Major cyber attacks ‘can be predicted’ using computer model, researchers claim

Major international cyber attacks follow a pattern – and attacks such as Stuxnet, which targeted Iran’s nuclear plant can be predicted by a mathematical model, University of Michigan researchers have claimed.

The model could help understand the strategy and timing of international cyber attacks, and predict the “next move” in conflicts, according to Robert Axelrod, professor of political science at the University. Axelrod hopes the research may “mitigate” the harm of such attacks.

Axelrod likens the current state of cyber attacks to the early nuclear era – and hopes the model may help states understand the strategic implications of such technology, and help draw the line between cybercrime and cyber attacks.
“One of our major contributions is to develop some concepts to deal with this new realm of cyber conflict,” Axelrod said. “It took 15 years in the nuclear world for people to understand the implications of nuclear technology. It is our hope that it won’t take that long to understand the strategic capabilities of cyber technology.”
“We also hope this will encourage other efforts to study these things in a rigorous way,” Axelrod said. “There’s a lot of discussion about cyber problems, but it’s so new that the language isn’t established. People use the word attack to mean anything from stealing a credit card number to sabotage of an industrial system.”
The timing can be ‘predicted’ by analyzing the stealth of a resource – ie the ability to infiltrate and remain undiscovered – and persistence, the ability of a vulnerability to remain undiscovered. Combining these two gives a model which can predict the timing of attacks, the researchers claim, in a paper published in the academic journal PNAS.
Speaking to Ars Technica, Allan Woodward, a cybersecurity expert at the University of Surrey said that the model fit existing attacks ‘perfectly’.
Ars Technica said that the case studies showed how and when cyberweapons would be used, and Woodward said the timings fit both the Stuxnet attack – which ‘lay dormant’ for 17 months – and Iran’s response, “Iran may have responded to this attack by targeting the workstations of Aramco, an oil company in Saudi Arabia that supplied oil to the US. Although the US called this the “most destructive cyber-assault the private sector has seen to date,” it achieved little. However, for Iran, the result mattered less than the speed of the response. In a high stakes case, the model predicts immediate use of a cyber-weapon, which is what happened in this case, too.”
The tool could offer a greater understanding of what “cyber espionage” is – and how states use it. The researchers used four case studies, including the Stuxnet attack on Iran’s nuclear program and the Iranian cyber attack on the energy firm Saudi Aramco.

“A good resource should have both stealth and persistence,” Axelrod said. “The less persistent a resource is, the sooner (it should be used) lest the vulnerability is fixed before (there’s) a chance to exploit it.”