Building a New Kind of Math to Identify Critical Cyber ConnectionsSeptember 2018
Topics: Cybersecurity, Mathematics, Software Engineering, Network Security, Modeling and Simulation
Several years ago, the then-Secretary of Defense talked about the "known knowns" and "known unknowns," which echoes what Confucius once wrote: “To know what you know and what you do not know. That is true knowledge.” It sounds almost mystical.
In fact, much scientific research is based on this concept of seeking information where you only have a piece of the puzzle. Scientists develop hypotheses and then test them. Developing ways to capture the impact of what's known to be unknown is often a critical ingredient in this process. Especially if you don't want any unwelcome surprises.
This is just as true in the evolving science of cybersecurity as in more traditional disciplines. For example, many types of systems today rely on assets connected in cyberspace. They're increasingly engineered by joining separate systems to provide capabilities and services. At MITRE, researchers are using techniques to identify critical components in a cyber network or mission. They must identify critical nodes to defend or attack in a cyber network, as well as quantify a system’s resilience.
Quantifying the Nature of Dependencies
To contribute to this approach to cyber, Dr. Les Servi and his team developed within our independent research program a set of methods to quantify the impact of known unknowns. They call their newly developed tool the Robust Network Analysis (RNA). They built upon a body of knowledge called Functional Dependency Network Analysis (FDNA), first developed by MITRE chief engineer Paul Garvey many years ago to quantify the dependency between nodes.
Servi, project lead for a larger cyber analytics research initiative, explains what the team's work involves. "Let’s say you have one task and sub-tasks and sub-sub tasks," he says. "To do that task, you have to do this one. To do this task, you have to do these four tasks. You must map this all out and quantify the nature of the dependencies between the tasks, as well as quantify what is not known about these dependencies."
Once the system is mapped, researchers can identify the critical nodes. Servi identifies some of the questions you must answer. "What are the nodes that you should attack if you want to hurt this network? If you wanted to defend the network, which nodes should you fortify? Which nodes should you learn more about to better understand your vulnerability?"
For some systems, you can rank order the criticality of the nodes. For other systems, such ordering is not meaningful, as the nodes most critical when faced with a highly capable adversary might be very different from the nodes when faced with a much less capable adversary."
Building New Mathematics as a Hedge Against the Unknown
"FDNA is one approach to characterizing the dependencies between a task and its sub tasks," Servi says. This is a time-consuming process requiring experts in the system of interest. Furthermore, even experts may not agree on the dependencies. To remedy this, Servi’s team—which also includes Anthony Rojas, Damon Frezza, and Kael Stilp—developed a way of using simulation results to complement the experts' opinions.
"However, even with this approach, if you don't know dependencies precisely because it's too time-consuming to get that precision, you have to figure out how to hedge against what's unknown," he explains. "We designed an algorithm to identify the set of critical nodes in such systems that helps practitioners hedge against what they know they don’t know.” He likens it to “navigating with a very bad map."
This process, known as robust optimization, took existing methods in the academic literature and extended it to problems of interest to potential MITRE sponsors for mission network analysis.
Servi says robust optimization is a "a cautious hedge." You know you don't know things, so you should make decisions taking that into account. We joke that "'hope is a bad strategy for dealing with the unknown.'"
In other words, you're moving a "fragile decision" to a "robust decision."
Optimization methods have been aiding our national security for decades. As early as World War II, optimization methods assisted in locating German U-boats that were attacking merchants' ships. Servi's team’s goal is to use and build on modern optimization methods to assist in our current major challenge related to cyber networks.
Robust Optimization in the Wider World
Servi notes that MITRE’s robust optimization research isn't limited to cybersecurity and could potentially help many government programs. For example, it could benefit government acquisition—a famously complex endeavor involving many moving parts and many unknowns.
To spread the word about this work, the team has published papers in academic journals and spoken at universities, as well as the Boston chapter of INFORMS (the Institute for Operations Research and the Management Sciences), which Servi currently runs.
"We're pushing the state of the art," he says. "That's our job. However, we build prototype software to quantify the impact of this work to illustrate how it can be used by government agencies. We want to build upon the intellectual property so we can make it available to a broader audience.
"The government may find this too risky to do alone, but that's okay. We're in the business of bridging between agencies and industry and taking risks though our research program," Servi says.
"This is just one example of how MITRE invests in creating new capabilities to help make the world a safer place, whether in the cyber realm or elsewhere."
—by Blair Gately