Dynamic Cyber Risk Assessment in Critical Infrastructure: An Adaptive Self-modeling Network Analysis of WannaCry’s Impact on the NHS
摘要
This paper models the 2017 WannaCry ransomware attack on the UK’s National Health Service (NHS) using a self-modeling adaptive network approach. Grounded in the Cyber Kill Chain and MEHARI risk framework, the model simulates the technical and organizational dynamics of the attack, including ransomware spread, system failures, and risk escalation. A probabilistic What-If analysis shows how encryption speed, learning rates, and escalation thresholds influence patient risk over time. Results highlight the need for faster containment, lower thresholds for response, and system-wide preparedness to prevent cascading failures.