A Framework for Development of Risk-Informed Autonomous Adaptive Cyber Controller

This article details a framework and methodology to risk-inform the decisions of an unsupervised cyber controller. A risk assessment methodology within this framework uses a combination of fault trees, event trees, and attack graphs to trace and map cyber elements with business processes. The methodology attempts to prevent and mitigate cyberattacks by using adaptive controllers that proactively reconfigure a network based on actionable risk estimates. The estimates are based on vulnerabilities and potential business consequences. A generic enterprise-control system is used to demonstrate the wide applicability of the methodology. In addition, data needs, implementation, and potential pitfalls are discussed.