Remaining Vigilant: Identifying Cyber Dependencies, Vulnerabilities and Threats
1. Challenge Statement
The Department of National Defence and the Canadian Armed Forces (DND/CAF) are looking for solutions to support mission-oriented cyber security and defence in order to develop robust continuity plans for cyber assets and capabilities.
2. Background and Context
Any operation will have a series of mission-essential functions that need to be maintained in order for the mission to continue and be successfully completed. The first step is to identify and prioritize these functions; the critical cyber capabilities and assets upon which a mission depends. Tools are required to support, simplify and expedite the task of identifying cyber vulnerabilities and risks to a mission.
Secondly, there is a need to analyze, prioritize and mitigate the risks. Impact assessments help decision-makers to know which cyber systems need to be protected. Risk assessments incorporate vulnerability and threat information to support active cyber defence planning and remediation. Tools are needed that provide decision-makers with a risk assessment to help them prioritize mitigation actions
Finally, the third issue involves the static nature of most efforts to identify and mitigate cyber dependencies and vulnerabilities. Assessments do not reflect the highly dynamic context in which missions and operations occur. Risks need to be continually identified and any mitigations need to be assessed. It is an iterative process that must be undertaken as quickly as possible.
A related problem involves the need for tools and capabilities to support automated, vulnerability scanning. Many technologies currently exist in the Information Technology (IT) world continuously scan a traditional enterprise network for known vulnerabilities. That capability is nascent for Operational Technologies (OT) and Platform Technologies (PT).
3. Desired Outcomes
Innovative research, tools, design concepts and/or technologies are sought that address, but are not limited to, one or more of the following areas associated with cyber security:
- Mission-oriented cyber security training strategies, methods and tools for:
- Military Commanders (to understand vulnerabilities and dependencies);
- Technical experts (to understand the military operations).
- Tools to support, simplify, expedite and/or automate the identification and mitigation of cyber vulnerabilities and risks to a mission;
- Dynamic risk assessment, prioritization and mitigation management in the face of changing threats that accounts for the known vulnerabilities of cyber systems, threats to those systems, and the impact to operational missions.
- Automated vulnerability scanning for military OT/PT platforms and systems.
Report a problem or mistake on this page
- Date modified: