Modern command, control, and communication systems are highly interconnected supported by advanced networks and Internet of Things (IoT). The hypberconnectivity of the such systems and the software underpinning exposes them to a large number of security vulnerabilities, which leads to an increase in the volume and sophistication of cyberattacks. These attacks potentially disrupt the cyber safety and operation of many organisations and enterprises with millions of users. Assessment of these cyber risks is important to prioritise to fix the ones that would have the highest impact on a system. The current techniques are mostly expert-based with manually crafted rules, and thus do not scale well to new vulnerabilities. The proposed research challenge aims to automate the security assessment process using Artificial Intelligence enabled technologies. The envisioned solution will support evaluation-based security modelling to analyse vulnerabilities in complex and dynamically changing computer systems and interconnected networks. The expected deliverables of the project are:
- Enrichment of graphical security models with a variety of security metrics extracted from software vulnerability assessment
- Automated security analysis of the interconnected systems using a combination of machine learning-driven software vulnerability assessment and graphical security modelling techniques