Critical Infrastructure Resilience: Define, Match, Measure, and Enforce
United States policies supporting cyber-critical infrastructure resilience are relatively new, like the problem set itself. Stanford University’s Cyber Policy Center https://cyber.fsi.stanford.edu/ will, in cooperation with ACI, take on important policy questions, including how to do the following:
- Define CIKR standards of care and acceptable risk
- Match controls against vulnerabilities
- Enforce requirements
- Measure effectiveness
The research team will investigate how infrastructure entities serving Army facilities have used available standards or frameworks to design their cybersecurity programs and how they might reconcile new legal requirements with the heretofore voluntary standards and frameworks.