Cyber Cases: The PICCA Framework for Documenting Geopolitically Relevant Cyber Action

Abstract

This article presents a novel framework called the Policy Informative Cyber Case Analysis for cyberattack incidents. The aim of this framework is to provide a structured documentation and translational assessment tool for cyber incidents of geopolitical significance to a broader policy audience. The article discusses case study method as applied to cyber incidents, situates the framework amongst other useful methods, discusses the application of structured analytic techniques (SAT) such as “chronologies and timelines” and “devil’s advocacy,” presents the framework, and provides conclusions. Cyber incident cases, primarily the 2015 attack on the Ukrainian electric-grid is used throughout to elucidate the utility and application of the framework