CyberSAGE: An Integrative Security Assessment Tool for Critical Infrastructure Systems


CyberSAGE (Cyber Security Argument Graph Evaluation) tool supports the integrative security assessment of complex critical infrastructure systems, such as power grids and metros. By using CyberSAGE, security practitioners can integrate diverse inputs from different experts —- including domain-specific threat scenarios and process models, system architectures, security controls, and attacker models —- to reason about a system’s overall security posture. In particular, CyberSAGE can automatically link these diverse types of information together to form a “security argument graph”, which provides an intuitive way for security analysts to visualize and argue about the different cyber security risks a system is facing. CyberSAGE also helps inform the selection of suitable security controls to mitigate these risks. More information about CyberSAGE is available at