Multi-tiered security analysis method and system

What is claimed is: 1. A system to provide computer security analysis, the system comprising: one or more processors coupled to a non-transitory computer readable storage having software instructions stored thereon configured to cause the one or more processors to: perform a Markov Decision Process (MDP) as part of a cyber-attack mechanism and a Discrete Time Markov Chain (DTMC) process as part of a cyber-defense mechanism; synchronize the cyber-attack mechanism with the cyber-defense mechanism through an attack-defense synchronization action; and synchronize an update action, wherein the attack-defense synchronization action includes initiating the DTMC process, and wherein the synchronization of the update action results from one or more actions taken by the DTMC process, wherein the Markov Decision Process (MDP) for the cyber-attack mechanism comprises: in a first state, selecting, non-deterministically, a particular type of attack; in a second state, selecting a component device; in a third state, determining one of the component devices being successfully attacked by the particular type of attack with a probability p ij or the cyber-defense mechanism thwarting the particular type of attack with a probability (1−p ij ); and when the component device is successfully attacked, raising a security alert. 2. The system of claim 1 , wherein, when a third tier of defense fails to protect the component device, changing a status of the component device to compromised. 3. The system of claim 1 , wherein the DTMC process probabilistically raises a defense level of the system in response to one or more of a workload level reaching a workload threshold or a fatigue level reaching a fatigue threshold. 4. A method to provide computer security analysis, the method comprising: performing, using one or more processors, a Markov Decision Process (MDP) as part of a cyber-attack and defense mechanism and a Discrete Time Markov Chain (DTMC) process as part of a security analyst (SA) cyber-defense mechanism; synchronizing an update action using the one or more processors, wherein the attack-defense synchronization action includes initiating the DTMC process, and wherein the synchronization of the update action results from one or more actions taken by the DTMC process, wherein the Markov Decision Process (MDP) for the cyber-attack mechanism comprises: in a first state, selecting, non-deterministically, a particular type of attack; in a second state, selecting a component device; in a third state, determining one of the component devices being successfully attacked by the particular type of attack with a probability p ij or the cyber-defense mechanism thwarting the particular type of attack with a probability (1−p ij ); and when the component device is successfully attacked, raising a security alert. 5. The method of claim 4 , wherein, when a third tier of defense fails to protect the component device, changing a status of the component device to compromised. 6. The method of claim 4 , wherein the DTMC process probabilistically raises a defense level of a system in response to one or more of a workload level reaching a workload threshold or a fatigue level reaching a fatigue threshold. 7. The method of claim 4 , further comprising: identifying, using the one or more processors, components and relationships among components in a cyber physical system operating under a control of a security operations center; and identifying, using the one or more processors, vulnerabilities of one or more of each of the components or each of one or more communication protocols of the cyber physical system. 8. The method of claim 4 , further comprising: operating, through a probabilistic model, using the one or more processors, the MDP for a selected attack model in parallel with the DTMC process for a selected defense model, wherein the probabilistic model predicts one or more of a probability of occurrence a security attack, a cost of the security attack, or a time of occurrence of the security attack, wherein the selected attack model is selected from one or more attack models including one or more of a denial of service (DoS) attack model, an eavesdropping (Man in the Middle) attack model, a replay attack model, a data modification attack model, a masquerade attack model, or a blind attack model, wherein the selected defense model is selected from one or more defense models including one or more of a firewall defense model, an intrusion detection system (IDS) defense model, a proxy defense model, an analyst model, or an anti-malware defense model. 9. The method of claim 8 , wherein the one or more defense models include at least a first defense model at a component level, a second defense model at a system level, and a third defense model at a security operation center level. 10. A non-transitory computer readable medium having instructions stored therein that, when executed by one or more processors, cause the one or more processors to perform a method to provide computer security analysis, the method comprising: performing, using the one or more processors, a Markov Decision Process (MDP) as part of a cyber-attack mechanism and a Discrete Time Markov Chain (DTMC) process as part of a cyber-defense mechanism; synchronizing, using the one or more processors, the cyber-attack mechanism with the cyber-defense mechanism through an attack-defense synchronization action; and synchronizing an update action, using the one or more processors, wherein the attack-defense synchronization action includes initiating the DTMC process, and wherein the synchronization of the update action results from one or more actions taken by the DTMC process, wherein the Markov Decision Process (MDP) for the cyber-attack mechanism comprises: in a first state, selecting, non-deterministically, a particular type of attack; in a second state, selecting a component device; in a third state, determining one of the component devices being successfully attacked by the particular type of attack with a probability p ij or the cyber-defense mechanism thwarting the particular type of attack with a probability (1−p ij ); and when the component device is successfully attacked, raising a security alert. 11. The non-transitory computer readable medium of claim 10 , wherein, when a third tier of defense fails to protect the component device, changing a status of the component device to compromised. 12. The non-transitory computer readable medium of claim 10 , further comprising: identifying, using the one or more processors, components and relationships among components in a cyber physical system operating under a control of a security operations center; and identifying, using the one or more processors, vulnerabilities of one or more of each of the components or each of one or more communication protocols of the cyber physical system. 13. The non-transitory computer readable medium of claim 10 , further comprising: operating, through a probabilistic model, using the one or more processors, the MDP for a selected attack model in parallel with the DTMC process for a selected defense model, wherein the probabilistic model predicts one or more of a probability of occurrence a security attack, a cost of the security attack, or a time of occurrence of the security attack. 14. The non-transitory computer readable medium of claim 10 , wherein the DTMC process probabilistically raises a defense level of a system in response to one or more of a workload level reaching a workload threshold or a fatigue level reaching a fatigue threshold.