Cyber Incident Mission Impact Assessment

From MilcordWiki

Jump to: navigation, search
Cyber Incident Mission Impact Assessment (CIMIA) learns a mission's dependency on information assets, and informs decision makers about the impact to the mission when cyber incidents affect these information assets.
Arrow right.gif publications
Arrow right.gif request information

Overview

The objective of CIMIA is to develop a structured process and technology that provides decision makers with context-specific, real-time situational awareness of the status of critical information resources.

Need

Curently, the USAF does not collect, document, or maintain knowledge of mission-to-information dependencies effectively. The USAF needs to develop a structured process to provide decision makers with context-specific, real-time situational awareness of the status of critical information resources that will be enable analysts and commanders to answer the question: “Who or what is dependent upon a given information asset?”

CIMIA therefore needs to:

  • Identify and link explicit mission representations (e.g. task, processes, objectives) to their dependent information assets
  • Monitor changes in the state of information assets
  • Provide dynamic risk assessment processes that tie to the evolution of the mission
  • Provide relevant notification to downstream information consumers following an information incident
  • Enable the user to visualize potential impacts while providing situation understanding about the degradation in mission capability

Approach

Semantic Resource Description

Leveraging our CLearn solution, CIMIA provides the following functionality:

  • Semantic representation of commander-centric ontology using Semantic Web standards (RDF – Resource Description Framework; and OWL – Web Ontology Language) of information assets, network resources and mission context to enable semantic reasoning and attribute-based machine learning
  • Automated development of user profiles through passive user and system behavior monitoring that determines Commander’s Critical Information Requirements (CCIR)
  • Interface Learning Agent learns behavior patterns and provides notification messages of cyber incidents affecting commander’s missions
  • Personalization agent that offers to assist user in execution of key tasks, and automated determination of resource dependencies
  • An Open API that developers can use to integrate with their existing system to take advantage of the personalization engine technology

Benefits

  • Government:
  • Increased situation assessment in network-centric operating environments
  • Reduced cognitive loading in operations centers
  • Commercial:
  • Real-time continuity of operations

Applications

  • Military: Air and Space Operation Centers (AOC) workflow automation
  • Civilian: Telecommunications and logistics
  • Competitive Advantages:
  • Unlike mission impact estimation tools that require the explicit specification of dependencies, CIMIA learns the mission to asset dependencies and workarounds.

References

Agent.jpg
  • Miller, J.L., Mills, R.F., Grimaila, M.R. and Haas, M.W. A scalable Architecture for Improving the Timeliness and Relevance of Cyber Incident Notifications, 2011 IEEE Symposium on Computational Intelligence in Cyber Security (CICS), April 11-15, 2011, Paris, France.
  • Caglayan, A.,Burke, D., Stroh, L. and Das, S. (2011) Activity Sequence Learning in Mission Critical Tasks, Fusion 2011, 14th International Conference on Information Fusion, Chicago, IL, July 5-8, 2011.
  • Burke, D. and Caglayan, A. (2010) Cyber Incident Mission Impact Assessment (CIMIA), Technical Report, AFRL Information Directorate, Rome, NY, November 15, 2010.
  • Grimaila, M.R., Fortson, L.W., and Sutton, J.L. Design Considerations for a Cyber Incident Mission Impact Assessment (CIMIA) Process, Proceedings of the 2009 International Conference on Security and Management (SAM09), Las Vegas, Nevada, July 13-16, 2009. paper
  • Grimaila, M.R., Schechtman, G., and Mills, R.F. Improving Cyber Incident Notification in Military Operations, Proceedings of the 2009 Insitute of Industrial Engineers Annual Conference, Miami, FL, May 30-June 3, 2009. paper
  • Caglayan, A., Burke, D. and Eaton, G. (2008) Commander's Learning Agent, Technical Report, DTIC AD No. AD Number: ADB346317, Milcord, Waltham, MA.
  • Caglayan, A., Gioioso, M., Minieri, J., and Frank, B. (2006) Incident Response Decision Aid – irDA, Technical Report, DTIC AD Number ADB318493, Open Service Inc. Westborough, MA, January 2006.
  • Caglayan, A. and Harrison, C. G. (1997) Agent Sourcebook, ISBN 0-471-15327-3, John Wiley & Sons, Inc., NY. book
  • Caglayan, A., and M. Snorrason, J. Jacoby, J. Mazzu, R. Jones and K. Kumar. Learn Sesame - A Learning Agent Engine in N. Jennings and B. Crabtree (Eds.) International Journal of Applied Artificial Intelligence, Vol. 11, No. 5, p. 393, 1997.
Retrieved from "http://wiki.milcord.com/index.php/Cyber_Incident_Mission_Impact_Assessment"
Personal tools