Towards an ontology of state actors in cyberspace

TL;DR

This paper proposes developing a formal ontology of state actors and cyber operations to enhance cyber threat analysis through better data integration, reasoning, and intelligence reuse, connecting cybersecurity with legal and governmental domains.

Contribution

It introduces a plan to build and evaluate ontologies for state actors in cyberspace, integrating diverse data sources and connecting cybersecurity with related legal and institutional domains.

Findings

Metrics for evaluating existing cybersecurity ontologies

A plan for developing and extending ontologies

Enhanced integration and reasoning capabilities

Abstract

To improve cyber threat analysis practices in cybersecurity, I present a plan to build a formal ontological representation of state actors in cyberspace and of cyber operations. I argue that modelling these phenomena via ontologies allows for coherent integration of data coming from diverse sources, automated reasoning over such data, as well as intelligence extraction and reuse from and of them. Existing ontological tools in cybersecurity can be ameliorated by connecting them to neighboring domains such as law, regulations, governmental institutions, and documents. In this paper, I propose metrics to evaluate currently existing ontological tools to create formal representations in the cybersecurity domain, and I provide a plan to develop and extend them when they are lacking.