Rapid Mission Assurance Assessment via Sociotechnical Modeling and Simulation
Carnegie Mellon University
How do organizations rapidly assess command-level effects of cyber attacks? Leaders need a way of assuring themselves that their organization, people, and information technology can continue their missions in a contested cyber environment. To do this, leaders should: 1) require assessments be more than analogical, anecdotal or simplistic snapshots in time; 2) demand the ability to rapidly model their organizations; 3) identify their organization's structural vulnerabilities; and 4) have the ability to forecast mission assurance scenarios. Using text mining to build agent based dynamic network models of information processing organizations, I examine impacts of contested cyber environments on three common focus areas of information assurance confidentiality, integrity, and availability. I find that assessing impacts of cyber attacks is a nuanced affair dependent on the nature of the attack, the nature of the organization and its missions, and the nature of the measurements. For well-manned information processing organizations, many attacks are in the nuisance range and that only multipronged or severe attacks cause meaningful failure. I also find that such organizations can design for resiliency and provide guidelines in how to do so.
Theses or dissertations
Mission Assurance, Resilience, Assessment, Cyberspace Operations, Cyber, Organization Resilience, Rapid Modeling, Agent Based Model, ABM, Simulation, Modeling and Simulation
Lanham, Michael J.. “Rapid Mission Assurance Assessment via Sociotechnical Modeling and Simulation.” (2015).