Review of Tonelli Federico's PhD thesis -- Lilian Wu
This thesis fully satisfies the requirement of Ph.D. work and Mr. Federico should
be granted the Ph.D. degree.
My review of Tonelli Federico's PhD thesis is from the perspective of a
person that funds and manages a portfolio of research
collaborations with universities where the area of cybersecurity is
growing in importance.
This thesis addresses a very important topic where an ICT infrastructure is
under attack by intelligent, persistent agents. These agents aim to
control some predefined infrastructure component to steal information or
to damage the infrastructure. This work will be important for organizations to not only assess
the risk of their
ICT network and infrastructure but only help to design better and less vulnerable complex
systems.
In his Ph.D. thesis, Federico Tonelli proposes to assess and manage the
risk due to a complex ICT infrastructure by adopting a Monte Carlo
method. This method returns a sample to compute the statistics of
interest. The thesis also discusses the specification, design,
and validation of an integrated suite of programming tools to automate
the use of the Monte Carlo method.
The thesis is well written and this work has been presented in a large number of papers in
international
peer-reviewed journals and conferences. Most impressive are the results described in Section 6
of the thesis -- the validation of the methodology and suite of tools. Impressive is the fact it has
been validated when used in several real world defense exercises where an ICT system was
under attack by a team of ethical hackers
selected by the NATO. The defender team in the exercise applied the methodology and the
suite of tools to select the countermeasures to deploy to
increase the system robustness before the hacker team started its
attack. And increasing the robustness of the target system. The output
of these exercises confirms the accuracy of both the methodology and the
tools to assess and manage ICT risk.
For real world use, Section 7 outlines the assessments to evaluate the proposed approach to
ICT risk assessment and management. These assessments support the
claim that the suite and the methodology can predict the behavior of a
system under attacks by APTs and manage the resulting risk in a cost
effective way.
The following are the main thesis contributions for cybersecurity managers and practitioners:
1. the definition of a quantitative, verifiable, model-based approach to
ICT risk assessment and management. The approach is scenario based and
each scenario includes the target system and some intelligent attackers.
The proposed approach overcomes some well-known problems such as the
huge complexity of building a complete attack graph for each attacker,
2. being model based, the proposed methodology supports ICT risk
assessment and management at any time of the life of a system from its
design,
3. the definition of an integrated set of programming tools to automate
the adoption of the methodology. This supports the application of the
methodology even to complex ICT infrastructures.
4. the experimental validation of the methodology and of the tools
through a large number of assessment of real complex infrastructures.
Lilian Wu
January 16, 2017