An Architecture for Improving Timeliness and Relevance of Cyber Incident Notifications
Abstract
This research proposes a communications architecture to deliver timely and relevant cyber incident notifications to dependent mission stakeholders. This architecture, modeled in Unified Modeling Language (UML), eschews the traditional method of pushing notifications via message as dictated in Air Force Instruction 33-138. It instead shifts to a "pull" or "publish and subscribe" method of making notifications. Shifting this paradigm improves the notification process by empowering mission owners to identify those resources on which they depend for mission accomplishment, provides a direct conduit between providing and dependent mission owners for notifications when an incident occurs, and provides a shared representation for all with authority for that dependent mission. Once the incident's impact is assessed, the architecture provides a conduit for the mission stakeholder(s) receiving the incident notification to then notify their downstream users of their status should it have changed because of the incident. The proposed architecture significantly speeds incident notification by eliminating multiple layers of processing and does so in a relatively noise-free environment as compared to current notification methods.
Document Details
- Document Type
- Technical Report
- Publication Date
- Mar 01, 2011
- Accession Number
- ADA540213
Entities
People
- James M. L. Miller
Organizations
- Air Force Institute of Technology