Title: Cyber Risk Analysis: Three Aspects of Model Formulation in Support of Risk Management

Abstract: A general model of cyber risk at a given time in a specified organization is presented as the Bayesian analysis of a one-move game. Three illustrations reflect some aspects of the formulation of the risk model. The first one starts with the statistical analysis of a large database in a space organization and extends that analysis to include the risk of attacks that have not happened yet by a Bayesian analysis of extreme value scenarios. The second illustration focuses on the optimization of the level of connectivity between the cloud and a system such as a smart power grid, then extends the problem to include the optimal allocation of personnel between “watchers” of known vulnerabilities and “hunters” of new ones. The third model focuses on warnings of cyberattacks given the process by which “robots” that monitor the traffic may decide to cut connections when the cyber risk reaches a certain level, then may decide automatically to pass the baton to a human being when the threat exceeds the automatic monitoring system’s threshold of capabilities. The data used in that third illustration were collected in part through a number of “honeypots” placed around the world and the large number of attacks that they collected.


Bio: M. Elisabeth Paté-Cornell is a professor and the founding chair of the management science and engineering department at Stanford. Her specialty is engineering risk analysis, with applications to complex systems (space, medical, offshore platforms, cyber security, nuclear, etc.). She is a member of the National Academy of Engineering, the French Académie des Technologies, the Naval Post-Graduate School Advisory Board, and the NASA Advisory Council. She was a member of the President’s Foreign Intelligence Advisory Board (2001-2008) and several other boards. She holds a B.S. in mathematics and physics from Marseille (France), an engineering degree in applied math/CS from the Institut Polytechnique de Grenoble (France), and an M.S. in operations research and a Ph.D. in engineering-economic systems, both from Stanford University.


Reception immediately following in the Klaus Atrium