Fireside Chat: Complexity is the new Cyber Adversary
The cascading risk that made Lehman Brothers infamous for accelerating the global financial crisis or the Northeast Power Outage that disabled parts of US and Canada in 2003 exemplify how counterparty risk could turn a single breach into a disastrous systemic failure. Cyber risks face similar consequences. They are not enabled simply by individual cyber vulnerabilities, but by the Complex Systems-of-Systems they inhabit. Composed of legacy and new HW, SW and IoT elements connected by myriad channels, haphazardly integrated over many years, they lead to exploitable, accidental (even spontaneously combustible) systemic risks. This is not a computer science issue - it’s a system engineering issue. And there are solutions!
They begin with accurate models of system behavior and breach consequences. For the past 80 years, complex communications, weapons, and industrial systems faced system reliability failures which were (and still are) addressed by legacy system engineering protocols such as Failure Modes Effects and Criticality Analysis (FMECA). Similar approaches may enable the design (and evolution) of cyber architectures which can absorb and operate through attacks as they occur, preventing impact propagation (and exhaust adversaries’ resources). CISOs can and must expand their talent pool and their risk management perspective accordingly.
Learning Objectives:
Applications: cybersecurity framework
Laws and Regulations: Executive Order 13636, Executive Order 13800