Dynamic Risk Management – The Path Less Trodden…
Traditionally, our approach to managing cyber security risks has been ‘static’ – in the sense that the threat analysis, risk assessment and treatment plan are performed as manual operations ‘up front’ of solution deployment – usually as part of a Secure Development Lifecycle (SDL) – such as Nexor’s CyberShield Secure Development methodology.
That’s not to say that the approach can’t (or indeed shouldn’t) be iterative, with re-assessments being performed as necessary throughout the life of a solution. However, it’s fair to say that this approach is still a far cry from ‘dynamic’ – in the sense of ensuring appropriate risk treatment in real-time, during the actual operation of a solution.
Now you might well be asking why this would be needed – certainly for a well-defined solution deployed into a well-known, closed system – I would consider a static approach to be quite sufficient. If the environment doesn’t change, why should the risk?
Enter the world of Connected and Autonomous Vehicles (CAVs) – self-driving cars such as an automated taxi service, operated by a cloud-based fleet management system within a constantly-changing environment, with vast amounts of data constantly supplied by both by an Intelligent Transport System (ITS) and its own on-board sensors – such as the world currently being explored by Nexor and partners within the CAPRI research project. This world is an incredibly complex system of systems, with a vast quantity of unknown factors at play.
In this world, it is safe to say that the risks facing a CAV are constantly changing both in likelihood and potential impact, and so it seems imperative to handle treatment of said risk in a fully dynamic, real-time fashion.
This concept of dynamically managing risk is not new, certainly not within the Smart Car arena. However, the methods used are not well known and no initiative has yet been taken to standardise an approach. This is the task our consortium partner Warwick Manufacturing Group (WMG) Cyber Security Centre, University of Warwick, have taken on as part of the CAPRI research – and the framework they are proposing provides a novel solution to this problem. The remainder of this article discusses the current state of this framework – version “1.0” if you like, however it is important to note that this is still an area very much under active development by WMG and is subject to improvement during the course of the project.
Now, at the core of its design the current WMG framework aims to address and resolve the fundamental issues faced by a dynamic approach to risk. Significantly those issues created by the move from traditional ‘reported threat’ models across to models which constantly consume updated threat data provided by IoT, i.e. “Big Data” – where the volume of source data is both huge in size and sometimes unreliable and incomplete. Another key issue addressed is that different consumers are generally interested in different risks and may consider risk differently. Finally – specific to the CAV environment, significant and different domains of risk exist – i.e. safety, security and situational awareness. This breadth of risk type itself poses and issue, and a deeper understanding of risk must be obtained from across all these domains.
The WMG framework addresses all these issues by utilising the fundamental concept of profiles – with each profile aligned to specific consumer objectives, and which filter out significant portions of the data available.
The WMG framework is visualised in figure 1 and contains two key phases – design and operation.
In the design phase, risk profiles are designed for each type of consumer – with each profile tuned to provide appropriate security and safety feedback for that consumer. In this way, a profile can be thought of as a kind of IoT threat data filter. Once profiles have been defined, an initial database of IoT threat data is used to train the risk assessment models for each profile.
In the operation phase – based on the profile selected, the risk assessment model is constantly fed with real-time IoT threat data (i.e. from the ITS, CAV sensors etc) and provides dynamic risk treatment feedback (i.e. by selecting proportionate security controls) for the consumer. During system operation the IoT database is constantly updated in real-time and assessment results are constantly validated to build a better understanding of the risk. Using this information, the risk assessment model is continually re-trained allowing the fundamental model to also change dynamically in response to constantly changing knowledge.
If you are still with me at this point – pat yourself on the back, you’ve done well. Risk assessment in general – and dynamic risk assessment in particular – is not a simple topic as you have probably observed! I will stop here for now and leave other aspects of dynamic risk assessment such as the building of automated risk assessment models using Bayesian networks or Machine Learning to another blog article.
I hope however that this discussion has provided a useful, practical insight into the world of dynamic risk management – a starting point for those wishing to explore the topic further. In the meantime, give your brain a rest and go get another cup of tea!
Author Bio - Iain Townsend
Iain Townsend works as a Technical Consultant at Nexor delivering cyber security solutions to governments, defence and critical national infrastructure organisations. He is a member of the British Computing Society (MBCS), a Certified Information Systems Security Professional (CISSP) and an NCSC certified Information Assurance Architect (CCP IA Architect).
Be the first to know about developments in secure information exchange