Cyber Mission Thread Analysis

A Prototype Framework for Assessing Impact to Missions from Cyber Attacks to Weapon Systems

Don Snyder, Elizabeth Bodine-Baron, Dahlia Anne Goldfeld, Bernard Fox, Myron Hura, Mahyar A. Amouzegar, Lauren Kendrick

ResearchPublished Mar 10, 2022

The most important consideration when deciding whether to mitigate or accept a risk from a cyber attack to a weapon system is how it affects operational missions — otherwise known as mission impact. It is, however, impractical to do a comprehensive assessment of every system and all missions across the entire Air Force given that each system is complex, with an enormous number of potential vulnerabilities to examine and each vulnerability having its own complicated threat environment.

Enter the cyber mission thread analysis framework. To analyze mission impact, the authors present this new methodology that aims to achieve several goals at once: to be comprehensive enough to be executed at the scale of each of the missions in the U.S. Air Force yet informative enough to guide decisions to accept or to mitigate specific risks. In addition, the method is simple enough to perform in no more than a few months and can be updated as needed.

The framework follows a top-down approach, starting with a "thread" (map) of the overall mission that captures all key mission elements and then the systems that support their execution. While the authors do not reduce the problem of cybersecurity risk assessment to a turnkey solution, they present useful methods for triaging areas of greatest concern to mission success while limiting detailed investigation of vulnerabilities and threats to only the most critical areas. Their framework is designed to be done at scale, to be applicable across scenarios, and to be clear in how it works.

Key Findings

Analyzing mission impact at scale with reasonable resource expenditures is a primary challenge

  • Even narrowly defined missions require a vast number of systems, and each system can be quite complex.
  • Multiply the complexity of just one mission across every mission in the U.S. Air Force and the number of systems to assess becomes infeasible.

How a mission is performed changes as new systems are introduced, old systems are modified, and tactics, techniques, and procedures evolve

  • Changes to systems induce changes to system vulnerabilities and, concurrently, the threat evolves.
  • As missions, vulnerabilities, and threats change, risk assessment must be reexamined.

One of the peculiar characteristics of cyberspace is the ineffectiveness of redundancy

  • Redundancy does not provide robustness against cyber attack.
  • Redundant components share common vulnerabilities to cyber attack.

Loss of command and control can injure a mission without any system or component failure

  • Vulnerability to adversary manipulation of command and control is another peculiar cyber effect.
  • This type of cyber effect is not normally captured in techniques used in systems engineering for safety.

Decisionmakers often revert to intuition and judgment when they do not understand the workings of analysis

  • The more opaque analytical tools are, the more they are perceived as a “black box” and less trustworthy.
  • This reaction presents a motivation to be transparent so that the method can be trusted to guide decisions.

Recommendations

  • To execute mission impact assessment at scale and economize on effort, use methods that are familiar to systems engineering and a portfolio of criteria for mission criticality that can be used for triage.
  • When defining a mission, include no systems. Introduce the role of specific systems at a later stage in the analysis.
  • Separate work that is relatively stable over time from analysis that will need to be updated through the life cycle of a system.
  • Use existing and proven techniques when possible to be transparent so that decisionmakers understand how the analysis works and its limitations and will trust it to guide decisions.
  • Apply the concept of cyber separability to address the problem of redundancy.
  • Incorporate functional flow diagrams at the mission and the system level to address the issue of adversary command and control analysis.
  • To fully verify and validate the cyber mission thread analysis framework, the Air Force should apply and test it over a variety of different missions.

Order a Print Copy

Format
Paperback
Page count
52 pages
List Price
$17.50
Buy link
Add to Cart

Topics

Document Details

  • Availability: Available
  • Year: 2022
  • Print Format: Paperback
  • Paperback Pages: 52
  • Paperback Price: $17.50
  • Paperback ISBN/EAN: 978-1-9774-0807-5
  • DOI: https://doi.org/10.7249/RR3188.1
  • Document Number: RR-3188/1-AF

Citation

RAND Style Manual
Snyder, Don, Elizabeth Bodine-Baron, Dahlia Anne Goldfeld, Bernard Fox, Myron Hura, Mahyar A. Amouzegar, and Lauren Kendrick, Cyber Mission Thread Analysis: A Prototype Framework for Assessing Impact to Missions from Cyber Attacks to Weapon Systems, RAND Corporation, RR-3188/1-AF, 2022. As of October 4, 2024: https://www.rand.org/pubs/research_reports/RR3188z1.html
Chicago Manual of Style
Snyder, Don, Elizabeth Bodine-Baron, Dahlia Anne Goldfeld, Bernard Fox, Myron Hura, Mahyar A. Amouzegar, and Lauren Kendrick, Cyber Mission Thread Analysis: A Prototype Framework for Assessing Impact to Missions from Cyber Attacks to Weapon Systems. Santa Monica, CA: RAND Corporation, 2022. https://www.rand.org/pubs/research_reports/RR3188z1.html. Also available in print form.
BibTeX RIS

Research conducted by

The research described in this report was commissioned by the Commander of the Air Force Life Cycle Management Center and the Deputy Assistant Secretary of the Air Force for Science, Technology, and Engineering, Office of the Assistant Secretary of the Air Force for Acquisition and Logistics and conducted by the Resource Management Program within RAND Project AIR FORCE.

This publication is part of the RAND research report series. Research reports present research findings and objective analysis that address the challenges facing the public and private sectors. All RAND research reports undergo rigorous peer review to ensure high standards for research quality and objectivity.

This document and trademark(s) contained herein are protected by law. This representation of RAND intellectual property is provided for noncommercial use only. Unauthorized posting of this publication online is prohibited; linking directly to this product page is encouraged. Permission is required from RAND to reproduce, or reuse in another form, any of its research documents for commercial purposes. For information on reprint and reuse permissions, please visit www.rand.org/pubs/permissions.

RAND is a nonprofit institution that helps improve policy and decisionmaking through research and analysis. RAND's publications do not necessarily reflect the opinions of its research clients and sponsors.