Accession Number:



RAND's Scalable Warning and Resilience Model (SWARM): Enhancing Defenders' Predictive Power in Cyberspace

Descriptive Note:

[Technical Report, Technical Report]

Corporate Author:


Report Date:


Pagination or Media Count:



The evolving cyber threat landscape requires rapidly and constantly adapting cyberdefense solutions. The current strategies that defenders employ are based predominantly on detecting cyber incidents at the early or later stages of a cyberattack cycle but seldom prior to the delivery of a weaponized payload to the defenders networks. Other initial stages of a cyberattack cyclethe adversary conducting reconnaissance on the target, testing capabilities, establishing and maintaining infrastructure, or potential geopolitical trigger events occurringare not typically factored into defenders calculations when predicting or preventing cyber incidents. As a result, the model introduced in this report intends to enhance the predictive and anticipatory capabilities available to cyber defenders while also augmenting resilience by improving preventions and detections as early in Lockheed Martins Cyber Kill Chain framework as possible.

Subject Categories:

  • Computer Systems Management and Standards

Distribution Statement:

[A, Approved For Public Release]