Permission has been given to destroy this document when it is no longer needed. Cyber-enabled and cyber-physical systems connect and engage virtually every mission-critical military capability today. And as more warfighting technologies become integrated and connected, both the risks and opportunities from a cyberwarfare continue to grow—motivating sweeping requirements and investments in cyber...

Virtually all modern organizations have embedded information and communication technologies into their core processes as a means to increase operational efficiency, improve decision quality, and reduce operational costs. However, this dependence can place the organizational mission at risk when an incident occurs that compromises a cyber resource critical to the success of the organizational mi...

Existing techniques for cyber attack detection rely mainly on activity data from computers and networks. Little consideration has been given to other kinds of data in the cause-effect chains of attacks. Adding state and performance data may reveal elements on computers and networks that are affected by a cyber attack, thus providing a more accurate, complete picture of an attack. This paper pre...

Internet users such as individuals and organizations are subject to different types of epidemic risks such as worms, viruses, spams, and botnets. To reduce the probability of risk, an Internet user generally invests in traditional security mechanisms like anti-virus and anti-spam software, sometimes also known as self-defense mechanisms. However, according to security experts, such software (an...

Many problems in cyber trust exist at least partially because the people and institutions involved are not properly motivated to solve them. The incentives are often perverse, misaligned, or missing. By improving economic, social, and personal incentives, cyber trust can be significantly improved. The incentive-based approach is based on modern enterprise risk management methods and experiences...

1 Portions of this work were funded by grant #60NANB1D0116 from the National Institute of Standards and Technology, U.S. Dept. of Commerce. Abstract In this paper we present a new cyber security assessment approach, which merges Survivability System Analysis (SSA) with Probability Risk Assessment (PRA). The method adds quantitative information to the process oriented SSA method, which assists w...

Situational awareness in cyber domain is one of the key features for quick and accurate decision making and anomaly detection. In order to provide situational awareness, certain methods have been introduced so far and attack graph is one of them. Attack graphs help the security analyst to visualize the network topology and understand typical vulnerability and exploit behaviors in cyber domain (...

In the face of increasing numbers cyber-attacks, it is critical for organisations to understand risk they are exposed even after deploying security controls. This residual forms part ongoing operational environment, and must be understood planned if resilience achieved. However, there a lack rigorous frameworks help reason about how their use controls can change nature potential losses face, gi...

As Defense agencies and services expand their reliance on computer networks, risk to information availability and integrity increases. It is no longer adequate to rely solely on the now traditional defense-in-depth strategy. We must recognize that we are engaged in a form of warfare, cyber warfare, and deploy our resources using the strategy and tactics of warfare. Most Defense organizations ha...

Traditional cybersecurity risk assessment is reactive and based on business risk assessment approach. The 2014 NIST Cybersecurity Framework provides businesses with an organizational tool to catalog cybersecurity efforts and areas that need additional support. As part of an on-going effort to develop a holistic, predictive cyber security risk assessment model, the characterization of human fact...