A team of researchers affiliated with CyberArch, a cybersecurity clinic at the University of Georgia (UGA) Carl Vinson Institute of Government, have authored a report presenting a novel approach for prioritizing cybersecurity actions within an organization.
The report, “A Swarm Intelligence Approach to Prioritizing the CIS Controls V8.0 Implementation, shows how “swarm intelligence” — a type of algorithm derived from patterns of swarms from nature, such as insects or birds — can be used to rank actions outlined in the Center for Internet Security (CIS) framework, a prioritized set of safeguards to help organizations mitigate common cyber attacks.
The paper was authored by Hayat Abdulla Asad Cue, a PhD student in Electrical and Computer Engineering at UGA and a Graduate Research Assistant in the CyberArch program, Thirimachos Bourlai, Associate Professor at UGA’s School of Electrical and Computer Engineering, and Mark Lupo, a Senior Public Service Associate with the Carl Vinson Institute and the UGA CyberArch Coordinator.
The report was published as part of the Center for Long-Term Cybersecurity’s 2024 Public Interest Cybersecurity Research Call for Papers, and was presented in June at the 2024 Cyber Civil Defense Summit.
“In the public interest and outreach field, supporting organizations such as rural hospitals, city-county governments, K–12 school systems, and small businesses in strengthening their cybersecurity posture is essential yet challenging due to resource limitations,” the authors write. “Although the Center for Internet Security (CIS) framework has been recognized for its effectiveness in guiding enterprises toward adopting effective cybersecurity measures, it often presents a daunting task for many organizations due to uncertainties about security action prioritization.”
“This paper proposes a unique approach to enhancing the implementation process of the CIS Control V8.0 framework,” they explain. “The proposed approach generates sets of prioritized security actions based on expert recommendations.”
The proposed approach emerged from the experiences of teams of students at the UGA CyberArch, whose work providing digital security assistance to healthcare providers and other organizations often includes conducting risk reviews, asking specific questions and generating recommendations to help their clients understand areas of improvement in their cybersecurity posture. Through the process of conducting such assessments for different organizations, the CyberArch students identified a need to move beyond qualitative assessment, and to establish a clearer, more measurable compliance process.
“Resource-constrained organizations often require more technical expertise than is available to take the best security action,” the authors wrote. “Target-rich, resource-constrained organizations can face significant challenges with answering questions such as, what order should we follow in implementing a specific cybersecurity framework? What is the best order of steps we can take to prepare for the most frequent cyber-attack types? And how can we minimize associated costs?”
The paper tailors the roadmap for implementing the CIS Controls V8.0 framework’s Implementation Group 1, a set of basic cyber hygiene measures common to all organizations. The approach integrates both the CIS Community Defense Model (CDM) V2.0, which includes data from industry reports and the MITRE ATT&CK framework to map attack techniques and convert them into actionable best practices, and the Cost of Cyber Defense V1.0, a CIS resource that outlines the economic aspects of implementing effective cyber defense measures using the CIS Controls framework.
Using swarm intelligence — “a computational approach inspired by the collective behavior of natural systems” — the proposed model allows organizations to rank security actions based on specific criteria, such as the mitigation of cyber attacks and the cost of implementation. “The objective is to determine an optimal, cost-effective sequence of prioritized controls to maximize cybersecurity resilience in practical settings,” the authors explain.
The paper includes a case study showing how the approach was applied to prioritize security measures in a rural city school system. “This study underscores the potential of using swarm intelligence (SI) to guide the implementation of cybersecurity measures,” the authors write. “It demonstrates the benefits of combining advanced algorithms with systematic evaluations, making cybersecurity subject-matter expert strategies accessible to resource-constrained organizations.”