VMASC to Host Cyber-Security Conference This Month
In early October, U.S. Secretary of Defense Leon Panetta warned of the possibility of cyber attacks on the United States in the coming months and years, calling it a "pre-9/11 moment" because of the country's general lack of understanding of the nature of the threats.
Researchers at Old Dominion University have been looking at the issue of cyber security for several years. ODU's Virginia Modeling, Analysis and Simulation Center is hosting and co-sponsoring the 12th annual ICS (Industrial Control Systems) Cyber-Security Conference, to be held at VMASC's headquarters in Suffolk Oct. 22-25.
VMASC chief scientist Barry Ezell, one of more than a dozen experts who will present at the conference, said the public has no idea of the level of exposure to threats that exists in the world's industrial control systems.
"People don't understand that these systems control insulin pumps on people's bodies to electric power grids, and everything in between," Ezell said. "Even if we don't understand our vulnerabilities, our enemies do; waiting for a cyber catastrophe is a dangerous strategy. A cyber attack like this could target our bridge-tunnel system or our water supply systems. It could shut down a whole hospital."
Ezell's 1998 master's thesis identified the industrial control system cyber risk, doing the world's first-ever quantitative risk assessment into cyber threats. "We saw this coming 14 years ago. It's upon us now," Ezell said.
The number of cyber threats the nation faces has increased significantly in recent years, making the ICS Cyber-Security Conference especially relevant. It's the only conference where industrial control systems users, ICS vendors, system security providers and government representatives meet to discuss the latest cyber incidents, analyze their causes and cooperate on solutions. Now in its 12th year, the conference has seen rising interest as both the stakes of critical infrastructure protection and the distinctiveness of securing control systems become increasingly apparent.
Ezell's address, "Identifying and Evaluating Cyber Risk Impacts: A Case Study from Surface Transportation Systems," will reference work done by VMASC on critical infrastructure traffic planning and threat identification.
Ezell posits that a real dialogue with senior management - and a good discussion on allocation of resources - can only occur when there is a clear and quantifiable concept of the impact of a cyber incident. In his session, Ezell will provide a framework for identifying and evaluating the impact of cyber incidents. Usage of the framework is illustrated through real-life examples from the surface transportation domain that stem from work performed by VMASC.
For more information about the ICS Cyber-Security Conference, visit the conference website at http://www.icscybersecurityconference.com/.