Making the Case for Cybersecurity
Each subclaim depicted in Figure 3-1— risk R, asset A, attacker At, attack Ts, undesired effect UE, vulnerability condition V, and security control C— is also an object in the linked knowledge graph and is formally characterized, ensuring traceability and semantic clarity.
The individual risk subclaims / objects are derived from the normalized system facts, as defined by SPECTRA. This structured model enables reasoning systems to identify, enumerate, and link together relevant facts and evidence from disparate sources: system models, threat intelligence databases, code analysis tools, and even runtime telemetry.
Figure 3-2: Risk caim with links to system facts.
3.4 RISK CLUSTERING AND COMPREHENSIVE ENUMERATION
Once risks are grounded in viable attacks, they can be comprehensively enumerated. The system builds risk clusters— interconnected graphs of logically attack claims and associated assets, impacts, and defenses. These clusters do not merely enumerate attack paths; they represent fully reasoned, evidence-backed narratives of how mission outcomes could be compromised, and under what circumstances. Figure 3-3 depicts the results of risk calculation.
Importantly, the framework separates:
• A technical feasibility claim, asserting that an attack is possible given current conditions.
• A likelihood claim, which incorporates threat environment and attacker modeling to estimate plausibility.
• A residual risk claim, which accounts for the presence and quality of mitigations.
This separation is what enables real-time integration of threat intelligence. The technical surface of the system does not change based on attacker capabilities— but the likelihood of exploitation
Journal of Innovation 45