This research will advance the state of disaster planning for both defense and industry computer networks by providing a clearer picture of how cyber assets relate to the successful execution of mission-critical tasks.

Creating the Model

To create the cyber asset-to-mission model we must first map the relationships and dependencies between cyber assets and higher level abstractions (e.g. capability, mission). We then mine data from existing sources to identify and automatically populate portions of the model and relate the model components.

Since no automated process is perfect, we must provide the user with tools to make it easy to fill in missing data, or to correct relationships that the automated system "got wrong". We then expose the resulting model to Cyber Situational Awareness Systems to enable overall Impact Assessment.

Technical Challenges

There are many challenges to achieving this goal, beginning with identifying the minimum essential data that has to be collected to make inferences and populate the model. This is critical, as it is easy to become overwhelmed by "too much information" from network management systems. Keeping that data up to date is also a challenge: how to automatically collect and regularly update the model without interfering with network or system performance.

Finally, once the data is in hand we must know how to infer the dependence on a network service by a mission-critical capability.

What We Gain

The benefits to understanding the relationship between assets and missions are many, and include:

Improved Situational Awareness Enable higher levels of SA (Level 3) among key network managers

Impact Assessment More accurate estimation of the impact of a given a successful attack

Prediction of Impacts What-if analysis to determine what the impact of a disruption on a given asset might be

Problem Detection Changes over time could indicate intrusions, service agreement violations, or configuration problems