PROGRAM GOAL: Creating awareness, common language, and understanding of cyber threats to IT & OT infrastructure and data for Managers and Executives
par Danielle LeClair
1. What do you wish people knew?
1.1. Engagement of the decision makers
1.2. Matthew: You have to have a way or contextualizing threats. Use the framework in alignment with the enforcement agency. What meets your "code"? When evaluating threats start with a cyber-physical approach.--Marta (?). Your best defense is your original design--physical more than logical design. OT is a cyber-physical world.
1.3. Polly: Relate real-life situation and how it could happen in your organization. Risk/impact. Making it personal to the CEO.
2. Why does this matter?
2.1. Physical/Economic/Social (reputation, community trust)
3. What scenarios come to mind?
3.1. Baltimore/Atlanta/BART
4. Triad: 1. Availability of Data 2. Integrity of Data 3. Confidentiality of Data
4.1. IT world: CIA
4.2. OT: Inverted CIA Triad
4.3. Availability: I'm unable to transmit directions on my VMS (Variable Messaging Sign) because I lost availability to the data.
4.4. Integrity: Onboard system--had a vehicle travelling a specific speed, someone spoofs the system and it shows the speed showing a lower speed of vehicle. The operator increases speed.
4.5. Confidentiality: exposure of data to unauthorized data, i.e., near misses of pedestrian strikes.
5. Why do Execs need to implement NIST?
5.1. How do you equate your current hazard risk mitigation to cyber threats?
5.2. Failure = vulnerability = threats
5.2.1. Hardware/Software/Network