Cyber Mission Thread Analysis

An Implementation Guide for Process Planning and Execution

Lauren A. Mayer, Don Snyder, Guy Weichenberg, Danielle C. Tarraf, Jonathan W. Welburn, Suzanne Genc, Myron Hura, Bernard Fox

ResearchPublished Mar 10, 2022

Cyber mission thread analysis (CMTA), which identifies mission-critical systems in a cyber threat environment, requires a disciplined, well-planned process for its execution. This report provides a proposed planning and implementation guide (1) to perform CMTA expeditiously while still giving results good enough to make decisions about mission criticality, and (2) to analyze multiple missions concurrently.

The authors offer guidance on the roles and responsibilities of organizations and personnel involved in CMTA; the process for implementing the analysis and the types of preparations necessary for successful implementation; a rough timeline required to perform CMTA for one or more missions concurrently; and the possible constraints and issues that may be encountered. The authors draw on lessons learned from a pilot CMTA application, analogous Air Force efforts, and relevant social science methods for conducting interviews and focus groups. They highlight a number of key considerations, including two that are most critical: (1) Develop and execute a detailed plan. The number of stakeholders involved and desire for a swift timeline require a substantial coordination effort; and (2) Remember that the ultimate CMTA goal is triage. It is vital that any mission-critical system appear highly ranked; it is okay if some non-critical systems appear highly ranked. This goal ensures discussions do not become unnecessarily detailed and results remain within scope.

The analytical tasks to perform CMTA are covered in a separate, companion document — Cyber Mission Thread Analysis: A Prototype Framework for Assessing Impact to Missions from Cyber Attacks to Weapon Systems — that readers can consult.

Key Findings

Planning is crucial

  • The number of stakeholders involved in a cyber mission thread analysis requires a substantial coordination effort.
  • Without proper planning, the timeline could be significantly extended and the results of the analysis could be inadequate.

The ultimate purpose of CMTA is triage

  • This goal is the guiding principle for all engagements with subject-matter experts and analysts.
  • Adherence to this goal keeps the CMTA process and results within scope and schedule.

Every CMTA exercise is a collaborative effort

  • Critical review of CMTA results by every stakeholder helps to ensure results are accurate.
  • Fostering stakeholder buy-in further instills credibility in the process.

Recommendations

  • To develop and execute a detailed plan for implementation, incorporate learnings from previous CMTAs.
  • Develop a repository for lessons learned, sample materials and questionnaires, and mission thread templates and make heavy use of these documents.
  • At the same time, to successfully execute the process, be prepared to tailor every CMTA exercise as needed.
  • When conducting interviews with subject-matter experts, use different techniques (unstructured and semi-structured interviews) to elicit information.
  • When eliciting information through focus groups and questionnaires, be aware of biases that can occur in questioning and responses and then pilot-test to refine responses.
  • Use the simple checklist, recommended and provided in this report. The checklist maps to the high-level phases of the CMTA process and adds administrative details essential for implementing the phases.

Order a Print Copy

Format
Paperback
Page count
70 pages
List Price
$21.50
Buy link
Add to Cart

Topics

Document Details

  • Availability: Available
  • Year: 2022
  • Print Format: Paperback
  • Paperback Pages: 70
  • Paperback Price: $21.50
  • Paperback ISBN/EAN: 978-1-9774-0808-2
  • DOI: https://doi.org/10.7249/RR3188.2
  • Document Number: RR-3188/2-AF

Citation

RAND Style Manual
Mayer, Lauren A., Don Snyder, Guy Weichenberg, Danielle C. Tarraf, Jonathan W. Welburn, Suzanne Genc, Myron Hura, and Bernard Fox, Cyber Mission Thread Analysis: An Implementation Guide for Process Planning and Execution, RAND Corporation, RR-3188/2-AF, 2022. As of September 13, 2024: https://www.rand.org/pubs/research_reports/RR3188z2.html
Chicago Manual of Style
Mayer, Lauren A., Don Snyder, Guy Weichenberg, Danielle C. Tarraf, Jonathan W. Welburn, Suzanne Genc, Myron Hura, and Bernard Fox, Cyber Mission Thread Analysis: An Implementation Guide for Process Planning and Execution. Santa Monica, CA: RAND Corporation, 2022. https://www.rand.org/pubs/research_reports/RR3188z2.html. Also available in print form.
BibTeX RIS

Research conducted by

The research described in this report was prepared for the Department of the Air Force and conducted by the Resource Management Program within RAND Project AIR FORCE.

This publication is part of the RAND research report series. Research reports present research findings and objective analysis that address the challenges facing the public and private sectors. All RAND research reports undergo rigorous peer review to ensure high standards for research quality and objectivity.

This document and trademark(s) contained herein are protected by law. This representation of RAND intellectual property is provided for noncommercial use only. Unauthorized posting of this publication online is prohibited; linking directly to this product page is encouraged. Permission is required from RAND to reproduce, or reuse in another form, any of its research documents for commercial purposes. For information on reprint and reuse permissions, please visit www.rand.org/pubs/permissions.

RAND is a nonprofit institution that helps improve policy and decisionmaking through research and analysis. RAND's publications do not necessarily reflect the opinions of its research clients and sponsors.