Cybersecurity – a case for advanced decision models

By Gerald Quirchmayr, Christian Luidold February 8, 2023

Advanced attacks demand advanced countermeasures. On a technical level there already is an elevated level of awareness and readiness. That is why in a first wave of attacks criminals usually focus on tricking users into opening up systems for them . While this has now been the rule for at least over a decade, the way in which these attacks are prepared now follow an almost military style approach. With new, highly distributed environments, little protected IoT systems, tools based on AI, and the weakest link in the chain, the human, not being able to invest the needed time and resources in cyber security, the rise in successful cyber-attacks is predictable . While the need for education and training is commonly accepted, the necessary significant shift in countering cyber-attacks from a purely operational to a tactical and strategic level is still an open issue in many organizations. Policy-based reactions to cyber-attacks should have long ago replaced the still prevailing bug-fixing approach to dealing with an intrusion. However, there is some light at the end of the tunnel. Learning from military and business decision making, such long overdue model-based solutions are also finding their way into the field of cyber security. The first highly successful wave of these decision models is shaped by the now legendary OODA Loop , which properly links observations (e.g., OSINT cyber threat intelligence, system monitoring) with an advanced form of classification (called orientation). These two steps, when combined properly, can provide the critical situational awareness needed to make the right decision, on which the actions taken depend. Especially in distributed collaborative environments, which typically characterize the ecosystem of projects like CS-AWARE-NEXT , these models are a welcome game changer. When applied together with well-established cyber defence frameworks such as NIST/CSF , there is an opportunity to thwart even advanced AI-based attacks. Attacks are on the rise and their sophistication is growing, but better situational awareness, advanced military grade decision models and proven cybersecurity frameworks, when applied in an integrated way can equip Security Operations Centres with the necessary tools to successfully shelter the expected oncoming heavy attack storms.

[1] See https://www.europol.europa.eu/publications-events/main-reports/iocta-report [2] See https://www.enisa.europa.eu/publications/enisa-threat-landscape-2022 [3] Lehto, M. (2018). The Modern Strategies in the Cyber Warfare. In: Lehto, M., Neittaanmäki, P. (eds) Cyber Security: Power and Technology. Intelligent Systems, Control and Automation: Science and Engineering, vol 93. Springer, Cham. https://doi.org/10.1007/978-3-319-75307-2_1 [4] https://www.cs-aware-next.eu/ [5] https://www.nist.gov/cyberframework