Risk-Based Standards for Cybersecurity: Global Challenges and Solutions

Saturday, 15 February 2014: 1:00 PM-2:30 PM
Columbus KL (Hyatt Regency Chicago)
A cyber domain integrates and supports critical infrastructures, global economic prosperity, public health and safety, and national security. The U.S., EU and other governments are calling for a strengthened position against cyber attacks. Viruses, Trojan horses, denial of service attacks, and other methods can compromise sensitive data and disrupt critical services. Toward this end, President Obama’s Executive Order 13636 calls for adopting and implementing risk-based standards to identify high-risk infrastructure and select alternatives for cyber risk mitigation. What does it mean for a standard to be “risk-based”?  Risk is traditionally defined as a triplet consisting of what can go wrong, how likely it is to happen, and the consequences of it happening. However, traditional approaches to risk analysis are insufficient given the rapid pace of evolution and the unprecedented uncertainty inherent in cyber threats. This symposium brings together government officials and technology industry representatives responsible for standard development and scientists studying risk-based standards. The dynamic nature of cyber risks requires semi-quantitative methods that integrate technical data and value judgments. Moreover, continuous assimilation of new information and monitoring of changing stakeholder priorities and adversarial capabilities through adaptive management are required for successful implementation of a cybersecurity framework.
Organizer:
Igor Linkov, U.S. Army Engineer Research and Development Center
Co-Organizer:
Elke Anklam, European Commission, Joint Research Center
Moderator:
Daniel DiMase, Honeywell Corporation
Discussant:
Elke Anklam, European Commission, Joint Research Center
Speakers:
Ron Ross, National Institute of Standards and Technology (NIST)
Risk-Based Framework for Cybersecurity: NIST Perspectives
George Apostolakis, U.S. Nuclear Regulatory COmmission
The Use of Risk Information in Nuclear Regulatory Decision Making
See more of: Global Perspectives and Issues
See more of: Symposia