Malware Epidemics Effects in a Lanchester Conflict Model

For developing a better comprehension of the large-scale effects of a cyber attack, the paper examines the effects of infections with self-replicating malware --- described by an SIR model --- on a distributed system. A Lanchester model of military forces engaged in kinetic combat serves as sample system affected by the malware. Its game-like setting illustrates the effects of malware in a concise way. Corresponding evaluation criteria are derived. Basic knowledge about the expected circumstances restricts the set of scenarios to be analyzed. Remaining uncertainties are taken into account by applying Monte-Carlo simulations, whereby the scenarios to be processed are selected randomly by information-theoretic principles. The resulting framework allows a model-based calculation of the risk and the fraction of scenarios, in which malware attacks can assure the win for kinetically inferior forces, depending on the specifical circumstances. For showing the value and the validity of the method, the proposed analysis method is applied to an exemplary situation, in which sparse knowledge causes large uncertainties about the situation. Based on the example we have derived some key findings: (1) Malware attacks affecting availability can turn around the outcome of the kinetic combat in a significant fraction of scenarios. (2) Cyber capabilities tend to soften out kinetic superiority or inferiority. (3) Using the most aggressive malware is not necessarily the best decision for an aggressor. (4) Starting countermeasures against a malware attack at the earliest possible time is not always the best decision for a defender

Formalized Risk Assessment for Safety and Security

The manifold interactions between safety and security aspects makes it plausible to handle safety and security risks in an unified way. The paper develops a corresponding approach based on the discrete event systems (DEVS) paradigm. The simulation-based calculation of an individual system evolution path provides the contribution of this special path of dynamics to the overall risk of running the system. Accidentally and intentionally caused failures are distinguished by the way, in which the risk contributions of the various evolution paths are aggregated to the overall risk. The consistency of the proposed risk assessment method with 'traditional' notions of risk shows its plausibility. Its non-computability, on the other hand, makes the proposed risk assessment better suitable to the IT security domain than other concepts of risk developed for both safety and security. Power grids are discussed as an application example and demonstrates some of the advantages of the proposed method