruption and cascading failure
- Analysed the cybersecurity-policy intersection: how existing frameworks (NIST CSF, TSA Pipeline Security Directives) map — and fail to map — onto realistic nation-state threat scenarios
- Produced a risk prioritisation output identifying the highest-leverage intervention points for defenders
Why this matters#
Nation-state attacks on critical infrastructure are no longer edge cases — Colonial Pipeline (2021), the targeting of European energy grids post-Ukraine invasion, and persistent APT activity against ICS/SCADA systems have made this a mainstream policy concern. The challenge for defenders is translating that threat into measurable, prioritisable risk. This research is a contribution toward that problem.