Awais Rashid, Professor of Cyber Security, University of Bristol
Everything is Awesome! Or is it? Cyber Security Risks in Critical Infrastructure
Industrial Control Systems play an important role in the monitoring, control, and automation of critical infrastructure such as water, gas, oil, and electricity. Recent years have seen a number of high profile cyber attacks on such infrastructure exemplified by Stuxnet and the Ukrainian Power Grid attacks. This naturally begs the question: how should we manage cyber security risks in such infrastructure on which the day-to-day functioning of our society relies? What are the complexities of managing security in a landscape shaped by the often competing demands of a variety of stakeholders, e.g., managers, control engineers, enterprise IT personnel and field site operators? What are the challenges posed by the convergence of IoT and critical infrastructure through the so-called Industrial Internet of Things? And will frameworks such as the EU NIS directive help mitigate the cyber security risks to critical infrastructure? This talk will discuss insights from a multi-year programme of research investigating these issues and the challenges to addressing them.