Assessing and Visualizing Risk in Monterey Phoenix through a Supply Chain Cyber-Attack Use Case
Abstract
This thesis explores how decision makers could use the Monterey Phoenix (MP) behavior modeling tool developed at the Naval Postgraduate School to assess, visualize, and prioritize cyber risk in a supply chain. Assessing supply chain risk is a complex problem because of the inter-relationships among various parts of the system and between the system and its environment. This thesis a plies and extends a reusablemethodology to analyze risk in MP, developed by Navy LCDR Richard Moebius in 2018, to the use case of a cyber-attack on a jet fuel supply chain, first modeled by student interns from the National Security Agency. It assesses and displays risk for single- and multi-threat use cases, and for the first time, adds the global report to an MP model for assessing risk. It demonstrates how MP can overcome the limitations ofexisting tools, like the risk table, risk map, and risk matrix. For example, MP automatically generates an exhaustive list of potential risk scenarios; MP sequence diagrams provide context on the system, its environment, and relationships among different risks; MP easily and quickly updates the model to support what if questions; and MP displays aggregate and average risk across the system and sorts scenarios by a user-defined risk threshold. Finally, the work describes how decision makers from different backgrounds can interact with the MP model to improve their understanding and prioritization of risk
Document Details
- Document Type
- Technical Report
- Publication Date
- Sep 01, 2021
- Accession Number
- AD1164415
Entities
People
- Margaret Palmieri
Organizations
- Naval Postgraduate School