TY - JOUR
T1 - A system dynamics, epidemiological approach for high-level cyber-resilience to zero-day vulnerabilities
AU - Sepulveda Estay, Daniel
PY - 2023
Y1 - 2023
N2 - Cyber-attacks are serious threats to operations in most industries, enabled by a growing dependence on Information Technology (IT). To minimise disruptive effects on operations, organisations with complex system derive value both from preventing cyber-attacks and from responding promptly and coherently when cyber-attacks happen, capacity is known as cyber-resilience. Frameworks have been presented in literature to promote cyber-resilient response, yet little is known about the structures that result in a cyber-resilient behaviour. This paper explores an approach to modelling the structure of a system that is subject to an infection an eventual recovery from zero-day malware cyber-attacks, based on mechanisms derived from epidemiology. By analysing the relationship between the system vulnerabilities and the incidence of malware infections in a population of systems, this paper derives structural recommendations for resilience response, and policy requirements based on the claim that cyber-threats are a public-cyber-health issue instead of merely a competitive factor.
AB - Cyber-attacks are serious threats to operations in most industries, enabled by a growing dependence on Information Technology (IT). To minimise disruptive effects on operations, organisations with complex system derive value both from preventing cyber-attacks and from responding promptly and coherently when cyber-attacks happen, capacity is known as cyber-resilience. Frameworks have been presented in literature to promote cyber-resilient response, yet little is known about the structures that result in a cyber-resilient behaviour. This paper explores an approach to modelling the structure of a system that is subject to an infection an eventual recovery from zero-day malware cyber-attacks, based on mechanisms derived from epidemiology. By analysing the relationship between the system vulnerabilities and the incidence of malware infections in a population of systems, this paper derives structural recommendations for resilience response, and policy requirements based on the claim that cyber-threats are a public-cyber-health issue instead of merely a competitive factor.
KW - Health Sciences
KW - System dynamics
KW - cyber-epidemiology
KW - cyber-resilience
UR - http://www.scopus.com/inward/record.url?scp=85129467017&partnerID=8YFLogxK
U2 - 10.1080/17477778.2021.1890533
DO - 10.1080/17477778.2021.1890533
M3 - Journal article
SN - 1747-7778
VL - 17
SP - 1
EP - 16
JO - Journal of Simulation
JF - Journal of Simulation
IS - 1
ER -