This post is also available in: heעברית (Hebrew)

A new way was developed to train defensive cyber operators to thwart attackers. US Army researchers have developed a cyber agility framework that, as with a set of rules or an algorithm, can help organizations better understand the effectiveness of their cybersecurity efforts. It also serves as a foundation for developing software.

In a partnership with the University of Texas, San Antonio (UTSA) and the Army Research Laboratory, cybersecurity researchers developed a set of metrics to help operators measure how well their methods and tactics work during an active intrusion.

“Historically, when dealing with cybersecurity, analysts are looking at screens full of numbers, trying to identify where, and what kind of, cyberattacks are taking place by looking for patterns,” said Purush Iyer, from the US Army Research Laboratory. “The cyber agility framework offers a better way of identifying (and predicting) attacks, by taking into account past history of traffic, and allowing an analyst to concentrate on higher order reasoning. It’s a big step in enhancing cybersecurity predictability.”

Professor Shouhuai Xu, director of the UTSA’s laboratory for cybersecurity dynamics, said “We realized that agility is an important aspect of cybersecurity and is poorly understood. Through the framework and limited empirical study, we observed that cyber attackers are more agile than cyber defenders in many cases,” he told Xu said cyber practitioners can use the framework on real-world cyber datasets — even classified or sensitive ones.

For now, the framework is in the foundational research phase, but Xu said researchers are “investigating how to improve the framework and possibly establish some use cases to make it easier to adopt the framework in practice.” The ultimate goal, he said, is for it to be widely adopted and improved upon via collaborations with industry.