Download

Download eBook for Free

FormatFile SizeNotes
PDF file 1.3 MB

Use Adobe Acrobat Reader version 10 or higher for the best experience.

Purchase

Purchase Print Copy

 FormatList Price Price
Add to Cart Paperback66 pages $21.00 $16.80 20% Web Discount

Research Question

  1. What can the Air Force logistics community do to better detect, evaluate, report, and prioritize the response to corrupt data in order to satisfactorily continue operations in the event of significant data corruption?

Logistics operations depend on accurate information. Even relatively small errors in support systems can, in some circumstances, have large effects on operations. But errors are inevitable, so logistics operations should be robust to errors, whether they are a random occurrence or the result of a deliberate, targeted cyber attack. The U.S. Air Force asked RAND Project AIR FORCE to determine where it is most fruitful to focus effort in making changes to tactics, techniques, and procedures to improve an airman's ability to detect, evaluate, and mitigate significant corruption of logistics data. The goal is to respond to errors in data before they have a significant negative effect on combat operations.

Highly automated processes — in which humans do not see the data during normal operations — present a significant challenge for detection. Detection of corrupted data is most critical during wartime, yet anomalies are less evident during wartime than during peacetime because wartime itself is an anomaly. Therefore, mechanisms are needed to adjust detection mechanisms from peacetime to wartime conditions. For workers (airmen, civilians, and contractors) to detect anomalous data, they all must be trained to understand the expected baseline and must be continuously vigilant when examining data. Leadership must also create an environment that encourages workers to report suspected anomalous data.

Recommendations include defining, within logistics policy, what measures the logistics community should take in response to each information operations condition level and creating a new central body (perhaps within an existing organization) — the Global Data Integrity Cell — that would receive all reports of suspected data anomalies to enable enterprise-wide situational awareness.

Key Findings

Critical Areas in Which to Enhance the Ability to Detect Corrupted Data

  • The detection must be sufficiently prompt. Promptness results from a combination of individuals detecting and reporting corrupted data quickly and detecting corrupted data early in the chain of custody.
  • Highly automated processes — in which humans do not see the data during normal operations — present a significant challenge for detection. Automation requires special mechanisms to assist in detecting corruption.
  • Detection of corrupted data is most critical during wartime, yet anomalies are less evident during wartime than during peacetime because wartime itself is an anomaly. Mechanisms are needed to adjust detection mechanisms from peacetime to wartime conditions.
  • For workers (airmen, civilians, and contractors) to detect anomalous data, they all need to be trained to understand the expected baseline and need to be continuously vigilant when examining data.
  • Leadership must create an environment that encourages workers to report suspected anomalous data.

Recommendations

  • Define, within logistics policy, what measures the logistics community should take in response to each information operations condition level. This action is the most likely to yield positive, tangible results with the least expenditure of resources.
  • Adopt simple methods to detect data corruption in fully automated processes that are routinely used in fraud detection (such as Benford's Law).
  • Enhance the education and training of all members of the enterprise about the threat to operations from data corruption (and cyber attack more generally).
  • Supplement current reporting mechanisms and assessments.
  • Create a new central body (perhaps within an existing organization) — the Global Data Integrity Cell — that would receive all reports of suspected data anomalies to enable enterprise-wide situational awareness.
  • For optimal response, enact strategies to prioritize proactive mitigations and specific reported incidents. Assign a time frame for assessment of each incident and potential mitigation.

Table of Contents

  • Chapter One

    Approaching the Problem

  • Chapter Two

    The Challenges of Detection

  • Chapter Three

    Recommendations for Improving Detection

  • Chapter Four

    Evaluation

  • Chapter Five

    Prioritizing the Effort

  • Chapter Six

    Discussion and Conclusions

Research conducted by

The research described in this report was sponsored by the Director of Resource Integration under the Air Force Deputy Chief of Staff, Logistics, Engineering, and Force Protection and co-sponsored by the Director, Logistics, Engineering, and Force Protection, Air Force Global Strike Command and conducted by the Resource Management Program within RAND Project AIR FORCE.

This report is part of the RAND Corporation research report series. RAND reports present research findings and objective analysis that address the challenges facing the public and private sectors. All RAND reports undergo rigorous peer review to ensure high standards for research quality and objectivity.

Permission is given to duplicate this electronic document for personal use only, as long as it is unaltered and complete. Copies may not be duplicated for commercial purposes. Unauthorized posting of RAND PDFs to a non-RAND Web site is prohibited. RAND PDFs are protected under copyright law. For information on reprint and linking permissions, please visit the RAND Permissions page.

The RAND Corporation is a nonprofit institution that helps improve policy and decisionmaking through research and analysis. RAND's publications do not necessarily reflect the opinions of its research clients and sponsors.