Perhaps the greatest challenge in protecting mission-critical systems from cyberattack is that there are so many possible ways an adversary could strike. A shipboard missile system in the Pacific, for example, might be disabled by an adversary that jams satellites or spoofs sensors, or disrupts command-and-control communications, or perhaps shuts off power to the cooling system of a building, a thousand miles away, that houses DoD computer servers. A single component of a mission- critical system might have dozens of such vulnerabilities, some well- known to cyber defenders—but potentially many others that are commonly overlooked.
The task of charting a system’s complex web of cyber dependencies, when done manually, can take months, even years. And even then, defense organizations often can’t capture the full range of downstream vulnerabilities that can endanger a mission.
However, new approaches, which take advantage of advances in machine learning and modeling and simulation, are now making it possible for the joint forces to create comprehensive maps of cyber risk to mission. With these maps, defense organizations can get a clear view of where their mission systems are most vulnerable to cyberattack, often in real time. Organizations can then prioritize their resources to best protect their most important missions.
Building A Risk Map Of “Probable” Dependencies
Defense organizations usually have good understanding of their information technology (IT)—their computer- connected systems—and so can protect those components with traditional cyber defenses. However, organizations don’t always know all the ways their computer networks rely on operational technology (OT), which can range from HVAC systems on a base to radar sensors on a ship.
Organizations theoretically could connect much of their operational technology to their computer networks. However, they’re reluctant to do so, because it would greatly expand the attack surface, providing many more ways a cyber attacker could gain access to the system. Unfortunately, that leaves defense organizations with limited visibility into their OT vulnerabilities. For example, an organization’s high-priority communications network might be using only one of 25 antennas at an airbase, but the organization doesn’t know exactly which one it is. Tracking down the right antenna would take time, and it isn’t feasible to manually go into that level of detail for every possible piece of OT. A single Navy base might have thousands of complex system dependencies.
However, defense organizations can take a different approach, by creating a map of probable dependencies with the help of machine learning. For example, an organization might not have the resources to fully protect all 25 antennas at the airbase, just to make sure the one being used by the high-priority network is covered. But if it could narrow down the number to four or so—based on the types of antennas commonly used with such networks—it might be feasible to put protections in place.
Machine learning can play a key role here. The first step is to provide machine learning models with the known IT and OT dependencies of various mission systems across the DoD, based on knowledge gathered manually over the years. The models would then look for patterns in the data, and predict a given system’s most likely dependencies—for example, certain types of antennas used by a certain types of mission systems. To make sure the machine learning models are accurate, cyber analysts would do regular spot checks, and work with AI experts to tweak the models as necessary.
Modeling And Simulation To Play Out Risk Scenarios
Once organizations have created a map of probable mission dependencies, they can use modeling and simulation to gain a deeper understanding of the vulnerabilities. By playing out various scenarios, the modeling and simulation might show, for example, how damage to computer servers on the ground could disable a particular satellite array, which in turn could prevent GPS signals from updating a carrier group’s inertial navigation. With such scenarios, defense organizations can gain insight into which vulnerabilities would have the most impact on a mission, and so know where to focus their efforts.
At the same time, defense organizations can use modeling and simulation to identify alternative paths if a mission dependency is compromised. For example, modeling and simulation might find that a high-priority mission system could quickly and successfully switch from one set of sensors to another—or perhaps could use the bulk of another system’s IT and OT dependencies if necessary.
All this information can be presented to cyber analysts and decision-makers with user-friendly dashboards and other visualization tools that show, at a glance, where potential vulnerabilities lie. The dashboard might show, for example, a mission system’s 100 or so probable dependencies, identifying the ones that are not fully protected.
Real-Time Monitoring Of Cyber Risk To Mission
Creating a map of mission dependencies is not a one-and-done job. On any given system, components are constantly being switched in and out as technology and requirements change. And as missions change as well, they might take on new vulnerabilities. Once the map of dependencies is created, however, it becomes easier to keep track of changes. Cyber analysts can log in new IT and OT components as they come online.
Because the modeling and simulation is run continuously, with each change it automatically looks for newly created vulnerabilities, and possible alternate paths if a mission dependency is compromised.
Protecting Missions Under Active Cyber Attack
Real-time monitoring of cyber risk to mission is critical if a system is under attack. Analysts can be alerted if a particular dependency is being attacked or has already been compromised. The alerts would show the likely impact to the mission—which could be minor or major—and present analysts with alternatives.
In some cases, the rerouting of dependencies might be automatic— for example, a missile system might move from one set of sensors to another. Other situations might require cyber analysts and decision-makers to step in to do the rerouting, using the dashboards and other visualization tools as guides.
With the help of machine learning, modeling and simulation, and other advanced approaches, defense organizations can build real-time cyber maps that show the often hidden ways missions could be degraded by adversaries. Organizations can use the maps to plug vulnerabilities as they arise, and move quickly to protect missions under active cyberattack.
Kevin Coggins ([email protected]) is a Booz Allen vice president working across the complex landscape of weapons systems, critical infrastructure, cyber, space and intelligence—including leading the firm’s PNT business. His journey as a force recon Marine, weapons system engineer, tech startup founder, Army SES and industry executive has enabled a unique perspective on solving the myriad of technology challenges facing the warfighter..
Dale Savoy ([email protected]) leads Booz Allen’s cyber warfare domain efforts in vulnerability and mission risk analysis. His focus is on defending DoD weapon systems and critical infrastructure from cyberattack, through mission-dependency mapping and vulnerability management.
Capt. Alan Macquoid ([email protected]) is a leader in weapon systems and critical infrastructure cyber risk assessment and mitigation efforts. He has over 35 years of experience integrating kinetic and non-kinetic effects with emphasis on cyber across all domains of warfare.