A systems engineering approach for crown jewels estimation and mission assurance decision making

2011 IEEE Symposium on Computational Intelligence in Cyber Security (CICS) Pub Date : 2011-04-11 DOI:10.1109/CICYBS.2011.5949403

S. Musman, Mike Tanner, A. Temin, E. Elsaesser, Lewis Loren

{"title":"A systems engineering approach for crown jewels estimation and mission assurance decision making","authors":"S. Musman, Mike Tanner, A. Temin, E. Elsaesser, Lewis Loren","doi":"10.1109/CICYBS.2011.5949403","DOIUrl":null,"url":null,"abstract":"Understanding the context of how IT contributes to making missions more or less successful is a cornerstone of mission assurance. This paper describes a continuation of our previous work that used process modeling to allow us to estimate the impact of cyber incidents on missions. In our previous work we focused on developing a capability that could work as an online process to estimate the impacts of incidents that are discovered and reported. In this paper we focus instead on how our techniques and approach to mission modeling and computing assessments with the model can be used offline to help support mission assurance engineering. The heart of our approach involves using a process model of the system that can be run as an executable simulation to estimate mission outcomes. These models not only contain information about the mission activities, but also contain attributes of the process itself and the context in which the system operates. They serve as a probabilistic model and stochastic simulation of the system itself. Our contributions to this process modeling approach have been the addition of IT activity models that document in the model how various mission activities depend on IT supported processes and the ability to relate how the capabilities of the IT can affect the mission outcomes. Here we demonstrate how it is possible to evaluate the mission model offline and compute characteristics of the system that reflect its mission assurance properties. Using the models it is possible to identify the crown jewels, to expose the systems susceptibility to different attack effects, and evaluate how different mitigation techniques would likely work. Being based on an executable model of the system itself, our approach is much more powerful than a static assessment. Being based on business process modeling, and since business process analysis is becoming popular as a systems engineering tool, we also hope our approach will push mission assurance analysis tasks into a framework that allows them to become a standard systems engineering practice rather than the “off to the side” activity it currently is.","PeriodicalId":436263,"journal":{"name":"2011 IEEE Symposium on Computational Intelligence in Cyber Security (CICS)","volume":"312 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2011-04-11","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"27","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"2011 IEEE Symposium on Computational Intelligence in Cyber Security (CICS)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/CICYBS.2011.5949403","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 27

Abstract

Understanding the context of how IT contributes to making missions more or less successful is a cornerstone of mission assurance. This paper describes a continuation of our previous work that used process modeling to allow us to estimate the impact of cyber incidents on missions. In our previous work we focused on developing a capability that could work as an online process to estimate the impacts of incidents that are discovered and reported. In this paper we focus instead on how our techniques and approach to mission modeling and computing assessments with the model can be used offline to help support mission assurance engineering. The heart of our approach involves using a process model of the system that can be run as an executable simulation to estimate mission outcomes. These models not only contain information about the mission activities, but also contain attributes of the process itself and the context in which the system operates. They serve as a probabilistic model and stochastic simulation of the system itself. Our contributions to this process modeling approach have been the addition of IT activity models that document in the model how various mission activities depend on IT supported processes and the ability to relate how the capabilities of the IT can affect the mission outcomes. Here we demonstrate how it is possible to evaluate the mission model offline and compute characteristics of the system that reflect its mission assurance properties. Using the models it is possible to identify the crown jewels, to expose the systems susceptibility to different attack effects, and evaluate how different mitigation techniques would likely work. Being based on an executable model of the system itself, our approach is much more powerful than a static assessment. Being based on business process modeling, and since business process analysis is becoming popular as a systems engineering tool, we also hope our approach will push mission assurance analysis tasks into a framework that allows them to become a standard systems engineering practice rather than the “off to the side” activity it currently is.

查看原文本刊更多论文

王冠评估和任务保证决策的系统工程方法

了解IT如何有助于使任务或多或少成功的上下文是任务保证的基石。本文描述了我们之前工作的延续，即使用过程建模来评估网络事件对任务的影响。在我们之前的工作中，我们专注于开发一种可以作为在线过程来评估发现和报告的事件的影响的能力。在本文中，我们关注的是我们的任务建模和计算评估的技术和方法如何在离线情况下使用，以帮助支持任务保证工程。我们方法的核心是使用系统的过程模型，该模型可以作为可执行的模拟来运行，以估计任务结果。这些模型不仅包含关于任务活动的信息，而且还包含过程本身的属性和系统运行的环境。它们作为系统本身的概率模型和随机模拟。我们对此流程建模方法的贡献是添加了IT活动模型，这些模型在模型中记录了各种任务活动如何依赖于IT支持的流程，以及将IT的功能如何影响任务结果联系起来的能力。在这里，我们演示了如何离线评估任务模型并计算反映其任务保证属性的系统特征。使用这些模型，可以识别“皇冠上的宝石”，暴露系统对不同攻击效果的敏感性，并评估不同的缓解技术可能如何工作。基于系统本身的可执行模型，我们的方法比静态评估要强大得多。基于业务过程建模，并且由于业务过程分析作为一种系统工程工具正在变得流行，我们也希望我们的方法将任务保证分析任务推进到一个框架中，使它们成为标准的系统工程实践，而不是像现在这样的“边缘化”活动。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文求助全文

来源期刊

2011 IEEE Symposium on Computational Intelligence in Cyber Security (CICS)

自引率

0.00%

发文量