U.S. flag   An unofficial archive of your favorite United States government website
Dot gov

Official websites do not use .rip
We are an unofficial archive, replace .rip by .gov in the URL to access the official website. Access our document index here.

Https

We are building a provable archive!
A lock (Dot gov) or https:// don't prove our archive is authentic, only that you securely accessed it. Note that we are working to fix that :)

Cybersecurity Framework CSF

RMA - GCOR Conference

Fireside Chat: Complexity is the new Cyber Adversary

The cascading risk that made Lehman Brothers infamous for accelerating the global financial crisis or the Northeast Power Outage that disabled parts of US and Canada in 2003 exemplify how counterparty risk could turn a single breach into a disastrous systemic failure. Cyber risks face similar consequences. They are not enabled simply by individual cyber vulnerabilities, but by the Complex Systems-of-Systems they inhabit. Composed of legacy and new HW, SW and IoT elements connected by myriad channels, haphazardly integrated over many years, they lead to exploitable, accidental (even spontaneously combustible) systemic risks. This is not a computer science issue - it’s a system engineering issue. And there are solutions!

They begin with accurate models of system behavior and breach consequences. For the past 80 years, complex communications, weapons, and industrial systems faced system reliability failures which were (and still are) addressed by legacy system engineering protocols such as Failure Modes Effects and Criticality Analysis (FMECA). Similar approaches may enable the design (and evolution) of cyber architectures which can absorb and operate through attacks as they occur, preventing impact propagation (and exhaust adversaries’ resources). CISOs can and must expand their talent pool and their risk management perspective accordingly.

Learning Objectives:

  • Understand how enterprise vulnerability is increasing due to system and application complexity
  • Understand how usage load and tolerance issues exacerbate vulnerability
  • Learn how you can integrate resilience to reduce potential systemic risk in complex systems

Sessions:

Cyber risk of highly complex systems     Slides | Questions

Enterprise Impact of Reputation Risk      Slides | Questions

Created May 24, 2016, Updated April 19, 2022