EPSRC Reference: |
EP/V038710/1 |
Title: |
A Framework for Risk-Informed Metrics-Enriched Cybersecurity Playbooks for CNI Resilience |
Principal Investigator: |
Cherdantseva, Dr Y |
Other Investigators: |
|
Researcher Co-Investigators: |
|
Project Partners: |
|
Department: |
Computer Science |
Organisation: |
Cardiff University |
Scheme: |
Standard Research |
Starts: |
01 July 2021 |
Ends: |
30 June 2023 |
Value (£): |
503,174
|
EPSRC Research Topic Classifications: |
Information & Knowledge Mgmt |
Software Engineering |
|
EPSRC Industrial Sector Classifications: |
Aerospace, Defence and Marine |
Information Technologies |
|
Related Grants: |
|
Panel History: |
Panel Date | Panel Name | Outcome |
10 Feb 2021
|
Cross-RI PaCCS 2020 prioritisation panel
|
Announced
|
|
Summary on Grant Application Form |
The ultimate goal of the project is to improve CNI resilience in the UK by enabling timely and efficient incident response. To achieve this, this project will deliver a Framework for creating Risk-Informed Metrics-enriched Playbooks for Critical National Infrastructure (FRIMP4CNI).
We propose to approach incident response playbooks in a fundamentally different way. First, playbooks in this project are integrated into core CNI processes affected by an incident, showing how enacting a particular response affects core processes as well as interdependent processes. Second, our playbooks address more than technical actions, they look at aspects beyond technology, e.g. operational response, issues related to staff availability and costs, reporting process, political and communication response. Third, playbooks are risk-informed because each playbook has an associated risk model; and fourth, they are enriched with business-driven multifaceted metrics which reflect the changes that an incident inflicts on a core process. Fifth feature is that our playbooks are optimal: an optimisation algorithm is applied to a set of alternative response strategies to identify the optimal response playbook for each case. A combination of the features listed above makes our approach unique and allows our playbooks to serve both as an action guide enabling improved cybersecurity incident response and as a decision support tool at the Board level.
The project has three key objectives:
1. Create an empirically-grounded tool-supported actionable framework for developing bespoke risk-informed metrics-enriched cybersecurity playbooks tailored to the challenges of enhancing resilience in CNI by adopting and modelling incident response best practices in a format of integrated playbooks.
2. Design, implement and test software tools supporting the aspects of the framework related to process modelling, risk assessment and response strategy optimisation, and to integrate them into a comprehensive CNI Playbook Design Toolset. The project will deliver the full technology stack required to develop optimal risk-informed and metric-driven playbooks. Tool-support will increase the intention to use and facilitate faster adoption of the framework in practice.
3. Evaluate the framework using existing testbeds at the participating universities and industry partners, and via focus groups and workshops with industry partners and individual domain experts with a broad range of backgrounds and in varying roles from network engineers to ICS operators to Board members to policy makers. It is essential to conduct extensive evaluation with practitioners to ensure that the framework and tools are effective, accessible and fulfil the intended purposes for each group of stakeholders.
|
Key Findings |
This information can now be found on Gateway to Research (GtR) http://gtr.rcuk.ac.uk
|
Potential use in non-academic contexts |
This information can now be found on Gateway to Research (GtR) http://gtr.rcuk.ac.uk
|
Impacts |
Description |
This information can now be found on Gateway to Research (GtR) http://gtr.rcuk.ac.uk |
Summary |
|
Date Materialised |
|
|
Sectors submitted by the Researcher |
This information can now be found on Gateway to Research (GtR) http://gtr.rcuk.ac.uk
|
Project URL: |
|
Further Information: |
|
Organisation Website: |
http://www.cf.ac.uk |