Application of Capability-Based Cyber Risk Assessment Methodology to a Space System
BIOS
Martha McNeil is a doctoral student at Dakota State University and is engaged in applied cyber security research at the Johns Hopkins University Applied Physics Laboratory. She holds a B.S. in Mathematics from Towson University and a M.S. in Computer Science from Johns Hopkins University. Thomas Llansó is a doctoral student at Dakota State University and is engaged in applied research at the Johns Hopkins University Applied Physics Laboratory focused on mission-systems cyber analysis. His interests include security engineering automation and security risk analysis. In addition, he is an adviser and former instructor in the Cybersecurity Masters Program at Johns Hopkins. He holds B.S. and M.S. Computer Science degrees from the College of William and Mary and Johns Hopkins, respectively. Dallas Pearson is a systems security engineer at the Johns Hopkins University Applied Physics Laboratory, with a background in system security engineering, security architectures, and cryptographic development and implementation. He holds a B.S. in Physics from the University of Southern Mississippi and a M.S. in Systems Engineering from Johns Hopkins University. |
ABSTRACT Despite more than a decade of heightened focus on cybersecurity, cyber threats remain an ongoing and growing concern [1]–[3]. Stakeholders often perform cyber risk assessments in order to understand potential mission impacts due to cyber threats. One common approach to cyber risk assessment is event-based analysis which usually considers adverse events, effects, and paths through a system, then estimates the effort/likelihood and mission impact of such attacks. When conducted manually, this type of approach is labor-intensive, subjective, and does not scale well to complex systems. As an alternative, we present an automated capability-based risk assessment approach, compare it to manual event-based analysis approaches, describe its application to a notional space system ground segment, and discuss the results. |
|