A Systems Thinking for Cybersecurity Modeling

Dingyu Yan
State Key Laboratory of Information Security, Institute of Information Engineering,
Chinese Academy of Sciences, Beijing, China
School of Cyber Security, University of Chinese Academy of Sciences, Beijing, China
yandingyu@iie.ac.cn

Abstract—Solving cybersecurity issues requires a holistic un- system and its constitutes [8] [9], such as defensive measures,
derstanding of components, factors, structures and their inter- human factors, security policy. Thus, the typical goals of the
actions in cyberspace, but conventional modeling approaches systems thinking for cybersecurity modeling are exemplified
view the field of cybersecurity by their boundaries so that we
arXiv:2001.05734v1 [cs.CR] 16 Jan 2020

are still not clear to cybersecurity and its changes. In this as follows: (1) discovering the multiple impact factors and
paper, we attempt to discuss the application of systems thinking their interacting effects; (2) investigating fundamental laws in
approaches to cybersecurity modeling. This paper reviews the cybersecurity; (3) exploring the theoretical and real solution
systems thinking approaches and provides the systems theories to the specific security issue; (4) evaluating effective attack
and methods for tackling cybersecurity challenges, regarding weapons and defense measures in the specific scenario.
relevant fields, associated impact factors and their interactions.
Moreover, an illustrative example of systems thinking frame- This article mainly urges the importance of systems thinking
works for cybersecurity modeling is developed to help broaden in cybersecurity modeling. Firstly, we analyze the primary
the mind in methodology, theory, technology and practice. This characteristics of cybersecurity and the challenges in cyber-
article concludes that systems thinking can be considered as security modeling in Section II. Then, Section III introduces
one of the powerful tools of cybersecurity modeling to find, systems thinking and explores how systems thinking is applied
characterize, understand, evaluate and predict cybersecurity.
Index Terms—Cybersecurity Modeling, Science of Cybersecu-
for cybersecurity modeling. Finally, we give an example of
rity, Systems Thinking, Holistic Approach systems frameworks for cybersecurity modeling in Section IV.

I. I NTRODUCTION II. C YBERSECURITY AS A C OMPLEX S YSTEM

Ever since the concept of ”cyberspace” is defined clearly, A. Characteristics of Cybersecurity
the boundary of security is extended to the real-world domain Cyberspace can be considered as the ultimate complex
related to digital technology rather than the only virtual adaptive system of interconnected heterogeneous components
environment created by computer networks [1]. Though there [10] [11], such as multiple types of networks, devices and
are already several works dedicated to cybersecurity modeling stakeholders, intertwined with human behavioral and technical
[2] [3], we still have a vague understanding on cybersecurity. factors, as shown in schematic figure Fig.1. In modeling this
Firstly, it is difficult to exploit and evaluate the synergies complex cybersecurity landscape, the four following charac-
among the defensive measures to enhance cybersecurity [4]. teristics are inevitable.
Despite the large investments in the security field from na- Complexity. Complexity is the most prominent characteris-
tion, enterprises and individuals, we cannot know whether tic of the cybersecurity and has infiltrated each part of the
these defensive measures can really work against cyberat- cybersecurity landscape [12] [13]. First of all, complexity
tacks. Secondly, the security system lacks the capacity to in cybersecurity embodies the diversity in security issues
measure its current security situation comprehensively and and the multiplicity in influence factors. Cybersecurity is
precisely. Nowadays, there is no set of the unified and accepted a complex intercross area, covering multiple fields, such
evaluation system and metrics for cybersecurity modeling. as society, economics, politics, information technology, etc.
Thirdly, systemic components, factors and their interaction are The cybersecurity issues are stemmed from these fields and
often ignored and omitted in several models [5]. The multiple are affected by the combination of factors. For example,
relationships and interaction among the components greatly Flame, an example of the advanced persistent threat attack
increase the difficulty of cybersecurity modeling and analysis. targeted Middle Eastern countries, is considered as the highly
To better understand the essential characters of cybersecu- sophisticated and well-planned nation-state cyberattack for
rity and resolve the cybersecurity challenges, several studies military and political motives. Moreover, the interrelationships
attempt to apply systems thinking approaches to the cyber- between components in cyberspace are extremely complicated.
security field [6] [7]. Systems thinking is considered to offer Each component could interact with others in each field.
a novel and comprehensive perspective to reveal the entire Especially, as the center of cyberspace, the human is the
process of cybersecurity as a system. Also, by these systems interface between the natural environment, human society and
thinking approaches, researchers plan to establish a conceptual information technology. The components of these three fields
framework for measuring and evaluating the cybersecurity such as social distance, network architecture clearly alter the
 Social Network and Individual Behavioral Factors
Incentive Resource Policy Law Awareness Risk Assessment Occupation

Criminology Norm Organization Regulation Communication Information

Family
Cooperati Attacker One-/Two-way Contact Defender
Social
on/Compe Communi Hobby
tition cation
…
Attack Benefits/ Defense Loss/
Strategy Feedback Strategy Feedback Firewall

Electronic Network Factors

Secure
Interaction Electronic Router
Combinati Attack Tool Network
Device
on/Decom Commu DMZ
position nication
Data
Server

0-day Operation Security Cryptographic Network

Protocol UAF Attack Architecture
Exploits System Level Scheme
… Network
Privilege Code Quality Vulnerability Physical Isolation
Topology
Information Technology Factors …

Fig. 1. The main components, impact factors and their interaction in Cybersecurity.

individual behavior and strategy, but, in turn, the participant do not always guarantee the same output.
can influence the dynamic change of components. Asymmetry. In cybersecurity, there always exists an asym-
Unpredictability. As interactions exist among components metry between the attacker and the defender [18]. This asym-
and joint effects of the multiple types of factors, the cyberse- metry is presented in the following three aspects. First, the
curity as a whole exhibits an unpredictability and complexity attacker is positive and proactive, while the defender is passive
[11]. First, the behavior, action and strategy of participants and reactive [19]. In general, the attacker makes enough prepa-
in cyberspace, either adversaries or users, are irrational, un- rations in advance, such as vulnerability scanning, intelligence
predictable and nonuniform [14]. Notably, smart hackers hide gathering, weaponization, which are ensured not clear to the
themselves by abandoning the conventional attack technology defender. Moreover, the defender must protect all possible
and method, so they are challenging to attribute definitively. points of the protected object at any time, while the attacker
Second, vulnerabilities and malfunctions in system and pro- can break through the meticulous defense disposition just by
tocol, sometimes, are imperceptible. This feature makes it one valid vulnerability. Second, the defender’s evaluation of
difficult for the defender to evaluate the system security his defense effectiveness is often faulty. As mentioned above,
and analyze the defense effectiveness quantitatively. Third, because it is difficult to estimate the effects of the specific
the cybersecurity system can exhibit the unpredictable emer- defense technology or method on the whole cybersecurity, the
gence [15]. As defined in terms of the system-level patterns, defender fails to measure the defense effectiveness comprehen-
emergence in cybersecurity refers to the new property and sively and accurately. Third, the cost of one attack is less than
macrocosmic phenomenon as a result of the interactions of that of defense. The defend requires an enormous investment
components in the microcosmic level. Thus, it is difficult for of money, labor and resource, regardless of researching new
us to evaluate the effectiveness of some specific attack and defense technology or establishing the early warning mech-
defense technologies on the whole cyberspace. anism for large-scale cyber attacks. However, these defense
Dynamics. To further understand the issues associated methods and technologies cannot guarantee to resist the cyber
with cybersecurity, one must be knowledgeable about the attack completely.
evolution of each component [16]. On the one hand, the
state of every component and each interaction between every B. Challenges of Cybersecurity Modeling
two components changes dynamically over time. Especially At present, cybersecurity modeling is still in its infancy.
for participants in cyberspace, their behavior and strategy The existing models and methods are limited to the technical
may be dynamical and inconsistent [14]. On the other hand, security study, aiming to address the specific technical problem
the dynamics of cybersecurity is the prerequisite of system by the technology and approaches [32]. For example, the
emergence [17]. The same input and environmental conditions modern cryptographic scheme is to solve the problem of
 TABLE I
S YSTEMS T HINKING T HEORIES AND M ETHODS

Theories

Item Key Research Description

Systems Theory [7] [20] Systems Theory is an interdisciplinary methodology which employs several systems approaches to
investigating the systems structure, understanding the complex phenomenon and solving the relevant
problems.
Game Theory [21] [22] Game Theory attempts to explain the interacting strategy of the players with respect to the utilities
of other rational players. In the security game model, the attacker and defender act as the players in
the game theory.
Cybernetics [23] [24] Cybernetics is a broad study of both living and non-living systems guided by principles of feedback,
control, and communications.
Catastrophe Catastrophe Theory is a mathematical theory for explaining the abrupt changes and discontinuities
Theory of state (E.g., server crash, defense failure).
Behaviorism [25] [26] [27] Behaviorism is a learning approach which focuses on the human behavior in cyberspace.

Methods

Item Key Research Description

Dynamics [16] [28] Dynamics is a system methodology technique to model the system problems by dealing with stocks,
follows and feedback loops that affect the behavior of the entire system over time.
Network [29] [30] Network analysis is both a theoretical approach and methodological tool for understanding the
Analysis interactions between the actors, exploring the network structure effects and studying the relevant
factors.
Agent-based [31] Agent-based model is a way to model or simulate the complex system constituted by autonomous,
Model interacting agents (e.g., individual, group). The heterogeneity in agents’ strategy decision and
complicated interactions between agents can result in the unpredicted results of the system as whole.

preventing the malicious party from obtaining private in- as the static game, dynamic game, Bayesian game, is often
formation. Confidentiality, integrity and availability are the applied to investigate the interaction between the attacker and
core aspects of the cryptography [33]. Based on where the defender [21] [22]. In the Stackelberg Security Game (SSG),
security technique works, it often classifies these technical where a leader makes a decision first and then a follower
studies into three classes: applications-based, hosts-based and reacts subject to the leader’s action, the attacker acts as the
network-based security technical studies. For instance, code follower, and the defender acts the role of the leader. However,
injection is the applications-based study and firewall belongs there are still many theoretical and technical difficulties that
to both network-based and host-based security study. Though need to be tackled in characterizing individual behaviors in
abundant technical works have made significant contributions cybersecurity. For example, human cognitive bias, gambler
to the research field of information security, there are still psychology, and the heterogeneity, dynamics and uncertainty
several typical challenges technical study: (1) the formalized in individual strategy decision can make the conventional
description of the technical problems in cybersecurity; (2) method difficult, even invalid, for investigating the role of
the unified pattern of the quantitative and qualitative analysis human factors in cybersecurity [14].
towards the security technology; (3) coupling the theoretical
The cybersecurity study also needs to address the cyber-
guidance with the security technology and practice.
physical security issues, such as industry control systems,
Generally speaking, cybersecurity study should involve the laws and regulations, cybercrime. Playing an essential role
all relevant factors in the fields of politics, society, economy in financial services, power grid, transportation and medical
and culture, covering the theory, technology and practices. system, industry control systems are often selected as targeted
Fig.1 demonstrates the cybersecurity is rather a complex sys- for cyberattacks [36], especially advanced persistent threat
tem, where the multiple components, factors and environment attacks. These cyberattacks tend to disrupt the order of the
are interacted and twisted. Thus, cybersecurity modeling is nation, cause public panic and disorder [37]. For example,
broader than mere technical study. Recently, researchers have Stuxnet, a sophisticated malware with four 0-day exploits
become interested in the human behavior factors in cyberse- targeting the Windows system and one targeting SCADA,
curity. The Data Breach Investigations Report (DBIR) from delayed the process of Iranian nuclear program [38]. In
Verizon [34] represented that human factor continues to be a December 2015, a cyberattack on Ukraine power grid by Black
major issue accounting for the most incidents in enterprise. In Energy group took place, and about 225 thousand customers
cybersecurity, humans play as both developers and users for lose power before Christmas [39]. In order to the fields as
the security products; act as both adversaries and victims for mentioned above, other specialists strive for a systematic
the cyber attack-defense [35]. For example, game theory, such set of cybersecurity metrics to define, measure and quantify
 TABLE II
R ELEVANT S TAKEHOLDERS IN C YBERSECURITY

Stakeholders clusters Constituent Sub-system Description

Government Ministries, law enforcements, regulatory As policy system from the perspective of government
agencies
Academia Universities, research institutes As research system from the perspective of security researchers
Private Sectors Information security enterprises, computer As market system from the perspective of providers of security services
and network companies and products
Infrastructure Internet service providers, urban managers As urban manage system from the infrastructure managers and planners

cybersecurity [4] [40]. thinking to gain insight into cybersecurity from a holistic
perspective, rather complement the conventional approach in
III. A PPLY S YSTEMS T HINKING TO C YBERSECURITY some deficiencies. Thus, this radical shift in cybersecurity
M ODELING modeling is requisite.
A. What is Systems Thinking B. Systems Theories and Methods
System thinking is a holistic approach intended to analyze Cybersecurity modeling is a scientific way to make the
how the parts of the system interact and how the emergence cybersecurity and its related activities to represent, define,
changes as a whole entity [41]. Unlike the reductionist think- quantify and understand easier. For one proper research, in our
ing, which actually treats the world from a static, simple and view, the model is as equally significant as the experimentation
one-sided perspective, this holistic thinking emphasizes the and results analysis [44]. Thus, one of the difficulties in sys-
complexity, dynamism and entirety of the system, as well tems thinking for cybersecurity modeling is which theories and
as the interconnected and multifaceted relationships between scientific methods should be most applicable in the cyberse-
the system components [42] [43]. Systems thinking arose curity model, with respective with different research scenarios
in the early 20th century and now has been used to the and purposes. Systems thinking provides a logical method
diverse research fields, such as public health, environmental to view the cybersecurity from the guidance of the systems
protection, urban management and international relationship. theories, such as system theory, cybernetics and game theory,
Nowadays, a tiny amount of researchers attempt to implement to the assistance and analysis of relevant scientific methods,
this systems thinking to the cybersecurity study [6] [7]. such as network analysis, dynamics and agent modeling from
In our opinion, the best study for finest and resilient the particular perspective.
cybersecurity modeling needs to consider the systems thinking Table I lists a few typical theories and scientific methods
approaches at this stage. On the one hand, systems thinking often used in the cybersecurity models briefly. There are
for cybersecurity does not only treat a particular area of cy- many theories in systems thinking which refer to a set of
berspace, but allows for the cybersecurity of the whole entity. contemplative and rational type of thinking, ideas and princi-
This holistic approach to cybersecurity is more readily able ples from a specific perspective. Meanwhile, a wide range of
to identify and understand the cybersecurity system, describe scientific methods are applied to establish the system models,
the interaction among cyberspace components, predict the understand the interactions among multiple actors, analyze the
evolution of cybersecurity actually and help us address the phenomena, find the explanations and predict the future. Thus,
cybersecurity issues effectively [6]. Systems thinking helps the theories and methods in one proper research are needed to
broaden the cybersecurity study scope to integrate people, tackle with specific complex cybersecurity issues.
environment, government and other vital aspects. On the
other hand, unlike the traditional enumerative and analyt- C. Relevant Stakeholders in Cybersecurity
ical methods, which focus the linear and static causality At the center of the cybersecurity system, stakeholder
from an individual perspective, systems thinking emphasizes involves all aspects of the cybersecurity. They are not only
on the complexity in the interaction of constituents of the the ties between all sub-systems in cybersecurity, but also act
cyber system. Despite conventional approaches have made the driving force of cybersecurity. One of the vital aspects in
significant achievements in network security technology and systems thinking for cybersecurity modeling revolves around
cryptology, e.g., detection & prevention technology and public who are the relevant stakeholders in cybersecurity and how
key cryptography [33], these traditional approaches are not these stakeholders interact.
enough for us to depict, characterize and predict the cyberse- Not all stakeholders in cyberspace required to be consid-
curity issue and its evolution. In this systems perspective, the ered in cybersecurity modeling. Table II lists four typical
purpose of cybersecurity modeling is to promote the whole stakeholder clusters. Relevant stakeholders in the cybersecurity
security situation of cyberspace rather just deal with a specific may include: government agencies; academia, standardization
technological challenge. This requires us to apply the systems information security enterprises, private sectors, infrastructures
 Problem-driven
Study

Mathematical
Modeling

(1)Hypothesis
(7)Implementation (6)Solution
(3)Complem- Real Goal-
Practice Inference directed
entation World Study
(8)Feedback (9)Validation

(2)Observation Technical Study

Empirical
Modeling

Data-/event-/case-
driven Study

Fig. 2. An illustrative example of systems thinking approach for cybersecurity modeling

and users. Each group of stakeholders can be considered to act which aims to find the optimal methods and solution for
as the sub-system, which has its own role in cybersecurity. the real cybersecurity.
• Practice is a process of study, development and imple-
IV. A N E XAMPLE OF S YSTEMS F RAMEWORK FOR mentation of the real cybersecurity solution under the
C YBERSECURITY M ODELING guidance of analytic results. This belongs to one aspect of
the technical study, which aims to covert the theoretical
Currently, cybersecurity researchers usually establish the
analysis to the real cybersecurity techniques or tools, and
cybersecurity model based on research fields with which they
then apply to the real cyberspace scenario.
are familiar. In this section, we provide a typical systems
framework for cybersecurity modeling in Fig.2. This schematic Mathematical models and empirical models are two signifi-
framework outlines five essential elements: cant aspects of cybersecurity modeling. A mathematical model
• Real World includes both the physical and virtual as- is an abstraction or simplification of a real-world cybersecurity
pects of both the cyberspace. It not only includes the system and scenario, and mathematical modeling is one of the
embodiment of concepts, parameters and equations in the processes to perform this abstraction and simplification from
mathematical model, but also provides the observations the real-world cybersecurity by various mathematical tools.
for the empirical models, such as data, events and cases. Notably, both the mathematical modeling and its future analy-
• Mathematical Modeling is a type of theoretical approach sis are based on the hypotheses for the basic framework of the
to translating the behavior of the cybersecurity system models (Step (1)) [5]. Then, one of the most challenges in this
into exact formulations by mathematical concepts and modeling is to find an appropriate mathematical language to
language. The mathematical model aims to represent what establish this framework, including the mathematical equation,
is the real-world cybersecurity problem and how the variables, function and so on [9]. Empirical modeling mainly
cybersecurity system evolves. depends on empirical data in cybersecurity, such as security
• Empirical Modeling is a typical study approach es- events, cyberattack cases, experiment results, observed and
tablished from observations of cybersecurity system by obtained from the real-world cybersecurity (Step(2)) [45].
measuring the system outputs, such as relevant data, Without the specific theory and mathematical equation, this
security event or cyberattack case. Its goals include model is challenging to adopt the theoretical analysis. How-
finding out the empirical rule or characterization of the ever, the hypothesized laws and equations in mathematical
real observation, depicting the current network security models describe the idealized system-level or network-level
situation and estimating the probabilistic future trends. situations and often fail to apply to the complex cyber-level
• Inference refers to the process of concluding by a series situation. The empirical model is considered as the highly
of analytical methods and tools. Driven by the specific feasible approach in cybersecurity modeling. Although these
issue in cybersecurity, the inference is a purposive action, two modeling approaches seems different owing to the dif-
ferent perspective, they can complement each other (Step(3)). R EFERENCES
The empirical data are the significant source in mathematical
[1] D. Craigen, N. Diakun-Thibault, and R. Purse, “Defining cybersecurity,”
modeling, while the mathematical model, in turn, can help Technology Innovation Management Review, vol. 4, no. 10, 2014.
refine the empirical model. [2] H. Al-Mohannadi, Q. Mirza, A. Namanya, I. Awan, A. Cullen, and
The mathematical modeling and empirical modeling help J. Disso, “Cyber-attack modeling analysis techniques: An overview,” in
2016 IEEE 4th International Conference on Future Internet of Things
to translate the complex cybersecurity environment into a and Cloud Workshops (FiCloudW). IEEE, 2016, pp. 69–76.
descriptive model, which is easy for researchers to define, [3] X. Koutsoukos, G. Karsai, A. Laszka, H. Neema, B. Potteiger, P. Vol-
understand and infer by relevant knowledge. Next, researchers gyesi, Y. Vorobeychik, and J. Sztipanovits, “Sure: A modeling and
simulation integration platform for evaluation of secure and resilient
need to analyze the cybersecurity models further and explore cyber–physical systems,” Proceedings of the IEEE, vol. 106, no. 1, pp.
the solutions to the specific cybersecurity issue. Deduction 93–112, 2017.
(Step (4)) always begins with the assumptions, axioms and [4] R.-R. Xi, X.-C. Yun, Y.-Z. Zhang, and Z.-Y. Hao, “An improved
quantitative evaluation method for network security,” Chinese Journal
equations in the mathematical models. The conclusion from of Computers, vol. 38, no. 4, pp. 749–758, 2015.
deduction follows with certainty if the premise meets the [5] C. Herley and P. C. Van Oorschot, “Sok: Science, security and the elusive
observations of the real-world. By contrast, the inductive infer- goal of security as a scientific pursuit,” in 2017 IEEE Symposium on
Security and Privacy (SP). IEEE, 2017, pp. 99–120.
ence (Step (5)) is directly derived from empirical observations
[6] W. Young and N. Leveson, “Systems thinking for safety and security,”
of the real world. For example, the efficient defense measure in Proceedings of the 29th Annual Computer Security Applications
to the current typical cyberattack is no guarantee against Conference. ACM, 2013, pp. 1–8.
encountering the new one [9]. Based on the above inferences, [7] H. M. Salim, “Cyber safety: A systems thinking and systems theory
approach to managing cyber security risks,” Ph.D. dissertation, Mas-
the solutions or tools to the specific cybersecurity issue (Step sachusetts Institute of Technology, 2014.
(6)) are proposed and then implemented to tackle with the [8] E. National Academies of Sciences, Medicine et al., Foundational Cy-
real-world cybersecurity (Step (7)). bersecurity Research: Improving Science, Engineering, and Institutions.
National Academies Press, 2017.
As mentioned in Section II, it is too difficult to predict [9] J. M. Spring, T. Moore, and D. Pym, “Practicing a science of security:
the effects of the solution from the analytic inference and a philosophy of science perspective,” in Proceedings of the 2017 New
its implementation because the real-world cybersecurity is Security Paradigms Workshop. ACM, 2017, pp. 1–18.
[10] P. W. Phister Jr, “Cyberspace: The ultimate complex adaptive system,”
complex and subtle. Therefore, an entire cybersecurity model OFFICE OF THE ASSISTANT SECRETARY OF DEFENSE WASH-
needs the feedback from cyberspace (Step (8)) [23], adds the INGTON DC COMMAND AND , Tech. Rep., 2011.
validation to the analytic inference method (Step (9)) and [11] E. Rzeszutko and W. Mazurczyk, “Insights from nature for cybersecu-
rity,” Health security, vol. 13, no. 2, pp. 82–87, 2015.
finally provides the improvement to both the mathematical and [12] D. M. Dunlavy, B. Hendrickson, and T. G. Kolda, “Mathematical
empirical modeling (Step (10) and (11)). The cybersecurity challenges in cybersecurity,” Sandia Report, February, 2009.
model and its analytic inference can help guide the practice [13] R. Armstrong, J. Mayo, and F. Siebenlist, “Complexity science chal-
lenges in cybersecurity,” Sandia National Laboratories SAND Report,
in cyberspace, in turn, the feedback from the cybersecurity 2009.
practice can verify the validity of the analysis and improve [14] A. Oltramari, D. S. Henshel, M. Cains, and B. Hoffman, “Towards a
the current models. human factors ontology for cyber security.” in STIDS, 2015, pp. 26–33.
[15] S. Xu, “Emergent behavior in cybersecurity,” arXiv preprint
arXiv:1502.05102, 2015.
[16] ——, “Cybersecurity dynamics,” arXiv preprint arXiv:1502.05100,
V. C ONCLUSION 2015.
[17] D. Yan, F. Liu, Y. Zhang, and K. Jia, “Dynamical model for individ-
Systems thinking allows us to think about cybersecurity ual defence against cyber epidemic attacks,” Iet Information Security,
vol. 13, no. 6, pp. 541–551, 2019.
modeling in a holistic and rational perspective. On the one [18] K. Geers, “The challenge of cyber attack deterrence,” Computer Law &
hand, systems thinking provides a conceptual blueprint or Security Review, vol. 26, no. 3, pp. 298–303, 2010.
framework for cybersecurity, where the components, factors [19] G. L. Cai, B. S. Wang, H. U. Wei, and T. Z. Wang, “Moving target
defense:state of the art and characteristics,” Frontiers of Information
and environments are integrated dynamically. The cyberse- Technology and Electronic Engineering, vol. 17, no. 11, pp. 1122–1153,
curity modeling with the systems approach helps us better 2016.
understand and characterize the cybersecurity issues, such [20] S. M. Tisdale, “Cybersecurity: Challenges from a systems, complexity,
knowledge management and business intelligence perspective.” Issues
as unpredictability, complexity, emergence, asymmetry and in Information Systems, vol. 16, no. 3, 2015.
dynamics, which are often ignored in most the current cyberse- [21] M. H. Manshaei, Q. Zhu, T. Alpcan, T. Bacşar, and J.-P. Hubaux, “Game
curity study. On other hand, through a set of analytic methods theory meets network security and privacy,” ACM Computing Surveys
(CSUR), vol. 45, no. 3, p. 25, 2013.
and real tools in modeling, inference and practice, systems
[22] C. T. Do, N. H. Tran, C. Hong, C. A. Kamhoua, K. A. Kwiat, E. Blasch,
thinking offers an innovative and universe roadmap to solve S. Ren, N. Pissinou, and S. S. Iyengar, “Game theory for cyber security
the specific cybersecurity problems, so that we can not only and privacy,” ACM Computing Surveys (CSUR), vol. 50, no. 2, p. 30,
obtain the theoretical conclusion and the corresponding real- 2017.
[23] M. D. Adams, S. D. Hitefield, B. Hoy, M. C. Fowler, and T. C. Clancy,
world solutions, but also validate the analytic conclusion and “Application of cybernetics and control theory for a new paradigm in
then improve the theoretical model. In this paper, despite we cybersecurity,” arXiv preprint arXiv:1311.0257, 2013.
highlight that systems thinking should be the necessary foun- [24] T. Vinnakota, “A cybernetics paradigms framework for cyberspace:
Key lens to cybersecurity,” in 2013 IEEE International Conference
dation for cybersecurity modeling, the cybersecurity modeling on Computational Intelligence and Cybernetics (CYBERNETICSCOM).
with systems thinking still has a long way to go. IEEE, 2013, pp. 85–91.
[25] B. K. Wiederhold, “The role of psychology in enhancing cybersecurity,”
2014.
[26] J. L. Marble, W. F. Lawless, R. Mittu, J. Coyne, M. Abramson, and
C. Sibley, “The human factor in cybersecurity: Robust & intelligent
defense,” in Cyber Warfare. Springer, 2015, pp. 173–206.
[27] M. Anwar, W. He, I. Ash, X. Yuan, L. Li, and L. Xu, “Gender dif-
ference and employees’ cybersecurity behaviors,” Computers in Human
Behavior, vol. 69, pp. 437–443, 2017.
[28] R. Zheng, W. Lu, and S. Xu, “Active cyber defense dynamics exhibiting
rich phenomena,” in Proceedings of the 2015 Symposium and Bootcamp
on the Science of Security. ACM, 2015, p. 2.
[29] R. J. La, “Role of network topology in cybersecurity,” in 53rd IEEE
Conference on Decision and Control. IEEE, 2014, pp. 5290–5295.
[30] R. E. Pino, Network science and cybersecurity. Springer, 2014.
[31] J. M. Such, N. Criado, L. Vercouter, and M. Rehak, “Intelligent cyber-
security agents [guest editors’ introduction],” IEEE Intelligent Systems,
vol. 31, no. 5, pp. 3–7, 2016.
[32] G. B. White, E. A. Fisch, and U. W. Pooch, Computer system and
network security. CRC press, 2017.
[33] W. Stallings, Cryptography and network security: principles and prac-
tice. Pearson Upper Saddle River, 2017.
[34] Verizon. (2018) 2018 data breach investigations report.
[35] D. Yan, F. Liu, Y. Zhang, K. Jia, and Y. Zhang, “Characterizing the
optimal attack strategy decision in cyber epidemic attacks with limited
resources,” in International Conference on Science of Cyber Security.
Springer, 2018, pp. 65–80.
[36] S. McLaughlin, C. Konstantinou, X. Wang, L. Davi, A.-R. Sadeghi,
M. Maniatakos, and R. Karri, “The cybersecurity landscape in industrial
control systems,” Proceedings of the IEEE, vol. 104, no. 5, pp. 1039–
1057, 2016.
[37] D. Yan, F. Liu, and K. Jia, “Modeling an information-based advanced
persistent threat attack on the internal network,” in ICC 2019-2019 IEEE
International Conference on Communications (ICC). IEEE, 2019, pp.
1–7.
[38] M. Ask, P. Bondarenko, J. E. Rekdal, A. Nordbø, P. Bloemerus, and
D. Piatkivskyi, “Advanced persistent threat (apt) beyond the hype,”
Project Report in IMT4582 Network Security at GjoviN University
College, 2013.
[39] G. Liang, S. R. Weller, J. Zhao, F. Luo, and Z. Y. Dong, “The 2015
ukraine blackout: Implications for false data injection attacks,” IEEE
Transactions on Power Systems, vol. PP, no. 99, pp. 1–1, 2016.
[40] M. Pendleton, R. Garcia-Lebron, J. H. Cho, and S. Xu, “A survey on
systems security metrics,” Acm Computing Surveys, vol. 49, no. 4, p. 62,
2016.
[41] R. D. Arnold and J. P. Wade, “A definition of systems thinking: a systems
approach,” Procedia Computer Science, vol. 44, pp. 669–678, 2015.
[42] D. De Savigny and T. Adam, Systems thinking for health systems
strengthening. World Health Organization, 2009.
[43] S. Xia, X.-N. Zhou, and J. Liu, “Systems thinking in combating
infectious diseases,” Infectious diseases of poverty, vol. 6, no. 1, p. 144,
2017.
[44] V. D. Veksler, N. Buchler, B. E. Hoffman, D. N. Cassenti, C. Sample,
and S. Sugrim, “Simulations in cybersecurity: A review of cognitive
modeling of network attackers, defenders, and users,” Frontiers in
psychology, vol. 9, p. 691, 2018.
[45] C. Herley and P. C. Van Oorschot, “Science of security: Combining
theory and measurement to reflect the observable,” IEEE Security &
Privacy, vol. 16, no. 1, pp. 12–22, 2018.