By Milica D. Djekic

The incident response as a cyber defense active measure could require the highly skillful IT security professionals who should get capable to detect, handle and mitigate the threat. The threat by itself is the likelihood that something could get wrong with your cyberinfrastructure and if you believe into the Murphy’s Law – Anything that can go wrong would go wrong. The similar situation is with the engineering systems that could also cope with the risk or the real presence of mistake in their operating. In control engineering, those potentials for some system’s inaccurate functioning are called the disturbances.

In both cases, those risks would come from the outside and sometimes some inner factors could cause so unpleasant working conditions. On the other hand, the experiences from the automatics and control would suggest that you need to compensate the disturbance somehow if you want to make your solution working accurately. The similar situation is with the incident response that would rely on the human workforce that would get the task to think hard and resolve any unexpected occurrence in the cyberspace. The cyberspace is so dynamic and complex ecosystem and similarly as in the physical reality – its rules could be far more complicated. The reason for that is if you apply mechatronics and control to your power plant – you can always expect that some external factors could disturb your control system or there could be the other reasons to any potential catastrophic event.

The fact is the modern warfare would get transferred from the physical domain into the cyber environment, but the impacts of those operations could get so far-reaching as well. In other words, there is a strong need to make your incident response team getting equipped with the cutting-edge solutions as their role in cyber defense is from the strategic importance to the entire cybersecurity chain. Finally, it’s so critical from the perspective of IT security to underestimate the significance of smart technologies that could support you in your intent to make the task to your incident responders getting so convenient and less difficult.  

Anything cyber analyst knows could get automated

When we talk about the incident response – many would get the picture of ultra-modern security operating centers with the teams of analysts and incident responders. Those guys would shift from time to time and do a great job, indeed, but the reality is far more different from that. In the practice, so many organizations would not deal with any security operating centers or at least they would cope with the only one IT security professional that would literally get overloaded with the plenty of heavy work mainly on ad hoc or part-time basis. So, the cyber analysts would deal with the highly sophisticated tools, but they would be the ones who would make a decision about any action being taken on. The good question is that how we could teach our software to automatically make some decisions on and make the work to the people getting much easier.

The mechatronics and control is the field that would progress, so far, through the past few decades and, apparently, there would be so many autonomous systems that would manage the behavior and working process of, say, aircraft, vehicles or space industry advancements. Well, the idea is that you could apply that adaptive algorithm to navigate your security tool to make so rational decisions as the real IT security analyst would do. In other words, anything your incident responders know should get automated primarily for their own convenience and secondly for the better usage of such intelligent equipment. Above all, the human workforce would, in such a case, serve to monitor and maybe resolve some unpredicted scenarios and the rest of the task would go into the hands of smart software. Further, as you have the self-driving cars on the roads today – you could count on the self-responding tools that would work under human supervision, so far. Finally, it appears that the cyber industry got a lot of that to learn from the other branches of science and technology.

Why incident response is a key pillar of defense

As it’s quite well-known, the good security would include the prevention, monitoring and incident response into its practice. The incident response is any method of activities and actions that would give you an opportunity to resolve any incidental situation happening within your IT devices and networks. Sometimes in order to resolve some complications with your grid, you need to disconnect your entire infrastructure from the web which could mean some discontinuity from your work and consequently recovery from such occurred disaster. The faster you respond to your incident – the better outcomes of your effort would be. The incident responders and analysts are so bright and knowledgeable guys who could handle almost any situation in the cyberspace, but the trouble is there is still a huge shortage for such a workforce. In addition, the ongoing marketplace would need more and more such professionals and in the future, we can expect the big investments into that area of technology.

The role of control engineering in cybersecurity

As we would suggest through this effort, the modern self-driving systems would be the products of control engineering and they would mostly cope with the adaptive algorithms of control. In order to adapt to your environment, you need to sense such a surrounding before you choose what you would do the next. The adaptive control is far more beyond the feedback loop and even if you need the sensors in both cases – you should figure out that in both instances – the adaptive systems would get developed to deal with much more variations of the practical engineering concerns. It would seem that the adaptive control would offer us the quite robust solutions and that is the case, so only highly capable and experienced engineers could take part in research and development of such improvements. Finally, if we use only the smallest piece of the brain getting with the good control engineers – we would realize that the software engineering got the chance to cope with the self-responding and self-resolving algorithms for the incident management.

Sensory software as an imperative for accuracy

The adaptive solutions would deal with a lot of sensors giving them the chance to develop some situational awareness about their surroundings. Those sensors are usually the devices that would measure some physical variable and send that information to the computing unit. In other words, just try to imagine what it would happen if we would measure some cyberspace variables such as IP address, password, traced route and so on. In such a case, we would get the heaps of findings and information to process using some programming algorithms. If your measurements are accurate, you would get the chance to cope with the trusted data and force your system operating in a much more accurate manner as given through its adaptive algorithm. In other words, if your intended behavior is so close to your real behavior – you can trust to that system. Finally, your accuracy would go under the question mark if you are not able to mitigate your threat as you are doing the compensation of the disturbance in the control engineering.

The ending notes

It’s always good to deal with the diversity for a reason you would never know which area of science and technology could inspire you to make a breakthrough in another field of interest. It’s not the news that there would be the entire multidisciplinary teams of experts who would cope with a lot of brilliant ideas and suggestions getting so helpful for the rest of the researcher’s community. In conclusion, there is the obvious analogy between the cyber defense and control engineering and such synergy could support us in discovering the new ways in both arenas.

About The Author

Milica D. Djekic is an Independent Researcher from Subotica, Republic of Serbia. She received her engineering background from the Faculty of Mechanical Engineering, University of Belgrade. She writes for some domestic and overseas presses and she is also the author of the book “The Internet of Things: Concept, Applications and Security” being published in 2017 with the Lambert Academic Publishing. Milica is also a speaker with the BrightTALK expert’s channel and Cyber Security Summit Europe being held in 2016 as well as CyberCentral Summit 2019 being one of the most exclusive cyber defense events in Europe. She is the member of an ASIS International since 2017 and contributor to the Australian Cyber Security Magazine since 2018. Milica’s research efforts are recognized with Computer Emergency Response Team for the European Union (CERT-EU). Her fields of interests are cyber defense, technology and business. Milica is a person with disability.