|
Infrastructure systems (such as power, water and banking) have experienced a surge in cyberattacks over the past decade. These attacks are becoming more sophisticated and resilient, suggesting that the perpetrators are intelligent, determined and dynamic. Unfortunately, current cyberdefense measures are reactive and frequently ineffective. Defenders need to move to a proactive approach, which will require an understanding of the human characteristics and behaviors of the people behind these cyberattacks. At present, this absence of the human element in existing cyberattack analysis is a fundamental weakness in our infrastructure protection. This project will integrate observations from live cybersecurity exercises, interviews with infrastructure protection experts, and logs from real-time cyberattacks to understand adaptive adversarial processes. This research will offer a new understanding to the protection of digital infrastructure by bringing together a diverse set of multidisciplinary academics and national and international infrastructure cybersecurity experts.
This project will investigate the adaptive and evolving adversarial decision-making (ADM) process in critical infrastructure cyberattacks. Specifically, this project will apply a criminological perspective to achieve five research objectives: (1) Investigate adversary-defender interaction and identify adversarial attack paths, (2) Understand adversarial adaptability when attack paths are disrupted, (3) Investigate the importance and characteristics of the various stages in attack paths, (4) Identify which factors impact ADM at each stage of the attack path, and (5) Improve the transparency, consistency and validation of adversarial attack paths. The Rational Choice Perspective criminological theoretical framework will be exploited to comprehend how adversaries make decisions on target selection, exploit criminal environments, plan, design, and execute attacks, and manage preventative and reactive measures. Three methods will be triangulated to examine ADM: (i) interviews with infrastructure cybersecurity experts to identify attack paths and factors impacting ADM, (ii) observations of attacker-defender (red team-blue team) cybersecurity exercises to examine real-time and adaptive decision-making processes, and (iii) logs from real-time cyberattacks. Each of these datasets will yield unique perspectives on ADM processes and will be combined to better capture the human element in cyberattacks.
|
CAREER: Applying a Criminological Framework to Understand Adaptive Adversarial Decision-Making Processes in Critical Infrastructure Cyberattacks