Black Hat 2024 Panel Discusses Corporate National Security and Cyber Risk Quantification for Critical Infrastructure

The video features a Black Hat 2024 panel discussion led by cybersecurity professionals Kelman Magu, Zachary Schmidt, and Christopher Story, focusing on corporate national security (CNS)—the collective cyber resilience of businesses critical to national infrastructure. The speakers argue that over 75% of Canada's critical infrastructure is supported by small and medium-sized businesses (SMBs), with the top 10 Canadian organizations facing an estimated $25 billion in cyber risk, emphasizing that disruptions to SMBs (e.g., a single supplier for water infrastructure) can cascade into national crises. They advocate for cyber risk quantification (CRQ) in financial terms, using methodologies like stochastic modeling and dark web chatter analysis to prioritize security investments, with identity security and ransomware mitigation highlighted as high-impact areas. The panel stresses translating technical risks into dollar-based ROI to secure executive buy-in, noting that AI adoption introduces exponential risk that must be offset against efficiency gains. A checklist for evaluating CRQ providers was shared, emphasizing peer-reviewed methodologies, financial backing, and vendor independence. The discussion underscores the need for cross-departmental alignment and data-driven decision-making to address gaps in cyber resilience, particularly in SMBs.