Measuring the Wrong Metric - Lessons from Attacks on Critical Services

Explore a comprehensive framework for evaluating the impact of cyber incidents on critical services in this 55-minute conference talk. Analyze three case studies from Costa Rica, India, and Greece to understand how adverse consequences on critical infrastructure affect essential services. Learn to measure impact beyond downtime, considering scale, scope, and spread across sectors. Examine shortcomings in Industrial Control Systems (ICS) incident response capacity and discover methodologies for cyber risk quantification. Draw valuable insights from wildfire response strategies and cognitive psychology to enhance your approach. Gain an effective rubric for assessing and measuring cyber incidents affecting critical services, enabling better prioritization of investments and resource allocation in cybersecurity efforts.