Cyber Incident Mission Impact Assessment

From MilcordWiki

CIMIA learns a mission's dependency on information assets, and informs decision makers on the mission impact of cyber incidents affecting these information assets.
publications ...
request information ...

Overview

The objective of CIMIA is to develop a structured process and technology that provides decision makers with context-specific, real-time situational awareness of the status of critical information resources.

Need

Curently, the USAF does not collect, document or maintain knowledge of mission-to-information dependencies effectively. The USAF needs to develop a structured process to provide decision makers with context-specific, real-time situational awareness of the status of critical information resources, that will be enable analysts and commanders to answer the question: “Who is dependent upon a given information asset?” CIMIA needs to:

• identify and link explicit mission representations (e.g. task, processes, objectives) to their dependent information assets,
• monitor changes in the state of information assets,
• provide dynamic risk assessment process robust to mission evolution,
• provide relevant notification to downstream information consumers following an information incident, and
• enable the user visualize potential impacts while providing situation understanding of the degradation in mission capability.

Approach

Semantic Resource Description

The design of a semantic hierarchy for the monitoring CIMIA tagged resources is the biggest challenge that needs to be addressed. Although there are currently several information repositories for the usage (e.g. Security Incident and Event Management (SIEM) Log Management) and messaging systems that report the state changes of these resources (e.g. Simple Network Management Protocol (SNMP) for monitoring networks), theses systems are not designed for figuring out the mission dependency of information resources.

Leveraging our CLearn solution, CIMIA provides the following functionality:

• Semantic representation of commander-centric ontology using Semantic Web standards (RDF – Resource Description Framework; and OWL – Web Ontology Language) of Information Assets, Network Resources and Mission Context to enable semantic reasoning and attribute-based machine learning
• Automated development of user profiles through passive user and system behavior monitoring that determines Commander’s Critical Information Requirements (CCIR)
• Interface Learning Agent learns behavior patterns and provides notification messages of cyber incidents affecting commander’s missions
• Personalization agent that offers to assist user in execution of key tasks, and automated determination of resource dependencies
• An Open API that developers can use to integrate with their existing system to take advantage of the personalization engine technology

Benefits

• Government:

  • Increased situation assessment in network centric computing environments
  • Reduced cognitive loading in operations centers

• Commercial:

  • Real-time continuity of operations

Applications

• Military: Air and Space Operation Centers (AOC) workflow automation
• Civilian: Telecommunications and logistics
• Competitive Advantages:

  • Unlike mission impact estimation tools that require the explicit specification of dependencies, CIMIA learns the mission to asset dependencies and workarounds.

References

• Grimaila, M.R., Fortson, L.W., and Sutton, J.L, Design Considerations for a Cyber Incident Mission Impact Assessment (CIMIA) Process, Proceedings of the 2009 International Conference on Security and Management (SAM09), Las Vegas, Nevada, July 13-16, 2009.
• Grimaila, M.R., Schechtman, G., and Mills, R.F., Improving Cyber Incident Notification in Military Operations, Proc. of the 2009 Insitute of Industrial Engineers Annual Conference, Miami, FL, May 30, 2009 - June 3, 2009.
• Caglayan, A., Burke, D. and Eaton, G. (2008) Commander's Learning Agent, Technical Report. DTIC AD No. AD Number: ADB346317, Milcord LLC Waltham, MA.
• Caglayan, A., Gioioso, M., Minieri, J., and Frank, B. (2006) “Incident Response Decision Aid – irDA”, Technical Report, DTIC AD Number ADB318493, Open Service Inc. Westborough, MA Jan. 2006.
• Caglayan, A. and Harrison, C. G., Agent Sourcebook, ISBN 0-471-15327-3, July 1997, John Wiley & Sons, Inc., NY.
• Caglayan, A., and M. Snorrason, J. Jacoby, J. Mazzu, R. Jones and K. Kumar, Learn Sesame - A Learning Agent Engine” in N. Jennings and B. Crabtree (Eds.) International Journal of Applied Artificial Intelligence, Vol. 11, No. 5, p. 393, 1997.