Dr Sally Leivesley
  Catastrophic Risk
  Smart Cities
  Recent Media Commentary
  Contact Newrisk Limited
    - Media Enquiries
  Lectures & Conferences
  Papers & Publications
  Risk Assessments
  Post Incident Analyses
  Continuity Planning
  Crisis Communications
    -  Media & Social Media
  Employee Preparedness
  Audit Assurance Risk
  Aviation Security
  Biological Threats
  Catastrophic Risk
  Chemical Threats
  Continuity Planning
  Criminal Justice
  Cyber Security
  Defence & Policing
  Education & Training
  Emergency Services
  Financial Threats
  London in 2012 Security
  Radiological & Dirty Bombs
  Reputation Risk Management
  Risk Management
  Terrorism & Security
  Transportation Security


Catastrophic Cyber Risks: Press Briefing Notes

Science Media Centre, London in April 2013

by Dr Sally Leivesley
Managing Director, Newrisk Limited (www.newrisk.com)
Advisor on catastrophic risk to companies and governments
Member of the Register of Security Engineers and Specialists, ICE

Catastrophic Cyber Risks:
Conflicts, crime and mischief are increasingly being played out in cyber space. There are inherent risks both through the growth in interconnectedness and to the controls of systems that store, transfer and develop knowledge through networks of electronic, computer-based and wireless systems.  Most significantly there are vulnerabilities within the language of security (encryption). A foreseeable end game is being played by nation states, organised groups and asymmetric non state entities to breach encryption and this will open systems to manipulation, interrogation and control. 


  1. International governance in the near term would be possible if an institution such as CERN, which was granted observer status to the UN General Assembly in 2012, had a role equivalent to the one played by the International Atomic Energy Agency in nuclear monitoring and global nuclear safety standards.  This would help to establish agreements for e-border management, international standards and oversight and there could be a National Security Council response if the security of states was threatened through cyber space.
  2. A fast track reduction of systemic risk would also be assisted by the formation of an international strategic scientific ‘cyber-hub’ populated by scientists from within national space agencies and academic institutions along with operational scientists from critical national infrastructure industry sectors. A joined-up virtual scientific hub can pool capacity and deliver fast-track systemic risk reduction through innovative strategic solutions, especially conceptual work on stabilisation for when systems become unreliable through any causal pathway.  Research off-line as well as a real-time accessibility for nations to a scientific cyber-hub could accelerate solutions and balance the risk of systems failures in a world that is becoming increasingly dependent on operating in cyber space.
  3. In the long term, a ‘post-encryption society’ is required to compensate for breaches in encryption. This is a challenge for long term academic research into novel systems for security and for a secure means of transmission that would generate stability for systems linked to cyber space. It would also provide the public with communications and personal data that could remain private. The utility of the current system would remain but as a legacy system for non-critical structures, data and communications traffic. 

Footnotes for Clarification:


Sally Leivesley



  • Cyber
  • Nuclear

Prepare for the unexpected. New forms of attack will be unexpected in time, tactics and consequences and may include kinetic attacks on undersea cables and space infrastructure. 

Questions to Consider:
Does the organisation have a capacity to fast switch to other cloud, in-house server or hot site operations to limit recovery time? Are there diagnostics for sensors and control systems and the interface with operations?  Could a global security crisis in the South and East China Seas and flash points elsewhere (including Europe) target an organisation’s upstream cyber providers?  Other resilience tasks to check are:

  • - Competent external recovery services;
  • - Internal policies for real time back- up systems unconnected to live operations;
  • - Financial resources for full re-build after ransomware;
  • - Internal policies to avert ransomware payments; 
  • - Cooperative recovery planning with industry peers;
  • - Regular modular and  whole of organisation exercises;
- Multiple scenario tests for strength of preparedness.

 Nations signalling intent of conflict.
 Energy regeneration challenges.

Nuclear conflict and radiation incidents are a high risk for some regions.  Nations are engaging in
‘signalling’ capability of weapons and intent. The most frequent signals are coming from China in
relation to Taiwan; the USA in relation to freedom of navigation in the South China Sea; Russia in
sending Zircon hypersonic missiles onto naval voyages into the Atlantic, movement of nuclear
weapons to Belarus and threats to Ukraine; North Korea in frequency of missile tests including
submarine launched missiles and drones; and Iran’s apparent nuclear enrichment found to be at
84% purity.

Planning for Energy Regeneration Post Nuclear Conflict:
1. Hardened energy infrastructure;
2. Academic and Industry collaborative Programmes;
3. Small Modular Reactors built underground;
4. Supplemental critical control system separated from IOT; and
5. Energy planning for rail transportation of populations.