Abstract: In the United States (and in many other countries around the world), risk management has become the dominant paradigm for securing the electrical power grid from a cyberattack. Regulations require asset owners to use a risk assessment methodology to identify high-risk assets and apply certain security controls to them, but assets that are deemed “low-risk” are exempt. Industry groups also promote formal risk management for a cost-effective cybersecurity strategy. While formal risk management frameworks have proliferated in recent years, evidence suggests that there are significant shortcomings in the actual implementation of risk management. This talk examines what we know about how risks are being managed, both within individual organizations in the power sector, and by federal regulators in the United States. Using a risk management perspective, it surveys known threats, vulnerabilities, and consequences for a range of potential cyber attacks. It then shows that in the U.S., federal regulation currently organizes the risk management process in ways that overlook systemic risks. In conclusion, it discusses alternatives to risk management and directions for future research.
Speaker Bio: Rebecca Slayton is a lecturer in Stanford’s Public Policy Program and a junior faculty fellow at CISAC for 2013-2014. Her research examines how different kinds of experts assess the risks of new technology, and how their arguments gain influence in distinctive organizational and political contexts. She is currently studying efforts to manage the diverse risks—economic, environmental, and security—associated with a “smarter” electrical grid.
Slayton earned a PhD in physical chemistry at Harvard University in 2002. In 2002 she won a National Science Foundation postdoctoral grant to study scientific advising and public debate about the “Star Wars” missile defense program, and to develop skills in social scientific research methods, in the Science, Technology, and Society Program at the Massachusetts Institute of Technology. She also won a AAAS Mass Media Science and Engineering Fellowship in 2000, and has worked as a science journalist.