A Study on the Multi-Cyber Range Application of Mission-Based Cybersecurity Testing and Evaluation in Association with the Risk Management Framework

0Citations
Citations of this article
22Readers
Mendeley users who have this article in their library.

Abstract

With the advancement of IT technology, intelligent devices such as autonomous vehicles, unmanned equipment, and drones are rapidly evolving. Consequently, the proliferation of defense systems based on these technologies is increasing worldwide. In response, the U.S. Department of Defense is implementing the RMF (Risk Management Framework) to ensure the cybersecurity of defense systems and conducting cybersecurity T&E (test and evaluation) concurrently. However, RMF and cybersecurity T&E conducted during the acquisition phase of defense systems often result in fragmented cybersecurity assessments, excluding the operational environment of the defense systems. This omission fails to account for the complex network integration, data exchange functionalities, and mission-specific requirements in actual cyber attack scenarios. For these reasons, vulnerabilities in defense systems that remain unidentified during the acquisition phase can potentially pose significant cybersecurity threats during operational phases, necessitating substantial costs and efforts for remediation. Therefore, this paper proposes a mission-based cybersecurity T&E model using a Multi-Cyber Range to effectively apply these two systems in a practical manner. The Multi-Cyber Range integrates independently operated cyber ranges into a network to expand the evaluation environment, which better reflects the mission environment of defense systems. The proposed model’s effectiveness is validated using a cyber attack simulation system targeting a virtualized arbitrary defense system. This paper not only presents an enhanced model for mission-based cybersecurity T&E, but also contributes to the advancement of cybersecurity T&E methodologies by providing a concrete application process.

Cite

CITATION STYLE

APA

Kim, I., Park, M., Lee, H. J., Jang, J., Lee, S., & Shin, D. (2024). A Study on the Multi-Cyber Range Application of Mission-Based Cybersecurity Testing and Evaluation in Association with the Risk Management Framework. Information (Switzerland), 15(1). https://doi.org/10.3390/info15010018

Register to see more suggestions

Mendeley helps you to discover research relevant for your work.

Already have an account?

Save time finding and organizing research with Mendeley

Sign up for free