A Combat-Effectiveness Approach to Information Assurance

摘要

This paper describes results of 2008 and 2009 investigations into approaching information assurance as a component of a network-centric system's combat effectiveness. The proposed approach would provide timely and quantitative assessments of the vulnerability of network-centric systems as they progress through development, prior to full-rate production, and after fielding. The motivation rests on the proposition that vulnerabilities associated with computer networks have many similarities to vulnerabilities on conventional weapon system platforms. However, the vulnerabilities of networked environments have their own unique challenges. In particular, while sophisticated kinetic threats are relatively static, the network threat has changed significantly over the past decade, and continues to change as new technologies arc developed and fielded. The identities, motivations, objectives, targets, and tactics of the threat agents are constantly changing. Unlike many kinetic threats, the tools of network malicious activities are inexpensive and deployable from almost anywhere. To complicate matters the most serious network threat is not a denial of service or a major disruption in the network, but rather one in which the adversaries are able to maintain the integrity of the network while manipulating mission data and applications. When adversaries are able to penetrate without affecting the network it becomes very difficult to detect and react to the threat. Operators and organizations must be able to fight through such attacks, but currently system operators are not armed with the proper knowledge or processes defined to defend against these attacks. And in many cases, the systems are not designed to detect such attacks. In this paper we describe a series of proposed steps to systematically assess any vulnerability a new system might bring to a network environment, estimate which of those vulnerabilities might be susceptible to postulated threat exploitations, then develop and test recovery mechanisms. Results of such tests should allow management to evaluate system protection and detection features, as well as the ability of operators to react and recover from attacks. In the summer of 2008, we applied these steps to plan and conduct a small demonstration test at the Air Force's 46th Test Squadron. Then in the summer of 2009 we conducted a tabletop exercise at United States Joint Forces Command to build on the previous summer's results. In this paper we will discuss results of these activities as well as our assessments of the effectiveness and suitability of the proposed approach.