Unified Cybersecurity System Modeling of Naval Control Systems
Navy SBIR FY2018.1

Sol No.: Navy SBIR FY2018.1
Topic No.: N181-051
Topic Title: Unified Cybersecurity System Modeling of Naval Control Systems
Proposal No.: N181-051-0645
Firm: G2 Ops, Inc.
2829 Guardian Lane
Suite 150
Virginia Beach, Virginia 23452
Contact: Corren McCoy
Phone: (757) 965-8330
Web Site: http://g2-ops.com
Abstract: Our Phase I research will focus on identifying modeling solutions that can incorporate a cybersecurity analysis capability into existing systems models. Using MBSE tools, sound systems engineering principles and a standards-based approach to data modeling (e.g., Systems Modeling Language (SySML)), G2 Ops has established a fully-automated, interactive method to evaluate how changes in technology affect an integrated systemâ?Ts ability to fulfill its mission. Our research will build on this foundation to establish methodologies for integrating cybersecurity analysis. Our research approach will address the shortfalls identified by the topic to achieving the detailed level of data collection necessary to model and integrate relevant system attributes to enable a unified cybersecurity analysis platform. Our engineers and system modelers have developed and deployed an efficient data collection strategy that allows for rapid consumption of information housed in non-electronic and physical data stores. This strategy has been used to generate models of more than 18,000 end-to-end architectural elements, mission threads and interface requirements. We will research ways to expand this methodology to integrate additional cybersecurity relevant analytics within a unified, data concordant model.
Benefits: Today's cyber-threat landscape poses exceptional risk to operations, corroborated by numerous global threat intelligence sources. To properly manage cyber risk, it's imperative to understand impact to an integrated systemsâ?T unique footprint (military or commercial). An emerging analytical approach to unified risk management will deliver customized measurements of impact and likelihood, articulate operational data, and give leaders capacity to comprehend cyber risk. Operational security and sound metrics inspire unified viewpoints and consistent terminology for communicating risk based on impact. Leaders can then collaborate to develop prioritized mitigation plans and target technology spending to strategically buy-down risk. Ultimately, unified risk management empowers leaders to assume cyber risk ownership, dissolves internal silos, and allows organizations to unify their risk management approach. Specific capabilities which can be envisioned include: - Business intelligence via cyber value at risk, and indicators of weakness to lines of business. This provides leadership an integrated picture of potential risk influenced by the technology infrastructure and in the context of the existing cyber threat landscape. - Proactive security operations providing key mapping between line of business processes and critical technology components. - The ability to prioritize potential cyber weaknesses based on mission criticality and cyber value at risk. - Pilot efforts G2 Ops has already conducted with partners in the health care sector have proven the market viability of the approach. Research in this area as well as potential resulting tools appear ideally positioned as an extension to existing solutions for network discovery and vulnerability enumeration. Over the past ten years in the cybersecurity domain, post-exploit analytics (Secure Operations Centers (SOC), Security Event and Information Management (SEIM) tools, and log collection, correlation, and analysis) have grown significantly, there remains a gap in overall risk application to business operations. The proposed project fills that market gap and extends its results to the decision makers by determining the value associated with customized risk impact scoring for technology assets in the context of critical business operations and objectives.