International Conference on Quality Leadership and Management in the Nuclear Industry
15th FORATOM-IAEA Management Systems Workshop
16-19 July 2018 - Ottawa Canada
President and Chief Security Scientist – Lofty Perch, Inc.
Mark Fabro is the President and Chief Security Scientist for Lofty Perch, Inc. (LPI) a market leading security technology company focused on SCADA and control system cyber security. As a recognized expert in attack methodologies and adversarial techniques his work is focused on threat modeling, incident investigations and counter-attack planning. His projects have included supporting some of largest infrastructure asset owners in the world, and in addition to being involved in the development of several security standards for transportation, energy, and water sectors he has testified to Congress on cyber security risk and threat to the North American Bulk Power System.
His past contributions to cyber security and the protection of national critical infrastructures have been many and noteworthy. Mark’s projects have included working on some of the most influential cyber security programs to date. Mr. Fabro was a contributing specialist to the U.S. National Strategy to Secure Cyberspace, the Cyber Annex to the National Response Framework, the DoE/White House Cybersecurity Capability Maturity Model (C2M2) and IAEA Nuclear Computer Security guidance. Regarding his development on international standards he has contributed to many including those developed by NIST, ISASP99/IEC62443 and others. He has authored several of the Recommended Practices for the DHS Control Systems Security Program/ICS-CERT, helped found the Repository for Industrials Security Incidents (RISI), and is a member of both the NERC Smart Grid and Cyber Attack Task Forces.
As a technologist Mark is an expert in developing cyber threat scenarios and assessment methods for sensitive control system environments. Having worked extensively in sectors such as nuclear, his rich experience working directly with I&C and energy management systems is used to create assessment methods and countermeasures using cyber components for design basis threat. Mark is the senior cyber security SME for those international projects assessing nuclear plants and material control during plant construction, post-construction and decommissioning. He has completed post graduate studies in national security and counterterrorism at both the American Military University and the United Nations, and has taught cyber security theory at many universities and institutions around the world. He is currently on the panel of experts updating IAEA NSS-10 with a focus on modernizing the guidance to address the cyber domain. He has assisted the IAEA and the World Institute for Nuclear Security in providing expert consulting and training for creating effective cyber security programs for member states to further nuclear security operations. Recently, for his work in critical infrastructure protection, he was recognized as one of the ’25 Most Influential Consultants in the World’ and was named the ‘Information Security Professional of the Year’ by SC Magazine.