Publication:
Applying Cause-Effect Mapping to Assess Cybersecurity Vulnerabilities in Model-Centric Acquisition Program Environments

Loading...
Thumbnail Image
Authors
Reid, Jack
Rhodes, Donna H.
Subjects
Advisors
Date of Issue
2018-04-30
Date
04/30/18
Publisher
Monterey, California. Naval Postgraduate School
Language
Abstract
Digital engineering approaches are increasingly used in acquisition of systems, changing the current paradigm from documentation-centric to model-centric. Not only are these systems highly vulnerable to cyber threats, so too are their enabling environment and digital assets. While good practices have emerged to support the shift to model-centric program acquisition, such programs experience perturbations over their life cycles that introduce new vulnerabilities that may lead to cascading failures. Cybersecurity vulnerabilities are of particular concern given digital transformation and increasing threat actors, making vulnerability assessment essential throughout acquisition program life cycles. This paper discusses ongoing research that seeks to provide program managers with the means to identify cybersecurity vulnerabilities within model-centric programs (along with other model-related vulnerabilities) and determine where interventions can most effectively be taken. The research builds on recent work in developing a reference model for model-centric program vulnerability assessment that uses the Cause-Effect Mapping (CEM) analytic technique. This research investigates cybersecurity specifically, using CEM and other dynamic analysis approaches, including a prototype for proactive assessment of cybersecurity and evaluation of potential interventions.
Type
Report
Description
Department
Other Units
Naval Postgraduate School (U.S.)
Identifiers
NPS Report Number
SYM-AM-18-090
Sponsors
Naval Postgraduate School Acquisition Research Program
Funder
Format
Citation
Distribution Statement
Rights
This publication is a work of the U.S. Government as defined in Title 17, United States Code, Section 101. Copyright protection is not available for this work in the United States.
Collections