Intended effects of cyber resiliency techniques on adversary activities

Evidence and analysis are needed to determine whether, how, and to what extent architectural and operational decisions have an effect on cyber adversary behavior. This is particularly the case for cyber resiliency techniques, which are relatively new compared with conventional perimeter defenses and intrusion detection techniques. In this paper, we propose a vocabulary for describing effects on cyber adversaries. The vocabulary is compatible with existing terminology for Information Operations (IO), as well as for such modeling and analysis techniques as Red Team analysis, game-theoretic modeling, attack tree and attack graph modeling, and analysis based on the cyber attack lifecycle. We use this vocabulary to map cyber resiliency techniques to the different phases of a cyber campaign. This use of the vocabulary enables the identification of measures of effectiveness (MOEs) or metrics for effects on adversary activities. The mapping also illuminates how cyber resiliency techniques apply differently to address various adversary activities, and thus provides a basis for identifying effective combinations of techniques.