Characterizing Effects on the Cyber Adversary: A Vocabulary for Analysis and AssessmentFebruary 2014
Topics: Decision Support Systems, Cybersecurity, Computer Security, Information Security Risk Management
This paper presents a vocabulary for stating claims or hypotheses about the effects of cyber mission assurance decisions on cyber adversary behavior. Cyber mission assurance decisions include choices of cyber defender actions, architectural decisions, and selections and uses of technologies to improve cyber security, resiliency, and defensibility (i.e., the ability to address ongoing adversary activities). The vocabulary enables claims and hypotheses to be stated clearly, comparably across different assumed or real-world environments, and in a way that suggests evidence that might be sought but is independent of how the claims or hypotheses might be evaluated. The vocabulary can be used with multiple modeling and analysis techniques, including Red Team analysis, game-theoretic modeling, attack tree and attack graph modeling, and analysis based on the cyber attack lifecycle (also referred to as cyber kill chain analysis or cyber campaign analysis).