A rigorous analytical treatment of cyber defense issues is required to support many military decisions. These decisions range from strategic, about how to invest R&D resources to best mitigate future vulnerabilities, to operational, about policy and cost-benefit analysis of implementation, to tactical, about real time system configuration, monitoring, and response.
The National Security Plan to Secure Cyberspace is available at http://www.dhs.gov/xlibrary/assets/National_Cyberspace_Strategy.pdf. The DoD polices and redulations for Computer Network Defense are posted at http://iase.disa.mil/cnd/index.html. Planetdata, an online security news network, has an entire section dedicated to publishing articles on cyber security at http://www.planetdata.net/sites/cyber/. Joseph Giordano and Chester Maciag from AFRL published the article "Cyber Forensics: A Military Operations Perspective" in the International Journal of Digital Evidence available at http://www.utica.edu/academic/institutes/ecii/publications/articles/A04843F3-99E5-632B-FF420389C0633B1B.pdf.
Our journal Military Operations Research published "Risks of Cyber Attack to Water Utility Supervisory Control and Data Acquisition Systems" by Barry C. Ezell, Yacov Y. Haimes, and James H. Lambert in Vol. 6, No. 2, 2001 starting on page 19.
The website http://rbnexploit.blogspot.com/ presents details of the cyber attacks from Russia against Georgia.
Homeland Security to direct cybersecurity initiative
By Jill R. Aitoro, jaitoro@govexec.com 09/15/08
The Homeland Security Department will lead President Bush's largely classified governmentwide cybersecurity initiative, an agency official said on Monday morning.
Comment on this article in The Forum.Paul Schneider, deputy secretary of DHS, told attendees of an Information Technology Association of America forum in Washington that DHS will coordinate "the protection of federal networks" that fall within the .gov, .mil and .ic domains. Robert Jamison, undersecretary for national protection and programs at DHS, will direct the effort, and the Defense Department and intelligence agencies will play a supporting role.
Until Monday, the administration had not clarified which agency would take the reins of the 12-part Comprehensive Cybersecurity Initiative, signed into law by President Bush in January 2008.
"We've put in place clear lines of authority," Schneider said. "Cybersecurity is not exclusively a federal responsibility that we can unilaterally impose. The reality is [that] no single person or entity controls the [cyber environment], and therefore there is no single person that can protect it. [But] our first priority is to make sure our house is in order."
Initially, DHS officials will focus on guarding the perimeter of civilian federal computer networks, primarily through the Trusted Internet Connection initiative, which seeks to reduce network access points to fewer than 100. The United States Computer Emergency Readiness Team, or US-CERT, will watch for intrusions using Einstein, an automated system that monitors online activity and collects, correlates, analyzes and shares information. Enhancements to Einstein will help officials prevent breaches rather than merely detect them.
Information US-CERT collects will go to the National Cybersecurity Center, which will establish common security processes and priorities across civilian, defense and intelligence agencies, Schneider said.
The center "will act as the hub for cross domain awareness by agencies that have [cybersecurity] responsibilities," he noted.
He also emphasized that the cyber initiative won't come to a halt once the new administration takes office. Most key players will maintain their roles regardless of the election results, he said.
"The people running programs today will be running the programs on Jan. 21 and Jan. 22," Schneider said, adding that more information about the specifics of the program will be released soon. "This business of transition -- I don't see that as an issue."
Insert additional background here:
Issues
–
Development of sound cyber defense analysis requires a robust set of objective metrics. Many existing metrics are based on measuring of system operation relative to compliance standards rather than any absolute measure of value toward preserving information system services or data security.
Validated analytical methods are required at various levels of fidelity in order to support strategic, operational, and tactical decisions.
In this arena, "attack" referrs to all sorts of unauthorized system incurrsions, rather than to the impact. An attacking machine could gain access to look at or mess with information or system components, of make systems behave in unplanned for ways (bock, slow or open up access, or whatever). A truely interesting issue is to pin down just who made any particular machine do its deed.
Access this article at: http://www.nextgov.com/nextgov/ng_20080915_3583.php
Insert additional issues or comments here:
Current Analysis Approaches
There are analytical methods in use that provide some utility to analysis of cyber defense operation and tradespace decisions. These include high fidelity engineering models that simulate system operations down to packet/protocol level. There are lower fidelity models such as Return On Investment (ROI).
The Information Operations Joint Munitions Effectiveness Manual (IO JMEM) initiative is seeking to address issues of protection strategy effectiveness and operational risk assessment.
One analytical method for considersation is the Network Risk Assessment Tool (NRAT) recently summarized in the IA Newsletter and available online at http://iac.dtic.mil/iatac/download/Vol11_No1.pdf. NRAT approaches an Operational Risk assessment using Probablisitc Risk Assessment techniques with likelihood and severity quantification determined through characterization of threat actors, attacks, and system protection through observable traits. More detailed information on NRAT is available by contacting Paul Winter at winterp@stratcom.mil.
Please add your thoughts on this and suggest additional and/or alternative approaches here!
Potential Enhancements or Alternative Analytical Approaches
The development of ranges, including the DoD IO Range and DARPA's National Cyber Range, promise to provide opportunities to gather objective data for more empirical treatment of cyber defense analysis. How do we use these resources to enhance our understanding and analytical baseline for cyber analysis?
Insert additional ideas here:
–
Recommendations to Improve Analytical Approaches
How do we approach V&V of recommended approaches? How do we collect data to populate models?
We are looking for individual analytical approaches to evaluate threat actors, threat actions/attacks, system protection strategies, and operational impact. We are seeking analytical approaches to integrate across these individual considerations to evaluate the likelihood of an attack being successful, the operational impact of a successful attack, and the cost-benefit tradeoffs of implementing various protection strategies.
Insert addional recommendations here:
Comments (1)
Bud Whiteman said
at 4:25 pm on Jun 30, 2008
One analytical method for considersation is the Network Risk Assessment Tool (NRAT) recently summarized in the IA Newsletter and available online at http://iac.dtic.mil/iatac/download/Vol11_No1.pdf
NRAT approaches an Operational Risk assessment using Probablisitc Risk Assessment techniques with likelihood and severity quantification determined through characterization of threat actors, attacks, and system protection through observable traits. More detailed information on NRAT is available by contacting Paul Winter at winterp@stratcom.mil
Please add your thoughts on this and suggest additional and/or alternative approaches!
You don't have permission to comment on this page.