Operational Exercise Integration Recommendations for DoD Cyber Ranges

نویسنده

  • N. J. Hwang
چکیده

Permission has been given to destroy this document when it is no longer needed. Cyber-enabled and cyber-physical systems connect and engage virtually every mission-critical military capability today. And as more warfighting technologies become integrated and connected, both the risks and opportunities from a cyberwarfare continue to grow—motivating sweeping requirements and investments in cybersecurity assessment capabilities to evaluate technology vulner-abilities, operational impacts, and operator effectiveness. Operational testing of cyber capabilities, often in conjunction with major military exercises, provides valuable connections to and feedback from the operational warfighter community. These connections can help validate capability impact on the mission and, when necessary, provide course-correcting feedback to the technology development process and its stakeholders. However, these tests are often constrained in scope, duration, and resources and require a thorough and wholistic approach, especially with respect to cyber technology assessments, where additional safety and security constraints are often levied. This report presents a summary of the state of the art in cyber assessment technologies and methodologies and prescribes an approach to the employment of cyber range operational exercises (OPEXs). Numerous recommendations on general cyber assessment methodologies and cyber range design are included, the most significant of which are summarized below. • Perform bottom-up and top-down assessment formulation methodologies to robustly link mission and assessment objectives to metrics, success criteria, and system observables. • Include threat-based assessment formulation methodologies that define risk and security met-rics within the context of mission-relevant adversarial threats and mission-critical system assets. • Follow a set of cyber range design mantras to guide and grade the design of cyber range components. • Call for future work in live-to-virtual exercise integration and cross-domain modeling and simulation technologies. • Call for continued integration of developmental and operational cyber assessment events, development of reusable cyber assessment test tools and processes, and integration of a threat-based assessment approach across the cyber technology acquisition cycle. Finally, this recommendations report was driven by obsevations made by the MIT Lincoln Laboratory (MIT LL) Cyber Measurement Campaign (CMC) team during an operational demonstration event for the DoD Enterprise Cyber Range Environment (DECRE) Command and Control Information Systems (C2IS). 1 This report also incorporates a prior CMC report based on Pacific Command (PACOM) exercise observations, as well as MIT LL's expertise in cyber range development and cyber systems assessment. 2 1 CMC is explained in further detail in Appendix A.1. 2 See References section at the end of the report. …

برای دانلود متن کامل این مقاله و بیش از 32 میلیون مقاله دیگر ابتدا ثبت نام کنید

ثبت نام

اگر عضو سایت هستید لطفا وارد حساب کاربری خود شوید

منابع مشابه

GAO-09-175 Unmanned Aircraft Systems: Additional Actions Needed to Improve Management and Integration of DOD Efforts to Support Warfighter Needs

The Department of Defense's (DOD) use of unmanned aircraft systems (UAS) continues to increase. In 2000, DOD components had fewer than 50 unmanned aircraft in their inventory. By May 2008, they had more than 6,000. However, DOD faces challenges, such as UAS acquisition and the integration of UAS into joint combat operations. GAO has made a series of recommendations to address challenges, includ...

متن کامل

Towards Net-Centric Cyber Survivability for Ballistic Missile Defense

The United States Department of Defense (DoD) is engaged in a mission to unify its software systems towards a “net-centric” vision— where commanders gain advantage by rapidly producing, consuming, and sharing information using service oriented architectures (SOAs). In this paper, we study the cyber survivability of mission-critical net-centric systems, focusing on Ballistic-Missile-Defense (BMD...

متن کامل

DoD Information Assurance and Agile: Challenges and Recommendations Gathered Through Interviews with Agile Program Managers and DoD Accreditation Reviewers

ix 1 Overview and Scope 1 2 Research Approach 3 3 Overview of Highlights from Brief Literature Search 4 4 Summary of Recommendations from Interviews 7 5 Interview Findings: Introduction 15 6 Interview Findings: Challenges from the Agile Program Manager Perspective 17 7 Interview Findings: Challenges from the Accrediting Authority Perspective 22 8 Implications of Existing Information Assurance P...

متن کامل

Cyber Medical Education: Beyond the Integration of Concepts in Technology-based Learning

Introduction: Along with the transition from the digital era to the era of cyber-technology, medical professionals have been forced to use different conceptual systems to meet their informational and communicational needs. These emerging scientific concepts each have specific meaning which should be redefined in their own context so that they could be utilized in the conceptual systems of speci...

متن کامل

Analyzing Mission Impacts of Cyber Actions (AMICA)

This paper describes AMICA (Analyzing Mission Impacts of Cyber Actions), an integrated approach for understanding mission impacts of cyber attacks. AMICA combines process modeling, discrete-event simulation, graph-based dependency modeling, and dynamic visualizations. This is a novel convergence of two lines of research: process modeling/simulation and attack graphs. AMICA captures process flow...

متن کامل

ذخیره در منابع من


  با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید

برای دانلود متن کامل این مقاله و بیش از 32 میلیون مقاله دیگر ابتدا ثبت نام کنید

ثبت نام

اگر عضو سایت هستید لطفا وارد حساب کاربری خود شوید

عنوان ژورنال:

دوره   شماره 

صفحات  -

تاریخ انتشار 2015