CyberJab™ Risk
Quantification Tecnique

Cyber-Physical Risk Quantification Technique (CPRQT) is a hybrid, data-driven framework that continuously quantifies the likelihood and impact of cyber events on interconnected physical assets.

By integrating threat intelligence, system interdependencies, and dynamic simulation, it provides measurable, EU-compliant indicators of resilience and operational risk, supporting decision-makers in achieving verifiable cybersecurity assurance under NIS2 and the EU Cybersecurity Act.

Concept Overview

The Cyber-Physical Risk Quantification Technique (CPRQT) is an integrated analytical framework designed to measure, model, and predict risk propagation across interconnected cyber-physical systems (CPS) — such as energy grids, transportation networks, smart factories, or healthcare infrastructures.

It bridges cybersecurity analytics, operational resilience, and physical process safety, quantifying how digital disruptions (e.g., cyberattacks, data manipulation, control failures) translate into measurable physical and economic impacts.

In modern critical infrastructure, digital and physical domains are inseparable. Traditional cybersecurity risk scoring (e.g., CVSS or NIST SP 800-30) captures technical vulnerabilities but not systemic or cascading effects on physical assets.

CPRQT addresses this gap by:

  • Enabling quantitative assessment of multi-domain risks

  • Providing dynamic and predictive risk indicators

  • Supporting compliance with EU Cybersecurity Act, NIS2 Directive (2022/2555), and Cyber Resilience Act requirements for measurable assurance

Methodological Foundations

Our computational model evolves through time, allowing continuous recalibration using operational data, intrusion detection alerts, and SCADA telemetry.
The CPRQT integrates several analytical layers:

Key methodological layers include:

  1. Asset Dependency Modelling – Mapping IT/OT dependencies and interconnections using graph theory or digital twins.
  2. Threat & Vulnerability Mapping – Integrating real-time threat intelligence and vulnerability data (e.g., CVE, ENISA feeds).
  3. Impact Propagation Simulation – Modelling how cyber incidents cause physical or operational disruptions.
  4. Risk Quantification Layer – Dynamic risk computation using Bayesian or Monte Carlo models.
  5. Economic and Resilience Metrics – Estimating economic loss, downtime, and resilience recovery indices.

Outputs for the project include the Cyber-Physical Risk Index (CPRI), Attack-Impact Graphs, Economic Loss Estimators, and Resilience Dashboards.