Assessing & Optimizing Cyber Risk with Bayesian Networks: The Colonial Pipeline Case

Assessing & Optimizing Cyber Risk with Bayesian Networks: The Colonial Pipeline Case

Presented at the 2024 BayesiaLab Conference in Cincinnati on April 12, 2024.


On May 7, 2021, Darkside hackers exploited a leaked Colonial Pipeline Corporation (CPC) password, breaching a dormant VPN to infiltrate CPC’s IT system. Lacking a contingency plan, CPC entirely shuttered its pipelines, which at the time carried 45 percent of all jet fuel and gasoline consumed on the East Coast of the United States. This ransomware hack showcased stereotypical weaknesses in cybersecurity modeling, controls, and compliance monitoring and revealed the company's failure to create a response playbook or contingency plan, as required by U.S. Department of Transportation regulations. This presentation illustrates the use of Bayesian networks and influence diagrams for cybersecurity risk modeling, assessment, ranking, and management and suggests how their use might have prevented the Colonial Pipeline hack and/or mitigated its consequences to the company and other stakeholders.

Presentation Video

About the Presenter

Kurt Schulzke, JD, CPA, CFE, is a Professor of Accounting & Law at the University of North Georgia. His teaching, research, and consulting thrive at the intersection of data science, accounting, law, and risk management. He has published in the Columbia Journal of Transnational Law, Vanderbilt Journal of Transnational Law, Tennessee Journal of Business Law, Journal of Forensic Accounting Research, and The Value Examiner. MAcc (Brigham Young University), J.D. (Georgia State University), M.S. Applied Statistics (Kennesaw State University).

Previous Conference Presentations

For North America

Bayesia USA

4235 Hillsboro Pike
Suite 300-688
Nashville, TN 37215, USA

+1 888-386-8383

Head Office

Bayesia S.A.S.

Parc Ceres, Batiment N 21
rue Ferdinand Buisson
53810 Change, France

For Asia/Pacific

Bayesia Singapore

1 Fusionopolis Place
#03-20 Galaxis
Singapore 138522

Copyright © 2024 Bayesia S.A.S., Bayesia USA, LLC, and Bayesia Singapore Pte. Ltd. All Rights Reserved.