Accession Number:

AD1037196

Title:

ACHIEVING MISSION ASSURANCE AGAINST A CYBER THREAT WITH THE DEFENSE ACQUISITION SYSTEM

Descriptive Note:

Technical Report

Corporate Author:

AIR WAR COLLEGE MAXWELL AFB United States

Personal Author(s):

Report Date:

2016-02-13

Pagination or Media Count:

26.0

Abstract:

Most DOD major weapon systems were designed before 1990 and were never deemed susceptible to a hacking threat. Decades of subsequent engineering focused on information availability and usability rather than security. Today we are left with a fleet of aircraft operating in a system of systems that has much vulnerability and little cyber hardening. Current guidance is not sufficient to obtain mission assurance, and without clarification, the DOD cannot assure mission success in the face of cyber threats. The author argues that three major guidance changes are needed. First, a functional mission analysis FMA should be conducted on every major weapon system. This will determine and prioritize the minimum requirements and subsystems needed for critical mission execution. Identification and prioritization of these systems will enable more focused and efficient vulnerability assessments that will eventually drive mission assurance to be baked in to system design. Second, FMAs and vulnerability assessments should be conducted prior to every acquisition milestone. Earlier assessments in contrast to current guidance will allow for timely and cost-effective changes to system design. Without a change in guidance, the DOD runs the risk of finding vulnerabilities that are either too costly to fix or too unsecure to field. Lastly, the DOD must mandate the inclusion of uniquely-qualified Cyber Vulnerability Assessment CVA Engineers at all vulnerability assessments. The extremely limited availability of these professionals may drive and allow a program to conduct halfhearted assessments unless current guidance is modified. Current direction allows a program strapped for time and money to execute and pass a vulnerability assessment that is too late, conducted without the proper experts, and does not address the most critical aspects of mission execution. Changes are needed.

Subject Categories:

  • Logistics, Military Facilities and Supplies
  • Defense Systems
  • Computer Systems Management and Standards

Distribution Statement:

APPROVED FOR PUBLIC RELEASE