Abstract
This invention details a framework and methodology to risk-inform the decisions of an unsupervised cyber controller. A risk assessment methodology within this framework uses a combination of fault trees, event trees and attack graphs to trace and map cyber elements with business processes. The methodology attempts to prevent and mitigate cyberattacks by using adaptive controllers that proactively reconfigure a network based on actionable risk estimates. The estimates are based on vulnerabilities and potential business consequences. A generic enterprise control system is used to demonstrate the wide applicability of the methodology. In addition, data needs, implementation, and potential pitfalls are discussed.
Application Number
16/432,655
Inventors
Veeramany,Arun
Sridhar,Sid
Manz,David
Rice,Mark J
Unwin,Stephen D
Hutton,Will
Coles,Garill A
Dagle,Jeff
Gourisetti,Sri Nikhil Gupta
Skare,Paul M
Market Sector
Security
Energy Infrastructure