Mission-Centric Cyber Security Assessment of Critical Systems

摘要

Space missions are supported on the ground by large, complex system consisting of several interconnected and interdependent cyber components such as servers, routers, switches, and applications. Cyber attacks against the underlying cyber components have the potential to ultimately affect the confidentiality, integrity and availability of high-level missions. A fundamental challenge for system designers and decision-makers in such complex, mission-critical environments is understanding how low-level cyber events propagate through the underlying interconnected and interdependent system to impact high-level mission objectives. We present a novel model-based, mission-centric approach to perform cyber security assessments for evaluating the impact of low-level cyber events on high-level mission objectives. Traditional approaches to cyber-security assessment can be broadly classified as either threat-centric, where the focus is on modeling threat behavior, or system-centric, where the focus is on modeling system behavior, and consequences of attacks. We present a hybrid approach, in which we first build a multi-layered model of the cyber system, and model threats to the system via generic attack trees. Then, by incorporating specific vulnerability information about the nodes in the system, our approach allows us to visualize the propagation of multiple threat behaviors through the system model. This enables a more comprehensive assessment of the cyber risk to the high-level mission objectives. We demonstrate the benefits of our approach using a system model and attack trees specific to the command-and-control system of a spacecraft. Specifically, we demonstrate how our approach enables a decision-maker to assess the security posture of the system, identify necessary mitigations and prioritize their deployment.