QISS: Quantum-Enhanced Sustainable Security Incident Handling in the IoT

Abstract

As the Internet of Things (IoT) becomes more integral across diverse sectors, including healthcare, energy provision and industrial automation, the exposure to cyber vulnerabilities and potential attacks increases accordingly. Facing these challenges, the essential function of an Information Security Management System (ISMS) in safeguarding vital information assets comes to the fore. Within this framework, risk management is key, tasked with the responsibility of adequately restoring the system in the event of a cybersecurity incident and evaluating potential response options. To achieve this, the ISMS must evaluate what is the best response. The time to implement a course of action must be considered, as the period required to restore the ISMS is a crucial factor. However, in an environmentally conscious world, the sustainability dimension should also be considered to choose more sustainable responses. This paper marks a notable advancement in the fields of risk management and incident response, integrating security measures with the wider goals of sustainability and corporate responsibility. It introduces a strategy for handling cybersecurity incidents that considers both the response time and sustainability. This approach provides the flexibility to prioritize either the response time, sustainability or a balanced mix of both, according to specific preferences, and subsequently identifies the most suitable actions to re-secure the system. Employing a quantum methodology, it guarantees reliable and consistent response times, independent of the incident volume. The practical application of this novel method through our framework, MARISMA, is demonstrated in real-world scenarios, underscoring its efficacy and significance in the contemporary landscape of risk management.

1. Introduction

In current society, Cyber-Physical System (CPS) and Internet of Things (IoT) environments play an increasingly important role. These connected devices enable interaction between the physical and digital worlds. They include computing, storage and communication functions that enable them to manage objects in the physical world  [1,2] and provide services that deliver significant benefits in numerous areas such as healthcare, energy supply, transportation, industrial automation and smart homes [3,4,5,6].

However, their fast evolution and adoption has led to many of them being designed and launched into the market without adequate attention to security aspects, resulting in an increased number of vulnerabilities that can be exploited by malicious actors. In addition, the wide variety and large number of connected devices further increase the threat landscape. From security cameras and smart home appliances to vehicles and industrial systems, all these devices can be potential targets for cyber attacks. Heterogeneity in terms of manufacturers, communication protocols and operating systems makes it difficult to implement consistent and effective security measures across the entire CPS and IoT infrastructure [7,8].

Therefore, CPS and IoT systems present significant challenges in terms of security that should be adequately addressed; otherwise, there would be considerable consequences in terms of security and privacy. On the one hand, their application areas often correspond to critical infrastructures, where the disruption or compromise of these systems can have devastating consequences, ranging from disruptions to public services to risks to security and human life. On the other hand, they collect and process large amounts of sensitive data, such as personal information, health data or confidential business data. Lack of security in these systems can result in data leaks, theft of personal or financial information and potential reputational damage to organizations.

To address these threats, the ISO/IEC 27.001 standard establishes key guidelines. According to this standard, an Information Security Management System (ISMS) is central to an overall management structure that seeks to preserve the security of information within organizations. By implementing an ISMS, organizations can establish policies, processes and controls to protect their critical information assets. This allows them to mitigate risks and safeguard the confidentiality, integrity and availability of the sensitive data they handle.

Risk management plays a fundamental role within an ISMS and in the current scenario, in which cybersecurity incidents are increasing in both intensity and impact, making both methodologies and tools that allow companies to address, understand and manage their cybersecurity risk in an adequate manner necessary [9,10,11].

Risk assessment and risk management solutions face challenges in their applicability and effectiveness. Lack of awareness and inaccurate risk assessments contribute to the majority of security incidents [12]. Moreover, current approaches offer a static view of risks, despite the fact that risks are dynamic and evolve along with threats and vulnerabilities [13].

To overcome these limitations, in previous works, we have developed a methodology called “MARISMA” (Methodology for the Analysis of Risks in Information Systems using Meta-Patterns and Adaptability) [14] supported by a technological environment called “eMARISMA” (www.emarisma.com, accessed on 26 March 2024). MARISMA is a methodology based on the reuse of knowledge for RAM purposes using structures known as “patterns” that allow different types of cases to be supported. In this sense, a pattern was developed to manage and control risks in CPSs considering the inherent needs of this type of systems (MARISMA-CPS) [15]. This template is based on the main standards and recommendations for CPSs, the IoT and risk management (ISO/IEC 27.000 and IEC 62443, ENISA (Ross, 2017) and the CPS framework by NIST (Griffor, 2017)).

However, there are still many challenges to be addressed. Systems are exposed to a large number of incidents on a daily basis that need to be corrected to restore system security. But each incident can be resolved by applying various courses of actions, and it is necessary to have mechanisms in order to select the most appropriate response.

In a previous work [16], we developed a quantum algorithm that selects as a response the minimum set of courses of action that cover all incidents. However, this work leaves out crucial aspects that are improved in this proposal.

On the one hand, the time needed to apply the course of action is a crucial aspect, since it minimizes the possible damages suffered [17]. But on the other hand, in a society involved in an ecological transition, the responsible use of resources should also be taken into account and the most sustainable course of action should be favored [18,19].

This paper contributes to this challenge by improving incident responses considering both the speed and sustainability of the response.

In a typical production-level operation, a large volume of security incidents can occur on a regular basis, even more so if we consider environments consisting of several IoT devices. This is why for the design of our solution, we design a quantum computing approach, which allows us to respond adequately and in near-constant time to scenarios with a large number of incidents.

Section 2 of this paper proceeds to explore the background and related works on sustainable security incident response and quantum optimization; Section 3 presents our proposal based on quantum programming for the selection of the courses of action needed to restore system security considering response times and sustainability criteria; our proposal is validated in Section 4 by means of an application example; and finally, Section 5 presents the key findings from the study and outlines future research directions to be undertaken.

2. Context and Literature Review

Currently, the computational requirements and challenges associated with implementing a quantum approach for incident management in IoT environments are significant and reflect both the cutting-edge nature of quantum computing and the complexity of IoT ecosystems. Among these challenges, the foremost is that access to quantum computing resources is limited, and the technology is still in its developmental phase. Moreover, developing algorithms that effectively leverage the strengths of quantum computing requires substantial effort, as many classical algorithms do not directly translate to quantum environments, necessitating the creation of new quantum-specific algorithms. Finally, the scalability issues associated with the IoT are noteworthy, as these environments involve a large number of devices generating massive volumes of data. Therefore, designing quantum algorithms capable of efficiently managing these data and responding promptly to incidents is a non-trivial challenge.

To address these challenges, we propose various strategic approaches. On the one hand, we utilize hybrid systems that combine the strengths of quantum computing with the reliability and scalability of classical computing. This approach allows for efficient problem-solving while managing the limitations of current quantum technology. On the other hand, our methodology involves the development of custom quantum algorithms specifically designed for the task of incident management in IoT environments. These algorithms are designed to be scalable and efficient, taking into account the unique properties of quantum computing. Quantum simulators are also used to test and refine the algorithms. This approach allows for addressing potential issues and optimizing the performance of the algorithms in a controlled environment. Through these approaches, the proposed process aims to overcome the computational challenges associated with implementing quantum computing for incident management in IoT environments, paving the way for more efficient, scalable and sustainable cybersecurity solutions.

This part contains fundamental information regarding the research topics addressed in this paper, sustainable security incident response and quantum optimization. In particular, the first subsection provides an overview of the sustainable security incident response process and discusses some open research problems. In the next subsection, we discuss the foundation on which quantum computing is based, applying it to optimization problems.

2.1. Sustainable Management of Security Incidents

As outlined in the introductory section, security incidents represent unwanted occurrences that negatively affect the various dimensions of the valuable assets constituting a company’s information system [20]. Such incidents stem from inadequacies in the security controls designated to safeguard these assets, specifically through vulnerabilities within the information systems. These vulnerabilities, when exploited by threats, lead to the assets being compromised and damaged [21].

To mitigate the repercussions of these incidents, organizations endeavor to implement the most fitting incident response strategies [22]. The domain of security incident management and response is presently a vibrant area of research with several pertinent unanswered questions [23]. A critical inquiry within this field is how organizations can attain sufficient situational awareness concerning vulnerabilities, threats, and potential security incidents [24]. Recent research efforts in this sphere have focused on devising models to elucidate how organizations can achieve cybersecurity situational awareness [25], highlighting that prompt and effective incident response not only bolsters cybersecurity awareness but also enhances the overall cybersecurity position of businesses [26].

Consequently, businesses of any scale must possess robust and effective tools that aid incident management. Importantly, these tools and processes must offer mechanisms that assist in decision making to efficiently identify and prioritize security incidents needing resolution [27]. This necessity arises from the potential for a high volume of incidents throughout an information system’s life cycle, notably during significant updates like the release of a new application version or the introduction of a new information system or tool in the technical architecture of the organization. Therefore, addressing the specific efficiency and effectiveness requirements of these novel incident management support systems is of paramount importance [28].

However, in our study, the paramount issue confronting organizations is the agility with which they manage and respond to security incidents [29]. This agility necessitates responding to incidents as swiftly as possible [28,30]. Yet, addressing this challenge is becoming progressively tougher due to the increasing volume of incidents and their interconnected nature. In scenarios where systems are inundated with hundreds of events, it becomes imperative for incident response teams to swiftly identify and prioritize the most critical incidents for analysis.

As such, when planning the resolution of an incident, we encounter different types of scenarios. In some cases, responding to an incident is straightforward and involves activating a specific control (for example, installing antivirus software). However, we often find that the resolution of the incident is more complex and involves the execution of procedures with multiple action steps and even the intervention of different resources (technical and human). It is therefore necessary to apply the concept of a course of action (CoA), which the NIST defines as “a time-phased or situationally dependent combination of risk response actions” [31].

In this sense, when organizing and prioritizing incident resolution, it is vital to choose the most appropriate course of action. In traditional decision-making systems, the resolution time is often the key factor in determining the best choice. However, as sustainability becomes an increasingly relevant aspect in measuring the efficiency of an information system [32], it is becoming increasingly necessary for decision making in this area to consider which possible course of action is more sustainable. In this way, given a set of incidents to resolve, we would achieve a balance between time and sustainability when calculating the most efficient courses of action to apply. Nevertheless, manual prioritization is impractical due to its potential to hinder timely decision making. As noted by several scholars, responding to security incidents demands sophisticated event processing techniques for immediate capture, processing, integration, and analysis of data. This also involves examining the cause-and-effect connections among incidents [26].

We have seen this in practice through MARISMA [15,33], which is our dynamic approach to risk analysis and management that we have designed, improved and extended and which we have been applying to many types of companies and technologies (electric, hydrocarbons, governments, health, shipbuilding, chemical industry, etc.) for more than a decade with clients in eight Latin American countries. MARISMA was conceived as a complete and adaptable risk management framework, which includes a detailed methodology and a tool that automates many of the tasks of the methodology and supports improvement and extension to different technological contexts based on metadata, metamodels, ontologies and risk patterns.

In MARISMA and our developed tool, we have instituted a security incident management workflow that integrates essential data such as threats and their types, assets and asset groups, dimensions of risk and security measures. This workflow comprises several pivotal steps: (i) gathering detailed information about the security incident, including its description, causative factors, the individual accountable and the timeframe for resolution; (ii) utilizing the collected information and accessible metadata to determine the hierarchy of elements implicated in the security incident, including threats, assets and controls, while also establishing related details like the incident’s severity and implementing a temporary reduction in the coverage level of affected controls until the incident is addressed; and (iii) upon resolving the incident, facilitating knowledge management and learning by documenting the lessons learned, the costs associated with resolving the incident and any final observations.

Given that adaptability to new contexts (both technological and non-technological) and new technological paradigms is one of the key aspects in the design of the MARISMA framework, this has enabled its application in the past to different domains and specific technological sectors. In this work, demonstrating its application to a different and specific context involves the sustainable management of security incidents within Internet of Things (IoT) environments through the integration of quantum computing to optimize the selection of courses of action in response to security incidents. Thanks to the customizable patterns and the support tool, once domain experts have defined the specific elements and taxonomies of the new domain to which it will be applied, the MARISMA framework allows for the adaptation of the risk analysis and management process to this specific new domain.

Thanks to the adaptability and the potential for customization of the key risk management components through configurable patterns and the support tool, MARISMA is equipped to conduct risk analyses in any technological landscape in general. Moreover, it can adapt its application to specific technologies (Big Data, the IoT or CPSs) and specific sectors. This level of adaptability is maintained regardless of the domain’s complexity or the size of the company, facilitating straightforward implementation for both small- and medium-sized enterprises (SMEs) and complex emerging technologies.

The limitations currently faced by the MARISMA framework for the proposed investigation are related to access to quantum computers, meaning that at present, this part is not applicable to real cases, and quantum simulators have had to be used to demonstrate the existing potential in this research area to solve the posed problem.

The substantial workload required for categorizing and prioritizing incidents to identify the most efficient resolution approach—minimizing response times and utilizing available resources optimally—presents the principal challenge in incident management. Especially during peak periods, such as the initial launch of a system or the introduction of a new service, the volume of incidents can increase significantly, complicating their effective management. This necessitates the prioritization and scheduling of dozens, or even hundreds, of incidents in a short timeframe, requiring intricate calculations, posing considerable difficulty, and leading to significant time costs.

To illustrate this problem, we will show an example (see

Table 1. Datasets of incidents.

IdIncident	IdThreat	Threat	CoA	IdControl	Control	Time (h)	Sustainability
1	DD	DDoS	C11	GP-TM-16	Mechanisms for self-diagnosis and self-repair/healing	6	A
1	DD	DDoS	C12	GP-TM-17	Ensure standalone operation	6	E
2	DSIL	Data/sensitive information leakage	C21	GP-TM-47	Risk segmentation	3	B
3	IOI	Interception of information	C31	GP-PS-06	Implement test plans to verify whether the product performs as expected	8	F
4	CPH	Communication protocol hijacking	C41	GP-PS-09	Perform privacy impact assessments before any new applications are launched	40	B
4	CPH	Communication protocol hijacking	C42	GP-TM-25	Protect against ‘brute force’	40	C
5	FOD	Failures of devices	C51	GP-PS-05	Design architecture by compartments	24	B
6	FOS	Failure of system	C61	GP-TM-17	Ensure standalone operation	8	A
7	MI	Modification of information	C71	GP-PS-09	Perform privacy impact assessments before any new applications are launched	24	F
7	EK	Exploit Kits	C72	GP-TM-20	Backward compatibility of firmware updates	2	B
7	SV	Software vulnerabilities	C73	GP-TM-16	Mechanisms for self-diagnosis and self-repair/healing	6	B
8	ED	Environment Disaster	C81	GP-TM-06	Restore secure state	72	B
8	IOI	Interception of information	C82	GP-TM-25	Protect against ‘brute force’	16	C
9	CPH	Communication protocol hijacking	C91	GP-TM-43	IoT devices should be restrictive in communicating	8	B

) that considers the unique identifier of the incidents, the threat that has caused the incident together with the course of action intended to mitigate that threat, the main control that has been affected by the threat and the calculation of the estimated number of hours needed to resolve the incident via the suggested course of action. As indicated in Table 1, while each incident is associated with a single threat, it can impact one or several controls. To address and potentially prevent the recurrence of the incident, the implementation of these controls requires examination and correction, so different courses of action can be considered to resolve the incident.

Traditionally, management and response to security incidents have been focused on rapid resolutions, often overlooking sustainability. However, efficient and environmentally friendly resource management is essential. Incorporating sustainability into these practices not only enhances effectiveness in immediate recovery but also strengthens organizational resilience and sustainability in the long term in a context where social and environmental responsibility is increasingly important.

In this framework, each response strategy to incidents (each course of action) is rated with a sustainability label, ranging from A, being the most sustainable, to G, the least sustainable. This approach ensures that decisions are not made solely based on immediate efficiency or speed but also considering the long-term environmental impact.

This approach balances the need for quick and effective responses to security incidents with the commitment to act sustainably and responsibly. By integrating sustainability as a key factor in decision making, organizations can not only effectively manage current risks but also strengthen their future resilience, sustainability and reputation among stakeholders, marking a significant evolution in risk management and incident response.

2.2. Quantum Optimization

Quantum computing represents a novel paradigm that leverages the unique aspects of quantum physics, offering substantial potential advancements in the computing arena. This potential is well acknowledged in scholarly works, as highlighted in key publications [34]. Crucial to the practical application of quantum computing is the development of programming languages and methodologies. These tools are imperative for providing structured and elevated descriptions of quantum algorithms that are independent of the specific hardware utilized [35].

The field of quantum programming has garnered significant attention following the development of efficient quantum algorithms by pioneers such as Shor [36] and Grover [37]. This interest persists, although the discovery of new quantum algorithms remains a formidable challenge. One of the primary reasons for this is the inherent complexity of quantum programs, which are typically depicted as quantum circuits [38].

A key differentiation between quantum and classical programming lies in the use of quantum bits or qubits, as opposed to standard bits [39]. In quantum programming, qubits are manipulated through quantum gates to perform various operations. Quantum computation, especially under the circuit model of quantum programs (QPs), involves these gates. They serve as fundamental operations for altering the qubits’ amplitude and phase [39]. Quantum circuits and their corresponding gates can be visually represented, as illustrated in Figure 1. They are also expressible via syntax-based notations in various quantum programming languages such as Q# and QASM. These programming languages have been developed to simplify the articulation of quantum algorithms, transforming quantum circuit concepts into a sequence of textual programming statements. They address the core aspects of quantum programming and are tailored to meet the exigencies of practical quantum computing applications. Specifically, these languages facilitate the expression and conceptualization of quantum algorithms, which are vital for the real-world application of quantum computing. Thus, quantum programming environments are pivotal in advancing quantum computers from theoretical constructs to practical tools for scientific exploration and discovery [40].

Quantum computing presents revolutionary approaches to computational challenges, surpassing traditional computational methods in efficiency [40]. A qubit, the fundamental unit of quantum computing, can be represented through various subatomic particles, such as electron spins or photons. Unlike classical bits that are binary, a qubit exists in multiple states simultaneously due to quantum superposition. This attribute allows a qubit to hold a value of zero, one, or both simultaneously, with specific probabilities. The value of a qubit is only determined upon measurement, at which point the qubit collapses and requires resetting for further use. Quantum programming, therefore, focuses on navigating and identifying optimal solutions within this probabilistic framework [41].

Quantum optimization often employs search algorithms, notably Grover’s algorithm [37], which conducts searches in an undetermined space by encoding solution criteria using quantum oracles. These oracles [42,43] function similarly to high-level programming functions, aiding in constructing search algorithms with a linear complexity.

Additionally, quantum environments like D-Wave’s Quantum Leap (https://www.dwavesys.com/, accessed on 26 March 2024) facilitate optimization for NP-hard combinatorial problems using adiabatic quantum optimization [44,45]. This approach involves defining the optimization system as a Hamiltonian, representing both the objective and constraints, and the quantum computer seeks the solution that minimizes the system’s energy. Approaches using Ising expressions for this type of optimization are discussed in [46], while gate-based programming alternatives, such as those in the Qiskit textbook [47], implement the quantum approximate optimization algorithm (QAOA) [48].

Quantum adiabatic computing marks a significant advancement in optimization algorithms. It complements classical algorithms, like backtracking, dynamic programming, heuristic searches (e.g., A*), and adversarial searches (e.g., Minimax, branch and bound), by offering new, more efficient techniques. Among these advancements are genetic algorithms [49], classical annealers like simulated annealing [50], and benchmark function algorithms [51]. However, these solutions often struggle with local minima and are less effective with exceedingly large or complex problems. Adiabatic quantum computation emerges as a promising solution for solving complex NP-complete optimization problems in polynomial time [52].

Quantum annealing algorithms typically begin by defining a problem with qubits in a superposition state. Through the annealing process, these qubits collapse to a classical state of either 0 or 1, representing the lowest energy solution. As depicted in Figure 2, the process starts with the qubits in a single-valley energy state (a), evolving through the annealing to a double-well potential state (b) and culminating with a deeper valley representing the optimal solution (c).

3. A Proposal for Sustainable Security Incident Management

In our study, we utilize a quantum computing methodology to enhance the efficiency of incident response management within a risk assessment and management framework. This quantum computing strategy is applied to the dataset of detected security incidents, which has information on their associated threats, the courses of action needed to restore the system, the time required to apply them and their associated sustainability. For this dataset, it seeks the lowest energy state, symbolizing the optimal solution for resolving incidents, by prioritizing that the response time is the shortest possible, the results are as sustainable as possible or a combination of both in an indicated percentage.

Our approach incorporates sustainability as a key criterion in the selection of incident management strategies, balancing security effectiveness with environmental responsibility. We assess the sustainability of strategies using criteria such as energy efficiency and environmental impact, assigning each a sustainability label from A to G. This methodology helps us select responses that meet our security objectives while promoting responsible use of resources.

Our process to determine the optimal balance between response time and sustainability considerations is based on a decision process that integrates impact analysis, strategy feasibility and organizational priorities. We use an alpha coefficient, alpha, to adjust the relative importance of response time versus sustainability, allowing stakeholders to define their preferences according to strategic objectives. This process ensures an informed and aligned choice of response strategies, effectively balancing operational efficiency with environmental responsibility.

The following is the proposed algorithmic solution to the problem using quantum algorithms. To accurately design the algorithmic solution for the problem at hand, it is crucial to delineate the variables and entities involved in the algorithm. The variables can be characterized as follows:

Definition 1. 

Let $I_i$ be an unique identifier of an incident, corresponding with the incidents in Table 1.

Definition 2. 

Let $C_{ij}$ be a possible course of action for solving control $I_i$, with j being an identifier for the course of action.

Definition 3. 

Let $t_i$ be the estimated time in minutes necessary for solving the incident $I_i$, mapping to the time value.

Definition 4. 

Let Sustainability be a label indicating the sustainability rating of the solution based on the course of action selected. This rating is related to the energy and sustainability of the proposed solution, with A being a more sustainable solution than G.

Definition 5. 

Define $x_{ij}$ as a binary variable that, within the algorithm’s solution, indicates if the action sequence $C_{i}j$ is chosen for implementation.

Definition 6. 

Define P as a penalty coefficient, utilized to adjust the significance of constraints within the algorithm’s formulation. Its value can be empirically determined to be equal to the highest estimated cost among all the occurrences plus one, thus affecting the whole solution.

Based on these definitions, we can algebraically articulate the goal by executing a quantum optimization algorithm, which is to be processed by a quantum computer. This problem is summarized as a small example within the scope of

Table 2. Incident and control examples.

Incident	Course of Action	Time	Sustainability
I1	C11	10	B
I1	C12	20	A
I1	C13	60	G
I2	C21	50	A
I2	C22	100	B
I3	C31	1	G
I3	C32	20	F
I3	C33	50	E
I3	C34	10	E

; this table shows a dataset encapsulating a spectrum of security incidents within a computational system, accompanied by an array of potential resolution methodologies, termed ‘course of action’. The algorithm’s core function lies in the strategic selection of these courses, prioritizing those that yield a superior efficiency in terms of temporal cost or sustainability. This efficiency is quantified via a weighted average, governed by a coefficient $\alpha$, facilitating adaptability to shifting real-time parameters. Our discourse aims to dissect the fundamental constructs and pivotal considerations integral to the crafting and execution of this optimization algorithm. Through this analytical lens, we endeavor to achieve a thorough comprehension of its operational framework and the consequential impact it bears in the landscape of cybersecurity research and applications.

As highlighted in Section 2, while genetic algorithms and classical annealers present viable strategies for addressing certain problems, they often fall short in solving complex optimization challenges within polynomial time. In the realm of quantum computation, two predominant approaches are quantum gate-based circuits and adiabatic quantum algorithms. It is acknowledged that quantum gate-based methods, such as the quantum approximate optimization algorithm (QAOA), can tackle optimization problems comparably to quantum annealers. However, the formulation and implementation of these quantum circuits are notably more intricate and extensive than the Hamiltonian formulation used in quantum annealers, which is simpler, more comprehensible and independent of the quantum platform’s specifics.

To address the problem at hand, we propose modeling it as a quadratic unconstrained binary optimization (QUBO) problem, alternatively known as unconstrained binary quadratic programming (UBQP). This approach will encapsulate the objectives and constraints of our problem, enabling the adiabatic quantum computer’s solver to identify the minimum energy state. This state corresponds to the optimal combination of variables, or incidents, necessary for an effective solution.

QUBO-based problems are defined through a Hamiltonian, which, in its summation form, delineates both the objectives and the constraints required by the solution. This Hamiltonian is articulated as a Binary Quadratic Model (BQM) and is subsequently transformed into a BQM matrix. This matrix is then processed by the adiabatic solver.

Our primary goal is the minimization of the total cost associated with the issues forming part of the solution. This objective could be articulated in the form of a BQM expression as follows (Equation (1)):

$$Minimize\left(\sum _{i=1}\sum _{j=1}(x_{ij}\times (\alpha ·T_{ij}+(1-\alpha )·S_{ij}))\right)$$

(1)

where $x_{ij}$ is the binary variable that determines whether or not the course of action $C_{ij}$ is selected to solve the incident $I_i$, $T_{ij}$ is the estimated time and $S_{ij}$ is the sustainability rank related to the course of action $C_{ij}$. Additionally, $\alpha$ is a tuning coefficient for indicating in operating time the weight of time and sustainability in the solution.

In this problem, the constraints are straightforward, we just have to make sure that at least one course of action ($C_{ij}$) is selected for each indident $I_i$. This set of constraints can be modeled as shown in Equation (2).

$$\forall i\in N\sum _{j=1}^K{x}_{ij}\ge 1$$

(2)

Based on the definition of the previous equations, the Python code shown in Figure 3 is produced, wherein a QUBO matrix is populated for submission to the quantum annealing sampler. This algorithm generates an upper triangular matrix that outlines the QUBO matrix for the Binary Quadratic Model (BQM).

4. Validation

In this section, we validate our proposal by applying the developed algorithm to a dataset with real incident data.

The dataset used presents 50 incidents, together with the possible courses of action to respond, the time needed and the associated sustainability label.

Table 3. A subset of the incident dataset for validation.

IdIncident	IdThreat	Threat	CoA	Time (h)	Sustainability
1	[SV]	Software vulnerabilities	C5	5	A
2	[ED]	Environmental disaster	C11	17	E
3	[IOI]	Interception of information	C7	41	F
3	[IOI]	Interception of information	C1	41	A
4	[IG]	Information gathering	C1	35	A
5	[DDoS]	DDoS	C5	4	A
5	[DDoS]	DDoS	C6	4	E
6	[VRRBL]	Violation of rules and regulations / Breach of legislation	C5	10	A
7	[LOSS]	Loss of support services	C15	11	D
8	[NO]	Network outage	C1	28	A
9	[CPH]	Communication protocol hijacking	C3	4	G
10	[MIM]	Man in the middle	C3	39	G

shows the first 10 elements of this dataset.

To validate our proposal, we applied the algorithm developed (Figure 3), which forms the input matrix for the quantum annealer sampler. In essence, we created the triangular QUBO matrix Q and dispatched it to the sampler using the code depicted in Figure 4. We executed the algorithm utilizing a D-Wave 2000Q lower-noise system equipped with a DW_2000Q_6 quantum processor, which boasts 2048 qubits arranged in a [16, 16, 4] chimera topology.

We have carried out executions considering different configurations indicating different degrees of prioritization of response time (coefficient alpha) and sustainability (coefficient 1-alpha) in the selection of the set of courses of action. Specifically, they were applied considering the following alpha values: 0.0, 0.2, 0.5 and 0.8. The results obtained are presented below.

Following the execution of the code, the sampling outcomes are obtained in a text file, allowing us to review the algorithm’s results and the energy associated with each solution identified. The solution that exhibits the lowest energy level is considered optimal, meeting the requirements and objectives of our problem.

Figure 5, Figure 6, Figure 7 and Figure 8 show the outputs of the algorithm for the data shown in Table 3 considering different values of alpha: 0.0 (which fully prioritizes sustainability over response time), 0.2, 0.5 and 0.8 (which prioritizes time over sustainability).

Finally, a comparison of the courses of action selected in each case and the number of times they are selected is shown

Table 4. Comparison of results obtained according to different alpha values.

CoA	Sustainability Label	Alfa 0.0	Alfa 0.2	Alfa 0.5	Alfa 0.8
C1	A	6	2	3	1
C2	G	1	1	1	2
C3	G	2	2	2	2
C4	C	1		1	2
C5	A	2	3	3	3
C6	E	1		1	1
C7	F	1	2	1	1
C8	F
C9	F				1
C10	B	1	2	2	2
C11	E		1	1
C12	G
C13	C	2	2	2	2
C14	B	1	1	1	2
C15	D	2	3	3	3
C16	A	3	3	2	2
CoA selected		23	22	23	24

). We can observe how the different solutions vary in the selection of some courses of action. We see how courses of action with better sustainability labels (such as C1 or C16 with label A) are selected a higher number of times when the algorithm prioritizes sustainability and a lower number of times as time is prioritized. On the other hand, less sustainable courses of action (such as C11 with label E) are not selected when the configuration fully prioritizes sustainability, but nevertheless, when this criterion is relaxed, they start to be selected. In this sense, we can also observe how in the last configuration, where response time is strongly prioritized, very sustainable courses of action such as C1 go from being selected six times to one, while the selection of other less sustainable ones, such as C2 (label G), C9 (with label F), etc., increases.

On the other hand, some courses of action with worse sustainability labels (such as C8 and C12 with F and G, respectively) are never selected, as there are alternative courses of action that cover the same incidents with better indexes in time and sustainability.

The quantum algorithm becomes more important when we move into real scenarios where the number of incidents is high, i.e., in the order of hundreds or thousands. This number is even greater if we consider a centralized incident management system serving multiple organizations. In these cases, the quantum algorithm responds in a constant time, independent of the number of incidents handled, which is a critical aspect for an incident response system.

5. Conclusions

The significance of security management, risk analysis and particularly risk management, underscored by effective handling and learning from security incidents, is escalating. However, the sustainability aspect of such security management is frequently overlooked. It is crucial, nevertheless, to consider security solutions and controls in light of their sustainability. This approach is not only feasible but necessary in an era of increasing environmental consciousness. Our focus in this paper has been on the context of Internet of Things environments, which are proliferating globally and contributing to a significant rise in security incidents.

In this context, the efficiency with which incidents are addressed and system security is reinstated is of paramount importance for the prompt resolution of security breaches. However, addressing these issues in a sustainable manner, by opting for the most suitable course of action, is not only preferable but also aligns with environmental policies.

The field of quantum computing research is diversifying rapidly, finding applications in numerous and varied contexts. Specifically, in this paper, we have developed an experimental quantum computing application aimed at optimizing the selection of security courses of action in response to various security incident scenarios. This application not only evaluates the required time for each security solution but also considers their sustainability. We have designed and implemented a quantum computing algorithm and, following extensive testing and execution, can affirm that its results are accurate and align with expectations based on quantum principles. The algorithm has a highly efficient execution time, effectively solving the problem in a near-constant timeframe. This paper illustrates the efficacy of our quantum algorithm in addressing this specific security challenge.

Therefore, it is reasonable to assert that, despite the numerous unresolved challenges in security incident management, particularly in the context of handling extensive datasets, certain issues can be effectively addressed using quantum algorithms. In fact, a key component of our future research involves an in-depth exploration of quantum algorithms and swarm intelligence applied to the extensive dataset of security risks and incidents collected from various organizations. This endeavour aims to enable real-time correlation of security incidents, offering a more comprehensive and efficient approach to responding to security threats.

For future work, several lines of research are proposed. Firstly, there is an intention to apply and adapt the proposed framework and algorithm to other critical sectors that heavily rely on the IoT, such as the energy or naval sectors, to evaluate their effectiveness across a broader range of scenarios and operational contexts. Secondly, efforts will be directed towards integrating the developed model with AI techniques to enhance incident prediction, automate decision making, and improve the customization of responses based on each organization’s specific risk profile. Furthermore, the long-term impact of implementing sustainable action courses in security incident management using quantum programming on an organization’s carbon footprint will also be examined. Lastly, work will be carried out to integrate these techniques and algorithms within the MARISMA framework. This future work will not only extend the scope of the current research but will also significantly contribute to enhancing the security, sustainability, and resilience of critical systems in the IoT era.