SBIR Research Project Creates Mapping between Military Missions and the Cyber Assets Required to Complete Those Missions
Northport, NY – May 15, 2007 – The Secure Decisions division of Applied Visions, Inc. has been awarded the first phase of an Air Force research contract, under the Small Business Innovation Research (SBIR) Program, to improve the effectiveness of computer network defenders in protecting critical cyber assets. Secure Decisions will research and develop the Cyber Asset-to-Mission Mapping Model (CAM3), a system to automatically relate cyber assets to higher-level network capabilities and missions dependent upon those assets.
This award was made by the Air Force Research Laboratory Information Directorate (AFRL/IF), based in Rome, NY. AFRL/IF develops systems, concepts and technologies to enhance the Air Force’s capability to successfully meet the challenges of the information age. This award was made under their solicitation entitled “Situation Awareness and Impact Assessment for Cyber Network Defense.”
The impact of cyber attacks is not as easily assessed as those of traditional “kinetic” attacks. The effect of a weapon is measurable, and its collateral damage can be assessed through images and other sensors – we know when we have been attacked, because we can see the damage. Organizations regularly sustain computer attacks ranging from naïve, automated scripts to sophisticated attempts to compromise classified information – yet there are no standard procedures or tools for assessing the impact of these attacks either on the network that sustained them or on the organizational mission that they may affect. AFRL/IF recognized the need to better understand the nature and impact of cyber damage, and funded this program to address that need.
Secure Decisions will develop technology that automates the collection and structuring of cyber asset-to-mission data to facilitate Impact Assessment. CAM3 represents the complex relationships between network nodes, network services, cyber capabilities, mission-critical tasks, and organizational missions, enabling an analyst to trace and predict operational impact starting from a breached node and ending in an organizational mission. This includes:
§ The impact of a breached networked cyber asset (workstation, server) on the network services that depend on the node, such as e-mail connectivity;
§ The impact of a lost or degraded cyber capability (such as the ability to send messages and files in near real-time) that depend on the network service;
§ The impact of an impaired cyber capability on mission-critical tasks; and
§ The impact of an impaired mission task on the overall organizational mission.
Secure Decisions has assembled a team of specialists to complement its own expertise. Skaion Corporation of North Chelmsford, Massachusetts (www.skaion.com) is skilled in cyber attack modeling and the development of complex test scenarios, and Warrior, LLC of Arlington, Virginia will provide deep understanding of military mission planning.
About the Small Business Innovation Research (SBIR) Programs
Established in 1982 by the Small Business Innovation Development Act, the SBIR program allocates a percentage of Federal agencies’ extramural research and development spending for grants to U.S. small businesses. Grants are awarded in phases as research progresses and results are demonstrated, culminating in development of working prototypes with commercial potential. The SBIR program goals are to:
§ Stimulate technological innovation;
§ Use small business to meet federal research and development (R&D) needs;
§ Foster and encourage participation by minorities and disadvantaged persons in technological innovation;
§ Increase private-sector commercialization innovations derived from federal R&D.
About Secure Decisions and Applied Visions
The Secure Decisions division of Applied Visions, Inc. (AVI) focuses on research and development in areas related to national security including information assurance, infrastructure protection, cyber security, and intelligence analysis. Secure Decisions provides decision-makers with tools to analyze massive amounts of data for more accurate and timely decisions; SecureScope™ and VIAssist™ visualization products are two such tools for analysis of cyber security data.
AVI provides software engineering and research services for government and commercial customers, specializing in visual solutions to complex defense, national security, and business problems. AVI serves DoD, DARPA, DHS, the intelligence community, and prominent technology and Fortune 1000 firms.