The Cyber Resiliency project aims to develop new theory and application of network analysis (also known as network science) to the requirement for information-technology (IT) enabled organization to be able to continue to function with their enabling IT degraded. The project will use both generalized organizations and empirical organizations modeled via a text-mining, data-to-model (D2M) process as the source of organizations to study. The project will use standard meta-network (e.g., nodes of agents, tasks, organizations, resources, knowledge and others linked between and within node sets) analysis techniques to assess organization resilience--the ability to continue to function in a degraded environment. Examples of such assessments include: organization and team single points of failure, task congruence, knowledge and resource redundancy and shortfalls. It is also the intent to develop new theory and techniques for assessing resilience. The principal tool for network analysis of these models is ORA while the D2M process fundamentally relies on AutoMap.
En route to developing new theory and techniques for assessing resilience, this project aims to take the developed models, both stylized and empirical, and run them in an agent-based simulation system. Construct, the CMU-developed agent-based simulation, is the primary simulation tool for this project. Using boundedly-rational agents, the researchers intend on demonstrating the applicability of the model construction techniques to the resilience arena and the validity of the simulations' outputs in both contested and non-contested environments. The simulations will assist the examination of three principal cyber effects, confidentiality, integrity, and availability as well as mitigations that organizations can employ to improve their resilience to these cyber effects.
In order to validate our models, we rely on real cyber-attack data collected from millions of machines worldwide. We access this data through Symantec's Worldwide Intelligence Network Environment (WINE) platform [Link]. We calibrate our models based on stylized facts extracted from the data. For example, we use the distribution of the number of machines affected by each threat and the distribution of the infection duration in order to set the values of these variables in our simulations.
Lanham, Michael J., Morgan, Geoffrey P., & Carley, Kathleen M. . (2012, 15-17 March). Social Network Modeling and Simulation of Integrated Resilient Command and Control (C2) in Contested Cyber Environments. Presentation at the Sunbelt XXXIII, Redondo Beach, CA