EPSRC logo

Details of Grant 

EPSRC Reference: EP/V038710/1
Title: A Framework for Risk-Informed Metrics-Enriched Cybersecurity Playbooks for CNI Resilience
Principal Investigator: Cherdantseva, Dr Y
Other Investigators:
Burnap, Professor P Craggs, Dr B Li, Dr T
Researcher Co-Investigators:
Project Partners:
Airbus Group Limited Thales Ltd Toshiba
Department: Computer Science
Organisation: Cardiff University
Scheme: Standard Research
Starts: 01 July 2021 Ends: 30 June 2023 Value (£): 503,174
EPSRC Research Topic Classifications:
Information & Knowledge Mgmt Software Engineering
EPSRC Industrial Sector Classifications:
Aerospace, Defence and Marine Information Technologies
Related Grants:
Panel History:
Panel DatePanel NameOutcome
10 Feb 2021 Cross-RI PaCCS 2020 prioritisation panel Announced
Summary on Grant Application Form
The ultimate goal of the project is to improve CNI resilience in the UK by enabling timely and efficient incident response. To achieve this, this project will deliver a Framework for creating Risk-Informed Metrics-enriched Playbooks for Critical National Infrastructure (FRIMP4CNI).

We propose to approach incident response playbooks in a fundamentally different way. First, playbooks in this project are integrated into core CNI processes affected by an incident, showing how enacting a particular response affects core processes as well as interdependent processes. Second, our playbooks address more than technical actions, they look at aspects beyond technology, e.g. operational response, issues related to staff availability and costs, reporting process, political and communication response. Third, playbooks are risk-informed because each playbook has an associated risk model; and fourth, they are enriched with business-driven multifaceted metrics which reflect the changes that an incident inflicts on a core process. Fifth feature is that our playbooks are optimal: an optimisation algorithm is applied to a set of alternative response strategies to identify the optimal response playbook for each case. A combination of the features listed above makes our approach unique and allows our playbooks to serve both as an action guide enabling improved cybersecurity incident response and as a decision support tool at the Board level.

The project has three key objectives:

1. Create an empirically-grounded tool-supported actionable framework for developing bespoke risk-informed metrics-enriched cybersecurity playbooks tailored to the challenges of enhancing resilience in CNI by adopting and modelling incident response best practices in a format of integrated playbooks.

2. Design, implement and test software tools supporting the aspects of the framework related to process modelling, risk assessment and response strategy optimisation, and to integrate them into a comprehensive CNI Playbook Design Toolset. The project will deliver the full technology stack required to develop optimal risk-informed and metric-driven playbooks. Tool-support will increase the intention to use and facilitate faster adoption of the framework in practice.

3. Evaluate the framework using existing testbeds at the participating universities and industry partners, and via focus groups and workshops with industry partners and individual domain experts with a broad range of backgrounds and in varying roles from network engineers to ICS operators to Board members to policy makers. It is essential to conduct extensive evaluation with practitioners to ensure that the framework and tools are effective, accessible and fulfil the intended purposes for each group of stakeholders.

Key Findings
This information can now be found on Gateway to Research (GtR) http://gtr.rcuk.ac.uk
Potential use in non-academic contexts
This information can now be found on Gateway to Research (GtR) http://gtr.rcuk.ac.uk
Impacts
Description This information can now be found on Gateway to Research (GtR) http://gtr.rcuk.ac.uk
Summary
Date Materialised
Sectors submitted by the Researcher
This information can now be found on Gateway to Research (GtR) http://gtr.rcuk.ac.uk
Project URL:  
Further Information:  
Organisation Website: http://www.cf.ac.uk