resilience in information stewardship
play

Resilience in Information Stewardship Christos Ioannidis, David Pym, - PowerPoint PPT Presentation

Resilience in Information Stewardship Christos Ioannidis, David Pym, Julian Williams, and Iat Gheyas -WEIS 2014 - PENNSYLVANIA STATE UNIVERSITY 23 June 2014 (IPWG) () STEWARDSHIP 2 : Resilience 23 June 2014 1 / 33 Resilience in


  1. Resilience in Information Stewardship Christos Ioannidis, David Pym, Julian Williams, and I¤at Gheyas -WEIS 2014 - PENNSYLVANIA STATE UNIVERSITY 23 June 2014 (IPWG) () STEWARDSHIP 2 : Resilience 23 June 2014 1 / 33

  2. Resilience in Information Stewardship 1. De…nitions In the information ecosystem, threats to the con…dentiality, integrity, and availability of individual components the ecosystem can be transmitted to others, impacting negatively on their security status . In such an environment, the role of the : information steward is to maintain the sustainability and resilience of the ecosystem’s nominal operating capacity. (IPWG) () STEWARDSHIP 2 : Resilience 23 June 2014 2 / 33

  3. Resilience in Information Stewardship 1. De…nitions : Sustainability By the sustainability of a system, subject to …nite degradation caused by a persistent stream of attacks, we mean its tendency to remain within speci…ed levels of nominal operating capacity (IPWG) () STEWARDSHIP 2 : Resilience 23 June 2014 3 / 33

  4. Resilience in Information Stewardship 1. De…nitions : Sustainability (IPWG) () STEWARDSHIP 2 : Resilience 23 June 2014 4 / 33

  5. Resilience in Information Stewardship 1. De…nitions : Resilience By resilience, we mean the ability of the system to return back to its operating capacity to within the speci…ed bounds following a shock (IPWG) () STEWARDSHIP 2 : Resilience 23 June 2014 5 / 33

  6. Resilience in Information Stewardship 1. De…nitions : Resilience (IPWG) () STEWARDSHIP 2 : Resilience 23 June 2014 6 / 33

  7. Resilience in Information Stewardship TOWARDS A MODEL We postulate that implicitly the "value" of information assets is signalled by their classi…cation. What’s the mix ? "ICS/SCADA" or "Corporate Information Assets" Our main question centres on whether a …rm would seek to adjust its declared mix of ICS/SCADA and Corporate Information Assets Table: Decisions on: x h , x l , z . Parameters: ψ h , ψ l , α h , α l investments allocation risk-reduction rate attacker elasticity ICS/SCADA x h 1 � z ψ h α h Corporate x l z ψ l α l (IPWG) () STEWARDSHIP 2 : Resilience 23 June 2014 7 / 33

  8. Resilience in Information Stewardship TOWARDS A MODEL ; A case ? In the US, 1,900 bulk power system operators are regulated by The North American Electric Reliability Corporation (NERC). The corporate network has many of the same features as the ICS/SCADA system and there are elements of substitutability between the two. Consider an operator who could phase out using expensive …bre optic cables to communicate between ICS/SCADA systems and substations and replace them with a IP or 3G type communications. A successful penetration of a corporate network that is integrated with an ICS/SCADA now provides attackers with a potentially more e¤ective means of attacking the ICS/ SCADA system. (IPWG) () STEWARDSHIP 2 : Resilience 23 June 2014 8 / 33

  9. Resilience in Information Stewardship TOWARDS A MODEL ; A case ? What’s the response to this technological development, in terms of the system’s ability to withstand a shock ? (IPWG) () STEWARDSHIP 2 : Resilience 23 June 2014 9 / 33

  10. Resilience in Information Stewardship TOWARDS A MODEL ;Developing an Economic Model We consider a set of N T ex-ante identical targets choosing to allocate defensive expenditure x . We consider two types of outlays h and l that correspond to the areas of high and low security where information assets are held: The quantities x h � 0 and x l � 0 denote the one-o¤ investments made at time t 0 in securing assets located in the corresponding areas. And z is a switching variable such that a fraction 0 � z � 1,of assets is allocated between h and l Attackers per target is given by ( η ) (IPWG) () STEWARDSHIP 2 : Resilience 23 June 2014 10 / 33

  11. Resilience in Information Stewardship TOWARDS A MODEL ;Developing an Economic Model 1 . Modelling the Attackers I Instantenous probability of a successful attack. σ i = e � ψ i x i η α i ˜ i 2 f l , h g . i , α parameter that captures the marginal e¤ectiveness of an additional attacker per target ψ parameter that captures the relative rate of risk reduction for additional security investments by targets in each asset (IPWG) () STEWARDSHIP 2 : Resilience 23 June 2014 11 / 33

  12. Resilience in Information Stewardship TOWARDS A MODEL ;Developing an Economic Model 1 . Modelling the Attackers II Let the reward R > 0 for a successful attack be proportional to the assets allocated in each area, h and l , and for notational simplicity let ζ i = l = z and ζ i = h = 1 � z . Set γ = c / R to be the cost ratio of attack, where c is the unit cost of a single attack. When the attacker’s time preference is described by δ . The pro…t function for a single attacker is Z T ˜ e � δ t ζ i η � 1 Π A , i = σ i ( x i , η i ) dt � γ , ˜ i 2 f l , h g . i t 0 (IPWG) () STEWARDSHIP 2 : Resilience 23 June 2014 12 / 33

  13. Resilience in Information Stewardship TOWARDS A MODEL ;Developing an Economic Model 2 . Modelling the Targets I For the targets of such attacks, let L > 0 be an instantaneous value of assets at risk from attack and β 2 R be a subjective discount rate determining the time preferences of all targets.The risk neutral expected loss over the time horizon t 0 < t < T , is given by Z T ˜ e � β t ( z ˜ V L = σ l ( x l , η l ) L + ( 1 � z ) ˜ σ h ( x h , η h ) L ) dt + x l + x h . t 0 (IPWG) () STEWARDSHIP 2 : Resilience 23 June 2014 13 / 33

  14. Resilience in Information Stewardship TOWARDS A MODEL ;Developing an Economic Model The optimal allocation bundle ? ( z � , x � l , x � h ) , (IPWG) () STEWARDSHIP 2 : Resilience 23 June 2014 14 / 33

  15. Resilience in Information Stewardship TOWARDS A MODEL ;Developing an Economic Model Setting up the Solution Assuming that targets and attackers have positive discount rates the appropriate time horizon, T , for empirical analysis, maybe determined endogenously. Let λ be an arbitrarily large,but not in…nite, number. For a given discount rate, ˜ θ = min ( δ , β ) , by construction Z T � 1 ˜ e � θ t dt = 1 . θ Limit T ! ∞ t 0 Therefore, the approximation of the time horizon ˜ T covering the 1 � 1 / λ θ . Assume T = log ( λ ) /˜ ˜ proportion of the future losses is derived from that β > δ and ˜ T = log ( λ ) / δ , such that the interval t 0 to ˜ T covers 90% of the expected present value; that is, λ = 10. (IPWG) () STEWARDSHIP 2 : Resilience 23 June 2014 15 / 33

  16. Resilience in Information Stewardship TOWARDS A MODEL ;Developing an Economic Model Solving the Model I: Non � Cooperative � Nash Equilibrium 0 1 � � 2 e δ T � 1 L ψ i ψ 2 α i A � α i δ T B C j x � = log @ , i 2 f l , h g , j 2 f l , h g , j 6 = i � � 2 i ψ i ψ i γδβ ψ j + ψ i ψ l z � = . ψ h + ψ l (IPWG) () STEWARDSHIP 2 : Resilience 23 June 2014 16 / 33

  17. Resilience in Information Stewardship TOWARDS A MODEL ;Developing an Economic Model Solving the Model I: Non � Cooperative � Nash Equilibrium 0 1 � � 2 e δ T � 1 L ψ i ψ 2 α i A � α i δ T B C j x � = log @ , i 2 f l , h g , j 2 f l , h g , j 6 = i � � 2 i ψ i ψ i γδβ ψ j + ψ i ψ l z � = . (1) ψ h + ψ l ! 1 ψ j ( e δ T � 1 ) e � x � i ψ i � δ T 1 � α l η � i = , i 2 f l , h g , j 2 f l , h g , j 6 = i , γδ ( ψ i + ψ j ) (IPWG) () STEWARDSHIP 2 : Resilience 23 June 2014 16 / 33

  18. Resilience in Information Stewardship TOWARDS A MODEL ;Developing an Economic Model 3. Introducing the Steward The …rst stewardship action we evaluate replicates our previous work by postulating a Stackelberg policy framework in which the policy-maker stewarding the system sets rules relative to a target level of sustainability. When the steward is fully informed, our model reverts to the mechanism design problem in which the steward is able to set a mandatory investment bundle on the individual targets ( ¯ x l , ¯ x h ) as well as imposing a speci…c z . asset allocation ¯ (IPWG) () STEWARDSHIP 2 : Resilience 23 June 2014 17 / 33

  19. Resilience in Information Stewardship TOWARDS A MODEL ;Developing an Economic Model Solving the Model II: Introducing the Steward: The fully informed steward � � � 1 �� � � � 1 + α i 1 e δ T � 1 ¯ 1 � α j x i = log ψ j ψ i + ψ j log γδ + ψ i ψ i 0 1 0 1 ¯ @ � ¯ β T ( α i � 1 ) β ( α j � 1 ) � δ T α i A + ( α i � 1 ) @ A , � � log ψ i ψ i ψ i e ¯ β T � 1 L ψ i i 2 f l , h g , j 2 f l , h g , j 6 = i 0 1 1 � � 1 � α i e δ T � 1 e � ¯ x i ψ i � δ T @ ψ i ¯ A � � η i = , i 2 f l , h g , j 2 f l , h g , j 6 = i γδ ψ j + ψ i (IPWG) () STEWARDSHIP 2 : Resilience 23 June 2014 18 / 33

  20. Resilience in Information Stewardship TOWARDS A MODEL ;Developing an Economic Model Introducing the Steward: Does it work ? Compare the attacking intensities as ¯ x l , ¯ x h > x � l , x � h (proposition 3) 0 1 0 1 1 1 � � @ ψ j ( e δ T � 1 ) e � x � i ψ i � δ T 1 � α i 1 � α l e δ T � 1 e � ¯ x i ψ i � δ T @ ψ i ¯ A A < η � � � η i = i = γδ ( ψ i + ψ j ) γδ ψ j + ψ i (IPWG) () STEWARDSHIP 2 : Resilience 23 June 2014 19 / 33

Recommend


More recommend