Improving resilience to cyber-attacks by analysing system output impacts and costs

Cyber-attacks cost businesses millions of dollars every year, a key component of which is the cost of business disruption from system downtime. As cyber-attacks cannot all be prevented, there is a need to consider the cyber resilience of systems, i.e. the ability to withstand cyber-attacks and recover from them. Previous works discussing system cyber resilience typically either offer generic high-level guidance on best practices, provide limited attack modelling, or apply to systems with special characteristics. There is a lack of an approach to system cyber resilience evaluation that is generally applicable yet provides a detailed consideration for the system-level impacts of cyber-attacks and defences. We propose a methodology for evaluating the effectiveness of actions intended to improve resilience to cyber-attacks, considering their impacts on system output performance, and monetary costs. It is intended for analysing attacks that can disrupt the system function, and involves modelling attack progression, system output production, response to attacks, and costs from cyber-attacks and defensive actions. Studies of three use cases demonstrate the implementation and usefulness of our methodology. First, in our redundancy planning study, we considered the effect of redundancy additions on mitigating the impacts of cyber-attacks on system output performance. We found that redundancy with diversity can be effective in increasing resilience, although the reduction in attack-related costs must be balanced against added maintenance costs. Second, our work on attack countermeasure selection shows that by considering system output impacts across the duration of an attack, one can find more cost-effective attack responses than without such considerations. Third, we propose an approach to mission viability analysis for multi-UAV deployments facing cyber-attacks, which can aid resource planning and determining if the mission can conclude successfully despite an attack. We provide different implementations of our model components, based on use case requirements.Open Acces

Oncogenic Merkel Cell Polyomavirus T Antigen Truncating Mutations are Mediated by APOBEC3 Activity in Merkel Cell Carcinoma

Peer reviewe

Oncogenic Merkel Cell Polyomavirus T Antigen Truncating Mutations are Mediated by APOBEC3 Activity in Merkel Cell Carcinoma

Merkel cell carcinoma (MCC) is an aggressive skin cancer, which is frequently caused by Merkel cell polyomavirus (MCPyV). Mutations of MCPyV tumor (T) antigens are major pathologic events of virus-positive (MCPyV+) MCCs, but their source is unclear. Activation-induced cytidine deaminase (AID)/APOBEC family cytidine deaminases contribute to antiviral immunity by mutating viral genomes and are potential carcinogenic mutators. We studied the contribution of AID/APOBEC cytidine deaminases to MCPyV large T (LT) truncation events. The MCPyV LT area in MCCs was enriched with cytosine-targeting mutations, and a strong APOBEC3 mutation signature was observed in MCC sequences. AICDA and APOBEC3 expression were detected in the Finnish MCC sample cohort, and LT expression correlated with APOBEC3H and APOBEC3G. Marginal but statistically significant somatic hypermutation targeting activity was detected in the MCPyV regulatory region. Our results suggest that APOBEC3 cytidine deaminases are a plausible cause of the LT truncating mutations in MCPyV+ MCC, while the role of AID in MCC carcinogenesis is unlikely.</p