Mission-Centric Countermeasure Selection in Cybersecurity Situation Awareness Systems

Yousefi Mashhour, Sajed; Dehghan, Motahareh; Sadeghian, Babak; Hashemi Golpayegani, Alireza

doi:10.22042/isecure.2026.240523

Mission-Centric Countermeasure Selection in Cybersecurity Situation Awareness Systems

Articles in Press

Document Type : Research Article

Authors

Sajed Yousefi Mashhour ¹

Motahareh Dehghan ²

Babak Sadeghian ³

Alireza Hashemi Golpayegani ³

¹ Department of Management, Science and Technology, Amirkabir University of Technology, Tehran, Iran.

² Department of Industrial Engineering, Tarbiat Modares University, Tehran, Iran.

³ Department of Computer Engineering, Amirkabir University of Technology, Tehran, Iran.

10.22042/isecure.2026.240523

Abstract

Selecting optimal cybersecurity countermeasures requires integration with mission-critical objectives beyond technical risk minimization. This paper presents a mission-centric framework for countermeasure selection in cybersecurity situation awareness systems by extending the RiskMAP methodology with agent-based and discrete-event simulation. The framework employs a multi-criteria decision-making approach based on the Confidentiality, Integrity, and Availability (CIA) triad, weighing mission objectives and mapping vulnerabilities and threats using MITRE ATT&CK and D3FEND taxonomies. Candidate countermeasures are evaluated considering risk reduction, implementation cost, operational impact, and mission alignment. We demonstrate the approach through a case study on a critical infrastructure organization’s network modeled in AnyLogic. Results show improved alignment between security posture and organizational priorities while maintaining effective risk reduction, outperforming traditional methods. This framework enables quantitative visualization and optimization of security investments relative to mission continuity. All simulation models, data, and scripts are openly available to support reproducibility.

Keywords

Cybersecurity

Countermeasure Selection

Mission-Centric Security

Agent-Based Modeling

Multi-Criteria Decision Making

[1] M. R. Endsley. Toward a Theory of Situation Awareness in Dynamic Systems. Human Factors, 1995.

[2] H. Tianfield. Cyber Security Situational Awareness. In Proceedings of the 2016 IEEE International Conference on Internet of Things, 2016.

[3] P. Nespoli, D. Papamartzivanos, F. G´omez M´armol, and G. Kambourakis. Optimal Countermeasures Selection Against Cyber Attacks: A Comprehensive Survey on Reaction Frameworks. IEEE Communications Surveys & Tutorials, 2018.

[4] V. Viduto, C. Maple, W. Huang, and D. Lo´pezPer´ez. A novel risk assessment and optimisation model for a multi-objective network security countermeasure selection problem. Decision Support Systems, 2012.

[5] F. Li, Y. Li, S. Leng, Y. Guo, K. Geng, Z. Wang, and L. Fang. Dynamic countermeasures selection for multi-path attacks. Computers & Security, 2020.

[6] F. ¨O. S¨onmez and B. G. Kılı¸c. A Decision Support System for Optimal Selection of Enterprise Information Security Preventative Actions. IEEE Transactions on Network and Service Management, 2021.

[7] A. Shameli-Sendi, H. Louafi, W. He, and M. Cheriet. Dynamic Optimal Countermeasure Selection for Intrusion Response System. IEEE Transactions on Dependable and Secure Computing, 2018.

[8] J. Watters, S. Morrissey, D. Bodeau, and S. C. Powers. The Risk-to-Mission Assessment Process (RiskMAP): A Sensitivity Analysis and an Extension to Treat Confidentiality Issues. Technical report, 2009.

[9] MITRE ATT&CK Framework. [Online], 2024. Available: https://attack.mitre.org/ [Accessed: May 2024].

[10] MITRE D3FEND Knowledge Graph. [Online], 2024. Available: https://d3fend.mitre.org/ [Accessed: May 2024].

[11] Common Vulnerabilities and Exposures (CVE). [Online Database], 2024. Available: https:// www.cve.org/ [Accessed: May 2024].

[12] A. Shameli-Sendi and M. Dagenais. ORCEF: Online response cost evaluation framework for intrusion response system. Journal of Network and Computer Applications, 2015.

[13] Nessus Vulnerability Scanner. [Software]. Available: https://www.tenable.com/products/ nessus.

[14] A. Mahdavi. The Art of Process-Centric Modeling with AnyLogic. AnyLogic Company, 2019.

[15] S. FarahaniNia, B. Sadeghiyan, M. Dehghan, and S. Niksefat. Impact Assessment for Cyber Security Situation Awareness. International Journal of Information & Communication Technology Research, 15(3), 2023.

[16] M. Dehghan, A. Mahdi Zadeh, and B. Sadeghian. A Model to Measure Effectiveness in Cyber Security Situational Awareness. Computer and Knowledge Engineering, 7(1):17–26, 2024.

[17] AnyLogic: Multimethod Simulation Software. [Software]. Available: https://www.anylogic. com/.

[18] I. Grigoryev. The Big Book of Simulation Modeling: Multimethod Modeling with AnyLogic 6. AnyLogic North America, 2013.

[19] ISO/IEC 18033: Information technology – Security Techniques – Encryption algorithms, 2015.

[20] NIST Special Publication 800-56C Revision 2: Recommendation for Key Derivation through Entropy Extraction and Expansion. Technical report, National Institute of Standards and Technology, April 2020.