Publications

Publications / SAND Report

Categorizing threat : building and using a generic threat matrix

Duggan, David P.; Gaines, Sherry T.; Veitch, Cynthia K.

The key piece of knowledge necessary for building defenses capable of withstanding or surviving cyber and kinetic attacks is an understanding of the capabilities posed by threats to a government, function, or system. With the number of threats continuing to increase, it is no longer feasible to enumerate the capabilities of all known threats and then build defenses based on those threats that are considered, at the time, to be the most relevant. Exacerbating the problem for critical infrastructure entities is the fact that the majority of detailed threat information for higher-level threats is held in classified status and is not available for general use, such as the design of defenses and the development of mitigation strategies. To reduce the complexity of analyzing threat, the threat space must first be reduced. This is achieved by taking the continuous nature of the threat space and creating an abstraction that allows the entire space to be grouped, based on measurable attributes, into a small number of distinctly different levels. The work documented in this report is an effort to create such an abstraction.