Automated Information Asset Tracking Methodology to Enable Timely Cyber Incident Mission Impact Assessment; Conference paper

摘要

The use of information technologies to enhance Command and Control (C2) processes has yielded enormous benefits in military operations. Commanders are able to make higher quality decisions by accessing multiple information resources; obtaining frequent updates; and by correlation between resources to reduce battlespace uncertainty. However, the dependence upon information technology creates significant operational risk that is often overlooked and is frequently underestimated. Risk management is the accepted process used to identify, value, and protect critical assets commensurate with their value. Risk analysis, the first step of the risk management process, requires the identification and documentation of organizational resources and determination of their criticality. While risk analysis is conceptually easy to understand, in practice it is difficult to conduct due to the dynamic nature of organizations, the temporal nature of operations, and the inherent subjectivity associated with valuation. In this paper, we propose a scalable, self- documenting, distributed information asset tracking methodology that identifies information dependencies, does not incur significant overhead, and prevents an adversary gaining knowledge from intercepted communications. The method is made feasible via the wide-spread deployment of Host-Based System Security software agents by JTF-GNO and can significantly enhance cyber damage assessment timeliness and accuracy and enables mission impact assessment.