We discuss how to merge digital twins and adversary emulation to proactively manage risk in an ICT infrastructure under attack by threat actors. The infrastructure twin describes the modules, their vulnerabilities, and the attacks. An actor twin describes its attack surface, its goals, how it selects attacks and handles their failures. A platform uses the twins to simulate the actors and predicts their attack paths and the infrastructure reaction without disturbing the infrastructure. Multiple simulations cover stochastic factors such as attack success or failure. The prediction of attacks supports the selection and the validation of countermeasures to deploy. A critical advantage of a twin-based approach is that it can support a continuous remediation process that computes the scheduling as the infrastructure is working. Anytime new vulnerabilities become public, the platform updates the infrastructure twin and runs the simulations. Anytime the new vulnerabilities open new attack paths, the platform selects and schedules countermeasures without disturbing the infrastructure. Real assessments confirm the effectiveness of the proposed strategy.
TWIN BASED CONTINUOUS ICT RISK MANAGEMENT
Fabrizio Baiardi
2021-01-01
Abstract
We discuss how to merge digital twins and adversary emulation to proactively manage risk in an ICT infrastructure under attack by threat actors. The infrastructure twin describes the modules, their vulnerabilities, and the attacks. An actor twin describes its attack surface, its goals, how it selects attacks and handles their failures. A platform uses the twins to simulate the actors and predicts their attack paths and the infrastructure reaction without disturbing the infrastructure. Multiple simulations cover stochastic factors such as attack success or failure. The prediction of attacks supports the selection and the validation of countermeasures to deploy. A critical advantage of a twin-based approach is that it can support a continuous remediation process that computes the scheduling as the infrastructure is working. Anytime new vulnerabilities become public, the platform updates the infrastructure twin and runs the simulations. Anytime the new vulnerabilities open new attack paths, the platform selects and schedules countermeasures without disturbing the infrastructure. Real assessments confirm the effectiveness of the proposed strategy.I documenti in IRIS sono protetti da copyright e tutti i diritti sono riservati, salvo diversa indicazione.