Math Model for Cyber Protection

Wednesday, January 15, 2014 @ 10:01 AM gHale

There is now a mathematical model for discovering the optimal moment to deploy specific cyber weapons.

“Both stealth and persistence depend not only on the resource itself, but also on the capacity and vigilance of the intended target,” said Professor of Political Science and Public Policy at the University of Michigan Robert Axelrod and postdoctoral research fellow Rumen Iliev in a research paper. “The stealth of resource used against a well-protected target is likely to be less than the stealth of the same resource against a target that is not particularly security conscientious. Likewise, a resource will typically have less persistence against a target that keeps up-to-date on security patches than one that does not.”

Implementing ICS Digital Zone Separation
HUG: Understanding Security and Standards
IF-MAP for ICS, SCADA Security
NIST Cybersecurity Framework: What it Means

The research paper described the equation they created and the things it takes in consideration:
• The weapon’s stealth, i.e. the probability that if you use it now it will not be detected and will still be usable in the next time period
• The weapon’s persistence, i.e. the probability that if you refrain from using it now, it will still be useable in the next time period
• The value of the weapon, which directly ties into its stealth and persistence
• The current and likely future stakes
• The threshold of stakes that will cause you to use the weapon
• The discount rate — a reflection of the fact that a given payoff is less a year from now than it is today
The equation shows a number of (fairly obvious) things. For one, the more stealthy the weapon, the better it is to use it sooner rather than later. Secondly, the more persistent the weapon is, the longer its use can end up postponed.

The researchers tested their model on past attacks — Stuxnet, the Iranian attack on Saudi Aramco, and Chinese cyber espionage — and has proven true, they said.

The Stuxnet worm had low persistence because it used four different Zero Day exploits, and it was very stealthy. The stakes were high: It was better to delay Iran’s ability to attain enough enriched uranium for nuclear weapons that throw wrenches in their plans later.

“Our model predicts that a resource like Stuxnet that was expected to have poor persistence and comparatively good stealth would be used as soon as possible, and certainly in a high-stakes situation. This is apparently just what happened,” they said.

In Saudi Aramco’s case, they weapon used wasn’t stealthy, but the stakes were high enough to warrant swift action, which was, again, what happened.

On the other hand, Chinese cyber espionage campaigns usually do not end up performed at the optimal moment, but it’s difficult to say why. “Second-guessing a nation’s choice is always problematic,” the researchers said.

“This paper clarified some of the important considerations that should be taken into account in any decision to use a method of exploiting a target’s vulnerability. The focus has been on optimal timing for such use,” they researchers said.

“This kind of analysis can help users make better choices and help defenders better understand what they are up against. In some situations, one may want to mitigate the potential harm from cyber conflict, and in other situations, one may want to harness the tools of cyber conflict. In some cases, one might want to do both. In any case, an important step is to understand the logic inherent in this new domain.”

Click here to view the complete research paper published by the Proceedings of the National Academy of Sciences (PNAS).

Leave a Reply

You must be logged in to post a comment.