Evaluating the Impact of Cyber Attacks on Missions

Using current methods, it is virtually impossible to determine the impact of a cyber attack on the attainment of mission objectives. Do we know which mission elements are affected? Can we continue to operate and fulfill the mission? Should we wait for recovery? Can we salvage part of the mission? Since it is currently so difficult for humans to comprehend the mission impact of a cyber incident, our ability to respond is much less effective than it could be. We believe that improved knowledge of the mission impact of a cyber attack will lead to improved, more targeted responses, creating more attack resistant systems that can operate through cyber attacks. Our work addresses the "mission" part of "mission assurance," focusing on cyber mission impact assessment (CMIA). Our challenge is to create mission models that can link information technology (IT) capabilities to an organization's business processes associated with Measures of Effectiveness and Performance (e.g., attrition of enemy forces, targets destroyed, blue force protection). Measuring mission impact requires knowing the mission activities that fulfill mission needs, the supporting cyber assets, and understanding how the effects of an attack change mission capability. This paper is about developing the techniques that make estimating the mission impact of cyber attacks possible.