Motivation-based Attacker Modelling for Cyber Risk Management: A Quantitative Content Analysis and a Natural Experiment

Cyber-attacks have a tremendous impact on worldwide economic performance. Hence, it is vitally important to implement effective risk management for different cyber-attacks, which calls for profound attacker models. However, cyber risk modelling based on attacker models seems to be restricted to overly simplified models. This hinders the understanding of cyber risks and represents a heavy burden for efficient cyber risk management. This work aims to forward scientific research in this field by employing a multi-method approach based on a quantitative content analysis of scientific literature and a natural experiment. Our work gives evidence for the oversimplified modelling of attacker motivational patterns. The quantitative content analysis gives evidence for a broad and established misunderstanding of attackers as being illicitly malicious. The results of the natural ex- periment substantiate the findings of the content analysis. We thereby contribute to the improvement of attacker modelling, which can be considered a necessary prerequisite for effective cyber risk management

Cyber resilience meta-modelling: The railway communication case study

Recent times have demonstrated how much the modern critical infrastructures (e.g., energy, essential services, people and goods transportation) depend from the global communication networks. However, in the current Cyber-Physical World convergence, sophisticated attacks to the cyber layer can provoke severe damages to both physical structures and the operations of infrastructure affecting not only its functionality and safety, but also triggering cascade effects in other systems because of the tight interdependence of the systems that characterises the modern society. Hence, critical infrastructure must integrate the current cyber-security approach based on risk avoidance with a broader perspective provided by the emerging cyber-resilience paradigm. Cyber resilience is aimed as a way absorb the consequences of these attacks and to recover the functionality quickly and safely through adaptation. Several high-level frameworks and conceptualisations have been proposed but a formal definition capable of translating cyber resilience into an operational tool for decision makers considering all aspects of such a multifaceted concept is still missing. To this end, the present paper aims at providing an operational formalisation for cyber resilience starting from the Cyber Resilience Ontology presented in a previous work using model-driven principles. A domain model is defined to cope with the different aspects and “resilience-assurance” processes that it can be valid in various application domains. In this respect, an application case based on critical transportation communications systems, namely the railway communication system, is provided to prove the feasibility of the proposed approach and to identify future improvements