DETAILED ACTION
Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
Information Disclosure Statement
The information disclosure statement (IDS) submitted on 17 September 2019 has been considered by the examiner.
Claim Rejections - 35 USC § 103
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

Claims 1-20 are rejected under 35 U.S.C. 103 as being unpatentable over Cherdantseva, in “A review of cyber security risk assessment methods for SCADA systems”, as supplied by applicant, in view of Flores et al., USPN 2013/0347116.
With regard to claims 1 and 16, Cherdantseva discloses a system including a cyber controller configured to monitor the system and configured to control a network of 
With regard to claim 2, Cherdantseva in view of Flores discloses the system of claim 1, as outlined above, and Cherdantseva further discloses the cyber controller is 
With regard to claims 3 and 11, Cherdantseva in view of Flores discloses the system of claim 1, as outlined above, and Cherdantseva further discloses the attack data received from the cyber controller includes data indicating probabilities that respective elements of an attack surface of the network are being attacked (page 7, paragraph beginning, “McQueen”), as does Flores (0124). The motivation to combine remains the same as outlined above.
With regard to claim 4, Cherdantseva in view of Flores discloses the system of claim 1, as outlined above, and Cherdantseva further the attack graph includes nodes corresponding to elements of an attack surface of the network, and wherein the attack graph links the elements of the attack surface to business functions (page 9, paragraph beginning, “The network”, page 22 paragraph beginning, “The development”), as does Flores (0237). The motivation to combine remains the same as outlined above.
With regard to claims 5 and 12, Cherdantseva in view of Flores discloses the system of claim 4, as outlined above, and Cherdantseva further discloses the business functions are represented by nodes of the at least one fault tree (page 9, paragraph beginning, “The network”), as does Flores (0029, 0056). The motivation to combine remains the same as outlined above.
With regard to claims 6-8 and 13-15, Cherdantseva in view of Flores discloses the system of claim 4, as outlined above, and Cherdantseva further discloses each of the at least one fault tree corresponds to a different respective level of business 
With regard to claim 9, Cherdantseva in view of Flores discloses the system of claim 4, as outlined above, and Cherdantseva further discloses the event tree identifies potential consequences (page 21, table 8, impact measurement) as does Flores (0109). The motivation to combine remains the same as outlined above.
With regard to claim 10, Cherdantseva in view of Flores discloses the system of claim 4, as outlined above, and Flores further discloses displaying a report of the advantages of network configuration changes based on the risk estimates for the plurality of configurations of the network (0109). Cherdantseva discloses that a defensive action can be taken while alerting a human (page 11, paragraph beginning, “For detecting”). It would have been obvious for one of ordinary skill in the art, prior to the instant effective filing date, to implement the network configuration of Flores by the automated response of Cherdantseva in the system of Cherdantseva in view of Flores for the motivation of improved security.
With regard to claim 17, Cherdantseva in view of Flores discloses the system of claim 4, as outlined above, and Cherdantseva further discloses that a defensive action can be taken while alerting a human (page 11, paragraph beginning, “For detecting”), but he does not mention specific defensive actions. The examiner takes official notice that it is well known in the art to use a sandbox as a defensive action. It would have been obvious for one of ordinary skill in the art, prior to the instant effective filing date, to implement a sandbox as the defensive measure of Cherdantseva in the system of 
With regard to claims 18-20, Cherdantseva in view of Flores discloses the system of claim 4, as outlined above, and Flores further discloses reconfiguring the network by blocking a port or address or reconfiguring the firewall (0063, 0152-0153). The motivation to combine remains the same as outlined above with regard to claim 1.
Cited References
The examiner cites Swiler, USPN 7,013,395, who discloses a system including a cyber controller configured to monitor the system and configured to control a network of the system (column 3 lines 10-15), the cyber controller generating attack data based on an attack graph (column 4 lines 32-42), and a processor executing computer-readable instructions in communication with the cyber controller (claim 1), the instructions causing the processor to receive the attack data from the cyber controller (column 3 line 66-column 4 line 5). Swiler does not disclose determining risk scores representing probabilities that a cyberattack is underway using the received attack data and at least one fault tree, use the determined risk scores and an event tree to determine risk estimates for a plurality of configurations of the network, and provide the risk estimates for the plurality of configurations of the network to the cyber controller to use to control the network. Swiler specifically teaches away from this method (column 1 line 56-column 2 line 2), and thus was not used in forming a rejection.
Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to JACOB LIPMAN whose telephone number is (571)272-3837.  The examiner can normally be reached on 5:30AM-6:00PM.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Kambiz Zand can be reached on 571-272-3811.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see https://ppair-my.uspto.gov/pair/PrivatePair. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.