A Cooperative Cyber Defense for Securing Critical Infrastructures

With the growth of Internet connectivity critical national infrastructures have grown intertwined in complex networked relationships. At electrical substations, it is common to find equipment from several companies together administered remotely by several contractors via the Internet. The the threat of nation-state and terrorist cyber attacks further complicates the ad hoc arrangement until the complexity of the situation becomes difficult even to describe [11]. Defensive actions and policy changes by one company may have far-reaching negative consequences on the partner organizations in the infrastructure. Currently, no cyber defense is designed to protect such interdependent multi-enterprise infrastructures. Human-only or machine-only approaches are now insufficient. The former are slow but adaptable, while the latter are limited by their specialization. In either case, humans must accept ultimate responsibility for the actions of automated systems. We believe the solution lies in mixedinitiative [13] defense unifying the complementary qualities of both humanand machine-based approaches. We describe the Cooperative Infrastructure Defense (CID), a new cyber-defense paradigm whose unique features are: • CID makes humans an intrinsic part of the solution without requiring them to have direct control. • CID enables diverse organizations within an infrastructure to cooperate in an adaptive cyber defense. • CID unifies complex-adaptive swarm intelligence, logical rational agents, and human insight. The resulting system actually turns false positives into beneficial forms of positive feedback for improved performance.