A Framework for Hybrid Risk Analysis

Changes within the worldwide security environment proceed to challenge our ability to comprehend and react to the constantly changing hybrid threats that are becoming more diverse, emanating from a wide range of actors who are enabled by technology. Actors can wield an array of means and ways to further their security interests at the expense of a target and are able to do so without being identified.Developing proper situational awareness is a first and crucial step on the road to achieving better protection against hybrid threats. Here we propose a novel framework for hybrid risk analysis that enables the better understanding of operations of the adversary before their taking place.The idea of the framework is based on the model of hybrid operations, which combine the elements of space, time, objects at risk, goals, and actors into a single structure - a hyper-forest of multi-trees.Taking into account that hybrid operations are carried out according to certain scenarios characterized by repeatability of tools in relation to certain goals, we propose using case-based reasoning approach based on calculating the dynamic similarity of the information structure of ongoing attack to retrospective sequences of hybrid attacks for which the goals, tools, and methods are known. Retrospective data is stored in the case base.The proposed framework combines several models and methods, the main of which are the multi-tree model of hybrid attack representation, spatially distributed model of hybrid attack distribution, and the method for hybrid risk analysis. The method for hybrid risk analysis is based on two additional models such as vulnerability model and consequences assessment model that are developed for each type of object at risk.The suggested framework for hybrid risk analysis offers a better comprehension of adversary operations prior to them occurring and aids in formulating an appropriate reaction to the changing scenario.