← Back to News List

Talk: Critical Infrastructure Risk Assessment and Reduction

Online, 12:00-1pm ET, Friday, 23 September 2022

The UMBC Cyber Defense Lab presents

On A Risk Assessment and
Reduction Approach for
National Critical Infrastructure


Cyrus Jian Bonyadi

Security Systems Analyst and PhD Student
Sandia National Labs and UMBC

12:00-1pm ET, Friday, 23 Sept. 2022, via WebEx

Work by Jason Reinhardt, Merideth Secor, Lindsey Miles, Ron Lafond, Derek Koolman II, Lauren Wind, Ray Ludwig, Jeff Munns

The Cybersecurity and Infrastructure Security Agency (CISA) leads the national effort to understand, manage, and reduce risk to our cyber and physical infrastructure. CISA must assess risks that cover a broad range of scenarios over a complex set of interdependent critical infrastructure (CI) systems. While many threat and hazard impact models and data sets exist, there is no overarching analytic structure that organizes and integrates these disparate sources into a unified risk assessment. CISA is building capabilities that will address these challenges to support stakeholders across all levels of government and the private sector. 

First, CISA has developed a National Critical Functions (NCFs) data structure to organize and describe critical infrastructure. This data set provides a set of decompositions structured as directed graphs that break down each identified function into enabling sub-functions that detail the operation and interdependencies across disparate CI systems.  The functional description of NCFs serves as a complementary lens to the sector-based organization of CI and better facilitates systemic and cross-sector risk analysis. 

Additionally, CISA has begun developing the Risk Architecture, a technology-enabled analytic tool that contains a set of standards, scenarios, visualizations, and workflows that leverage the NCF and other integrated CI data sets. This talk describes the need for an integrated approach to CI risk assessment, the NCF decomposition structure, the principles and concepts behind the Risk Architecture, and the approaches to functional interdependency analysis while also providing initial use examples.

Cyrus Jian Bonyadi is a PhD student working on developing a set of corollaries for consensus theory in distributed system security. Cyrus is a former member of the UMBC Cyberdawgs cyberdefense team and maintains a relationship with UMBC as a full time researcher at Sandia National Labs. 

Host: Alan T. Sherman, sherman@umbc.eduSupport for this event was provided in part by the National Science Foundation under SFS grant DGE-1753681.  The UMBC Cyber Defense Lab meets biweekly Fridays 12-1pm. All meetings are open to the public.  Upcoming CDL meetings: Oct 7, Geoffrey Herman (Illinois), Validation of the Cybersecurity Curriculum Assessment (CCA); Oct 21, Peter Peterson (UMN Duluth), Misconceptions in cybersecurity; Nov 4, Josiah Dykstra (DoD), Myths in cybersecurity; Nov 18, Russ Fink (APL), ARMR: Autonomous resilience / machine recovery; Dec 2 Peter Peterson (UMN Duluth), Adversarial Thinking; SFS/CySP Research Study: January 2-6, 2023 (tentative).

Posted: September 19, 2022, 9:13 AM