Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Secure .gov websites use HTTPS
A lock ( ) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.

Cybersecurity Framework CSF

RMA - GCOR Conference

Fireside Chat: Complexity is the new Cyber Adversary

The cascading risk that made Lehman Brothers infamous for accelerating the global financial crisis or the Northeast Power Outage that disabled parts of US and Canada in 2003 exemplify how counterparty risk could turn a single breach into a disastrous systemic failure. Cyber risks face similar consequences. They are not enabled simply by individual cyber vulnerabilities, but by the Complex Systems-of-Systems they inhabit. Composed of legacy and new HW, SW and IoT elements connected by myriad channels, haphazardly integrated over many years, they lead to exploitable, accidental (even spontaneously combustible) systemic risks. This is not a computer science issue - it’s a system engineering issue. And there are solutions!

They begin with accurate models of system behavior and breach consequences. For the past 80 years, complex communications, weapons, and industrial systems faced system reliability failures which were (and still are) addressed by legacy system engineering protocols such as Failure Modes Effects and Criticality Analysis (FMECA). Similar approaches may enable the design (and evolution) of cyber architectures which can absorb and operate through attacks as they occur, preventing impact propagation (and exhaust adversaries’ resources). CISOs can and must expand their talent pool and their risk management perspective accordingly.

Learning Objectives:

  • Understand how enterprise vulnerability is increasing due to system and application complexity
  • Understand how usage load and tolerance issues exacerbate vulnerability
  • Learn how you can integrate resilience to reduce potential systemic risk in complex systems


Cyber risk of highly complex systems     Slides | Questions

Enterprise Impact of Reputation Risk      Slides | Questions

Created May 24, 2016, Updated August 15, 2023