Cyber security is a global issue of growing importance. Cyber espionage can affect technical, military, political and economic interests anywhere. Attacks are no longer direct; they are increasingly sophisticated and stealthy. Cyber resiliency of systems and networks ensures mission survivability in a cyber compromised environment. Resilient computer network defense anticipate the emergence of new vulnerabilities, take action to avoid threat actors seeking to exploit these vulnerabilities, and disrupt the actions of successful intruders to increase their work factor and minimize their impact. The focus of resiliency is the assumption that the attackers are inside the network, they cannot be detected, and yet mission survivability is the objective. The task of the cyber analyst is to effectively manage the security risk of his or her mission operating environment, and in the course of daily duties, mitigate cyber threats and vulnerabilities.
Network mapping and vulnerability identification tools such as Nessus®, Nmap® and other cyber security tools have existed for a long time and are useful for identifying vulnerabilities in commercial off-the-shelf (COTS) components typically found in enterprise IT networks. Tools which monitor and check routing and firewall policies and show vulnerability paths, such as Skybox®, NetSpa and Cauldron cyber security tools help to identify potential attack paths to assist in prioritization of remediation using patching or configuration policy changes. However, these static capabilities do not provide the dynamic nature of resiliency techniques or for “what-if” scenarios and 0-day vulnerability risk management assessments.
Cyber-attack dynamic simulations consider target modeled networks, cyber-attack threads and applied defenses to generate cyber-attack success/failure metrics, such as percent attack success and time attack spends in each attack phase. However, resultant target network function and performance degradation and collateral damage post cyber-attack aren't well analyzed or depicted. Moreover, these tools do not have timing as a component thereby making them unsuitable to model dynamic defenses.