A Bayesian Framework for the Analysis and Optimal Mitigation of Cyber Threats to Cyber-Physical Systems.

Critical infrastructures are increasingly reliant on information and communications technology (ICT) for more efficient operations, which, at the same time, exposes them to cyber threats. As the frequency and severity of cyberattacks are increasing, so are the costs of critical infrastructure security. Efficient allocation of resources is thus a crucial issue for cybersecurity. A common practice in managing cyber threats is to conduct a qualitative analysis of individual attack scenarios through risk matrices, prioritizing the scenarios according to their perceived urgency and addressing them in order until all the resources available for cybersecurity are spent. Apart from methodological caveats, this approach may lead to suboptimal resource allocations, given that potential synergies between different attack scenarios and among available security measures are not taken into consideration. To overcome this shortcoming, we propose a quantitative framework that features: (1) a more holistic picture of the cybersecurity landscape, represented as a Bayesian network (BN) that encompasses multiple attack scenarios and thus allows for a better appreciation of vulnerabilities; and (2) a multiobjective optimization model built on top of the said BN that explicitly represents multiple dimensions of the potential impacts of successful cyberattacks. Our framework adopts a broader perspective than the standard cost-benefit analysis and allows the formulation of more nuanced security objectives. We also propose a computationally efficient algorithm that identifies the set of Pareto-optimal portfolios of security measures that simultaneously minimize various types of expected cyberattack impacts, while satisfying budgetary and other constraints. We illustrate our framework with a case study of electric power grids.

An Adversarial Risk Analysis Framework for Cybersecurity.

Risk analysis is an essential methodology for cybersecurity as it allows organizations to deal with cyber threats potentially affecting them, prioritize the defense of their assets, and decide what security controls should be implemented. Many risk analysis methods are present in cybersecurity models, compliance frameworks, and international standards. However, most of them employ risk matrices, which suffer shortcomings that may lead to suboptimal resource allocations. We propose a comprehensive framework for cybersecurity risk analysis, covering the presence of both intentional and nonintentional threats and the use of insurance as part of the security portfolio. A simplified case study illustrates the proposed framework, serving as template for more complex problems.