Cyber Mission Thread Analysis
A Prototype Framework for Assessing Impact to Missions from Cyber Attacks to Weapon Systems
ResearchPublished Mar 10, 2022
An important consideration when deciding to mitigate or accept a risk from a cyber attack to a weapon system is how it affects operational missions. To analyze mission impact, the authors propose a methodology that aims to achieve two goals: to be comprehensive enough to be executed at the scale of each of the missions in the U.S. Air Force yet simple enough to be updated as needed to guide decisions to accept or to mitigate specific risks.
A Prototype Framework for Assessing Impact to Missions from Cyber Attacks to Weapon Systems
ResearchPublished Mar 10, 2022
The most important consideration when deciding whether to mitigate or accept a risk from a cyber attack to a weapon system is how it affects operational missions — otherwise known as mission impact. It is, however, impractical to do a comprehensive assessment of every system and all missions across the entire Air Force given that each system is complex, with an enormous number of potential vulnerabilities to examine and each vulnerability having its own complicated threat environment.
Enter the cyber mission thread analysis framework. To analyze mission impact, the authors present this new methodology that aims to achieve several goals at once: to be comprehensive enough to be executed at the scale of each of the missions in the U.S. Air Force yet informative enough to guide decisions to accept or to mitigate specific risks. In addition, the method is simple enough to perform in no more than a few months and can be updated as needed.
The framework follows a top-down approach, starting with a "thread" (map) of the overall mission that captures all key mission elements and then the systems that support their execution. While the authors do not reduce the problem of cybersecurity risk assessment to a turnkey solution, they present useful methods for triaging areas of greatest concern to mission success while limiting detailed investigation of vulnerabilities and threats to only the most critical areas. Their framework is designed to be done at scale, to be applicable across scenarios, and to be clear in how it works.
The research described in this report was commissioned by the Commander of the Air Force Life Cycle Management Center and the Deputy Assistant Secretary of the Air Force for Science, Technology, and Engineering, Office of the Assistant Secretary of the Air Force for Acquisition and Logistics and conducted by the Resource Management Program within RAND Project AIR FORCE.
This publication is part of the RAND research report series. Research reports present research findings and objective analysis that address the challenges facing the public and private sectors. All RAND research reports undergo rigorous peer review to ensure high standards for research quality and objectivity.
This document and trademark(s) contained herein are protected by law. This representation of RAND intellectual property is provided for noncommercial use only. Unauthorized posting of this publication online is prohibited; linking directly to this product page is encouraged. Permission is required from RAND to reproduce, or reuse in another form, any of its research documents for commercial purposes. For information on reprint and reuse permissions, please visit www.rand.org/pubs/permissions.
RAND is a nonprofit institution that helps improve policy and decisionmaking through research and analysis. RAND's publications do not necessarily reflect the opinions of its research clients and sponsors.