Skip to main content
SpringerLink
Log in

An Assessment Model and Methodology for National Security Systems

  • Conference paper
  • First Online:
Cyber Security (CSS 2015)

Part of the book series: Communications in Computer and Information Science ((CCIS,volume 589))

Included in the following conference series:

  • 920 Accesses

Abstract

All computer systems or systems of computers are composed of some combination of three basic components; hardware, firmware, and software. These systems are assessed to determine the assessor’s and the risk acceptor’s confidence in their level of robustness, where robustness is the characterization of strength of a security function, mechanism, service, or solution, and the assurance that it is implemented and that it is functioning correctly. Most experienced assessors are aware that the level of robustness required for each system is dependent upon dynamic factors such as operational environment, threat source interest, and mission criticality. This paper will provide mathematical models of these factors and an assessment methodology that builds upon those models.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution

Institutional subscriptions

Notes

  1. 1.

    Per CNSS 4009 confidentiality is the property that information is not disclosed to system entities (users, processes, devices) unless they have been authorized to access the information.

  2. 2.

    Per CNSS 4009 integrity is the property whereby an entity has not been modified in an unauthorized manner.

  3. 3.

    Per CNSS 4009 availability is the property of being accessible and useable upon demand by an authorized entity.

  4. 4.

    Per CNSS 4009, authentication is the process of verifying the identity or other attributes claimed by or assumed of an entity (user, process, or device), or to verify the source and integrity of data.

  5. 5.

    Per CNSSI 4009: Any information system (including any telecommunications system) used or operated by an agency or by a contractor of any agency, or other organization on behalf of an agency, the function, operation, or use of which: I. involves intelligence activities; II. involves cryptologic activities related to national security; III. Involves command and control of military forces; IV. involves equipment that is an integral part of a weapon or weapon system; or V. subject to subparagraph (B), is critical to the direct fulfillment of military or intelligence missions; or is protected at all times by procedures established for information that have been specifically authorized under criteria established by an Executive Order or an Act of Congress to be kept classified in the interest of national defense or foreign policy. (B). Does not include a system that is to be used for routine administrative and business applications (including payroll, finance, logistics, and personnel management applications). (Title 44 U.S. Code Sect. 3542, Federal Information Security Management Act of 2002).

  6. 6.

    Reciprocity is the mutual recognition of the validity of the robustness and risk among a community, in this case the community is the US Department of Defense (DoD), US Intelligence Community (IC), and remainder of the USG.

  7. 7.

    NIST SP800-30 refers to this as threat shifting.

  8. 8.

    CNSSI 4009 defines a threat as any circumstance or event with the potential to adversely impact organizational operations (including mission, functions, image, or reputation), organizational assets, individuals, other organizations, or the Nation through an information system via unauthorized access, destruction, disclosure, modification of information, and/or denial of service.

  9. 9.

    NIST SP800-30 refers to these as adversarial.

  10. 10.

    NIST Special Publication 800-30 refers to this as likelihood.

  11. 11.

    NIST SP800-30 operational impacts include the inability to perform current and future missions/business functions and damage to image or reputation.

  12. 12.

    NIST SP800-30 asset impacts include damage to or loss of physical facilities, systems, networks, IT equipment, component supplies and intellectual property.

  13. 13.

    NIST SP800-30 organizational impacts include harms due to noncompliance, direct financial cost, and damage to reputation.

  14. 14.

    NIST SP800-30 national impacts include damage to critical infrastructure sector, loss of government continuity of operations, damage to reputation, damage to ability to achieve national objectives, and harm to national security.

  15. 15.

    Loss of human life is a very real impact not normally indicated in cyber assessments, but when assessing vehicles it would be an operational impact.

  16. 16.

    Allied impacts include loss of coalition operations, damage to reputation (such as NATO), and damage to ability to achieve coalition objectives.

  17. 17.

    Global impacts would include the complete failure of the Internet, global-wide virus infection, and global-wide critical infrastructure failure.

  18. 18.

    Interestingly, it is not the Risk Management Framework (NIST SP800-39) but the Guide for Conducting Risk Assessments which provides the basis for threats, threat sources, and the risk model for the NIST publications, and hence, the USG.

  19. 19.

    NIST Special Publication 800-39 describes types of adverse impacts at all tiers in the risk management hierarchy.

  20. 20.

    CNSSI 4009 Defines risk as a measure of the extent to which an entity is threatened by a potential circumstance or event, and typically a function of (1) the adverse impacts that would arise if the circumstance or event occurs; and (2) the likelihood of occurrence.

  21. 21.

    CNSSI 4009 Defines risk as a measure of the extent to which an entity is threatened by a potential circumstance or event, and typically a function of (1) the adverse impacts that would arise if the circumstance or event occurs; and (2) the likelihood of occurrence.

  22. 22.

    NIST Special Publication 800-30 R1 Defines this as threat shifting, which is the response of adversaries to perceived safeguards and/or countermeasures (i.e., security controls), in which adversaries change some characteristic of their intent/targeting in order to avoid and/or overcome those countermeasures.

  23. 23.

    NIST Special Publication 800-30 R1 leaves the length of effectiveness of the results of a risk assessment to the organization to determine.

  24. 24.

    NIST Special Publiction 800-30 considers risk up through the organization level, which may roll up system levels risks into a single risk at the organization level.

References

  1. CNSS, Committee on National Security Systems 4009 IA Glossary, 26 April 2010. http://www.ncix.gov/publications/policy/docs/CNSSI_4009.pdf

  2. Chirgwin, R.: http://www.theregister.co.uk/2012/08/02/knight_capital_trading_bug/‎

  3. Markoff, J.: Georgia takes a beating in the cyberwar with Russia. http://www.nytimes.com/2008/08/13/technology/13cyber.html?_r=0

  4. Wingfield, B.: http://www.bloomberg.com/news/2012-02-01/cyber-attack-on-u-s-power-grid-seen-leaving-millions-in-dark-for-months.html

  5. Johnson, T.: Mathematical modeling of diseases: susceptible-infected-recovered (SIR) model (2009). http://www.morris.umn.edu/academic/math/Ma4901/…/Teri-Johnson-Final.pdf

  6. Belik, V., Geisel, T., Brockmann, D.: Recurrent host mobility in spatial epidemics: beyond reaction-diffusion. Eur. Phys. J. B (EPJ B) 84(4), 579–587 (2011). doi:10.1140/epjb/e2011-20485-2

    Article  Google Scholar 

  7. Wikipedia. http://en.wikipedia.org/wiki/Attack_surface

  8. Stephenson, P.R., Prueitt, P.S.: Towards a theory of cyber attack mechanics. http://www.ontologystream.com/gFT/Towards%20a%20Theory%20of%20Cyber%20Attack%20Mechanics.PDF

  9. Wikipedia. http://en.wikipedia.org/wiki/Fail-safe

Download references

Author information

Authors and Affiliations

  1. Department of the Navy, Naval Facilities Engineering Command, Poulsbo, USA

    Jennifer Guild

Authors
  1. Jennifer Guild
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Jennifer Guild .

Editor information

Editors and Affiliations

  1. University of Idaho, Moscow, ID, USA

    Kristin Haltinner

  2. University of Idaho, Moscow, ID, USA

    Dilshani Sarathchandra

  3. University of Idaho, Moscow, ID, USA

    Jim Alves-Foss

  4. University of Idaho, Moscow, ID, USA

    Kevin Chang

  5. University of Idaho, Moscow, ID, USA

    Daniel Conte de Leon

  6. University of Idaho, Moscow, ID, USA

    Jia Song

Rights and permissions

Reprints and permissions

Copyright information

© 2016 Springer International Publishing Switzerland

About this paper

Cite this paper

Guild, J. (2016). An Assessment Model and Methodology for National Security Systems. In: Haltinner, K., Sarathchandra, D., Alves-Foss, J., Chang, K., Conte de Leon, D., Song, J. (eds) Cyber Security. CSS 2015. Communications in Computer and Information Science, vol 589. Springer, Cham. https://doi.org/10.1007/978-3-319-28313-5_8

Download citation

  • DOI: https://doi.org/10.1007/978-3-319-28313-5_8

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-319-28312-8

  • Online ISBN: 978-3-319-28313-5

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation