Cybersecurity Vulnerability Mitigation Framework through Empirical Paradigm (CyFEr): Prioritized Gap Analysis
- BATTELLE (PACIFIC NW LAB)
- University of Arkansas at Little Rock
Cybersecurity vulnerability assessment tools, frameworks, methodologies, and processes are commonly used to understand the cybersecurity maturity and posture of a system or a facility. Although, those tools are strictly developed based on standards defined by organizations such as the National Institute of Standards and Technology (NIST) and the U.S. Department of Energy, the majority of these tools and frameworks do not provide a platform to prioritize the requirements to reach a desired cybersecurity maturity. To address that challenge, we have been developing a framework and a software application called the cybersecurity vulnerability mitigation framework through empirical paradigm (CyFEr). The efficacy of CyFEr was evaluated by implementing it on the NIST Cybersecurity Framework (CSF). This paper provides a detailed architecture of CyFEr and demonstrates its application to CSF by testing against a real-world cyber-attack that targeted industrial control systems in a critical infrastructure facility.
- Research Organization:
- Pacific Northwest National Laboratory (PNNL), Richland, WA (United States)
- Sponsoring Organization:
- USDOE
- DOE Contract Number:
- AC05-76RL01830
- OSTI ID:
- 1717874
- Report Number(s):
- PNNL-SA-143719
- Journal Information:
- IEEE Systems Journal, Journal Name: IEEE Systems Journal Journal Issue: 2 Vol. 14
- Country of Publication:
- United States
- Language:
- English
Similar Records
Application of Rank-Weight Methods to Blockchain Cybersecurity Vulnerability Assessment Framework
Demonstration of the Cybersecurity Framework through Real-world Cyber Attack