Threat categories¶
Threats are grouped by effect, not by attacker sophistication.
Degradation and neglect¶
Description: Systems degrade over time due to underinvestment, deferred maintenance, outdated dependencies, or organisational fatigue.
Typical disruptions:
Partial service loss
Unreliable performance
Cascading minor failures
Key characteristic: Often invisible until combined with stress or crisis.
Operational error and misconfiguration¶
Description: Well-intended changes cause unintended outages or instability.
Typical disruptions:
Sudden service interruption
Delayed recovery
Confusion about responsibility
Key characteristic: Happens during upgrades, migrations, or emergency fixes.
Supply chain and vendor failure¶
Description: External dependencies fail, withdraw support, or introduce breaking changes.
Typical disruptions:
Loss of monitoring or control
Dependency lock-in
Delayed remediation options
Key characteristic: Limited local control, high contractual complexity.
3.4 Criminal interference¶
Description: Disruptions intended to extract money, data, or leverage.
Typical disruptions
Service shutdowns
Data unavailability
Forced operational workarounds
Key characteristic: Timing often maximises pressure rather than damage.
Ideological or activist disruption¶
Description: Targeted interference intended to make a public statement or force policy change.
Typical disruptions
Symbolic outages
Selective service denial
Reputational embarrassment
Key characteristic: Visibility matters more than duration.
Strategic or state-aligned interference¶
Description: Actions designed to test resilience, create uncertainty, or apply pressure without open confrontation.
Typical disruptions
Ambiguous failures
Repeated low-level incidents
Difficult attribution
Key characteristic: Designed to exhaust trust and confidence over time.