Defining Measuring, and Analyzing Defensibility in the Defensive Cyber Operations Context
Abstract
When talking about cyber systems, both researchers and decision makers have used the term "defensibility" widely, but there is no universal definition for it and no method to observe and measure it. This study examines how defensibility can be defined in a defensive cyber operations context, what critical factors constitute it, and how those factors could be measured. This is done by first examining doctrine and research to create a framework of meaning for defensibility. Second, the study proposes seven fundamental capabilities that a defender needs to be able to perform in defensive cyber operations and a set of system attributes that affect those capabilities. Finally, a set of measures for those attributes is proposed to allow defensibility to be observed and measured. The results of this study are a definition of defensibility for the defensive cyber operations context, a list of system attributes that constitute its defensibility, and a set of associated measurements for these attributes. Using these, it is possible to analyze the defensibility of a system to indicate what restrictions a defender might have when conducting operations in the system and the areas where the system needs to improve. This work is the first step in building defensibility into a useful tool that highlights the needs of a defensive actor who conducts dynamic defensive operations in a system, versus the needs of an actor who implements static measures to increase cyber security
Document Details
- Document Type
- Technical Report
- Publication Date
- Jun 01, 2022
- Accession Number
- AD1184908
Entities
People
- Bjoern L. Gunnvall Ekstorm
Organizations
- Naval Postgraduate School