March 19, 2009 – On February 26‐27 the Secure Decisions division of Applied Visions, Inc. conducted a workshop on mapping cyber assets to missions and users. The workshop addressed how to map the relationships between cyber assets such as network devices and
the users, missions, business processes and other entities that depend on those assets. This mapping will enable computer network defense (CND), information technology (IT) and disaster recovery (DR) practitioners to understand the impact of the loss or degradation a cyber asset. The workshop was a critical component of Secure Decisions’ Camus project The 30 people who were invited to participate included individuals whose operational responsibility is to assure the availability of cyber assets for critical missions, who are researching areas related to the mapping of cyber assets to missions, or who are developing technology that can be used in this mapping.

Workshop Goals: The specific objectives of this workshop were to:

1. Describe specific instances of how an accurate and dynamic mapping of cyber assets to missions and users can be used in an       operational setting

2. Define the types of impacts one needs to assess when a cyber asset is lost or degraded

3. Identify methods of measuring those impacts

4. Define scenarios that illustrate impacts of a failed network asset on missions and users

5. Model relationships between cyber assets, missions and users

6. Identify network data that can be mined to automatically populate the model

7. Discuss technical challenges and potential for future research and development

The model that is being developed as a result of the workshop will be made available to all participants for their use, following approval of the AFRL public release office. It will also be used by Secure Decisions to develop a method for semi‐automated mapping of cyber assets to missions and users (Camus).

Workshop Format: The workshop consisted of several group exercises where predefined scenarios were discussed and analyzed. Top‐down scenarios were analyzed to answer the question “If this mission or business process needs to occur without failure, what cyber assets must be fully available?” Bottom‐up scenarios were analyzed to the specific information that a user must have to answer the question: “If this cyber asset is unavailable, what users and missions are affected?” Work groups were also asked to create new scenarios to capture information requirements not covered by the pre‐defined conditions.

Workshop Results: The group exercises yielded insight into the information requirements for mapping cyber assets to missions and users, and the participant’s presentations summarized the state‐of‐the‐art of this topic. Results of the workshop are being disseminated to participants and will also be recorded in a report and publication. Those interested in the Camus project and the workshop results can access http://SecureDecisions.avi.com/Camus and http://SecureDecisions.avi.com/MissionMappingWorkshop.