CYBERSECURITY RISK MANAGEMENT PROCESS FOR UNMANNED AERIAL SYSTEMS (UAS) AT THE STRATEGIC LEVEL
Buettner, Raymond R., Jr.
Monarrez, Aurelio Jr.
MetadataShow full item record
In the last decade, the integration of unmanned aerial systems (UAS) into military operations has grown substantially. UAS have significantly contributed to U.S. military tactical, operational and strategic operations. Recently, the U.S. military has made increasing use of commercial off-the-shelf (COTS) UAS, yet none of the U.S. military services have a defined cybersecurity risk management process for COTS UAS. These systems have been susceptible to cyber attacks, leading to the May 2018 ban on the use of these systems across the Department of Defense (DoD). This research effort has developed a multi-echelon cybersecurity risk assessment process for the DoD. The proposed process would enable strategic, operational and tactical commanders to assess and communicate cybersecurity risks associated with COTS UAS. The process combined four steps from the Joint Risk Analysis Methodology (JRAM) framework and seven steps from a strategic risk business management process. This process would allow commanders to have an enhanced awareness of cybersecurity risks associated with COTS UAS operations, improved current cyber threat assessments, and tailored action plans for their areas of responsibility. The proposed process would help units and agencies across the DoD to resume their use, test and purchase of COTS UASs without the need for the current centralized waiver process.
Approved for public release. distribution is unlimited
Showing items related by title, author, creator and subject.
Lattimore, Gary L. (Monterey, CA; Naval Postgraduate School, 2019-06);The Department of Defense (DoD) does not have a defined cybersecurity operational risk management process for unmanned aerial systems (UASs). The DoD acknowledged this discrepancy and suspended all commercial-off-the-shelf ...
Roper, Scott T. (Monterey, California: Naval Postgraduate School, 2013-09);The U.S has experienced numerous strategy assessments, with respect to cybersecurity of the national critical infrastructure and key resources (CI/KR). This is primarily due to the recurring realization of, but failure to ...
Maule, Randy William (Monterey, California. Naval Postgraduate School, 2019-04-30); SYM-AM-19-037Current organizational structures have proven insufficient for cyber and information assurance. The acquisition role may be resourced and expanded to support information assurance and systems compliance. A supply chain ...