Conference Paper
MISSION AWARE : Evidence-Based, Mission-Centric Cybersecurity Analysis
Start Date: 2017-12-05Lead Authors:
Georgios Bakirtzis
Bryan Carter
Dr. Carl Elks
Dr. Cody Fleming
Abstract:
Currently, perimeter-based approaches are the mainstay of cybersecurity. While this paradigm is necessary, there is mounting evidence of its insufficiency with respect to sophisticated and coordinated attacks. In contrast to perimeterbased security, mission-centric cybersecurity provides awareness of how attacks can influence mission success and therefore focuses resources for mitigating vulnerabilities and protecting critical assets. This is strategic as opposed to tactical perimeter-based cybersecurity. We propose MISSION AWARE, which assists in the identification of parts of a system that destabilize the overall mission of the system if compromised. MISSION AWARE starts with a structured elicitation process that leads to hazards analysis. It employs hierarchical modeling methods to capture mission requirements, admissible functional behaviors, and system architectures. It then generates evidence—attacks applicable to elements that directly correlate with mission success. Finally, MISSION AWARE traces evidence back to mission requirements to determine the evidence with the highest impact relative to mission objectives.