1 / 6

Explorations in Cyber International Relations (ECIR)

Explorations in Cyber International Relations (ECIR). Simulation Modeling for Cyber Resilience. Dr. Michael Siegel Daniel Goldsmith. Conference on Cyber International Relations: Emergent Realities of Conflict and Cooperation | October 14, 2010. OSD Minerva Research Project at Harvard & MIT.

zorana
Download Presentation

Explorations in Cyber International Relations (ECIR)

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Explorations in Cyber International Relations (ECIR) Simulation Modeling for Cyber Resilience Dr. Michael Siegel Daniel Goldsmith Conference on Cyber International Relations: Emergent Realities of Conflict and Cooperation | October 14, 2010 OSD Minerva Research Project at Harvard & MIT Explorations in Cyber International Relations

  2. Identifying Security Solutions: A Systems View Management Policy Worse Better Costs Benefits Timing Strategy … Governance Awareness IR … Poli Sci Theory IR … Data Technology Output SMEs Databases Text Time Series Derived Data … Authentication Encryption Patching Software Quality …

  3. How did breaches (threats) occur? * How are security and threat processes (resilience) managed? * 67% were aided by significant errors (of the victim) Over 80% of the breaches had patches available for more than 1 year 38% utilized Malware 75% of cases go undiscovered or uncontained for weeks or months 64% resulted from hacking 35% increase in the customization of Malware from 2007 to 2008 * Verizon 2009 Data Breach Report * Verizon 2009 Data Breach Report Mission: Dynamics of Threats and Resilience

  4. Attacking Software Security Patching Results: Simulation Modeling Overview

  5. Infected Attack Vectors Not Compromised 200 Technical 150 Year 100 “Upstream Costs” “Downstream Costs” 50 200 0 20 0 10 20 30 40 50 60 70 80 90 100 170 200 Time (Year) Managerial 17 Year 140 170 14 Year 10 110 140 11 7.5 80 110 2,000 0 10 20 30 40 50 60 70 80 90 100 8 5 Time (Year) 0 10 20 30 40 50 60 70 80 90 100 80 Total Costs 1,500 Time (Year) 0 10 20 30 40 50 60 70 80 90 100 2.5 Time (Year) 1,000 0 0 10 20 30 40 50 60 70 80 90 100 500 Time (Year) Policy 0 0 10 20 30 40 50 60 70 80 90 100 Time (Year) Example of Simulation Model Output Blue is base case; red case is patching with configuration standards; green is current case

  6. Perceptions: Loads and Capacities Management Policy Costs Benefits Timing Strategy … Governance Awareness IR … Perceptions of Security Poli Sci Security Theory IR … Data Technology Output SMEs Databases Text Time Series Derived Data … Authentication Encryption Patching Software Quality …

More Related