[ Watch the Video: New Model For Predicting Cyberattacks ]
Brett Smith for redOrbit.com – Your Universe Online
The timing of a cyber-attack is crucial to overcoming measures designed to defend or repel the attacks and a new study from researchers at the University of Michigan has revealed a mathematical model that could be used to optimize the timing of would-be hackers.
In the study, which was published in the Proceedings of the National Academy of Sciences (PNAS), the research team said nations around the world are cataloging defects in Internet security systems not already identified by someone else – also known as “zero-day exploits.” The researchers focused their model on identifying the precise time to take advantage of the flaws.
“New vulnerabilities in computer systems are constantly being discovered,” the researchers wrote. “When an individual, group, or nation has access to means of exploiting such vulnerabilities in a rival’s computer systems, it faces a decision of whether to exploit its capacity immediately or wait for a more propitious time.”
The model developed by the Michigan team considers the possibility of attacking a system, knowing that this may result in a fix being deployed. The model is designed to identify the perfect moment for an attack – knowing a particular weakness could be discovered and patched at any time.
The model considered four variables: specific vulnerabilities, stealth of the attack, reusability of the attack and threshold for use. According to the study team, when the reusability of a particular attack increases, the optimal threshold for use also increases – meaning the longer a weakness exists, the longer a potential attacker can wait before using it.
When the stealth of a weapon increases, the optimal threshold decreases – the longer a weapon can avoid detection, the better it is to use it quickly. They also noted that an attack needs to be used sooner if stakes are constant or later if the stakes are variable. Taken together, these principles assert that when the benefit from an attack remains constant and consequences are low, the optimum time to attack is as soon as possible. Conversely, when the benefit of an attack is variable and consequences are high, delaying an attack is the best option.
The Michigan team included several case studies in their model, including the Stuxnet attack on Iran’s nuclear program and the unrelenting cyber espionage being conducted by the Chinese military. The researchers found that their case studies all displayed instances of optimal timing.
“One of our major contributions is to develop some concepts to deal with this new realm of cyber conflict,” said study author Robert Axelrod, a policy expert at the university.
“It took 15 years in the nuclear world for people to understand the implications of nuclear technology,” Axelrod told The Telegraph. “It is our hope that it won’t take that long to understand the strategic capabilities of cyber technology.”
“We also hope this will encourage other efforts to study these things in a rigorous way,” he added. “There’s a lot of discussion about cyber problems, but it’s so new that the language isn’t established. People use the word attack to mean anything from stealing a credit card number to sabotage of an industrial system.”