Our academic partners again were very productiv resulting in two articles accepted for publications in two journals. The first article “A Method for Assigning Probability Distributions in Attack Simulation Languages” is written by KTH and proposes a method to determine probability distributions used in the attack simulations of the vulnerability assessment. The abstract is as following:

Cyber attacks on IT and OT systems can have severe consequences for individuals and organizations, from water or energy distribution systems to online banking services. To respond to these threats, attack simulations can be used to assess the cyber security of systems to foster a higher degree of resilience against cyber attacks; the steps taken by an attacker to compromise sensitive system assets can be traced, and a time estimate can be computed from the initial step to the compromise of assets of interest.

Previously, the Meta Attack Language (MAL) was introduced as a framework to develop security-oriented domain-specific languages. It allows attack simulations on modeled systems and analyzes weaknesses related to known attacks. To produce more realistic simulation results, probability distributions can be assigned to attack steps and defenses to describe the efforts required for attackers to exploit certain attack steps. However, research on assessing such probability distributions is scarce, and we often rely on security experts to model attackers’ efforts. To address this gap, we propose a method to assign probability distributions to the attack steps and defenses of MAL-based languages. We demonstrate the proposed method by assigning probability distributions to a MAL-based language. Finally, the resulting language is evaluated by modeling and simulating a known cyber attack.

The second article “Detecting Insider Threat via a Cyber-Security Culture Framework” is written by NTUA and elaborates on the method used in the SBA tool and links it to insider threats. The abstract is as following:

Insider threat has been recognized by both scientific community and security professionals as one of the gravest security hazards for private companies, institutions, and governmental organizations. Extended research on the types, associated internal and external factors, detection approaches and mitigation strategies has been conducted over the last decades. Various frameworks have been introduced in an attempt to understand and reflect the danger posed by this threat, whereas multiple identified cases have been classified in private or public databases. This paper aims to present how a cyber-security culture framework with a clear focus on the human factor can assist in detecting possible threats of both malicious and unintentional insiders. We link current insider threat categories with specific security domains of the framework and introduce an assessment methodology of the core contributing parameters. Specific approach takes into consideration technical, behavioral, cultural, and personal indicators and assists in identifying possible security perils deriving from privileged individuals.