Measuring the Wrong Metric – Lessons from Attacks on Critical Services - Munish Walther-Puri

This talk was recorded at NDC Security in Oslo, Norway. #ndcsecurity #ndcconferences #security #developer #softwaredeveloper Attend the next NDC conference near you: https://ndcconferences.com https://ndc-security.com/ Subscribe to our YouTube channel and learn every day: / @NDC Follow our Social Media! https://www.facebook.com/ndcconferences https://twitter.com/NDC_Conferences https://www.instagram.com/ndc_conferences/ Adverse consequences on critical infrastructure have an impact on critical services. This impact can – and should – be measured, not just by downtime, but by scale (number of people), scope (type of impacts), and spread (number of sectors and/or dependencies). This talk uses three case studies – incidents in Costa Rica, India, and Greece – to present a framework for evaluating the impact on critical services. Additionally, this talk will outline the shortcomings in ICS incident response capacity and leverage methodologies for cyber risk quantification, as well as draw lessons from wildfire response and cognitive psychology. Attendees will leave this talk with an effective rubric for assessing and measuring cyber incidents affecting critical services, enabling prioritization of investment and precious resources.