Cybersecurity Vulnerability Mitigation Framework Through Empirical Paradigm (CyFEr): Prioritized Gap Analysis

Abstract

Cybersecurity vulnerability assessment tools, frameworks, methodologies, and processes are commonly used to understand the cybersecurity maturity and posture of a system or a facility. Although those tools are strictly developed based on standards defined by organizations such as the National Institute of Standards and Technology (NIST) and the U.S. Department of Energy, the majority of these tools and frameworks do not provide a platform to prioritize the requirements to reach a desired cybersecurity maturity. To address that challenge, we have been developing a framework and a software application called the cybersecurity vulnerability mitigation framework through empirical paradigm (CyFEr). The efficacy of CyFEr was evaluated by implementing it on the NIST cybersecurity framework (CSF). This paper provides a detailed architecture of CyFEr and demonstrates its application to CSF by testing against a real-world cyberattack that targeted industrial control systems in a critical infrastructure facility.