Cyber Mission Thread Analysis
An Implementation Guide for Process Planning and Execution
ResearchPublished Mar 10, 2022
Cyber mission thread analysis (CMTA), which identifies mission-critical systems in a cyber threat environment, requires a disciplined, well-planned process for its execution. This report provides a proposed planning and implementation guide (1) to perform CMTA expeditiously while still giving results good enough to make decisions about mission criticality, and (2) to analyze multiple missions concurrently.
An Implementation Guide for Process Planning and Execution
ResearchPublished Mar 10, 2022
Cyber mission thread analysis (CMTA), which identifies mission-critical systems in a cyber threat environment, requires a disciplined, well-planned process for its execution. This report provides a proposed planning and implementation guide (1) to perform CMTA expeditiously while still giving results good enough to make decisions about mission criticality, and (2) to analyze multiple missions concurrently.
The authors offer guidance on the roles and responsibilities of organizations and personnel involved in CMTA; the process for implementing the analysis and the types of preparations necessary for successful implementation; a rough timeline required to perform CMTA for one or more missions concurrently; and the possible constraints and issues that may be encountered. The authors draw on lessons learned from a pilot CMTA application, analogous Air Force efforts, and relevant social science methods for conducting interviews and focus groups. They highlight a number of key considerations, including two that are most critical: (1) Develop and execute a detailed plan. The number of stakeholders involved and desire for a swift timeline require a substantial coordination effort; and (2) Remember that the ultimate CMTA goal is triage. It is vital that any mission-critical system appear highly ranked; it is okay if some non-critical systems appear highly ranked. This goal ensures discussions do not become unnecessarily detailed and results remain within scope.
The analytical tasks to perform CMTA are covered in a separate, companion document — Cyber Mission Thread Analysis: A Prototype Framework for Assessing Impact to Missions from Cyber Attacks to Weapon Systems — that readers can consult.
The research described in this report was prepared for the Department of the Air Force and conducted by the Resource Management Program within RAND Project AIR FORCE.
This publication is part of the RAND research report series. Research reports present research findings and objective analysis that address the challenges facing the public and private sectors. All RAND research reports undergo rigorous peer review to ensure high standards for research quality and objectivity.
This document and trademark(s) contained herein are protected by law. This representation of RAND intellectual property is provided for noncommercial use only. Unauthorized posting of this publication online is prohibited; linking directly to this product page is encouraged. Permission is required from RAND to reproduce, or reuse in another form, any of its research documents for commercial purposes. For information on reprint and reuse permissions, please visit www.rand.org/pubs/permissions.
RAND is a nonprofit institution that helps improve policy and decisionmaking through research and analysis. RAND's publications do not necessarily reflect the opinions of its research clients and sponsors.