Architecting Cyber Defense: A Survey of the Leading Cyber Reference Architectures and Frameworks

Abstract

The rapid development of cyber threats and intelligence challenges the traditional design of static cyber defense platforms. This paper discusses the need for an agile structure to inform the development of cybersecurity solutions that are not only widely adaptable to unknown threats, specific business practices, and technical requirements, but are also efficiently translatable to products. It employs a systems engineering approach in the evaluation of several Reference Architectures for cyber defense that were gathered from the both the public and private sector. The Northrop Grumman Cyber Defense Reference Architecture is introduced in this paper to go beyond basic cyber hygiene by focusing on cognitive tasks through functional implementations of advanced analytics and automation. The limitations of frameworks, design patterns, and security control checklists in comparison to reference architectures are also discussed.