Application of State Transition Map (STaMp) in Real System Resiliency Planning

Slide Note
Embed
Share

The Department of Defense (DoD) is shifting focus towards mission risk and resilience, particularly in cyber security. Mission Based Cyber Risk Assessment (MBCRA) plays a crucial role in understanding cyber security risks and test planning. State Transition Map (STaMp) is a valuable tool for capturing mission-level MBCRA outputs, documenting system functions, threats, and effects, as well as identifying targets for testing. This case study explores the application of STaMp in real system resiliency planning, emphasizing its importance in enhancing mission modeling and risk assessment practices within the defense sector.

akachu
akachu Follow

Uploaded on Sep 10, 2024 | 1 Views

Download Presentation

Please find below an Image/Link to download the presentation.

The content on the website is provided AS IS for your information and personal use only. It may not be sold, licensed, or shared on other websites without obtaining consent from the author. Download presentation by click this link. If you encounter any issues during the download, it is possible that the publisher has removed the file from their server.

E N D

Presentation Transcript

  1. Case Study: Application of State Transition Map (STaMp) to Real System Resiliency Planning Mr. Nicholas Jones, contractor DATAWorks 2024 DISTRIBUTION STATEMENT A. Approved for public release; distribution unlimited. Case number: 88ABW-2024-0228; CLEARED 2 Apr 2024 Sharing Analysis Tools, Methods, and Collaboration Strategies

  2. Outline Motivation Mission Based Risk Assessment Overview of State Transition Map (STaMp) Mission Resilience Case Study: Application of STaMp Lessons Learned from Application Opportunities for Future Work References 2

  3. Motivation The Department of Defense (DoD) is working to focus testing on mission risk and resilience For cyber security, Mission Based Cyber Risk Assessment (MBCRA) is foundational to understanding cyber security risks and test planning MBCRA is the process of identifying, estimating, and prioritizing risks to DoD operational missions resulting from cyber effects on the system(s) being employed in support of the missions DoD Cybersecurity Test and Evaluation Guidebook (2018) Numerous MBCRA methods exist with varying degrees of rigor and depth STAT COE conceptualized State Transition Map (STaMp), a tool for capturing mission-level MBCRA outputs Documenting system functions, threats, and effects Identifying targets for testing Directly supports mission modeling 3

  4. Mission Based Risk Assessment DoD Cybersecurity Test and Evaluation Guidebook (2018) provides guidance for cybersecurity testing DTE&A and DOT&E are jointly authoring an MBCRA Appendix to the guidebook MBCRA process is outlined as an iterative cycle of effort across program development Similar iterative process is used by STAT COE to assist programs with test planning and execution Mission Based Risk Assessment (MBRA) extends use of the MBCRA concept and methods to hardware-driven mission risks Currently no formal MBRA guidance, but general tools to support MBRA and MBCRA may facilitate use 4 Image: DoD Cybersecurity Companion Guide, MBCRA Appendix (2024)

  5. Overview of State Transition Map (STaMp) State Transaction Map (STaMp) is a tool to help understand what can happen in a complex system The states across the top indicate what can happen The states on the left indicate the current state of the system The colored intersections indicate possible states to which the current state can transition Transition probabilities can be assigned to each intersection to create a finite-state automaton Successful Attack Exploit Attempt Compromised Simplified Full Scope Level of Consequence Normal Good Bad Not Good Notes Normal operation tends to remain Normal. It is always under threat, known and unknown Known threats have defense plans and can be recovered before becoming breaches Breached systems require resilience methods to recover, create new threatsand lead to spills Spills are unrecoverable, create new threats, open new breaches and lead to further spills Normal (Start->) Exploit Attempt Successful Attack Compromised STAT COE s STaMp methodology succinctly documents likelihood and severity of specific mission risk chains to support test planning, and directly supports construction of state-based automata for mission modeling 5

  6. Notional Example of Cybersecurity Decomposition 1. Under Normal Operation, the secure area operates on the presumption that security in place prevents USB threats from entering the area USB enters can transition to two states: USB leaves before use or USB is inserted into computer If inserted, it will either be detected or not If detected, it will probably be negated If not detected, then it can remain inserted or leave after use If the USB leaves after being used undetected, then a spill may be created Negation of the threat by any means results in return to normal operations in the secure area If a spill is created, a separate process for damage control will become active, which could be described by another STaMp Result State USB is Inserted into computer USB insertion not detected USB insertion detected USB Leaves before use USB Leaves after use Notional STaMp for USB Exfiltration Threat in a Secure Area Normal Operation Secrets Revealed 2. USB is Negated USB enters 3. Normal Operation .9.1 USB enters USB Leaves before use USB is Inserted into computer USB insertion detected USB insertion not detected USB is Negated 1 USB Leaves after use Secrets Revealed (Go to Cleanup) Level of Consequence ? ? ? ? Current State .9.1 4. ? .9 ? ? ? 5. ? ? 1 6. Good Bad Not Good 6

  7. Mission Resilience A key risk focus of both MBCRA and MBRA is resilience Resilience: The ability to prepare for and adapt to changing conditions and withstand and recover rapidly from disruptions. Resilience includes the ability to withstand and recover from deliberate attacks, accidents, or naturally occurring threats or incidents. Presidential Policy Directive (PPD)-21 (2013) Cyber resilience is a key focus for DoD software systems, and is of increasing interest for hardware systems Many modern defense systems are cyber-physical systems, so assessing resilience must consider both physical and cyber resilience STAT COE applied prototype STaMp for combined cyber and physical system resilience as a proof-of-concept 7

  8. Case Study: Application of STaMp Applied STaMp to MBRA and resiliency test planning for a DoD program Goal: Characterize system resiliency in a contested environment Constructed STaMps for each of several resiliency scenarios Initial STaMps captured system functional states in normal and contested operation, and color-coded state transitions by severity Initial goals for this effort were documentation and test planning, with state-chain modeling as a potential future activity State transition likelihoods were not estimated in this application For releasability reasons, discussion of STaMp in this brief has been re-framed using notional data for a notional system 8

  9. STaMp In Application to Notional Cyber-Physical System Several state transition probabilities and severities were dependent on the previous states Multiple memory states corresponding to specific system states and attributes were added to a separate table tied to each STaMp Symbols in STaMp cells denote memory state updates from those transitions *Note, all information on this slide is notional 9

  10. STaMp Development Outcomes Operational Test community users found more value in showing resiliency in terms of Operations Capability (OPSCAP) Worked with SMEs to replace system function-specific memory states with a single summarized memory state capturing OPSCAP level transitions by color Each symbol in the STaMp indicates a step up or down the OPSCAP scale Engineers found the severity scale to be too vague to interpret Refined state transition coloring scale to 5 discrete levels representing a combination of deviation from normal and recoverability Working with System subject matter experts (SMEs), built complete STaMps to capture tactics, techniques, and procedures (TTPs) and risk states for 3 threat scenarios State Transition Severity Levels System operating normally System fully operational in off-nominal configuration System operation degraded but recoverable System operation at risk of permanent degradation Unrecoverable damage/degradation has occurred OPSCAP Levels + Green Fully Mission Capable Yellow Partly Mission Capable - Red Not Mission Capable 10

  11. Lessons Learned STaMp development is most effective as an iterative, collaborative effort STaMp development is currently labor intensive, so best done in multiple passes STaMp transitions may depend on TTPs Useful for capturing TTPs and identifying possible other options Value of STaMp as an elicitation tool depends on the level of knowledge already gathered STaMp is useful for documenting the interaction between mission risk and operational capability Familiarization with STaMp method is necessary to facilitate ease of use STaMp layout is variable from case to case, so pattern identification can be difficult Separate study is necessary to understand each STaMp Adding weights to STaMp for mission modeling best done as a follow-up exercise with a familiar group 11

  12. Opportunities for Future Work Develop a tool for structuring, building, and managing STaMps Could greatly improve their application Use scaled numerical values in each row of STaMp to represent state transition probability Values would be a function of memory state (OPSCAP level) Would support state-chain modeling of system behavior Simple transition chains can be modeled as Markov chains while more complex ones require more complex concepts from automata theory and Bayesian statistics Apply state-chain modeling to support identification of critical state transitions that impact system resiliency Identify poorly understood transition probabilities as targets for test Identify ways to improve resiliency by implementing new system controls or design updates Apply STaMp to a Cyber-focused resiliency effort Cyber-only application may present unique challenges which differ from those encountered in this work 12

  13. References Department of Defense (DoD) (2018). DoD Cybersecurity Test and Evaluation Guidebook, v 2.0. Office of the Undersecretary of Defense for Research and Engineering (OUSD(R&E)). Department of Defense (2019). DoD Instruction 8500.01. Cybersecurity. DoD Chief Information Officer (CIO). Department of Defense (2024). DoD Cybersecurity Companion Guide, MBCRA Appendix. Office of the Director, Developmental Test, Evaluation, and Assessment (D(DTE&A)). Presidential Policy Directive (PPD)-21 (2013). Critical Infrastructure Security and Resilience. Office of the Press Secretary. 13

  14. www.AFIT.edu/STAT Visit, www.AFIT.edu/STAT Email, AFIT.ENS.STATCOE@us.af.mil AFIT.ENS.STATCOE@us.af.mil

Related


Understanding the Stamp Act of 1899: A Comprehensive Overview

Understanding the Stamp Act of 1899: A Comprehensive Overview

allyson
Optimizing Time-Stamp Reporting for 802.11 FTM Measurements

Optimizing Time-Stamp Reporting for 802.11 FTM Measurements

chipper
The Crisis Begins: Impact of the Stamp Act and Colonial Resistance

The Crisis Begins: Impact of the Stamp Act and Colonial Resistance

elinorep
Insights from the 4th EU-STAMP Workshop on Audits and Inspections in Process Safety

Insights from the 4th EU-STAMP Workshop on Audits and Inspections in Process Safety

jat_be
Quick Tips for Successful Aging: Resilience, Gratitude, Resiliency, Walking, Nutrition

Quick Tips for Successful Aging: Resilience, Gratitude, Resiliency, Walking, Nutrition

millicent
Exploring Student Resiliency and Development in Education Workshops

Exploring Student Resiliency and Development in Education Workshops

qu_ess
Chesapeake Bay Climate Resiliency Workgroup Analysis & Implementation

Chesapeake Bay Climate Resiliency Workgroup Analysis & Implementation

csav
Understanding Resiliency Among Hmong Teen Mothers

Understanding Resiliency Among Hmong Teen Mothers

ahl_ika
GangES: Gang Error Simulation for Hardware Resiliency Evaluation

GangES: Gang Error Simulation for Hardware Resiliency Evaluation

kin_r
Enhancing Secondary Transition Services: Key Strategies for Indicator 13 Implementation

Enhancing Secondary Transition Services: Key Strategies for Indicator 13 Implementation

rjay
Messy Situational Map Template with Suggestions for Use

Messy Situational Map Template with Suggestions for Use

wilk_aan
Empowering Veterans Through the MAP Initiative

Empowering Veterans Through the MAP Initiative

oswin
Understanding Special Education Transition: Goals, Assessments, and Legal Considerations

Understanding Special Education Transition: Goals, Assessments, and Legal Considerations

orin
Transition Planning for School to Work: A Comprehensive Guide

Transition Planning for School to Work: A Comprehensive Guide

faizan
How to Fill Out the Junior Duck Stamp Program Entry Form

How to Fill Out the Junior Duck Stamp Program Entry Form

prrg274
Chesapeake Bay Climate Resiliency Workgroup Analysis & Implementation

Chesapeake Bay Climate Resiliency Workgroup Analysis & Implementation

xzaiver_r
Transition Planning for Community Treatment Programs

Transition Planning for Community Treatment Programs

tra_f
Transition from Additional Support: Module 11 Overview & Plan

Transition from Additional Support: Module 11 Overview & Plan

mii_nis
Tips and Tools for Youth in Transition Planning

Tips and Tools for Youth in Transition Planning

montufar_l
Challenges and Solutions in Fleet Resiliency for the Deckplate's Generation

Challenges and Solutions in Fleet Resiliency for the Deckplate's Generation

slater
Introduction to Spark in The Hadoop Stack

Introduction to Spark in The Hadoop Stack

ek_rli
Strategic Staff Planning for Future Success

Strategic Staff Planning for Future Success

kara_540
Texas CDBG-CARES Community Resiliency Program (CRP) Grant Information

Texas CDBG-CARES Community Resiliency Program (CRP) Grant Information

florin
Understanding Resilience Theory and Resiliency Framework

Understanding Resilience Theory and Resiliency Framework

hannibal

More Related Content