Approved for Public Release: Cases , , ,

Slides:



Advertisements
Similar presentations
Smart Grid - Cyber Security Small Rural Electric George Gamble Black & Veatch
Advertisements

Systems Analysis and Design 9th Edition
S5-1 © 2001 Carnegie Mellon University OCTAVE SM Process 5 Identify Key Components Software Engineering Institute Carnegie Mellon University Pittsburgh,
Nov. 14, 2007 Systems Engineering ä System ä A set or arrangement of things so related as to form a unity or organic whole. ä A set of facts, principles,
Managing Projects
2001 South First Street Champaign, Illinois (217) Davis Power Consultants Strategic Location of Renewable Generation Based on Grid Reliability.
Resiliency Rules: 7 Steps for Critical Infrastructure Protection.
Effective Methods for Software and Systems Integration
41 4. Determining Current IS Needs Business environment Constituents of a business strategy Critical success factor analysis Business process analysis.
Mantova 18/10/2002 "A Roadmap to New Product Development" Supporting Innovation Through The NPD Process and the Creation of Spin-off Companies.
Chapter 14 Managing Projects.
Investment Portfolio Methodologies Pertemuan Matakuliah: A Strategi Investasi IT Tahun: 2009.
Annual SERC Research Review, October 5-6, By Jennifer Bayuk Annual SERC Research Review October 5-6, 2011 University of Maryland Marriott Inn and.
Best Practices By Gabriel Rodriguez
Process for Analysis  Choose a standard / type  Qualitative / Quantitative Or  Formal / Informal  Select access controls  Match outcome to project.
Risk Management - the process of identifying and controlling hazards to protect the force.  It’s five steps represent a logical thought process from.
Analyze Opportunity Part 1
1 Customized Employment Strategic Service Delivery Component Disability Employment Initiative.
7-Oct-15 System Auditing. AUDITING Auditing is a systematic process of objectively obtaining and evaluating evidence regarding assertions about economic.
Certification and Accreditation CS Phase-1: Definition Atif Sultanuddin Raja Chawat Raja Chawat.
Describing Process Specifications and Structured Decisions Systems Analysis and Design, 7e Kendall & Kendall 9 © 2008 Pearson Prentice Hall.
Management & Development of Complex Projects Course Code MS Project Management Perform Qualitative Risk Analysis Lecture # 25.
McGraw-Hill/Irwin Copyright © 2006 by The McGraw-Hill Companies, Inc. All rights reserved. Chapter 3 Identification and Selection of Development Projects.
PLANNING ENGINEERING AND PROJECT MANAGEMENT By Lec. Junaid Arshad 1 Lecture#03 DEPARTMENT OF ENGINEERING MANAGEMENT.
Formulating a Simulation Project Proposal Chapter3.
Search Engine Optimization © HiTech Institute. All rights reserved. Slide 1 What is Solution Assessment & Validation?
Training and Development Prof R K Singh AIMA CME.
Project Portfolio Management Business Priorities Presentation.
Cyber Insecurity Under Attack Cyber Security Past, present and future Patricia Titus Chief Information Security Officer Unisys Corporation.
Requisite Skills for IS Management and Interpersonal Skills.
State of Georgia Release Management Training
Failure Mode & Effect Analysis FMEA Lecture 11. What is FMEA? Failure mode and effect analysis is an Advanced Quality Planning tool that: examines potential.
ICS Area Managers Training 2010 ITIL V3 Overview April 1, 2010.
Business Strategy Introduction to Strategy Session 1 1.
Toward a New ATM Software Safety Assessment Methodology dott. Francesca Matarese.
LECTURE 5 Nangwonvuma M/ Byansi D. Components, interfaces and integration Infrastructure, Middleware and Platforms Techniques – Data warehouses, extending.
Information Technology Project Management, Seventh Edition.
ON “SOFTWARE ENGINEERING” SUBJECT TOPIC “RISK ANALYSIS AND MANAGEMENT” MASTER OF COMPUTER APPLICATION (5th Semester) Presented by: ANOOP GANGWAR SRMSCET,
Principles of Information Security, Fourth Edition Risk Management Ch4 Part I.
Project Office Effectiveness Educating the Organization on How to Use a PMO February 22 nd, 2006.
Overview MRD Enterprise MRD Process
Six Sigma Greenbelt Training
ITIL: Service Transition
Sample Fit-Gap Kick-off
An Overview on Risk Management
Technology Readiness Assessment (TRA)
Software Configuration Management
SAMPLE Develop a Comprehensive Competency Framework
Software Requirements
Cybersecurity EXERCISE (CE) ATD Scenario intro
Description of Revision
1. Define a Vision & Identify Business Scenarios
ATD session 2: compliancy versus mission assurance
Cyber defense management
2018 Real Cisco Dumps IT-Dumps
Fundamentals of a Business Impact Analysis
Get Real PMI PMP Exam Questions | PMI PMP Question Answers Realexamdumps.com
Engineering Processes
WHICH PROCESS TO BENCHMARK?
UNLV Data Governance Executive Sponsors Meeting
UNIT-VII Strategic Management.
Technology Planning.
Introduction to Systems Analysis and Design Stefano Moshi Memorial University College System Analysis & Design BIT
Cybersecurity ATD technical
IS Risk Management Framework Overview
Engineering Processes
TITLE Business Case YOUR LOGO BUSINESS CASE PRESENTATION 00/00/0000
{Project Name} Organizational Chart, Roles and Responsibilities
This presentation uses a free template provided by FPPT.com Resource Planning management system for strategy Implementation.
Presentation transcript:

Approved for Public Release: Cases 08-0490, 11-2827, 14-1906, 16-0777 Crown Jewels Analysis (CJA) A Mission Criticality Analysis Technique Using Dependency Maps A Presentation and Demonstration for Boston SPIN 20 February 2018 Jim Watters Approved for Public Release: Cases 08-0490, 11-2827, 14-1906, 16-0777

. Background Advanced Persistent Threats (APT) use sophisticated capabilities to attack, and maintain a presence in, our mission systems As a result, it is not realistic to use a defensive strategy based on stopping all threats at the boundary Instead, we must assume that the APT can penetrate, deny, and/or degrade our Cyber Assets (CA) A defensive strategy based on that assumption is to harden mission-critical CA so we can operate through an APT attack Cyber resiliency techniques help us identify the mission- critical CA, evaluate the risks facing those CA, and develop mitigation strategies Approved for Public Release: Case 11-2827

CJA As a Cyber Resiliency Technique . CJA As a Cyber Resiliency Technique Approved for Public Release: Case 16-0777 CJA Ref: Structured Cyber Resiliency Analysis Methodology (SCRAM), by D. Bodeau and R. Graubart

What is CJA? MITRE-developed Mission Criticality Analysis technique . What is CJA? MITRE-developed Mission Criticality Analysis technique First used during Operations Without Space deep-dive at 613th Air and Space Operations Center (AOC) in 2009 CJA’s Dependency Map approach combines expert input with established techniques: AHP, QFD, and FMEA Definitions when applied to Cyber/IT systems “Cyber Asset” = A logic-bearing device including its hardware, firmware, software, and initialization/configuration data We have also included non-logic bearing devices; e.g. comm links “Mission-Critical Cyber Asset” = A Cyber Asset whose failure or degradation causes mission failure; a “Crown Jewel” Approved for Public Release: Case 11-2827

CJA Helps Us Answer a Key Question . CJA Helps Us Answer a Key Question Mission Objectives How do failures here . . . translate into impacts here? Cyber Assets Approved for Public Release: Case 11-2827

We Start by Identifying the Tasks That Support Each Mission Objective . We Start by Identifying the Tasks That Support Each Mission Objective Mission Objectives Operational Tasks Cyber Assets Approved for Public Release: Case 11-2827

Next, We Identify the System Functions That Support Each Task . Next, We Identify the System Functions That Support Each Task Mission Objectives Operational Tasks System Functions Cyber Assets Approved for Public Release: Case 11-2827

. Finally, We Identify the Cyber Assets That Support Each System Function Mission Objectives Operational Tasks System Functions Cyber Assets Approved for Public Release: Case 11-2827

Dependency Mapping - Refinery Example . Dependency Mapping - Refinery Example Stay Safe Stay Profitable Stay in Compliance Supply Customers Well Mission Objectives Acquire Gas for Heaters Operational Tasks System Functions Report Flow Rate Report Pressure Cyber Assets Corporate Router Plant LAN Router Approved for Public Release: Case 08-0490

We Use the Dependencies to Predict the Impact of Cyber Asset Failures . We Use the Dependencies to Predict the Impact of Cyber Asset Failures Mission Objectives Operational Tasks System Functions Cyber Assets FAILURE Approved for Public Release: Case 11-2827

Greater Dependency Means Greater Impact from Cyber Asset Failure . Greater Dependency Means Greater Impact from Cyber Asset Failure Mission Objectives Operational Tasks System Functions Cyber Assets FAILURE Approved for Public Release: Case 11-2827

How Do We Evaluate a Dependency? . How Do We Evaluate a Dependency? For our purposes, a dependency is a need Achieving a Mission Objective depends on one or more Tasks being performed as intended Performance of a Task depends on one or more System Functions executing as intended Execution of a System Function depends on one or more Cyber Assets operating as intended We express the degree of dependency in terms of criticality Criticality describes the impact of loss of an asset, based on the effect the loss would have on operations and the ability to fulfill the mission We define four levels of impact: Failure, degradation, a work- around is required, and none Approved for Public Release: Case 11-2827

Where Does the Information Come From? (Option 1) . Where Does the Information Come From? (Option 1) Mission Objectives (MO) & priorities come from managers Combined model grows from a series of on-site interviews with organizational & technical Subject Matter Experts (SMEs). Mission Objectives Operational Tasks (OT) & Mission dependencies come from managers & operators Operational Tasks System Functions (SF) & Task dependencies come from operators & engineers System Functions Cyber Assets (CA) & System Function dependencies come from engineers Cyber Assets Approved for Public Release: Case 11-2827

Where Does the Information Come From? (Option 2) . Where Does the Information Come From? (Option 2) MO validation & priorities come from managers Model starts prior to on-site discussions using data gleaned from reference documents and MITRE team member expertise. Site SMEs provide validation & completion of data. Mission Objectives OT validation & Mission dependencies come from managers & operators Operational Tasks SF validation & Task dependencies come from operators & engineers System Functions CA validation & System Function dependencies come from engineers Cyber Assets Approved for Public Release: Case 11-2827

How Do We Limit Subjectivity? . How Do We Limit Subjectivity? We use structured question-and-answer sessions with the operational and technical experts on the system Managers/Operators: What is the impact on Mission Objective “MO1” if Task “T1” is not performed as intended? No impact? Work-Around Required? Degradation? Failure? Operators/Engineers: What is the impact on Task “T1” if System Function “SF1” does not execute as intended? Engineers/Administrators: What is the impact on System Function “SF1” if Cyber Asset “CA1” is not operating as intended? Scoring tables provide a reference, to ensure consistency We define “as intended” to mean no failures and no degradation Approved for Public Release: Case 11-2827

How Do We Identify the Mission-Critical Cyber Assets? . How Do We Identify the Mission-Critical Cyber Assets? From the dependency identification, we know the following: If Task “T1” fails, the impact on achieving Mission Objective “MO1” is one of the following: No impact, work-around required, mission degradation, or mission failure If System Function “SF1” fails, the impact on performing Task “T1” is one of the following: No impact, work-around required, task degradation, or task failure If Cyber Asset “CA1” fails, the impact on the performance of System Function “SF1” is one of the following: No impact, work-around required, function degradation, or function failure We can use these “if-then” statements to predict the impact at each level in the dependency map We call this step in the CJA the Mission Impact Analysis (MIA) Approved for Public Release: Case 11-2827

In the MIA We Consider Each CA As Failed, Starting with CA1 . In the MIA We Consider Each CA As Failed, Starting with CA1 Mission Objective T 2 T 3 T 4 T 6 T 9 T 10 T 11 T 1 SF 2 MO 1 T 2 T 3 T 4 T 5 T 6 T 7 T 8 T 9 T 10 T 11 T 1 SF 1 MO 1 MO 1 T 2 T 3 T 4 T 5 T 6 T 7 T 8 T 9 T 10 T 11 T 12 T 13 T 1 SF 1 SF 2 SF 3 SF 4 SF 5 SF 6 SF 7 SF 8 SF 9 SF 10 SF 11 SF 12 SF 13 CA 1 CA 2 CA 3 CA 4 CA 5 CA 6 CA 7 CA 8 CA 9 CA 10 CA 1 SF 12 T 3 T 4 T 9 MO 1 MO 1 T 3 T 4 T 9 T 10 SF 6 MO 1 T 3 T 4 T 9 T 10 SF 3 Tasks System Functions Cyber Assets CA 1 Approved for Public Release: Case 11-2827

CA1’s Failure Causes Several SF and Tasks to Fail, Causing MO1 Failure . CA1’s Failure Causes Several SF and Tasks to Fail, Causing MO1 Failure MO 1 Mission Objective T 2 T 3 T 4 T 5 T 6 T 7 T 8 T 9 T 10 T 11 T 12 T 13 T 1 Tasks SF 1 SF 2 SF 3 SF 4 SF 5 SF 6 SF 7 SF 8 SF 9 SF 10 SF 11 SF 12 SF 13 System Functions Cyber Assets CA 1 CA 2 CA 3 CA 4 CA 5 CA 6 CA 7 CA 8 CA 9 CA 10 Approved for Public Release: Case 11-2827

. CA2’s Failure Degrades SF1, Causing Task T1 to Fail, Causing MO1 Failure MO 1 Mission Objective T 2 T 3 T 4 T 5 T 6 T 7 T 8 T 9 T 10 T 11 T 12 T 13 T 1 Tasks SF 1 SF 2 SF 3 SF 4 SF 5 SF 6 SF 7 SF 8 SF 9 SF 10 SF 11 SF 12 SF 13 System Functions Cyber Assets CA 1 CA 2 CA 3 CA 4 CA 5 CA 6 CA 7 CA 8 CA 9 CA 10 Approved for Public Release: Case 11-2827

. CA3’s Failure Has an Effect Like That of CA2’s Failure – Causing MO1 Failure MO 1 Mission Objective T 2 T 3 T 4 T 5 T 6 T 7 T 8 T 9 T 10 T 11 T 12 T 13 T 1 Tasks SF 1 SF 2 SF 3 SF 4 SF 5 SF 6 SF 7 SF 8 SF 9 SF 10 SF 11 SF 12 SF 13 System Functions Cyber Assets CA 1 CA 2 CA 3 CA 4 CA 5 CA 6 CA 7 CA 8 CA 9 CA 10 Approved for Public Release: Case 11-2827

Because CA4’s Failure Degrades SF2 and T1, It Causes MO1 Failure . Because CA4’s Failure Degrades SF2 and T1, It Causes MO1 Failure MO 1 Mission Objective T 2 T 3 T 4 T 5 T 6 T 7 T 8 T 9 T 10 T 11 T 12 T 13 T 1 Tasks SF 1 SF 2 SF 3 SF 4 SF 5 SF 6 SF 7 SF 8 SF 9 SF 10 SF 11 SF 12 SF 13 System Functions Cyber Assets CA 1 CA 2 CA 3 CA 4 CA 5 CA 6 CA 7 CA 8 CA 9 CA 10 Approved for Public Release: Case 11-2827

. CA5’s Failure Has an Effect Like That of CA4’s Failure – Causing MO1 Failure MO 1 Mission Objective T 2 T 3 T 4 T 5 T 6 T 7 T 8 T 9 T 10 T 11 T 12 T 13 T 1 Tasks SF 1 SF 2 SF 3 SF 4 SF 5 SF 6 SF 7 SF 8 SF 9 SF 10 SF 11 SF 12 SF 13 System Functions Cyber Assets CA 1 CA 2 CA 3 CA 4 CA 5 CA 6 CA 7 CA 8 CA 9 CA 10 Approved for Public Release: Case 11-2827

CA6’s Failure Requires a Work-Around for SF2 and SF10 – No MO1 Impact . CA6’s Failure Requires a Work-Around for SF2 and SF10 – No MO1 Impact MO 1 Mission Objective T 2 T 3 T 4 T 5 T 6 T 7 T 8 T 9 T 10 T 11 T 12 T 13 T 1 Tasks SF 1 SF 2 SF 3 SF 4 SF 5 SF 6 SF 7 SF 8 SF 9 SF 10 SF 11 SF 12 SF 13 System Functions Cyber Assets CA 1 CA 2 CA 3 CA 4 CA 5 CA 6 CA 7 CA 8 CA 9 CA 10 Approved for Public Release: Case 11-2827

CA7’s Failure Has an Effect Like That of CA6’s Failure – No MO1 Impact . CA7’s Failure Has an Effect Like That of CA6’s Failure – No MO1 Impact MO 1 Mission Objective T 2 T 3 T 4 T 5 T 6 T 7 T 8 T 9 T 10 T 11 T 12 T 13 T 1 Tasks SF 1 SF 2 SF 3 SF 4 SF 5 SF 6 SF 7 SF 8 SF 9 SF 10 SF 11 SF 12 SF 13 System Functions Cyber Assets CA 1 CA 2 CA 3 CA 4 CA 5 CA 6 CA 7 CA 8 CA 9 CA 10 Approved for Public Release: Case 11-2827

CA8’s Failure Has an Effect Like That of CA6’s Failure – No MO1 Impact . CA8’s Failure Has an Effect Like That of CA6’s Failure – No MO1 Impact MO 1 Mission Objective T 2 T 3 T 4 T 5 T 6 T 7 T 8 T 9 T 10 T 11 T 12 T 13 T 1 Tasks SF 1 SF 2 SF 3 SF 4 SF 5 SF 6 SF 7 SF 8 SF 9 SF 10 SF 11 SF 12 SF 13 System Functions Cyber Assets CA 1 CA 2 CA 3 CA 4 CA 5 CA 6 CA 7 CA 8 CA 9 CA 10 Approved for Public Release: Case 11-2827

CA9’s Failure Has an Effect Like That of CA6’s Failure – No MO1 Impact . CA9’s Failure Has an Effect Like That of CA6’s Failure – No MO1 Impact MO 1 Mission Objective T 2 T 3 T 4 T 5 T 6 T 7 T 8 T 9 T 10 T 11 T 12 T 13 T 1 Tasks SF 1 SF 2 SF 3 SF 4 SF 5 SF 6 SF 7 SF 8 SF 9 SF 10 SF 11 SF 12 SF 13 System Functions Cyber Assets CA 1 CA 2 CA 3 CA 4 CA 5 CA 6 CA 7 CA 8 CA 9 CA 10 Approved for Public Release: Case 11-2827

. CA10’s Failure Has an Effect Like That of CA6’s Failure – No MO1 Impact MO 1 Mission Objective T 2 T 3 T 4 T 5 T 6 T 7 T 8 T 9 T 10 T 11 T 12 T 13 T 1 Tasks SF 1 SF 2 SF 3 SF 4 SF 5 SF 6 SF 7 SF 8 SF 9 SF 10 SF 11 SF 12 SF 13 System Functions Cyber Assets CA 1 CA 2 CA 3 CA 4 CA 5 CA 6 CA 7 CA 8 CA 9 CA 10 Approved for Public Release: Case 11-2827

The Results Can Be Compacted For Easy Viewing . The Results Can Be Compacted For Easy Viewing Cell color indicates the Mission Objective’s Impact resulting from each CA failure Red means that MO1 fails, and Blue means that MO1 is nominal In this example, CA1 through CA5 are Mission-Critical Cyber Assets since their failure would cause MO1 to fail Cyber Assets CA1 through CA5 are Mission-Critical Cyber Assets – the “Crown Jewels” Approved for Public Release: Case 14-1906

. A Typical Case Shows Mission-Critical CA for Several Mission Objectives A single CA in a highly integrated infrastructure will affect more than one MO The total mission impact of each CA is shown across each row For each MO, the column below it shows the CA that are critical to its achievement Approved for Public Release: Case 14-1906

The CJA Methodology Allows For Flexibility . The CJA Methodology Allows For Flexibility The preceding slides show a CJA based on the 4-tier model shown here: Different models are also used, depending on the reference information available to the CJA team Alternative 4-tier models: An Information Asset is operational information needed to perform a task MISSION OBJECTIVE OPERATIONAL TASK SYSTEM FUNCTION CYBER ASSET MISSION OBJECTIVE OPERATIONAL TASK INFORMATION ASSET CYBER ASSET SUBTASK Approved for Public Release: Case 08-0490

Alternative Model Using Information Assets - Refinery Example . Alternative Model Using Information Assets - Refinery Example Stay Safe Stay Profitable Stay in Compliance Supply Customers Well Mission Objectives Acquire Gas for Heaters Operational Tasks Information Assets Flow Rate Pressure Cyber Assets Corporate Router Plant LAN Router Approved for Public Release: Case 08-0490

We Use the CJA Tool to Help Build the Dependency Map . We Use the CJA Tool to Help Build the Dependency Map Cyber Asset Weights Mission- Critical CA Candidates Info Asset/ Sys Funct Weights 4 CA IA / SF Task Weights … and on Cyber Assets 3 IA / SF Tasks Objective Weights … and on Info Assets or System Functions 2 Tasks Object’s Identify Dependencies on Tasks 1 Object’s Prioritize Mission Objectives Approved for Public Release: Case 08-0490

. Next, The CJA Tool Automatically Completes the Mission Impact Analysis (MIA) Propose CA Failures/ Degrades CA Criticality 5 Scenarios CA’s IA/SF Criticality 4c CA IA/SF Task Criticality CA Impact Roll-Up Rules Utilize User-Input Criticality Scores 3c IA/SF Tasks IA/SF Impact 2c Tasks Object’s Task Impact Mission Impact Approved for Public Release: Case 14-1906

. Tool Demonstration

For More Information: CJA article in MITRE’s Systems Engineering Guide: http://www.mitre.org/publications/systems-engineering-guide/enterprise- engineering/systems-engineering-for-mission-assurance/crown-jewels-analysis Contact the following at MITRE Bedford: Jim Watters - jwatters@mitre.org Peter Kertzner - kertzner@mitre.org Approved for Public Release: Case 14-1906

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.