Model based methodology for translating high-level cyber threat descriptions into system-specific actionable defense tactics

What is claimed is: 1. A computer-implemented method for acting on cyber risks, comprising: gathering system characteristics and system information for a cyber system; pre-processing the system characteristics and system information to identify vulnerabilities that are relevant to the cyber system; generating a system model of a cyber environment for the cyber system, wherein: the system model comprises multiple layers, wherein each of the multiple layers comprises components, wherein connections exist between different components on different layers of the multiple layers, and wherein the connections between layers are compositional; the multiple layers comprise a software layer and a file layer; the components of the file layer comprise data that supports work processes; the components of the software layer comprise applications that supports the file layer or work processes; the generating the system model comprises modeling entities of the cyber system using a graph based approach, wherein: each unique element in the software layer and file layer corresponds to a vertex of a graph; associated to each vertex are one or more attributes that make up properties of the model; and edges of the graph are specified by connections between the unique elements and each edge represents a relationship between vertices connected by the edge; converting one or more features from cyber threat reports to one or more semantically relevant queries over the system model, wherein the converting is based on the multiple layers; reasoning over the multiple layers of the system model to generate one or more answers relevant to the one or more semantically relevant queries, wherein the one or more answers form a part of actionable intelligence, and wherein the reasoning is over the file layer; and executing attack models over the system model to generate comprehensive actionable intelligence, wherein the comprehensive actionable intelligence is based on the part of the actionable intelligence. 2. The computer-implemented method of claim 1 , wherein: the multiple layers further comprise a work process layer; the components of the work process layer comprise the work processes, wherein each work process comprises a mission task or objective that contributes to a mission goal; and each unique element in the work process layer corresponds to a vertex of the graph. 3. The computer-implemented method of claim 1 , wherein the gathering comprises: passing the system characteristics and system information through a data parser to parse system characteristics and system information into a readable format; a software package parser reading package information regarding packages installed on an end host, and outputting a file containing a subset of the package information for the installed packages; providing the file to a vulnerability database tool that associates common vulnerabilities and exposures (CVE) information with each of the packages installed on the end host; the vulnerability database tool storing a local instance of a National Vulnerability Database (NVD) database; storing, in a cyber database, the system characteristics and system information, and the CVE information for each of the packages installed on the end host, wherein the cyber database is accessed by the pre-processing. 4. The computer-implemented method of claim 1 , wherein the pre-processing comprises performing, for each host on a network: gathering package and version information from the host; searching, based on the package and version information, a national vulnerability database, and generating a list of common vulnerabilities and exposures (CVEs) that are relevant to the host; cross referencing the list of CVEs with information from one or more vendor specific databases to eliminate CVEs that are already patched; and outputting a true positive list as valid CVEs for the host. 5. The computer-implemented method of claim 1 , wherein the executing comprises: generating an attack tree comprising multiple nodes comprising a root node and ancestor nodes, wherein: the root node of the multiple nodes is an objective of an attacker; one or more ancestor nodes of the root node represent sub-goals that must be completed to achieve an objective; forwarding the attack tree to a threat model simulation engine that translates the attack tree into the one or more semantically relevant queries that are processed to generate the one or more answers, wherein: the one or more semantically relevant queries are formed via one or more model attributes on each leaf node, of the multiple nodes, and how an attacker would pivot from one leaf node to another leaf node; and presenting a user with the one or more semantically relevant queries, wherein each of the one or more semantically relevant queries represents a different attack campaign that was run on the system model. 6. The computer-implemented method of claim 5 , wherein: the generating the attack tree comprises: constructing the attack tree; annotating the attack tree for execution over the system model, wherein the annotating comprises annotating the one or more leaf nodes with attributes contained in the system model, wherein the annotating enables the one or more leaf nodes to be mapped to assets of the cyber system; and reconciling the annotated attack tree with the system model by matching up annotations of the attack tree with the attributes of the system model, wherein the reconciling traverses the attack tree via an entry node, of the multiple nodes, and determines unique paths from the root node to the entry node. 7. A computer-implemented method for acting on cyber risks, comprising: gathering system characteristics and system information for a cyber system; pre-processing the system characteristics and system information to identify vulnerabilities that are relevant to the cyber system; generating a system model of a cyber environment for the cyber system, wherein: the system model comprises multiple layers, wherein each of the multiple layers comprises components, wherein connections exist between different components on different layers of the multiple layers, and wherein the connections between layers are compositional; the multiple layers comprise a hardware layer and a file layer; the components of the file layer comprise data that supports work processes; the components of the hardware layer comprise hardware infrastructure for the cyber system; the generating the system model comprises modeling entities of the cyber system using a graph based approach, wherein: each unique element in the hardware layer and file layer corresponds to a vertex of a graph; associated to each vertex are one or more attributes that make up properties of the model; and edges of the graph are specified by connections between the unique elements and each edge represents a relationship between vertices connected by the edge; converting one or more features from cyber threat reports to one or more semantically relevant queries over the system model, wherein the converting is based on the multiple layers; reasoning over the multiple layers of the system model to generate one or more answers relevant to the one or more semantically relevant queries, wherein the one or more answers form a part of actionable intelligence, and wherein the reasoning is over the file layer; and executing attack models over the system model to generate comprehensive actionable intelligence, wherein the comprehensive actionable intelligence is based on the part of the actionable intelligence. 8. The computer-implemented method of claim 7 , wherein: the multiple layers further comprise a work process layer; the components of the wo