This article details a framework and methodology to risk-inform the decisions of an unsupervised cyber controller. A risk assessment methodology within this framework uses a combination of fault trees, event trees, and attack graphs to trace and map cyber elements with business processes. The methodology attempts to prevent and mitigate cyberattacks by using adaptive controllers that proactively reconfigure a network based on actionable risk estimates. The estimates are based on vulnerabilities and potential business consequences. A generic enterprise-control system is used to demonstrate the wide applicability of the methodology. In addition, data needs, implementation, and potential pitfalls are discussed.
A Framework for Development of Risk-Informed Autonomous Adaptive Cyber Controllers
Manuscript received March 8, 2018; final manuscript received February 6, 2019; published online June 3, 2019. Assoc. Editor: Mahesh Mani. The United States Government retains, and by accepting the article for publication, the publisher acknowledges that the United States Government retains, a nonexclusive, paid-up, irrevocable, worldwide license to publish or reproduce the published form of this work, or allow others to do so, for United States government purposes.
- Views Icon Views
- Share Icon Share
- Cite Icon Cite
- Search Site
Veeramany, A., Hutton, W. J., Sridhar, S., Gourisetti, S. N. G., Coles, G. A., and Skare, P. M. (June 3, 2019). "A Framework for Development of Risk-Informed Autonomous Adaptive Cyber Controllers." ASME. J. Comput. Inf. Sci. Eng. December 2019; 19(4): 041004. https://doi.org/10.1115/1.4043040
Download citation file:
- Ris (Zotero)
- Reference Manager