Ensuring U.S. Air Force Operations During Cyber Attacks Against Combat Support Systems
Guidance for Where to Focus Mitigation Efforts
- What are the repercussions of a cyber attack to information systems on combat support functions?
- How might such attacks affect operations?
- How might those impacts be mitigated?
While combat support communities are not responsible for defending cyber networks, they are required to ensure mission execution, including when under cyber attack. Assessing mission assurance for combat support when under a cyber attack is challenging. The fact that many combat support systems do not reside on the most secure networks indicates potential vulnerabilities to cyber attack. Yet the sheer number of information systems that can be attacked, the range of vulnerabilities that these might have, the large number of combat support functions they support, and the complicated connections all of these have to operational missions makes assessments difficult. Add to this the evolving nature of the threats and vulnerabilities in cyberspace, and the task of finding adequate mitigation plans for all possibilities is formidable. RAND researchers developed a tool that presents a sequential process for identifying those functions and information systems most likely to be problematic for the operational mission during cyber attacks.
Making the Data Manageable Is Crucial
- Analyzing this issue with a brute force approach is impractical because of the sheer number of permutations to assess and the constantly evolving nature of the information systems, vulnerabilities, and threats.
- The Air Force counts 25 combat support functional communities, many of which have numerous subfunctions, and the sum of the functions are supported by hundreds of information systems.
- There are numerous ways in which a cyber attack can occur and a variety of impacts that might result. These include denial-of-service attacks from outside a firewall, manipulating data from within a firewall, interrupting communications, taking control of a system, and others.
- Analyzing every possible attack on all systems and assessing the impact to both combat support and operations would be impractical. Even if it were done, the results from such an analysis would be obsolete before completion.
A Sequential Process Prioritizes Those Programs Most in Need of Mitigation
- RAND researchers developed a sequential process for identifying those functions and information systems most likely to be problematic for the operational mission during cyber attacks.
- The approach finds the functions and information systems that are simultaneously the most critical to the mission — those that cause repercussions to the operational mission the fastest and those that have the highest risk of attack as defined by the threat, their vulnerability, and the impact of an attack.
- The method is implemented in a Microsoft Excel-hosted decision support tool that does not require any special expertise in the cyber domain.
Table of Contents
Analyzing Cyber Attacks Against Combat Support
A Decision Support Tool for Identifying Areas of Highest Interest