Acquisition System Design Analysis for Improved Cyber Security Performance
Loading...
Authors
Naegle, Brad R.
Subjects
Advisors
Date of Issue
2019-04-30
Date
Publisher
Monterey, California. Naval Postgraduate School
Language
Abstract
There is ample evidence that cyber-attacks and cyber warfare are a growing concern for the United States. Our warfighting systems and networks have inherent vulnerabilities and so are targets for cyber adversaries. By nature, cyber warfare is an asynchronous strategy, so the danger posed by a cyber threat is not proportional to the size of the entity initiating the attack. The United States’ traditional adversaries, state and non-state actors, domestic terrorists, and even individuals can pose an equally dangerous threat. The various types and astonishing number of cyber-attacks on the DoD has focused efforts to limit exposure to cyber-attacks and mitigate unavoidable vulnerabilities. The most effective way to “harden” systems against potential cyber-attacks is to develop the system with a cyber warfare mindset. To do this, program managers must have an in-depth understanding of their system’s cyber vulnerabilities and exercise control over the design and configuration of those vulnerable subsystems. There are several challenges in both understanding and controlling a system’s cyber vulnerabilities, including that the Defense Acquisition System (DAS) is designed to cede most of the design decisions to the contractor. All known and potential cyber vulnerabilities need to be treated as system Configuration Item, so that design and configuration is under government control. Fortunately, there are tools, techniques, and analyses that can augment the DAS to gain a better understanding and provide more control over the design and configuration of those subsystems presenting cyber vulnerabilities. This research analyzes the integration of these tools and the expected improvement in cyber performance resulting from the implementation. The tools include the integration of the Maintainability, Upgradeability, Interoperability, Reliability, and Safety/Security (MUIRS) analyses; Software Engineering Institute’s Quality Attribute Workshop (QAW); Software Engineering Institute’s Architecture Trade-off Analysis Methodologysm; and the Failure Modes and Effects Criticality Analysis (FMECA).
Type
Report
Description
Series/Report No
Department
Organization
Acquisition Research Program (ARP)
Identifiers
NPS Report Number
SYM-AM-19-033
Sponsors
Naval Postgraduate School Acquisition Research Program
Funder
Format
Citation
Distribution Statement
Rights
This publication is a work of the U.S. Government as defined in Title 17, United States Code, Section 101. Copyright protection is not available for this work in the United States.