Mission Assurance Challenges within the Military Environment

Mission Assurance Challenges within the Military Environment

Scott Musman (MITRE Corporation, McLean, VA, USA) and Michael R. Grimaila (Air Force Institute of Technology, Wright-Patterson AFB, OH, USA)
DOI: 10.4018/jitn.2013040105
OnDemand PDF Download:
$30.00
List Price: $37.50

Abstract

Virtually all modern organizations have embedded information and communication technologies into their core processes as a means to increase operational efficiency, improve decision quality, and reduce operational costs. However, this dependence can place the organizational mission at risk when an incident occurs that compromises a cyber resource critical to the success of the organizational mission. In this paper, the authors examine the challenges of developing and maintaining a mission-wide understanding of organizational mission risk within military environments. Specifically, they examine the concept of mission assurance, discuss various factors which must be taken into account when describing military missions, analyze the four primary types of representations used to capture mission-to-cyber relationships, and highlight the complexities of documenting cyber dependencies for the purpose of achieving mission assurance.
Article Preview

Introduction

The benefits of embedding Information and Communications Technologies (ICT), also known as “cyberspace”, into core business processes are well understood as a means to increase operational efficiency, improve decision quality, and reduce costs. As a consequence, cyber security continues to grow in importance within the military community as modern military operations have become more dependent upon ICT. Given the enormous challenges facing cyber security, it has been considered that a more focused problem is to secure computing resources in the context of the missions that they support rather than just treat them as a collection of disjoint system focused security objectives (Hale, 2010). Within the military community, there has been a disconnection between the personnel who are responsible for securing the ICT and the personnel who are responsible for performing mission activities (Grimaila, 2008). Personnel on the mission side of operations are rarely aware of how cyber resources contribute to the success of their mission activities and people on the ICT side rarely understand which cyber resources support which missions or mission activities (Hale et al., 2010).

One of the fundamental goals of any organization is to assure the success of its mission objectives. Organizations typically address this risk through enterprise-wide risk management activities that focus on the explicit identification of risks so that control measures can be selected to mitigate mission risk to an acceptable level given budgetary constraints (ISO 31000, 2009; Whitman & Mattord, 2010). This type of focused planning is most successful in static business process environments, when all stakeholders participate, resources critical to the success of the organizational operations can be enumerated, and the projected scenarios are representative of the possible futures experienced by the organization. In contrast, military missions often involve dynamically changing, time-sensitive, complex, cooperative, and coordinated ventures between multiple organizations (e.g., units, services, agencies, coalition partners) who may not share in a complete view of their role within the overall mission (Alberts & Hayes, 2006). Since each participating organizational unit is resourced and managed as a separate entity, the enterprise-wide approach to assuring the mission is significantly more complex.

Recently, there has been an intense focus to formalize the concept of “Mission Assurance” (MA) within the United States (US) Department of Defense (DoD). Surprisingly, very little research has focused on the fundamental problem of how to describe and relate military mission requirements to cyber dependencies. Existing MA analysis rely on implicit assumptions that relate cyber and mission (i.e. it is usually safe to say that more resilient, less vulnerable cyber resources will tend to lead to more resilient mission systems). However, decision quality MA analysis requires a more formal, explicit description of missions, systems, resources and dependencies. In this paper, we examine the concept of Mission Assurance and present challenges of attaining it in military environments.

Complete Article List

Search this Journal:
Reset
Open Access Articles: Forthcoming
Volume 10: 4 Issues (2018): 1 Released, 3 Forthcoming
Volume 9: 4 Issues (2017)
Volume 8: 4 Issues (2016)
Volume 7: 4 Issues (2015)
Volume 6: 4 Issues (2014)
Volume 5: 4 Issues (2013)
Volume 4: 4 Issues (2012)
Volume 3: 4 Issues (2011)
Volume 2: 4 Issues (2010)
Volume 1: 4 Issues (2009)
View Complete Journal Contents Listing