Abstract: Methods and systems are described for assessing a computer network using a graph model. In some instances, the methods comprise: receiving data from at least one data stream of a plurality of data streams, wherein the plurality of data streams comprise computer network data provided by one or more data brokers, and wherein the data received from different data streams of the plurality comprise different data formats; converting the data received from the at least one data stream to a common data format comprising a node or an edge; updating a graph model comprising a plurality of nodes and edges stored within a graph database according to the node or edge of the converted data; and providing a user of the computer network with a visualization of a status of the computer network.

Abstract: A system and method for systematically undertaking model-based security analysis of a cyber physical system (CPS) is provided. In one example, a cyber model simulation and a control system simulation are mapped using various methods to determine which portions of the cyber-model simulation and the control system simulation are correlated with one another. Using the determined correlation, when a cyber-attack is generated on the cyber model simulation, a corresponding attack hook can be generated for the control system model. The attack hook is configured to be integrated into the control system model so as to mimic the effect on the control system that a cyber-attack can engender. Once one or more attack hooks are generated, the user can place the hooks into the control system simulation schemas and run a series of simulations to determine the effects of a cyber event on the control system in a CPS.

Abstract: A system and method for systematically undertaking model-based security analysis of a cyber physical system (CPS) is provided. In one example, a cyber model simulation and a control system simulation are mapped using various methods to determine which portions of the cyber-model simulation and the control system simulation are correlated with one another. Using the determined correlation, when a cyber-attack is generated on the cyber model simulation, a corresponding attack hook can be generated for the control system model. The attack hook is configured to be integrated into the control system model so as to mimic the effect on the control system that a cyber-attack can engender. Once one or more attack hooks are generated, the user can place the hooks into the control system simulation schemas and run a series of simulations to determine the effects of a cyber event on the control system in a CPS.