Cyber Mission Thread Analysis: A Prototype Framework for Assessing Impact to Missions from Cyber Attacks to Weapon Systems
Don Snyder
Bok Engelsk 2022
| Annen tittel | |
|---|---|
| Utgitt | RAND Corporation , 2022
|
| Opplysninger | The most important consideration when deciding whether to mitigate or accept a risk from a cyber attack to a weapon system is how it affects operational missions - otherwise known as mission impact. It is, however, impractical to do a comprehensive assessment of every system and all missions across the entire Air Force given that each system is complex, with an enormous number of potential vulnerabilities to examine and each vulnerability having its own complicated threat environment. Enter the cyber mission thread analysis framework. To analyze mission impact, the authors present this new methodology that aims to achieve several goals at once: to be comprehensive enough to be executed at the scale of each of the missions in the U.S. Air Force yet informative enough to guide decisions to accept or to mitigate specific risks. In addition, the method is simple enough to perform in no more than a few months and can be updated as needed. The framework follows a top-down approach, starting with a "thread" (map) of the overall mission that captures all key mission elements and then the systems that support their execution. While the authors do not reduce the problem of cybersecurity risk assessment to a turnkey solution, they present useful methods for triaging areas of greatest concern to mission success while limiting detailed investigation of vulnerabilities and threats to only the most critical areas. Their framework is designed to be done at scale, to be applicable across scenarios, and to be clear in how it works.
|
| Emner |
