Download eBook for Free

FormatFile SizeNotes
PDF file 1.9 MB

Use Adobe Acrobat Reader version 10 or higher for the best experience.


Purchase Print Copy

 Format Price
Add to Cart Paperback70 pages $21.50

Research Questions

  1. Who are the key stakeholders in the CMTA process and what are their roles and responsibilities and inputs?
  2. When are external subject-matter experts needed to fill gaps in the process, and how are they recruited?
  3. What are the timelines and strategies for efficiencies when it comes to planning the analytical process and performing the actual analytical tasks?
  4. Why are critical reviews of CMTA results by all stakeholders so important?
  5. When CMTAs for multiple missions are needed, how can the analyses of multiple missions be effectively coordinated?

Cyber mission thread analysis (CMTA), which identifies mission-critical systems in a cyber threat environment, requires a disciplined, well-planned process for its execution. This report provides a proposed planning and implementation guide (1) to perform CMTA expeditiously while still giving results good enough to make decisions about mission criticality, and (2) to analyze multiple missions concurrently.

The authors offer guidance on the roles and responsibilities of organizations and personnel involved in CMTA; the process for implementing the analysis and the types of preparations necessary for successful implementation; a rough timeline required to perform CMTA for one or more missions concurrently; and the possible constraints and issues that may be encountered. The authors draw on lessons learned from a pilot CMTA application, analogous Air Force efforts, and relevant social science methods for conducting interviews and focus groups. They highlight a number of key considerations, including two that are most critical: (1) Develop and execute a detailed plan. The number of stakeholders involved and desire for a swift timeline require a substantial coordination effort; and (2) Remember that the ultimate CMTA goal is triage. It is vital that any mission-critical system appear highly ranked; it is okay if some non-critical systems appear highly ranked. This goal ensures discussions do not become unnecessarily detailed and results remain within scope.

The analytical tasks to perform CMTA are covered in a separate, companion document — Cyber Mission Thread Analysis: A Prototype Framework for Assessing Impact to Missions from Cyber Attacks to Weapon Systems — that readers can consult.

Key Findings

Planning is crucial

  • The number of stakeholders involved in a cyber mission thread analysis requires a substantial coordination effort.
  • Without proper planning, the timeline could be significantly extended and the results of the analysis could be inadequate.

The ultimate purpose of CMTA is triage

  • This goal is the guiding principle for all engagements with subject-matter experts and analysts.
  • Adherence to this goal keeps the CMTA process and results within scope and schedule.

Every CMTA exercise is a collaborative effort

  • Critical review of CMTA results by every stakeholder helps to ensure results are accurate.
  • Fostering stakeholder buy-in further instills credibility in the process.


  • To develop and execute a detailed plan for implementation, incorporate learnings from previous CMTAs.
  • Develop a repository for lessons learned, sample materials and questionnaires, and mission thread templates and make heavy use of these documents.
  • At the same time, to successfully execute the process, be prepared to tailor every CMTA exercise as needed.
  • When conducting interviews with subject-matter experts, use different techniques (unstructured and semi-structured interviews) to elicit information.
  • When eliciting information through focus groups and questionnaires, be aware of biases that can occur in questioning and responses and then pilot-test to refine responses.
  • Use the simple checklist, recommended and provided in this report. The checklist maps to the high-level phases of the CMTA process and adds administrative details essential for implementing the phases.

Research conducted by

The research described in this report was prepared for the Department of the Air Force and conducted by the Resource Management Program within RAND Project AIR FORCE.

This report is part of the RAND research report series. RAND reports present research findings and objective analysis that address the challenges facing the public and private sectors. All RAND reports undergo rigorous peer review to ensure high standards for research quality and objectivity.

This document and trademark(s) contained herein are protected by law. This representation of RAND intellectual property is provided for noncommercial use only. Unauthorized posting of this publication online is prohibited; linking directly to this product page is encouraged. Permission is required from RAND to reproduce, or reuse in another form, any of its research documents for commercial purposes. For information on reprint and reuse permissions, please visit

RAND is a nonprofit institution that helps improve policy and decisionmaking through research and analysis. RAND's publications do not necessarily reflect the opinions of its research clients and sponsors.