We discuss how to merge digital twins and adversary emulation to proactively manage risk in an ICT infrastructure under attack by threat actors. The infrastructure twin describes the modules, their vulnerabilities, and the attacks. An actor twin describes its attack surface, its goals, how it selects attacks and handles their failures. A platform uses the twins to simulate the actors and predicts their attack paths and the infrastructure reaction without disturbing the infrastructure. Multiple simulations cover stochastic factors such as attack success or failure. The prediction of attacks supports the selection and the validation of countermeasures to deploy. A critical advantage of a twin-based approach is that it can support a continuous remediation process that computes the scheduling as the infrastructure is working. Anytime new vulnerabilities become public, the platform updates the infrastructure twin and runs the simulations. Anytime the new vulnerabilities open new attack paths, the platform selects and schedules countermeasures without disturbing the infrastructure. Real assessments confirm the effectiveness of the proposed strategy.

TWIN BASED CONTINUOUS ICT RISK MANAGEMENT

Fabrizio Baiardi
2021-01-01

Abstract

We discuss how to merge digital twins and adversary emulation to proactively manage risk in an ICT infrastructure under attack by threat actors. The infrastructure twin describes the modules, their vulnerabilities, and the attacks. An actor twin describes its attack surface, its goals, how it selects attacks and handles their failures. A platform uses the twins to simulate the actors and predicts their attack paths and the infrastructure reaction without disturbing the infrastructure. Multiple simulations cover stochastic factors such as attack success or failure. The prediction of attacks supports the selection and the validation of countermeasures to deploy. A critical advantage of a twin-based approach is that it can support a continuous remediation process that computes the scheduling as the infrastructure is working. Anytime new vulnerabilities become public, the platform updates the infrastructure twin and runs the simulations. Anytime the new vulnerabilities open new attack paths, the platform selects and schedules countermeasures without disturbing the infrastructure. Real assessments confirm the effectiveness of the proposed strategy.
2021
Baiardi, Fabrizio
File in questo prodotto:
Non ci sono file associati a questo prodotto.

I documenti in IRIS sono protetti da copyright e tutti i diritti sono riservati, salvo diversa indicazione.

Utilizza questo identificativo per citare o creare un link a questo documento: https://hdl.handle.net/11568/1055156
 Attenzione

Attenzione! I dati visualizzati non sono stati sottoposti a validazione da parte dell'ateneo

Citazioni
  • ???jsp.display-item.citation.pmc??? ND
  • Scopus ND
  • ???jsp.display-item.citation.isi??? ND
social impact