Peter Foytik has been a modeling and simulation professional for 8 years at the Virginia Modeling Analysis and Simulation Center (VMASC). Peter has a bachelor’s degree in computer science and a master’s of science in modeling and simulation. With a background in computer science, initial expertise has been in software development of support tools for simulations and models. For
the last 5 years most of his work has been focused on transportation modeling and simulation with expertise in regional models used for planning. Projects include macroscopic as well as mesoscopic transportation model development. His latest research has included microscopic simulations enhanced with simulated vehicle to vehicle communication to support emergency response vehicles as well as utilizing artificial intelligence methods to improve performance of transportation models and simulations.
This paper is a result of a cyber risk assessment undertaken with the goal of increasing the cyber awareness of operators of infrastructure, managers, and political leadership. The meaning of cyber has, in our opinion, been aggregated to a bumper sticker label so generic, it means very little of anything to anyone trying to understand cyber risk. Senior executives and political leaders have a very limited understanding of industrial control systems (ICS) and the crucial role ICS provide to public/private infrastructure, industry, and military systems. Therefore, to accomplish our
purpose, we conducted a cyber-risk study focusing on a bridge tunnel ICS – a scenario of concern. In this paper we present the analytic approach, discuss our model, simulation, and analyze the results using a notational data and generic system description. As a result of this study we were able to discuss the importance of controls systems with senior leaders. We were able to demystify what we mean by “cyber” showing that it is possible through simulation to inject the effects of cyber scenarios of concern into simulations to assess impact. There was also an unintended benefit: During a system audit, ICS operators with decades of engineering experiences began to realize that the ICS is vulnerable to willful intrusion. More of these studies are needed to raise awareness.