Welcome! This meetup dedicated to all professionals involved in Cyber Security for Automated Processes and Control Systems including security for Operating Technology (OT), Industrial Control Systems (ICS), SCADA Systems, Transportation Systems, Building Control Systems (BCS), and even emerging Industrial Internet of Things (IIoT) systems. Our purpose is to connect the professionals in the Greater Washington D.C. area with real interest in or responsibility for the cyber security of these systems.
We gather for purposes of education, information exchange, and discovery of new opportunities and even a few happy hours! If you are interested in serving on a committee to help shape this meetup experience, please contact the organizers directly.
Please join us as Dr. Nick Duan, discusses how to accurately quantify cybersecurity risks for Industrial Control Systems (ICS).
The discussion leaders will deliver 10-15 minutes (each) of prepared content and then YOU, the audience will ask questions to help guide the panel discussion! Which means that you will be able to actively participate in the live discussion!
The current cybersecurity risk analysis and assessment methods are mostly manual driven and highly labor-intensive, often resulting in inconsistent assessment reports. There is a lack of detailed reference models and tools to quantify cybersecurity risks at the operational level. This is especially true for infrastructure companies because often the decision makers of an organization, such as the CEO or the CISO, wants to know about the financial consequences of a critical production component, e.g. a generator or a water pump, with respect to vulnerability or cyber threat induced failures.
In this presentation, we will introduce a quantitative risk analysis model implemented in a software tool called Artemis to support cybersecurity risk quantification in an integrated IT/OT and cyber-physical environment. Artemis provides organizations with a reference framework to integrate various security siloes, and enable exploit path analysis (EPA) functions for identifying the weakest link in an ICS network by leveraging the existing industry standards in vulnerabilities and asset management. We will demonstrate the basic functions of Artemis and how it can be used to support quantitative decision making in enhancing operational cybersecurity readiness.
• Why quantitative risk analysis is important for ICS and what are the benefits?
• How to quantify cybersecurity risks using various cybersecurity standards?
• How can the Artemis tool be extended to support various ICS application in different industries?
DISCUSSION LEADER: Dr. Nick Duan
Dr. Nick Duan is the President and Chief Information Officer of D-Tech, LLC, an R&D firm specializing in cybersecurity products and services. He has over 30 years of experience in software design and product development, with a wide range of expertise in cybersecurity, identify and access management, data modeling, and system design and development. Prior to D-Tech, he worked as a software architect and consultant in IT security to assist federal and commercial customers in implementing enterprise security solutions. He is a graduate from Penn State with a Ph.D. in industrial engineering, and an adjunct faculty member with local universities in the Washington, DC area.