US researchers have developed a mathematical model that can predict when a cyber attack may be launched.
Scientists at the University of Michigan created the model to help develop a basis for understanding the strategic implications of cyber technology.
Focusing on the timing of cyber conflict, the model analyses when an attacker is most motivated to exploit vulnerabilities in a target’s computer system for espionage or disruption.
“One of our major contributions is to develop some concepts to deal with this new realm of cyber conflict,” said Robert Axelrod, professor of political science and public policy at U-M’s Ford School.
“It took 15 years in the nuclear world for people to understand the implications of nuclear technology. It is our hope that it won’t take that long to understand the strategic capabilities of cyber technology,” Axelrod said.
The researchers developed two concepts. One is stealth, which is the ability of a resource to exploit a vulnerability in a target’s computer system to stay undiscovered if it is used.
The other is persistence, which is to keep the vulnerability undiscovered if it isn’t used.
“A good resource should have both stealth and persistence,” said Rumen Iliev, a postdoctoral research fellow.
“The less persistent a resource is, the sooner (it should be used) lest the vulnerability is fixed before (there’s) a chance to exploit it,” Iliev said.
They illustrate their model using four case studies, including the Stuxnet attack on Iran’s nuclear programme and the Iranian cyber attack on the energy firm Saudi Aramco.
“We also hope this will encourage other efforts to study these things in a rigorous way,” Axelrod said.
“There’s a lot of discussion about cyber problems, but it’s so new that the language isn’t established. People use the word attack to mean anything from stealing a credit card number to sabotage of an industrial system,” Axelrod said.
The research appears in the Proceedings of the National Academy of Sciences.