Innovative Supply Chain Cyber Risk Analytics: Unsupervised Clustering and Reinforcement Learning Approaches
Author(s)
Siegel, Benjamin M.
DownloadThesis PDF (2.407Mb)
Advisor
Retsef, Levi
Terms of use
Metadata
Show full item recordAbstract
The increasing frequency and severity of cyberattacks has made reliable cyber risk assessment a critical concern for organizations worldwide. Traditional cyber risk methodologies focus on the enterprise’s level of cyber maturity. Moreover, several commercial companies provide cyber ratings using information about the organization accessible by outside parties, often called outside-in ratings. However, merely focusing on the enterprise’s own cyber maturity may be insufficient given the increasing number of cyberattacks that exploit vulnerabilities in the organization’s supply chain. This thesis presents innovative approaches to cyber risk assessment that incorporate attributes of the digital supply chain.
Chapter 2 is motivated by recent cyberattacks that relied on compromising software companies as a vector to attack their customers, illustrating the importance of going beyond the enterprise’s vulnerabilities and assessing potential threats from the supply chain. Taking into account this observation, the chapter presents a data-driven approach to identifying high risk software companies based on their relative position in the supply chain. The newly proposed approach is based on unsupervised clustering techniques applied to intuitive supply chain features of the respective software companies. The clustering approach is applied to a self-constructed dataset of over 4,600 software companies, and the model partitions the software companies into two clusters. Historical breach data that was not used in the clustering suggests that the second cluster, despite being smaller, has a significantly higher proportion of breached companies. Furthermore, feature differences between clusters reveal that the risky software companies tend to have many more customers and suppliers, particularly in the Technology and Business Services sectors. These findings highlight the importance of specific supply chain features as risk drivers in assessing the cybersecurity posture of software companies.
In Chapter 3, we propose a novel approach to cyber risk assessment that directly incorporates an attacker model and in so doing are able to better predict enterprises’ vulnerabilities. We develop a theoretical attacking agent to randomly target a company and explore neighboring nodes in the supply chain graph. Deep reinforcement learning algorithms are used to train the attacker over time, identifying rewarding paths throughout the supply chain network. The fully trained attacker then simulates attacks, yielding a risk score for each individual company in the network. This score corresponds to the relative number of breaches the company experiences in simulation. This approach is empirically validated using a dataset of over 13,000 companies in the Retail sector, and the results are highly statistically significant when compared to real-world breach incident data and an existing outside-in ratings model. Because the theoretical attacker approach is validated by existing breach data and holds predictive power, this methodology can contribute to the development of more effective risk assessment strategies to combat the growing threat of cyberattacks.
Date issued
2023-06Department
Massachusetts Institute of Technology. Operations Research CenterPublisher
Massachusetts Institute of Technology