๐Ÿ‡บ๐Ÿ‡ธAssessing & Optimizing Cyber Risk with Bayesian Networks: The Colonial Pipeline Case

Kurt S. Schulzke, JD, CPA, CFE, University of North Georgia

To be presented at the 2024 BayesiaLab Spring Conference in Cincinnati on April 12, 2024.

Abstract

On May 7, 2021, Darkside hackers exploited a leaked Colonial Pipeline Corporation (CPC) password, breaching a dormant VPN to infiltrate CPCโ€™s IT system. Lacking a contingency plan, CPC entirely shuttered its pipelines, which at the time carried 45 percent of all jet fuel and gasoline consumed on the East Coast of the United States. This ransomware hack showcased stereotypical weaknesses in cybersecurity modeling, controls, and compliance monitoring and revealed the company's failure to create a response playbook or contingency plan, as required by U.S. Department of Transportation regulations. This presentation illustrates the use of Bayesian networks and influence diagrams for cybersecurity risk modeling, assessment, ranking, and management and suggests how their use might have prevented the Colonial Pipeline hack and/or mitigated its consequences to the company and other stakeholders.

About the Presenter

Kurt Schulzke, JD, CPA, CFE, is a Professor of Accounting & Law at the University of North Georgia. His teaching, research, and consulting thrive at the intersection of data science, accounting, law, and risk management. He has published in the Columbia Journal of Transnational Law, Vanderbilt Journal of Transnational Law, Tennessee Journal of Business Law, Journal of Forensic Accounting Research, and The Value Examiner. MAcc (Brigham Young University), J.D. (Georgia State University), M.S. Applied Statistics (Kennesaw State University).

Register here for the 2024 BayesiaLab Spring Conference, April 11-12, 2024:

Previous Conference Presentations

๐Ÿ‡บ๐Ÿ‡ธpageModeling the Risk of Material Misstatement of Current Expected Credit Losses๐Ÿ‡บ๐Ÿ‡ธpageBusiness Valuation Using Bayesian Networks๐Ÿ‡บ๐Ÿ‡ธpageModeling COVID-19 Business Interruption Insurance Claims Using Bayesian Networks๐Ÿ‡บ๐Ÿ‡ธpageReasonable Certainty โ€” Why Courts Should Use Bayesian Belief Networks to Estimate Economic Damages

Last updated

Logo

Bayesia USA

info@bayesia.us

Bayesia S.A.S.

info@bayesia.com

Bayesia Singapore

info@bayesia.com.sg

Copyright ยฉ 2024 Bayesia S.A.S., Bayesia USA, LLC, and Bayesia Singapore Pte. Ltd. All Rights Reserved.