Ensuring U.S. Air Force Operations During Cyber Attacks Against Combat Support Systems

Guidance for Where to Focus Mitigation Efforts

by Don Snyder, George E. Hart, Kristin F. Lynch, John G. Drew


Download eBook for Free

FormatFile SizeNotes
PDF file 1.4 MB

Use Adobe Acrobat Reader version 10 or higher for the best experience.


Purchase Print Copy

 FormatList Price Price
Add to Cart Paperback36 pages $16.95 $13.56 20% Web Discount

Research Questions

  1. What are the repercussions of a cyber attack to information systems on combat support functions?
  2. How might such attacks affect operations?
  3. How might those impacts be mitigated?

While combat support communities are not responsible for defending cyber networks, they are required to ensure mission execution, including when under cyber attack. Assessing mission assurance for combat support when under a cyber attack is challenging. The fact that many combat support systems do not reside on the most secure networks indicates potential vulnerabilities to cyber attack. Yet the sheer number of information systems that can be attacked, the range of vulnerabilities that these might have, the large number of combat support functions they support, and the complicated connections all of these have to operational missions makes assessments difficult. Add to this the evolving nature of the threats and vulnerabilities in cyberspace, and the task of finding adequate mitigation plans for all possibilities is formidable. RAND researchers developed a tool that presents a sequential process for identifying those functions and information systems most likely to be problematic for the operational mission during cyber attacks.

Key Findings

Making the Data Manageable Is Crucial

  • Analyzing this issue with a brute force approach is impractical because of the sheer number of permutations to assess and the constantly evolving nature of the information systems, vulnerabilities, and threats.
  • The Air Force counts 25 combat support functional communities, many of which have numerous subfunctions, and the sum of the functions are supported by hundreds of information systems.
  • There are numerous ways in which a cyber attack can occur and a variety of impacts that might result. These include denial-of-service attacks from outside a firewall, manipulating data from within a firewall, interrupting communications, taking control of a system, and others.
  • Analyzing every possible attack on all systems and assessing the impact to both combat support and operations would be impractical. Even if it were done, the results from such an analysis would be obsolete before completion.

A Sequential Process Prioritizes Those Programs Most in Need of Mitigation

  • RAND researchers developed a sequential process for identifying those functions and information systems most likely to be problematic for the operational mission during cyber attacks.
  • The approach finds the functions and information systems that are simultaneously the most critical to the mission — those that cause repercussions to the operational mission the fastest and those that have the highest risk of attack as defined by the threat, their vulnerability, and the impact of an attack.
  • The method is implemented in a Microsoft Excel-hosted decision support tool that does not require any special expertise in the cyber domain.

Table of Contents

  • Chapter One

    Analyzing Cyber Attacks Against Combat Support

  • Chapter Two

    A Decision Support Tool for Identifying Areas of Highest Interest

Research conducted by

The research described in this report was conducted within the Resource Management Program of RAND Project AIR FORCE and was commissioned by the U.S. Air Force Materiel Command.

This report is part of the RAND Corporation Research report series. RAND reports present research findings and objective analysis that address the challenges facing the public and private sectors. All RAND reports undergo rigorous peer review to ensure high standards for research quality and objectivity.

This document and trademark(s) contained herein are protected by law. This representation of RAND intellectual property is provided for noncommercial use only. Unauthorized posting of this publication online is prohibited; linking directly to this product page is encouraged. Permission is required from RAND to reproduce, or reuse in another form, any of its research documents for commercial purposes. For information on reprint and reuse permissions, please visit www.rand.org/pubs/permissions.

The RAND Corporation is a nonprofit institution that helps improve policy and decisionmaking through research and analysis. RAND's publications do not necessarily reflect the opinions of its research clients and sponsors.