Cyber risk and vulnerability estimation

Abstract

Recent strides in cyber operations, including description of the threat lifecycle, and component threat models, are currently limited only by the ability to estimate current system state, in terms of vulnerability and subsequent risk. Therefore, it is highly desirable to lay down a testable, repeatable, set of rules, policies, machine learning (ML) and artificial intelligence techniques for modeling and estimating cyber risk, vulnerabilities, and exploits in systems and networks. Recent improvements in learning models, deep learning, and big data analytics have the potential to capture the relationships among the security features and adversary activities to enhance cybersecurity defense and estimation of risk and vulnerabilities. This special issue is composed of six papers that provide insight into cyber risk and vulnerability from various perspectives, including modeling a cybersecurity environment, leveraging ML capabilities, assessing cybersecurity attacks and vulnerabilities, optimizing limited resources of cybersecurity security operation centers, and agent-based target evaluation in an air defense simulation environment. The paper by Dasari, Im, and Geerhart presents an approach to accomplishing mission computation goals and resource requirements for the time-sensitive data processing tasks in tactical computing platforms that are mostly mobile, with limited computing and communication resources. To optimize the computation platforms and algorithms for the mission requirements such as performing computation in mission time, the paper describes a socalled mission class with deterministic polynomial time complexity, wherein the computations must complete in mission time within an environment with limited resources. The paper also investigates feasible models that can minimize energy and maximize memory, efficiency, and computational power. The paper by Shah, Farris, Ganesan, and Jajodia investigates various optimization methods of vulnerability selection against some constraints (e.g., personnel-hour allocations, as well as vulnerability age, severity, and persistence score requirements) of Cyber-Security Operations Centers. The paper presents two different mathematical models and approaches to vulnerability selection for mitigation with either single attribute value selection or multiple attribute value selection in decision-making process. The empirical results indicate that the multiple attribute value optimization policy performs better in satisfying all vulnerability attribute requirements. The paper by Werth, Griffith, Hairston, and Morris focuses on the development of a virtual, modular testbed to provide a high-fidelity model of the cyber and physical components of a networked generator system. A highfidelity model of the generator was included to allow the evaluation of more types of threat models. Supply chain attacks with simulated hardware and software trojans are examined in case studies. The proposed testbed provides an opportunity for researchers to implement and observe the effects of cybersecurity attacks without inflicting damage on actual costly systems. The paper by Krall, Kuhl, and Yang investigates estimation of cyber network risk by providing a rare event simulation modeling and analysis technique, namely, importance sampling for cyber networks, that parametrically amplifies certain aspects of the network to enable a rare event to happen more frequently. The investigation has applied a tailored importance sampling methodology to a security framework, which is capable of analytically comparing network configurations against each other. The simulation modeling approach considers attacker behavior and attack progression through the network, including the selection of target machines, vulnerabilities, and likelihood of attack success, along with the estimate of network risk. The paper by Dasgupta, Akhtar, and Sen provides a comprehensive survey of the analysis on ML vulnerability issues, security breaches, and their corresponding defensive techniques in cybersecurity, where ML algorithms are vulnerable to attacks in the training and testing phases. This survey of ML in cybersecurity describes the basics of