II. ANALYTICS of CYBERSECURITY for POLICY and PRACTICE

Policy directives and guidelines for cybersecurity are essential and necessary responses to emergent threats. The process that generates such documents is complex, detailed, and based on extensive consultation with various segments of the multiple communities in both public and private sectors. All of this result in a paradox, which is this: There is a large body of policy directives and documents, but, there are major barriers for full understanding. The challenge is to format, capture, retrieve and analyze the information – and attendant knowledge -- embedded in the text. 

Approach

We address this paradox -- as well as the challenges pervasive throughout the ecosystem of technology and policy documents -- via a three-step multimethod approach, with specific application to smart grid of power system

  • Metricizing text by converting materials pertaining to system architecture into a structured model,
  • Creating network representation of metricized system and apply interactive exploratory tool for dynamic analysis of system-network of the whole and/or the parts
  • Providing users with tools for customized on-demand investigations targeted to problem-solving

Relevance

 The goal is to:

  1. provide method to examine the implications of cyber security directives and guidelines directly applicable to their system
  2. help understand relative vulnerability pathways throughout the whole or parts of system network as delineated by the guidelines documents
  3. enable contingency investigations, that is, “what if”,
  4. help frame how best to collect, analyze, store analyzed, stored and disseminated information within the organization and
  5. facilitate information flows directly relevant to decision-making for cybersecurity, with reference to confidentiality, integrity, authority,

An early proof of concept focused on core set of NIST Guidelines and Policy documents. This work developed from the collaborative program with Masdar Institute, Abu Dhabi.