Abstract
This part of the book presents two alternative – but not incompatible – views on how to quantify cyber resilience via suitable metrics. This chapter – the first of the two – takes the perspective in which system performance is central to the metrics. As discussed in the introduction chapter of this book, cyber resiliency has become an increasingly important, relevant, and timely research and operational concept in cyber security. Although multiple metrics have been proposed for quantifying cyber resiliency, a connection remains to be made between those metrics and operationally measurable and meaningful resilience concepts that can be empirically determined in an objective manner. This chapter describes a concrete quantitative and measureable notion of cyber resiliency that can be tailored to meet specific needs of organizations seeking to introduce resiliency into their assessment of their cyber security posture.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
AlMajali, A., Viswanathan, A., & Neuman, C. (2012). Analyzing resiliency of the smart grid communication architectures under cyber attack. In Proceedings of 5th Workshop on Cyber Security Experimentation and Test (CSET 2012), Bellevue, WA, USA.
Bishop, M. (2003). What is computer security? IEEE Security & Privacy, 1(1), 67–69.
Bodeau, D., & Graubart, R. (2011). Cyber resiliency engineering framework. Technical report MTR110237. MITRE Corporation.
Bodeau, D., Graubart, R., LaPadula, L., Kertzner, P., Rosenthal, A., & Brennan, J. (2012). Cyber resiliency metrics, version 1.0, rev. 1. Bedford., MP120053, Rev 1: The MITRE Corp.
Bruneau, M., Chang, S. E., Eguchi, R. T., Lee, G. C., O’Rourke, T. D., Reinhorn, A. M., Shinozuka, M., Tierney, K., Wallace, W. A., & von Winterfeldt, D. (2003). A framework to quantitatively assess and enhance the seismic resilience of communities. Earthquake Spectra, 19(4), 733–752.
Cimellaro, G. P., Reinhorn, A. M., & Bruneau, M. (2010). Framework for analytical quantification of disaster resilience. Engineering Structures, 32(11), 3639–3649.
Collier, Z. A., DiMase, D., Walters, S., Tehranipoor, M. M., Lambert, J. H., & Linkov, I. (2014). Cybersecurity standards: Managing risk and creating resilience. Computer, 47(9), 70–76.
Cybenko, G., & Huang, D. (2015). MTD 2015: Second ACM Workshop on Moving Target Defense. In Proceedings of the 22nd ACM SIGSAC Conference on Computer and Communications Security (pp. 1709–1710). Denver: ACM.
Cybenko, G., Jajodia, S., Wellman, M. P., & Liu, P. (2014). Adversarial and uncertain reasoning for adaptive cyber defense: Building the scientific foundation. In Information systems security (pp. 1–8). Cham: Springer.
DiMase, D., Collier, Z. A., Heffner, K., & Linkov, I. (2015). Systems engineering framework for cyber physical security and resilience. Environment Systems and Decisions, 35(2), 291–300.
Ganin, A. A., et al. (2016). Operational resilience: Concepts, design and analysis. Scientific Reports, 6, 19540.
Gisladottir, V., et al. (2016). Resilience of cyber systems with over-and underregulation. Risk Analysis, 37(9), 1644–1651.
Greene, S. S. (2006). Security policies and procedures. Upper Saddle River: Pearson Education.
Haimes, Y. Y. (2009). On the definition of resilience in systems. Risk Analysis, 29(4), 498–501.
Hassell, S., Beraud, P., Cruz, A., Ganga, G., Martin, S., Toennies, J., Vazquez, P., Wright, G., Gomez, D., Pietryka, F., et al. (2012). Evaluating network cyber resiliency methods using cyber threat, vulnerability and defense modeling and simulation. In Military communications conference, 2012-MILCOM 2012 (pp. 1–6). Orlando: IEEE.
Henry, D., & Ramirez-Marquez, J. E. (2012). Generic metrics and quantitative approaches for system resilience as a function of time. Reliability Engineering & System Safety, 99, 114–122.
Holling, C. S. (1973). Resilience and stability of ecological systems. Annual Review of Ecology and Systematics, 4, 1–23.
Jajodia, S., & Sun, K. (2014). MTD 2014: First ACM Workshop on Moving Target Defense. In Proceedings of the 2014 ACM SIGSAC Conference on Computer and Communications Security (pp. 1550–1551). Scottsdale: ACM.
Jajodia, S., Ghosh, A. K., Swarup, V., Wang, C., & Wang, X. S. (2011). Moving target defense: Creating asymmetric uncertainty for cyber threats (Vol. 54). New York: Springer.
Kapur, K. C., & Pecht, M. (2014). Reliability engineering. Hoboken: Wiley.
Konigsberg, R. D. (2011). 9/11 psychology: Just how resilient were we?. http://content.time.com/time/nation/article/08599209213000.html
Linkov, I., Eisenberg, D. A., Plourde, K., Seager, T. P., Allen, J., & Kott, A. (2013). Resilience metrics for cyber systems. Environment Systems and Decisions, 33(4), 471–476.
Ouyang, M., & Dueñas-Osorio, L. (2012). Time-dependent resilience assessment and improvement of urban infrastructure systems. Chaos: An Interdisciplinary Journal of Nonlinear Science, 22(3), 033122.
Schneier, B. (2014). The future of incident response. IEEE Security & Privacy, 12(5), 96–96.
US CERT. (2014). Cyber Resilience Review (CRR): Method description and self-assessment user guide. https://www.us-cert.gov/sites/default/files/c3vp/csc-crr-method-description-and-user-guide.pdf
US Department of Defense. (1997). Interface standard electromagnetic environmental effects requirements for systems, MIL-STD-464. http://www.tscm.com/MIL-STD-464.pdf
US Department of Defense. (2011). Defense acquisition guidebook. http://www.dote.osd.mil/docs/dote-temp-guidebook/DEFENSE-ACQUISITION-GUIDEBOOK-07-29-2011.pdf
Zobel, C. W., & Khansa, L. (2012). Quantifying cyberinfrastructure resilience against multi-event attacks. Decision Sciences, 43(4), 687–710.
Acknowledgments
This work was partially supported by the Army Research Office award W911NF-13-1-0421. The author thanks Lt. Col. Patrick Sweeney, Kate Farris, Ben Priest, and Valentino Crespi for valuable discussions and pointers related to this work and is very grateful to Igor Linkov for suggesting several improvements in the presentation of this material.
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2019 Springer International Publishing AG, part of Springer Nature
About this chapter
Cite this chapter
Cybenko, G. (2019). Metrics Based on the System Performance Perspective. In: Kott, A., Linkov, I. (eds) Cyber Resilience of Systems and Networks. Risk, Systems and Decisions. Springer, Cham. https://doi.org/10.1007/978-3-319-77492-3_2
Download citation
DOI: https://doi.org/10.1007/978-3-319-77492-3_2
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-77491-6
Online ISBN: 978-3-319-77492-3
eBook Packages: EngineeringEngineering (R0)