Goznym, a group of five Russian cybercriminals, stole login credentials and emptied bank accounts from unaware Americans for more than a year. Researchers at the University of Texas at San Antonio (UTSA) have developed the first framework to score the agility of cyber attackers and defenders in a bid to defend and quickly respond to escalating cyber-attacks like these. The Army Research Office funded the cyber agility project.

Co-developer of this first known framework as part of his UTSA master's thesis, Jose Mireles, computer science alumnus who now works for the U.S. Department of Defense, said that cyber agility isn't just about patching security hole, it is about understanding what happens over time. Sometimes when people protect their vulnerability, they expose themselves to 10 others. There is an understanding of how to test for safety using the rules of physics in car crashes. It is much harder to quantify cybersecurity because scientists have yet to figure out what are the rules of cybersecurity. Having formal metrics and measurement to understand the attacks that occur will benefit a wide range of cyber professionals.

Mireles collaborated with fellow UTSA student, Eric Ficke, researchers at Virginia Tech, U.S. Air Force Research Laboratory, and the U.S. Army Combat Capabilities Development Command Army Research Laboratory (CCDC ARL) to develop a quantifiable framework. The project was conducted under the supervision of UTSA Professor Shouhuani Xu, who serves as the director of the UTSA Laboratory for Cybersecurity Dynamics.

This joint force used a honeypot, a computer system that lures real cyber-attacks, to attract and analyze malicious traffic according to time and effectiveness. As both the attackers and the defenders created new techniques, the researchers were able to understand better how a series of engagements transformed into an adaptive, responsive and agile pattern or what they called an evolution generation.

The researchers proposed the framework which will help government and industry organizations visualize how well they out-maneuver attacks. This groundbreaking work will be published in an upcoming issue of IEEE Transactions on Information Forensics and Security, a top cybersecurity journal.

According to Xu, the cyber agility framework is the first of its kind and allows cyber defenders to test out many and varied responses to an attack. This is an outstanding piece of work as it will shape the investigation and practice of cyber agility for the many years to come.

Purush Iyer, Ph.D., division chief, network sciences at Army Research Office, and an element of CCDC ARL, said that the DoD and US Army recognize that the Cyber domain is as essential as battlefront as Ground, Air, and Sea. Being able to predict what the adversaries will likely do provides opportunities to protect and to launch countermeasures.

In his words, Mireles said that a picture or graph, in this case, is indeed worth more than 1,000 words. When security professionals use the framework, they will recognize if they are getting beaten or doing an excellent job against an attacker.