How to Measure Cyber-Resilience of a System With Autonomous Agents: Approaches and Challenges

Abstract

<italic xmlns:mml="http://www.w3.org/1998/Math/MathML" xmlns:xlink="http://www.w3.org/1999/xlink">Researchers developed approaches to assess the performance of cyber-physical systems, their exposure to various types of threats, and the ability of cybersecurity components and systems to withstand disruptions. System resilience, defined as an ability to absorb, recover from, and adapt to cyber-attacks, has been studied less, and the situation is further complicated by the increased number of autonomous agents, i.e., hardware and software, which act on its own without human intervention. These agents can increase or decrease system resilience depending on their design and critical functions. Systems enabled with autonomous agents have the potential to respond to cyber-attacks with speed and scale that are unachievable with purely human defenders, but the mere presence of autonomous agents in the system adds vulnerabilities and can reduce resilience. Most assessment approaches have limitations with respect to measuring cyber-resilience, especially in systems with autonomous agents enabled with artificial intelligence. In this article, we provide an overview of several approaches related to the assessment of cybersecurity and the practical challenges in applying such approaches to measure cyber-resilience of systems with autonomous agents. We propose directions for research and practice on the development of effective cyber-resilience measures</i> <italic xmlns:mml="http://www.w3.org/1998/Math/MathML" xmlns:xlink="http://www.w3.org/1999/xlink">.</i>