CyberSAGE: The cyber security argument graph evaluation tool

Cyber risk assessment is a critical step in securing the digital systems that support modern society. Typically this is a manual process carried out by consultants or working groups with little or no software support outside of spreadsheet tools. As cybersecurity threats and digital systems themselves become more complex and dynamic, there is a need for greater tool support in the risk assessment process to document and trace assumptions and facilitate the revision or extension of a threat and risk assessment throughout a system’s lifecycle. The Cyber Security Argument Graph Evaluation (CyberSAGE) tool provides a platform for model-based cybersecurity analysis of cyber failure and attack scenarios. It combines models of high-level workflow, system architecture, device properties, attacker capability and skill, to compute holistic, quantitative security metrics. In this paper we describe the models, algorithms, and software architecture of the CyberSAGE tool. To illustrate its application, we describe an assessment carried out on communication systems in two railway lines with the support of an industry partner. Finally, we summarize feedback on the CyberSAGE tool from the railway case study partner, as well as over 40 interviews with practitioners and domain experts and a multinational electronics company who carried out a one year independent evaluation.