Cyber Assessment Program Action Map Introduction
Abstract
Analyzing data from DOD Cyber Red Teams is crucial to the DOT and Es Cyber Assessment Program (CAP) operational Mission Assurance and cyber operations assessments, which help assess and improve the Department of Defenses ability to defend warfighting capabilities and missions. As part of the program, Cyber Red Teams deliver a data product, called an action map, prior to and during an assessment. Over the past five years, IDA has helped DOT and E define standards for the expected action map content and form. We begin this training briefing by defining action maps and the required data elements each action map should include. Then, we use an example open source cyber attack description to show how Red Teams typically create an action map, and highlight some challenges associated with action map creation. Next, we introduce how IDA analyzes action maps, including how the action map data helps inform DOT and E reports. Finally, we focus on future efforts to improve the action map creation and analysis process, by using automated data collection capabilities and analysis techniques. Automating the time-consuming and error-prone aspects of using action maps will improve available analysis techniques and the reproducibility of our research.
Document Details
- Document Type
- Technical Report
- Publication Date
- Jan 01, 2022
- Accession Number
- AD1205705
Entities
People
- Jason R. Schlup
- Shawn Whetstone
- Walter R. Iii Dodson
Organizations
- Institute for Defense Analyses