Reversing the Drift into Failure

In his January 2016  Cryptogram newsletter, Bruce Schneier reprinted an essay on “normalization of deviance”: the process of divergence from defined policies and procedures into increasingly risky practices. Explored in detail by Dr. Diane Vaughan, as well as by other researchers and practitioners seeking to explain catastrophic failure events, it bears great relevance on cyber […]

Read More »

Risky Root Causes

I spoke recently at a workshop organized by the Alan Turing Institute in London to identify areas related to cyber security in which major research is needed. Though I focused on security analytics, I also talked about the need to develop more effective models for understanding and managing risk, citing the work that we are […]

Read More »

Avoiding the Innovator’s Dilemma in Smart Grid Security

The final keynote at RSA Conference Abu Dhabi 2015 was given by Richard Clarke, always an interesting and challenging speaker. As I listened to his discussion of responding to cyber threats, however, I was struck by his strong emphasis on preventative measures and the relatively little discussion of the essential role of ongoing visibility and […]

Read More »

Risk Management and the Smart Grid

One of our first areas of activity in SPARKS is to understand and make recommendations regarding effective risk management for the Smart Grid. A great deal of work has been done by government, industry and academia in defining best practices in this area. But are the results sufficient? Do they really address the issues that […]

Read More »

The SPARKS project gets underway

From the 28th to 29th April, 2014 the SPARKS kick-off meeting was held in Vienna, at the premises of AIT Austrian Institute of Technology – the project coordinator. Researchers from the nine organisations that are in the SPARKS consortium discussed a number of issues, in order to get underway the work packages in the project. […]

Read More »