Adaptation Is Key to Determining Network Resilience in Cyberattacks, Study Finds

A new study shows that traditional markers of a computer network's resilience are not solely effective in determining its ability to accomplish missions.

Researchers from the U.S. Army Combat Capabilities Development Command's Army Research Laboratory (ARL) partnered with Virginia Tech to develop a suite of network adaptation strategies designed to maintain services in a resource-constrained environment: networks under cyberattacks.

"Simply having network connectivity does not imply that a network can provide the services it needs," said Dr. Terry Moore, Army researcher. "A key result of this work is showing that typical measures of performance for network resilience do not apply to mission-oriented or task-service networks. We mathematically prove that without consideration of the resources or task priority, network connectivity is not a sufficient measure for determining mission success."

A new approach could lead to stronger Army computer networks that are tougher when facing a cyberattack, researchers said. Studies on network resilience typically focus on fault tolerance, determining what happens when components of a network fail or defending those components from failure, such as using security measures or redundancy with replacement components. This new study examines network adaptability: changing the network structure or topology to enable functionality amid component failure. This research, Network Adaptations Under Cascading Failures for Mission-Oriented Networks, published in the September 2019 volume of the Institute of Electrical and Electronics Engineers Transactions on Network and Service Management.

This fundamental research provides an initial step toward the vision of a network strategy that dynamically changes the network topology to prioritize critical mission completion, Moore said, and could contribute significantly to advances in Army modernization priorities.

According to the ARL, for this study, researchers focused on a tactical, mission-oriented network supporting several tasks, each with a different priority. "For network resilience, the traditional focus is on the survivability of the network--the fraction of how many components of the network do not fail compared to before the failures. This research considered the survivability of the tasks the network components and parts were assigned to and therefore focused on how many tasks could continue to be serviced even after components fail--a more appropriate measure of their resilience, Moore said."

ARL notes that the team conducted a computational simulation and considered a scenario in which there were limited resources for nodes, which could be anything from a cell phone to a robot. These nodes were collaboratively assigned to various tasks of different levels of priority. The tasks were designed to be abstract, but could be surveillance, search and rescue, distributed processing, communication support, etc., Moore said.

Nodes could be assigned to multiple tasks but with no inherent dependency between the tasks, such as a required order of completion. However, cascading effects occur between tasks, when a node is maliciously attacked or mechanically fails, the workload shifts to remaining nodes assigned to the task. If the remaining nodes lack the resources to support the additional workload, they may fail or drop out of the task to preserve the ability to remain active in other tasks.

This domino effect, where nodes sequentially fail, can be combated with new strategies for tasks to recruit new nodes based on the consideration of their resources and task priority, says ARL. In this study, the team added the importance or priority of the task to the particular strategy used to recruit or select a new node. A new approach for these scenarios is adapting, or merging, a task assignment problem solutions and a resource allocation problem solutions for a mission-oriented network problem, says the ARL.

The ARL notes that continued initiatives in network security include researching the use of software-defined networking to implement moving target defense in service-aware networks--a strategy to dynamically change the attack surface of the network or system to limit or remove the attacker's asymmetric advantage, thereby rendering the information collected by the attacker no longer true, Moore said.

ON DEMAND: Business-impacting events such as severe weather, man-made disasters, and supply chain disruption are increasing in frequency and making impacts around the globe.

In today's rapidly evolving security landscape, organizations face an ever-growing array of disruptive events, security threats and risks. Traditional reactive approaches to security intelligence often leave businesses vulnerable and ill-prepared to anticipate and mitigate emerging threats that could impact the safety of their people, facilities or operations.