Threat models for cyber insurance
This research project aims to design a threat modelling and attack simulation language, insuranceLang, for cyber insurance. Testing and validating the domain-specific language will be done using data from the insurance industry. Cyber insurances are fairly new, and their models are simplistic and highly generalized. One reason for this is the lack of relevant historical data on insured losses. As a consequence, cyber insurance is probably not used optimally. In particular, some industries cannot offer appropriate insurance coverage because their risks cannot be assessed.
Society is getting more digitalized. This entails great opportunities but also novel cyber risks, which can be difficult to assess. An adequate understanding of cyber risk is crucial since cybersecurity is a prerequisite for successful industrial transformation and digitalization. Thus, there is great potential for overcoming some of these cyber insurance challenges. More precisely, the use of attack simulations based on system architecture (threat) models is a promising avenue for analyzing the cybersecurity posture of a system. Suppose such analyses were to become more widely used by insurers. In that case, that could enable more precise risk assessment, a better understanding of risk-reducing measures, and insights into risks that have been uninsurable until now.
The researchers in the team represent the School of Electrical Engineering & Computer Science, KTH and the Division of Digital Systems, RISE.
In addition to the PIs, Carlos Barreto works in this project as a postdoctoral researcher funded by Digital Futures.
Watch the recorded presentation at Digitalize in Stockholm 2022 event:
Professor, Division of Network and Systems Engineering at KTH, Working group Trust, Co-PI of project Threat models for cyber insurance, Digital Futures Faculty+46 8 790 68 67