ASSESSING AND VISUALIZING RISK IN MONTEREY PHOENIX THROUGH A SUPPLY CHAIN CYBER-ATTACK USE CASE
Loading...
Authors
Palmieri, Margaret
Subjects
risk
risk assessment
risk management
system
system of systems
complex system
Monterey Phoenix
MP
modeling
visualizing risk
cyber risk
cyber security
supply chain
Colonial Pipeline
hack
resource prioritization
global report
risk matrix
risk map
risk table
cyber-attack
cyber threat
Moebius
NSA
Giammarco
Auguston
Alden
risk assessment
risk management
system
system of systems
complex system
Monterey Phoenix
MP
modeling
visualizing risk
cyber risk
cyber security
supply chain
Colonial Pipeline
hack
resource prioritization
global report
risk matrix
risk map
risk table
cyber-attack
cyber threat
Moebius
NSA
Giammarco
Auguston
Alden
Advisors
Giammarco, Kristin M.
Date of Issue
2021-09
Date
Publisher
Monterey, CA; Naval Postgraduate School
Language
Abstract
This thesis explores how decision makers could use the Monterey Phoenix (MP) behavior modeling tool developed at the Naval Postgraduate School to assess, visualize, and prioritize cyber risk in a supply chain. Assessing supply chain risk is a complex problem because of the inter-relationships among various parts of the system and between the system and its environment. This thesis applies and extends a reusable methodology to analyze risk in MP, developed by Navy LCDR Richard Moebius in 2018, to the use case of a cyber-attack on a jet fuel supply chain, first modeled by student interns from the National Security Agency. It assesses and displays risk for single- and multi-threat use cases, and for the first time, adds the global report to an MP model for assessing risk. It demonstrates how MP can overcome the limitations of existing tools, like the risk table, risk map, and risk matrix. For example, MP automatically generates an exhaustive list of potential risk scenarios; MP sequence diagrams provide context on the system, its environment, and relationships among different risks; MP easily and quickly updates the model to support "what if" questions; and MP displays aggregate and average risk across the system and sorts scenarios by a user-defined risk threshold. Finally, the work describes how decision makers from different backgrounds can interact with the MP model to improve their understanding and prioritization of risk.
Type
Thesis
Description
Series/Report No
Department
Systems Engineering (SE)
Organization
Identifiers
NPS Report Number
Sponsors
Funder
Format
Citation
Distribution Statement
Approved for public release. Distribution is unlimited.
Rights
This publication is a work of the U.S. Government as defined in Title 17, United States Code, Section 101. Copyright protection is not available for this work in the United States.