If you have not read Part-1 or Part-2 please see the links

So, thanks to COVID, we are now all experts on calculating risk, understanding statistics and threats to our survival. The core of today's way of life is a reliance on science and trusting statistical models. So what are the different ways of predicting the threat, of an unknown enemy?

The best single way of achieving this is via Threat Modelling.

Initially, as we saw the UK Government strategy was one of predicting progress against known past threats using what is termed 'Discriminative Models' or one that observes the past to predict the future, and we have seen the potential inaccuracies. The parallel here with Cyber is that previously the perimeter firewall and anti-virus was the key control (it's still a control), ports, IPs and known bad were blacklisted, and threats were generic categories.

The latest developments in COVID response are focusing on what is termed 'Generative Models' or models that don't need the past, just a way of rapidly testing today against a model of knowledge. This is the method behind the rise of Quantum Computing (a very hard-won understanding...hats off to DC151). 

These two methods, Discriminative and Generative, are analogous with the Revolution in Cyber Affairs that the BoE brought into the mainstream in 2013. They describe a past state of analysis based on historic data, i.e. you should implement a firewall according to Standard X, make it bigger and patch the holes. To one of analysing dynamic methods of attack, i.e. you should implement a firewall according to Standard Y, just make it sing and apply weighting to results based on what evil could look like based on collective experience.

Observed from afar each country was dealing with the pandemic as best as they could, armed with limited information. The world has learnt that a static and discriminative approach to a pandemic does not work, we need a generative approach based on an ever-developing flexible model, and the same applies to cybersecurity.

Threat Modelling in Cyber means to me, generating scenarios or models based on experience and current threat intelligence, then best-fit control selection, while adding random events and branches to robustly test the expected outcomes. This combined with solid real-time monitoring of the gaps, is an effective and forward facing defensive posture.

To discover more about Threat Modelling please subscribe or email us at:

get-help@enticecybersolutions.co.uk