14th Annual Security
& Compliance Summit
& Compliance Summit
Demystifying ICS Cyber Risk
Power generation reliability metrics are positively impacted by effective operational risk management. The plant manager’s reliability strategy can be summarized as finding ways to minimize the frequency of outages and / or the duration of outages within a budget that supports the CFO’s target generating costs. It is within this context that cyber risk to the digital plant infrastructure must be understood and managed. For a plant manager to adopt and support new cyber security policies that require O&M resources, he must understand the relative positive impact these will have on reliability as compared to applying these same resources to other preventive maintenance measures. The information required to make this comparison to support a rational, well-informed risk management decision is the subject of this presentation. To make effective comparisons between cyber risk and operational risk, it is necessary to normalize the analysis results through the use of a common model that generates quantitative financial metrics. Once quantified in a common metric, cyber risk can be de-mystified and evaluated against other high-priority operational risk issues. The result of applying limited budget in appropriate amounts to properly prioritized risk issues results in optimal risk management and therefore more reliable and safe operations.
Mike Radigan has a 17 year career in the cyber risk management and network security industries. His subject matter expertise in expressing cyber risk in financial or “business terms” provides a unique and highly valued perspective to decision makers. Mike joined Leidos Cyber, Inc. in December of 2017 and is responsible for the Operational Technology (OT) / Industrial Control System (ICS) cyber security strategy and managing the partner relationships that enable the OT strategy. Mike came to Leidos from ABB Power Generation where he held the role of Sr. Advisor of Cyber Risk Management providing customers guidance on managing the cyber and compliance risk posed to their operations.