Improving information-network performance: Reliability versus invulnerability

As the information revolution continues, those who depend upon secure information-networks but cannot adequately protect them will become more vulnerable to tampering by an adversary. Prescriptive models used to recommend improvements to networks usually use reliability or flow as the Measure Of Effectiveness (MOE). Such measures will not give value to efforts that make a network component more difficult to exploit. Similarly, Risk Assessment Models (RAMs) are used to quantify the importance of a component to overall network performance (again measured in terms of reliability or flow) but do not prescribe improvement strategies. This study develops a prescriptive RAM that includes an MOE called invulnerability. This gives value to efforts that make a component more difficult to exploit. Results show that including the vulnerability MOE as a second criterion to complement the reliability MOE allows one to formulate component-hardening strategies. Furthermore, the Pareto-efficient frontier generated by trading off these two MOEs is very small. This helps to pinpoint specific components that should be improved or hardened for information security.