Metrics Based on the System Performance Perspective

This part of the book presents two alternative – but not incompatible – views on how to quantify cyber resilience via suitable metrics. This chapter – the first of the two – takes the perspective in which system performance is central to the metrics. As discussed in the introduction chapter of this book, cyber resiliency has become an increasingly important, relevant, and timely research and operational concept in cyber security. Although multiple metrics have been proposed for quantifying cyber resiliency, a connection remains to be made between those metrics and operationally measurable and meaningful resilience concepts that can be empirically determined in an objective manner. This chapter describes a concrete quantitative and measureable notion of cyber resiliency that can be tailored to meet specific needs of organizations seeking to introduce resiliency into their assessment of their cyber security posture.

[1]  Sushil Jajodia,et al.  Moving Target Defense - Creating Asymmetric Uncertainty for Cyber Threats , 2011, Moving Target Defense.

[2]  Matt Bishop,et al.  What Is Computer Security? , 2003, IEEE Secur. Priv..

[3]  Min Ouyang,et al.  Time-dependent resilience assessment and improvement of urban infrastructure systems. , 2012, Chaos.

[4]  Igor Linkov,et al.  Resilience metrics for cyber systems , 2013, Environment Systems and Decisions.

[5]  Sushil Jajodia,et al.  Adversarial and Uncertain Reasoning for Adaptive Cyber Defense: Building the Scientific Foundation , 2014, ICISS.

[6]  Dijiang Huang,et al.  MTD 2015: Second ACM Workshop on Moving Target Defense , 2015, CCS.

[7]  Zachary A. Collier,et al.  Cybersecurity Standards: Managing Risk and Creating Resilience , 2014, Computer.

[8]  Lara Khansa,et al.  Quantifying Cyberinfrastructure Resilience against Multi-Event Attacks , 2012, Decis. Sci..

[9]  Igor Linkov,et al.  Operational resilience: concepts, design and analysis , 2015, Scientific Reports.

[10]  Yacov Y Haimes,et al.  On the Definition of Resilience in Systems , 2009, Risk analysis : an official publication of the Society for Risk Analysis.

[11]  Devanandham Henry,et al.  Generic metrics and quantitative approaches for system resilience as a function of time , 2012, Reliab. Eng. Syst. Saf..

[12]  C. S. Holling Resilience and Stability of Ecological Systems , 1973 .

[13]  Deb Bodeau,et al.  Cyber Resiliency Metrics, Version 1.0, Rev. 1 , 2012 .

[14]  Michel Bruneau,et al.  Framework for analytical quantification of disaster resilience , 2010 .

[15]  Igor Linkov,et al.  Resilience of Cyber Systems with Over‐ and Underregulation , 2017, Risk analysis : an official publication of the Society for Risk Analysis.

[16]  David Hyde,et al.  Evaluating network cyber resiliency methods using cyber threat, Vulnerability and Defense Modeling and Simulation , 2012, MILCOM 2012 - 2012 IEEE Military Communications Conference.

[17]  Bruce Schneier,et al.  The Future of Incident Response , 2014, IEEE Secur. Priv..

[18]  Anas AlMajali,et al.  Analyzing Resiliency of the Smart Grid Communication Architectures under Cyber Attack , 2012, CSET.

[19]  Zachary A. Collier,et al.  Systems engineering framework for cyber physical security and resilience , 2015, Environment Systems and Decisions.

[20]  Michel Bruneau,et al.  A Framework to Quantitatively Assess and Enhance the Seismic Resilience of Communities , 2003 .