Abstract

QuERIES offers a novel multidisciplinary approach to quantifying risk associated with security technologies resulting in investment-efficient cybersecurity strategies. R esearchers can use the QuERIES methodology to rigorously determine, for the first time, appropriate investment levels and strategies for the protection of intellectual property in complex systems. As a result, it can have a significant and immediate impact on the protection of critical IP, including weapons systems and chip designs, complex computer software, and databases containing personal and financial information. In this paper, initial testing of QuERIES in small-scale, realistic scenarios, were performed with results that suggest the methodology can significantly improve risk assessments in complex systems under attack by rational and capable adversaries. Such systems include software, hardware, and data critical to national security and industrial competitiveness. Consequently, it is believed that QuERIES has wide applicability within both the DoD and private sectors.