Metrics: How Effective Is A Security Control?

Unsolicited Response

May 17, 2023•50 min•Season 2023Ep. 15

--:--

Listen in podcast apps:

Listen to this episode in Metacast mobile app

Don't just listen to podcasts. Learn from them with transcripts, summaries, and chapters for every episode. Skim, search, and bookmark insights. Learn more

Episode description

How much does a security control reduce cyber risk? What control or mix of controls provides the most efficient cyber risk reduction? Tough questions that a team of researchers at INL and Sandia tried to answer in a project.

Two of the researchers, Jay Johnson of Sandia and Jake Gentle of INL, join Dale on the show to talk about the metrics and results. The project was Cyber Resilience for Wind Installations, but the metrics and results are applicable to every sector. We get into the weeds on this episode and discuss:

how they created the test environment
the two attack scenarios (and why only two and how easy it would be to expand)
the physical resilience score
the cyber resilience score
the results from four different mixes of security controls
areas for further testing and improvement
and a tiny bit about trying to calculate an Expected Benefit from Cybersecurity Investment, which is a bit like ROI and how much money to spend.

Links

• Video: https://www.youtube.com/watch?v=bBLbLUFKzIc

• IEEE Access Journal Paper: https://ieeexplore.ieee.org/document/10043706

• POWER magazine article: https://www.powermag.com/cyber-resilience-for-wind-power-installations/

• 2-page flyer: https://www.researchgate.net/publication/367074443_Cyber_Resilience_for_Wind_Installations_A_Cyber_Resilient_Reference_Architecture

• Final project report: https://www.researchgate.net/publication/368599508_Hardening_Wind_Energy_Systems_from_Cyber_Threats-Final_Project_Report

For the best experience, listen in Metacast app for iOS or Android

Open in Metacast