Cybersecurity vulnerability assessment tools,
frameworks, and methodologies are used to understand the
cybersecurity maturity of a system or a facility. However, these
tools are strictly developed based on standards defined by
organizations such as the National Institute of Standards and
Technology (NIST) and the U.S. Department of Energy; the
majority of these tools and frameworks do not provide a
platform to prioritize the requirements to reach a desired
cybersecurity maturity. To address that challenge, we have
been developing a framework and software application called
cybersecurity vulnerability mitigation framework through
empirical paradigm (CyFEr). CyFEr treats the problem at
hand as a multi-criteria decision analysis (MCDA) problem,
which requires that various criteria be weighed relatively.
Defining those weights is non-trivial and often leads to
subjective decisions leading to undesired complications. To
facilitate such a weighting system in CyFEr, we evaluated the
application of various rank-weight methods (such as rank sum,
reciprocal rank, rank exponent, and rank order centroid). The
efficacy of those rank-weight methods was evaluated by
applying them and testing against the blockchain cybersecurity
framework (BC2F). BC2F was developed using the NIST
cybersecurity framework to evaluate the cybersecurity posture
of the blockchain nodes and networks in a given blockchain
application or use-case. This paper provides 1) technical
insights on the application of rank-weight methods to
cybersecurity vulnerability assessments, 2) an overview of
BC2F, 3) the application of rank-weight methods to BC2F, and
4) a depiction of the integration of the discussed rank-weight
methods in CyFEr.
Revised: June 12, 2019 |
Published: January 10, 2019
Citation
Gourisetti S.G., M.E. Mylrea, and H. Patangia. 2019.Application of Rank-Weight Methods to Blockchain Cybersecurity Vulnerability Assessment Framework. In IEEE 9th Annual Computing and Communication Workshop and Conference (CCWC 2019), January 7-9, 2019, Las Vegas, NV, 0206-0213. Piscataway, New Jersey:IEEE.PNNL-SA-143718.doi:10.1109/CCWC.2019.8666518