Threat Modeling for Optimal Enterprise Protections Against Known Cybersecurity Threats

Branko S. Bokan; Joost R. Santos

Download Paper | Permalink

Conference: ASEE Mid-Atlantic Section Spring Conference
Location: George Washington University, District of Columbia
Publication Date: April 19, 2024
Start Date: April 19, 2024
End Date: April 20, 2024
Page Count: 12
DOI: 10.18260/1-2--45741
Permanent URL: https://peer.asee.org/45741
Download Count: 18

Request a correction

Paper Authors

biography

Branko S. Bokan The George Washington University

visit author page

Branko Bokan is a PhD candidate at the School of Engineering and Applied Science, George Washington University under professor Joost Santos.

Branko is a Cybersecurity expert at the Cybersecurity and Infrastructure Security Agency (CISA) at the Department of Homeland Security (DHS). In his professional role he is responsible for defending the Federal Civilian Executive Branch of the U.S. government against cyber threats and building a cyber resilient federal enterprise.

visit author page

author page

Joost R. Santos The George Washington University

Download Paper | Permalink

Abstract

To prioritize limited resources available to protect against, detect, and respond to cybersecurity attacks, organizations must follow a risk management approach to select commensurate protections (cybersecurity capabilities). Risk management practice necessitates a proper framing of risk, which requires a ‘set of triplets’ to exist – a scenario (in which a threat exploits a vulnerability), the likelihood (or uncertainty to be more precise) of the scenario taking place, and the impact of the scenario taking place. While the other elements of risk triplets are relatively easy to assess, the threat factor remains the most elusive.

The traditional threat modeling methodologies work well on a small scale (e.g., when evaluating targets such as a single data field, a software application, or an information system component)—but they do not allow for comprehensive evaluation of an entire enterprise architecture to identify gaps (blind spots) where cybersecurity protections do not exist and where future investments are needed. They also do not enumerate and consider all threats that are actually observed in the wild.

This paper proposes a decision-making framework for selecting cybersecurity architectural capability portfolios that maximize protections against known cybersecurity threats using a new threat modeling approach - a cybersecurity architecture review.

This new threat modeling methodology allows organizations to look at their cybersecurity protections from the standpoint of an adversary and allows them evaluate entire cybersecurity architectures. It uses a cyber threat framework such as MITRE ATT&CK to enumerate all threats previously observed in the wild and then scores cybersecurity capabilities for their ability to: a) detect; b) protect against; and c) help in recovery from adversarial tactics, techniques, and procedures (TTPs). The results form a matrix called capability coverage map – a visual representation of protections coverage, gaps, and overlaps against TTPs. To allow for prioritization, TTPs can be organized in a threat heat map – a visual representation of threat technique’s prevalence and maneuverability that can be overlaid on top of a coverage map.

The paper will provide a proof of concept for proposed future research to determine how commonly used cybersecurity capabilities protect against known TTPs, whether organizations use the most efficient portfolio of capabilities, whether these portfolios are selected based on the actual threat landscape or vendor pressure, how different demographics perceive their protection coverage, and to what extent those common protections overlap.

Citation
Format

Bokan, B. S., & Santos, J. R. (2024, April), Threat Modeling for Optimal Enterprise Protections Against Known Cybersecurity Threats Paper presented at ASEE Mid-Atlantic Section Spring Conference, George Washington University, District of Columbia. 10.18260/1-2--45741

TY  - CPAPER
AB  - To prioritize limited resources available to protect against, detect, and respond to cybersecurity attacks, organizations must follow a risk management approach to select commensurate protections (cybersecurity capabilities). Risk management practice necessitates a proper framing of risk, which requires  a ‘set of triplets’ to exist – a scenario (in which a threat exploits a vulnerability), the likelihood (or uncertainty to be more precise) of the scenario taking place, and the impact of the scenario taking place. While the other elements of risk triplets are relatively easy to assess, the threat factor remains the most elusive. 

The traditional threat modeling methodologies work well on a small scale (e.g., when evaluating targets such as a single data field, a software application, or an information system component)—but they do not allow for comprehensive evaluation of an entire enterprise architecture to identify gaps (blind spots) where cybersecurity protections do not exist and where future investments are needed. They also do not enumerate and consider all threats that are actually observed in the wild. 

This paper proposes a decision-making framework for selecting cybersecurity architectural capability portfolios that maximize protections against known cybersecurity threats using a new threat modeling approach - a cybersecurity architecture review. 

This new threat modeling methodology allows organizations to look at their cybersecurity protections from the standpoint of an adversary and allows them evaluate entire cybersecurity architectures. It uses a cyber threat framework such as MITRE ATT&amp;amp;CK to enumerate all threats previously observed in the wild and then scores cybersecurity capabilities for their ability to: a) detect; b) protect against; and c) help in recovery from adversarial tactics, techniques, and procedures (TTPs). The results form a matrix called capability coverage map – a visual representation of protections coverage, gaps, and overlaps against TTPs. To allow for prioritization, TTPs can be organized in a threat heat map – a visual representation of threat technique’s prevalence and maneuverability that can be overlaid on top of a coverage map. 

The paper will provide a proof of concept for proposed future research to determine how commonly used cybersecurity capabilities protect against known TTPs, whether organizations use the most efficient portfolio of capabilities, whether these portfolios are selected based on the actual threat landscape or vendor pressure, how different demographics perceive their protection coverage, and to what extent those common protections overlap.
AU  - Branko S. Bokan
AU  - Joost R. Santos
CY  - George Washington University, District of Columbia
DA  - 2024/04/19
PB  - ASEE Conferences
TI  - Threat Modeling for Optimal Enterprise Protections Against Known Cybersecurity Threats
UR  - https://peer.asee.org/45741
DO  - 10.18260/1-2--45741
ER  -