Nation State actors, hacktivist, and cyber criminals are continuously attempting to compromise our Nations infrastructure with cyberattacks for their gain. The 2015 Ukraine power grid hack proved that state sponsored adversaries indeed have the technical know-how and willingness to create chaos by disrupting a nations infrastructure. The ongoing information technology (IT) and operational technology (OT) convergence will only exacerbate this challenge as more vulnerabilities are introduced from the IT domain. Yet, much work has been done on securing the Operational technology (OT) perimeter with more secure firewalls, unidirectional gateways and improved sensors and procedures. However, even with these improvements in defensive techniques, aggressive, skilled cyberthreats currently still holds a significant advantage and the best defensive posture is to assume that the network will be compromised. Unfortunately, little work has been directed to predicting the future movements of the threat once it has been sensed inside the network, which is the goal of this research. This proposal describes the development of statistical methods for predicting the future movement of a cyberthreat who has breached an OT network. The approach is based on techniques used by the DoD for ballistic missile attack warning and assessment, including probabilistic multi-model filters and Multi Hypothesis Method (MHM) within a Bayesian framework. This proven technology is leveraged to track and forecast cyberthreat attack vectors for effective defense of organizational high value assets, and to neutralize those threats. The result is the addition of a new dimension to cyber defense of predicting the potential next move in the attack vector.The Phase I effort will concentrate on creating a modeling framework that will demonstrated using the 2015 cyberattack on the Ukrainian power grid as a use-case.Efficient algorithms and methods for predicting future movement of a cyberthreat,Cyber Simulation & Modeling (S&M) tool for digital twin, cyber wargaming, training and validating CMMC compliance, andAn advanced probabilistic S&M system for modeling complex non-deterministic problems across a wide domain of applications.
