Threat Assessment & Remediation Analysis (TARA) Methodology Description Version 1.0 Sponsor: OSD (NII (original) (raw)
Mission Assurance Engineering (MAE) is the sub discipline of Enterprise Systems Engineering (ESE) intended to provide mission assurance against the advanced persistent threat (APT). The APT uses an evolving set of tactics, techniques, and procedures (TTPs) to establish and maintain a foothold in the enterprise's information infrastructure, and to exploit that foothold to ex-filtrate large volumes of sensitive information, to corrupt mission-critical information, and/or to deny or degrade mission capabilities. This report describes the Threat Assessment & Remediation Analysis (TARA) methodology, which applies MAE to systems and acquisitions. TARA is a methodology to identify and assess cyber threats and select countermeasures effective at mitigating those threats. When applied in conjunction with a Crown Jewels Analysis (CJA) or other means for assessing mission impact, CJA and TARA together provide for the identification, assessment, and security enhancement of mission critical assets, which is the cornerstone of mission assurance. iv
Related papers
MISSION AWARE: Evidence-Based, Mission-Centric Cybersecurity Analysis
2017
Currently, perimeter-based approaches are the mainstay of cybersecurity. While this paradigm is necessary, there is mounting evidence of its insufficiency with respect to sophisticated and coordinated attacks. In contrast to perimeter-based security, mission-centric cybersecurity provides awareness of how attacks can influence mission success and therefore focuses resources for mitigating vulnerabilities and protecting critical assets. This is strategic as opposed to tactical perimeter-based cybersecurity. We propose MISSION AWARE, which assists in the identification of parts of a system that destabilize the overall mission of the system if compromised. MSSION AWARE starts with a structured elicitation process that leads to hazards analysis. It employs hierarchical modeling methods to capture mission requirements, admissible functional behaviors, and system architectures. It then generates evidence---attacks applicable to elements that directly correlate with mission success. Finall...
Evaluating the impact of cyber attacks on missions
Proceedings of the …, 2010
Using current methods, it is virtually impossible to determine the impact of a cyber attack on the attainment of mission objectives. Do we know which mission elements are affected? Can we continue to operate and fulfill the mission? Should we wait for recovery? Can we salvage part of the mission? Since it is currently so difficult for humans to comprehend the mission impact of a cyber incident, our ability to respond is much less effective than it could be. We believe that improved knowledge of the mission impact of a cyber attack will lead to improved, more targeted responses, creating more attack resistant systems that can operate through cyber attacks.
Cyber-ARGUS - A mission assurance framework
Journal of Network and Computer Applications, 2019
The use of cyberspace as a platform for military operations has been growing at impressive rates. Yet, it is still a relatively new area that poses considerable research challenges. Security techniques are not sufficiently effective to protect IT systems, and most fail to address the correlation between actions and effects across multiple domains. In other words, identifying how actions performed in the cyber domain affect the mission goals is yet an unsolved problem. This research presents a potential solution and proposes a framework that links the cyber and the operations domains, evaluating how actions in the first impact the effectiveness of missions in the latter. The framework, Cyber-ARGUS, is a Command and Control (C2) support system comprised of a set of tools that provides coherent and consistent mapping between the two domains. Relevant information about the nodes of a cyber infrastructure supporting an operation is stored in a knowledge base, and then used to build a Bayesian Network that provides impact assessment. The technique is illustrated through the simulation of an air transportation scenario in which the C2 infrastructure is subjected to various cyber-attacks, and Cyber-ARGUS is used to assess their associated impact to the air operations. The main contribution of this research is the methodology that enables assessing the cyber impact to ongoing missions. One major advantage of the technique is that it achieves this by calculating the combined effects produced by the attackers and defenders plans, without the requirement of knowing the hard-to-assess enemy's individual actions.
Assessing Mission Impact of Cyberattacks: Report of the NATO IST-128 Workshop
ArXiv, 2016
: This report presents the results of a workshop conducted by the North Atlantic Treaty Organization (NATO) Information Systems Technology (IST) Panel in Istanbul, Turkey, in June 2015 to explore science and technology for characterizing the impact of cyber-attacks on missions. Military mission success is highly dependent on the communications and information systems (CISs) that support the mission and their use in the cyber battlespace. The inexorably growing dependency on computational information processing for weapons, intelligence, communication, and logistics systems continues to increase the vulnerability of missions to various cyber threats. Attacks on CISs or other cyber incidents degrade or disrupt the usage of CISs, and the resulting mission capability, performance, and completion. These incidents are expected to increase in frequency and sophistication. The workshop participants concluded that the key to solving the mission impact assessment problem was in adopting and d...
An actionable framework for system of systems and mission area security engineering
2014 IEEE International Systems Conference Proceedings, 2014
This paper describes an actionable engineering framework for security engineering of a system of systems (SoS). The framework is envisioned as a tool for assessing security risks to critical missions based on the contributing systems and SoS supporting them. An SoS security risk framework is needed to manage the problem of identifying the key elements of risk to SoS missions. The issue is the complexity resulting from the large number of potential logical paths through an SoS that could represent a security risk. Managing this problem then enables the application of security specific analyses to the SoS elements that have been identified as critical. The framework draws on the foundational elements of SoS SE, particularly an understanding of the SoS components, interdependencies and dynamics. The results of the analysis support investment decisions about the constituents of a SoS. The framework is a bridge between the operational and acquisition/engineering communities. While the focus of this framework is on acquisition and engineering materiel solutions, it also accommodates the consideration of non-materiel solutions.
Managing complex IT security processes with value based measures
2009 IEEE Symposium on Computational Intelligence in Cyber Security, 2009
Current trends indicate that IT security measures will need to greatly expand to counter the ever increasingly sophisticated, well-funded and/or economically motivated threat space. Traditional risk management approaches provide an effective method for guiding courses of action for assessment, and mitigation investments. However, such approaches no matter how popular demand very detailed knowledge about the IT security domain and the enterprise/cyber architectural context. Typically, the critical nature and/or high stakes require careful consideration and adaptation of a balanced approach that provides reliable and consistent methods for rating vulnerabilities. As reported in earlier works, the Cyberspace Security Econometrics System provides a comprehensive measure of reliability, security and safety of a system that accounts for the criticality of each requirement as a function of one or more stakeholders' interests in that requirement. This paper advocates a dependability measure that acknowledges the aggregate structure of complex system specifications, and accounts for variations by stakeholder, by specification components, and by verification and validation impact.
Loading Preview
Sorry, preview is currently unavailable. You can download the paper by clicking the button above.