On 5/8, the Secrecy News blog posted a report from Sandia National Laboratories titled Cyber Threat Metrics. The authors of the report noted that cyber threats defy effective measurement because they are fluid and difficult to understand. Of course, we want an effective system of cyber threat measurement because it gets us that much closer to a better policy response. Thus, the authors proposed a new set of metrics integrated into a new cyber threat model that would give policymakers a better understanding of what's out there.
The report had a few models, one of which was the cyber threat matrix. The matrix ranked cyber threats by considering an adversary's commitment (i.e. intensity of attack, stealth, time) and resources (technical personnel, cyber knowledge, kinetic knowledge, and access to restricted systems).
The authors acknolwedged that the metrics still exhibit a good deal of subjectivity. Nevertheless, the report was a step towards a consistent threat assessment process. Worth a look.
You can find the Sandia National Laboratories report titled Cyber Threat Metrics here.
Leave a Reply