Abstract: Techniques and apparatuses are described for a cybersecurity risk management tool to assess cybersecurity risk and prioritize cybersecurity correction plans. The cybersecurity risk management tool categorizes cybersecurity framework security controls into maturity indicator levels, identifies implementation states achieved by an entity with respect to the cybersecurity framework security controls, and determines which of the maturity indicator levels represents the implementation state achieved by the entity with respect to each of the cybersecurity framework security controls. A cost-benefit analysis for modifying from the implementation state achieved by the entity to a next implementation state to be achieved by the entity with respect to the cybersecurity framework security controls is also enabled. The cost-benefit analysis leverages factored weights including aspects indicative of security perspectives, Gaussian distributions, and the maturity indicator levels.

Abstract: Technology related to risk-informed autonomous adaptive cyber controllers is disclosed. In one example of the disclosed technology, a method includes generating probabilities of a cyber-attack occurring along an attack surface of a network. The probabilities can be generated using sensor and operational data of a network as inputs to an attack graph. The risk scores can be determined using a plurality of fault trees and the generated probabilities from the attack graph. The respective risk scores can correspond to respective nodes of an event tree. The event tree and the determined risk scores can be used to determine risk estimates for a plurality of configurations of the network. The risk estimates for the plurality of configurations of the network can be used to reconfigure the network to reduce a risk from the cyber-attack.

Abstract: Methods can include accessing an organizational framework describing an organization, wherein the organizational framework comprises one or more relational matrices defining matrixed interdependencies between business functions, business processes, engineering applications, assets, responsible entities, and facilities of the organization, and using the relational matrices to compute a criticality of an asset, engineering application, or business process, and using a computed criticality to compute a value at risk or a value of a consequence to the organization.

Abstract: Apparatus and methods are disclosed for producing configuration recommendations and implementing those recommendations in a computing environment. In some examples, a browser-based tool is provided that allows hardware and software developers to assess the maturity level of their design and development processes, allows management to determine desired maturity levels in seven domains, and allows developers to monitor process maturity improvements against management goals. The disclosed technologies can be used by commercial software developers as well as internal development organizations.

Abstract: Techniques and apparatuses are described for a cybersecurity risk management tool to assess cybersecurity risk and prioritize cybersecurity correction plans. The cybersecurity risk management tool categorizes cybersecurity framework security controls into maturity indicator levels, identifies implementation states achieved by an entity with respect to the cybersecurity framework security controls, and determines which of the maturity indicator levels represents the implementation state achieved by the entity with respect to each of the cybersecurity framework security controls. A cost-benefit analysis for modifying from the implementation state achieved by the entity to a next implementation state to be achieved by the entity with respect to the cybersecurity framework security controls is also enabled. The cost-benefit analysis leverages factored weights including aspects indicative of security perspectives, Gaussian distributions, and the maturity indicator levels.

Abstract: Technology related to risk-informed autonomous adaptive cyber controllers is disclosed. In one example of the disclosed technology, a method includes generating probabilities of a cyber-attack occurring along an attack surface of a network. The probabilities can be generated using sensor and operational data of a network as inputs to an attack graph. The risk scores can be determined using a plurality of fault trees and the generated probabilities from the attack graph. The respective risk scores can correspond to respective nodes of an event tree. The event tree and the determined risk scores can be used to determine risk estimates for a plurality of configurations of the network. The risk estimates for the plurality of configurations of the network can be used to reconfigure the network to reduce a risk from the cyber-attack.

Abstract: A method and system for cyber security management of Supervisory Control And Data Acquisition (SCADA) systems is provided to enhance situational awareness and cyber security management for industrial control systems. A centralized System Security Manager (SSM) is integrated into a SCADA to collect security related data for the industrial control system and an integrated command and control user interface displays security related data, a system security level, and interfaces with a user to allows for changing of system security settings for the industrial control system based on the security related data collected and manages changes in operational state of the SCADA based on the security level to restrict use of system interfaces and system accesses.

Abstract: A method and system for cyber security management of Supervisory Control And Data Acquisition (SCADA) systems is provided to enhance situational awareness and cyber security management for industrial control systems. A centralized System Security Manager (SSM) is integrated into a SCADA to collect security related data for the industrial control system and an integrated command and control user interface displays security related data, a system security level, and interfaces with a user to allows for changing of system security settings for the industrial control system based on the security related data collected and manages changes in operational state of the SCADA based on the security level to restrict use of system interfaces and system accesses.