DeepAI AI Chat
Log In Sign Up

Exploring how Component Factors and their Uncertainty Affect Judgements of Risk in Cyber-Security

by   Zack Ellerby, et al.

Subjective judgements from experts provide essential information when assessing and modelling threats in respect to cyber-physical systems. For example, the vulnerability of individual system components can be described using multiple factors, such as complexity, technological maturity, and the availability of tools to aid an attack. Such information is useful for determining attack risk, but much of it is challenging to acquire automatically and instead must be collected through expert assessments. However, most experts inherently carry some degree of uncertainty in their assessments. For example, it is impossible to be certain precisely how many tools are available to aid an attack. Traditional methods of capturing subjective judgements through choices such as high, medium or low do not enable experts to quantify their uncertainty. However, it is important to measure the range of uncertainty surrounding responses in order to appropriately inform system vulnerability analysis. We use a recently introduced interval-valued response-format to capture uncertainty in experts' judgements and employ inferential statistical approaches to analyse the data. We identify key attributes that contribute to hop vulnerability in cyber-systems and demonstrate the value of capturing the uncertainty around these attributes. We find that this uncertainty is not only predictive of uncertainty in the overall vulnerability of a given system component, but also significantly informs ratings of overall component vulnerability itself. We propose that these methods and associated insights can be employed in real world situations, including vulnerability assessments of cyber-physical systems, which are becoming increasingly complex and integrated into society, making them particularly susceptible to uncertainty in assessment.


page 1

page 2

page 3

page 4


Vehicle Security: Risk Assessment in Transportation

Intelligent Transportation Systems (ITS) are critical infrastructure tha...

An Attacker Modeling Framework for the Assessment of Cyber-Physical Systems Security

Characterizing attacker behavior with respect to Cyber-Physical Systems ...

Assessing MSDs before Introduction of a Cobot: Psychosocial Aspects and Employee's Subjective Experience

Musculoskeletal disorders (MSDs) are one of the main causes of work disa...

A Model-Based Approach to Security Analysis for Cyber-Physical Systems

Evaluating the security of cyber-physical systems throughout their life ...

Capturing Individuals' Uncertainties–On Establishing the Validity of an Interval-Valued Survey Response Mode

Obtaining quantitative survey responses that are both accurate and infor...

Cybersecurity of Industrial Cyber-Physical Systems: A Review

Industrial cyber-physical systems (ICPSs) manage critical infrastructure...

Rise of the HaCRS: Augmenting Autonomous Cyber Reasoning Systems with Human Assistance

As the size and complexity of software systems increase, the number and ...