全球智库信息集成服务系统

Planning is crucial

• The number of stakeholders involved in a cyber mission thread analysis requires a substantial coordination effort.
• Without proper planning, the timeline could be significantly extended and the results of the analysis could be inadequate.

The ultimate purpose of CMTA is triage

• This goal is the guiding principle for all engagements with subject-matter experts and analysts.
• Adherence to this goal keeps the CMTA process and results within scope and schedule.

Every CMTA exercise is a collaborative effort

• Critical review of CMTA results by every stakeholder helps to ensure results are accurate.
• Fostering stakeholder buy-in further instills credibility in the process.

Cyber mission thread analysis (CMTA), which identifies mission-critical systems in a cyber threat environment, requires a disciplined, well-planned process for its execution. This report provides a proposed planning and implementation guide (1) to perform CMTA expeditiously while still giving results good enough to make decisions about mission criticality, and (2) to analyze multiple missions concurrently.

The authors offer guidance on the roles and responsibilities of organizations and personnel involved in CMTA; the process for implementing the analysis and the types of preparations necessary for successful implementation; a rough timeline required to perform CMTA for one or more missions concurrently; and the possible constraints and issues that may be encountered. The authors draw on lessons learned from a pilot CMTA application, analogous Air Force efforts, and relevant social science methods for conducting interviews and focus groups. They highlight a number of key considerations, including two that are most critical: (1) Develop and execute a detailed plan. The number of stakeholders involved and desire for a swift timeline require a substantial coordination effort; and (2) Remember that the ultimate CMTA goal is triage. It is vital that any mission-critical system appear highly ranked; it is okay if some non-critical systems appear highly ranked. This goal ensures discussions do not become unnecessarily detailed and results remain within scope.

The analytical tasks to perform CMTA are covered in a separate, companion document — Cyber Mission Thread Analysis: A Prototype Framework for Assessing Impact to Missions from Cyber Attacks to Weapon Systems — that readers can consult.

• Chapter One

  Overview of the CMTA Implementation Guide

• Chapter Two

  Phase One: Establishing CMTA Roles and Analysis Inputs

• Chapter Three

  Phase Two: Planning the Analysis Process

• Chapter Four

  Phase Three: Conducting the Analysis

• Chapter Five

  Adopting CMTA Process Efficiencies

• Chapter Six

  Final Thoughts and Next Steps

• Appendix A

  Further Considerations for Conducting SME Elicitations

• Appendix B

  CMTA Analyst Team Checklist