Challenge

The nation’s government, defense and commercial infrastructure are dependent upon networked computers. These cyber systems are involved in the control of everything from the U.S. power grid to the Nation’s missile systems. Embedded software and control systems enable our cars to run more efficiently, our phone networks to operate and our stop lights to adjust to changing traffic patterns. Every day we interact with hundreds of computer systems, many of which we don’t even recognize until they stop functioning. Securing the cyber-infrastructure will be one of our greatest challenges in the 21st century. While there are a number of groups promoting best practices for cyber-security, these groups focus on rules of thumb for understanding the threat environment. Defending the cyber-infrastructure requires an understanding of how the various threats interact in order to determine the overall risk profile for a system. While no system can be 100% secure, understanding the risk profile is a requirement to bring the security risk within an acceptable range.

Benefits of SIG’s Approach

With SIG’s approach to the problems of cyber-security, the security analyst can quickly obtain an understanding of the implications of numerous dependent threats and corresponding defenses. SIG’s approach allows the analyst to specify the individual threats and the dependencies between threats and defenses. From this basic information, the framework can provide an overall assessment of the security of the system in terms of the time required for a determined attacker to achieve a defined goal. The performance of the system is orders of magnitude faster and significantly less expensive than deploying “red team” attackers to perform penetration testing. Moreover, while a red team only provides a single data point (e.g., “red team X, successfully penetrated the defenses in Y hours”), SIG’s approach yields a statistical assessment, indicating not just the average attack time, but also the distribution of attack times for a variety of attackers. The framework is applicable to a number of security domains, including network security, sensor networks and intellectual property protections against reverse engineering.

Products/Solution

SIG’s hierarchical security assessment algorithms can be deployed to determine risk in a variety of security environments. The algorithms scale to the analysis of systems with hundreds of elements, each facing dozens of threats. The resulting probabilistic threat assessments have been found to accurately characterize system risk profiles, allowing an analyst to adjust protections and reassess defenses during the planning phases of a security project, rather than post-implementation.

Technology Summary

SIG has developed a unique probabilistic framework that uses state-of-the-art machine learning techniques to model the risks inherent in a cyber-environment. The machine learning framework instantiates a large number of “agents,” each of which attack the model system with an optimal strategy given the current state of the system. As each protection is modeled probabilistically, the agents succeed or fail in their objectives in varying amounts of time. By treating the performance of each agent as a sample from the underlying system security, the model product can provide an assessment of risk as a distribution over the time required to compromise the system, given the current set of defenses.