The convergence of Information Technology (IT) and Operational Technology (OT) has heightened the need for robust cyber-risk assessment, which requires identifying plausible breaches, their impact, and effective mitigation strategies. Traditional frameworks often rely on expert opinions, leading to overconfidence, misinterpretations, and inaccurate risk estimates. This chapter introduces an innovative method using machine learning models to assess risk, identify high-risk threat vectors, and suggest mitigation strategies. We integrated MITRE ATT&CK techniques, mapped data features to breach-reported data, and labeled them with the Common Vulnerability Scoring System (CVSS). Additionally, we used statistical models to identify frequent attack chains and built a Recurrent Neural Network (RNN) model to estimate the risk score for attack chains. Finally, we provide a probabilistic risk perspective for the most relevant attack techniques, all based on public information.

错误:搜索内容不能为空,请输入英文关键词
错误:关键词超出字数限制,请精简
高级检索

Cyber Risk Assessment in IT/OT Convergence Using Machine Learning

  • Diego M. Mendez Mena,
  • Maryam Karimi

摘要

The convergence of Information Technology (IT) and Operational Technology (OT) has heightened the need for robust cyber-risk assessment, which requires identifying plausible breaches, their impact, and effective mitigation strategies. Traditional frameworks often rely on expert opinions, leading to overconfidence, misinterpretations, and inaccurate risk estimates. This chapter introduces an innovative method using machine learning models to assess risk, identify high-risk threat vectors, and suggest mitigation strategies. We integrated MITRE ATT&CK techniques, mapped data features to breach-reported data, and labeled them with the Common Vulnerability Scoring System (CVSS). Additionally, we used statistical models to identify frequent attack chains and built a Recurrent Neural Network (RNN) model to estimate the risk score for attack chains. Finally, we provide a probabilistic risk perspective for the most relevant attack techniques, all based on public information.