UNIVERSITY PARK, Pa. — When a computer system is compromised by a cybercriminal, chaos ensues. Not only have attackers accessed the data they’re after, they could also bring the everyday business processes to a grinding halt.
Thanks to new research from the Penn State College of Information Sciences and Technology (IST), there may be a new way to help organizations mitigate the wave of disruption left in the wake of a cyberattack.
The study, “Building an Active Cyber Defense Toolkit based on Actionable Impact Analysis in Cloud Computing,” is being spearheaded by Peng Liu, professor of IST, and is funded by a grant from the National Institute of Standards and Technology (NIST).
Liu’s research focuses on identifying an organization’s mission impact, which are the theoretical effects of a cyberattack on everyday business processes. Liu used the example of LionPATH, Penn State’s online student hub for managing tuition payments, grade reporting, and a variety of student services.
“When a hacker is attacking a computer network like LionPATH, the real purpose may not be to affect those business processes,” Liu explained.
The attacker’s primary goal is usually to capture data, but it’s quite likely the business processes would be disrupted from a successful intrusion.
Said Liu, “The motivation of this project is to more quantitatively assess those types of indirect impacts.”
The need for this kind of preparation is heightened, as nearly all organizations across every industry are readily adopting cloud computing technologies.
“A virtual network introduces some new vulnerabilities. Therefore, an attack will exploit them,” Liu said.
This research aims to address an existing gap of knowledge, as the cybersecurity analysts who are trained to identify and thwart cyberattacks aren’t usually familiar with the day-to-day businesses systems and how they could be affected.
“On the other side are the people responsible for those things, like accountants, but they aren’t able to detect a cyberattack themselves,” Liu explained.
However, those managing the daily processes are often the first to know when a disruption occurs, such as a payment system crashing. Liu plans to create a tool that can merge the two priorities to automatically determine which business processes can be affected in the event of a hack and how to quarantine the effects.
In the example of payment systems, Liu notes, the tool could potentially identify that if payment information is contaminated, the overarching system may not be able to accept payments or may invoice incorrect amounts.
This proactive mindset also adds an additional layer of resiliency to an organization, helping them regain control of their systems and resume business as usual.
In an environment where cyberattacks are becoming increasingly prevalent, the application of this tool can help fortify an organization’s security by directly using log data as an input, thus making the impact analysis mostly automatic."
Concludes Liu, “This research is a critical step forward.”