cyber failure modes, effects and criticality analysis (cfmeca) · 2017-05-19 · failure modes,...
TRANSCRIPT
![Page 1: Cyber Failure Modes, Effects and Criticality Analysis (CFMECA) · 2017-05-19 · Failure Modes, Effects and Criticality Analysis (FMECA) •Methodologies to identify potential failure](https://reader035.vdocuments.mx/reader035/viewer/2022062505/5e966db60132906e7c7d49a2/html5/thumbnails/1.jpg)
Cyber Failure Modes, Effects and Criticality Analysis (CFMECA)
Jess F. GranoneAugust 16, 2011
![Page 2: Cyber Failure Modes, Effects and Criticality Analysis (CFMECA) · 2017-05-19 · Failure Modes, Effects and Criticality Analysis (FMECA) •Methodologies to identify potential failure](https://reader035.vdocuments.mx/reader035/viewer/2022062505/5e966db60132906e7c7d49a2/html5/thumbnails/2.jpg)
![Page 3: Cyber Failure Modes, Effects and Criticality Analysis (CFMECA) · 2017-05-19 · Failure Modes, Effects and Criticality Analysis (FMECA) •Methodologies to identify potential failure](https://reader035.vdocuments.mx/reader035/viewer/2022062505/5e966db60132906e7c7d49a2/html5/thumbnails/3.jpg)
Cyber Crime• Computers hijacked per day: 148
• Malicious threats in existence at the beginning of 2009: 2.6M▫ Password stealing ranks at the top▫ 36.2% originated in China (4.4% in the USA)▫ Most target the Windows OS▫ All target the unaware and least sophisticated
• Mobile malware increased by 46 percent from 2009 to 2010
• Internet Crime Complaint Center (IC3) ▫ Recieves average of 25,000 complaints per month▫ Most common Crime types (2010):▫ Age distribution of victims is balanced▫ 91% of complaints from US
![Page 4: Cyber Failure Modes, Effects and Criticality Analysis (CFMECA) · 2017-05-19 · Failure Modes, Effects and Criticality Analysis (FMECA) •Methodologies to identify potential failure](https://reader035.vdocuments.mx/reader035/viewer/2022062505/5e966db60132906e7c7d49a2/html5/thumbnails/4.jpg)
![Page 5: Cyber Failure Modes, Effects and Criticality Analysis (CFMECA) · 2017-05-19 · Failure Modes, Effects and Criticality Analysis (FMECA) •Methodologies to identify potential failure](https://reader035.vdocuments.mx/reader035/viewer/2022062505/5e966db60132906e7c7d49a2/html5/thumbnails/5.jpg)
Some Elements of “Cyber”• Supply Chain Risk
Management▫ Counterfeit Parts▫ Malicious Software▫ Intelligence Components
• Network Protection▫ Where Does The Network Start
And Stop?• System Protection
▫ What Is A System Bank City Power Military
• New Start vs Legacy System
Cyberspace
Operations
Intel
Defense
Offense
Execution
Human Capital
Governance
RDT&EM&S
![Page 6: Cyber Failure Modes, Effects and Criticality Analysis (CFMECA) · 2017-05-19 · Failure Modes, Effects and Criticality Analysis (FMECA) •Methodologies to identify potential failure](https://reader035.vdocuments.mx/reader035/viewer/2022062505/5e966db60132906e7c7d49a2/html5/thumbnails/6.jpg)
![Page 7: Cyber Failure Modes, Effects and Criticality Analysis (CFMECA) · 2017-05-19 · Failure Modes, Effects and Criticality Analysis (FMECA) •Methodologies to identify potential failure](https://reader035.vdocuments.mx/reader035/viewer/2022062505/5e966db60132906e7c7d49a2/html5/thumbnails/7.jpg)
Modeling System Performance
ThreatDefinition
VelocityPayloadDynamics
Interceptor
VelocityManeuverabilityLethality
Radar
InterceptPoint
DamageAssessment
SystemPerformance
![Page 8: Cyber Failure Modes, Effects and Criticality Analysis (CFMECA) · 2017-05-19 · Failure Modes, Effects and Criticality Analysis (FMECA) •Methodologies to identify potential failure](https://reader035.vdocuments.mx/reader035/viewer/2022062505/5e966db60132906e7c7d49a2/html5/thumbnails/8.jpg)
Traditional Modeling and Simulation
Campaign
Mission
Engagement
Physics Based Models
![Page 9: Cyber Failure Modes, Effects and Criticality Analysis (CFMECA) · 2017-05-19 · Failure Modes, Effects and Criticality Analysis (FMECA) •Methodologies to identify potential failure](https://reader035.vdocuments.mx/reader035/viewer/2022062505/5e966db60132906e7c7d49a2/html5/thumbnails/9.jpg)
![Page 10: Cyber Failure Modes, Effects and Criticality Analysis (CFMECA) · 2017-05-19 · Failure Modes, Effects and Criticality Analysis (FMECA) •Methodologies to identify potential failure](https://reader035.vdocuments.mx/reader035/viewer/2022062505/5e966db60132906e7c7d49a2/html5/thumbnails/10.jpg)
Cyber Systems Evaluation
CyberSystemAnalysis
CyberModeling
& Simulation
CyberAttack
Scenarios
CyberSusceptibility
Analysis
CyberTesting
And Forensics
CyberDefensiveConcepts
AndDesigns
CyberValidation
Re-TestAnd
Forensics
SystemPerformance
Validation
OperationalImplementation
And Training
CyberThreat
Definition
![Page 11: Cyber Failure Modes, Effects and Criticality Analysis (CFMECA) · 2017-05-19 · Failure Modes, Effects and Criticality Analysis (FMECA) •Methodologies to identify potential failure](https://reader035.vdocuments.mx/reader035/viewer/2022062505/5e966db60132906e7c7d49a2/html5/thumbnails/11.jpg)
Modeling and Simulation
Physics Based Models
Engagement
Mission
Campaign
?
?
Campaign
CyberTraditional
Mathematical Based Models
![Page 12: Cyber Failure Modes, Effects and Criticality Analysis (CFMECA) · 2017-05-19 · Failure Modes, Effects and Criticality Analysis (FMECA) •Methodologies to identify potential failure](https://reader035.vdocuments.mx/reader035/viewer/2022062505/5e966db60132906e7c7d49a2/html5/thumbnails/12.jpg)
Forensics• Traditional Missile Defense
▫ Damage Physics Models (PEELS)▫ Computational Fluid Dynamics Models Predict Damage With Higher Fidelity
▫ Visible Effects
• Cyber▫ Damage At The Computational Element▫ Changes In The Mathematical Processes▫ Second And Third Order Effects
![Page 13: Cyber Failure Modes, Effects and Criticality Analysis (CFMECA) · 2017-05-19 · Failure Modes, Effects and Criticality Analysis (FMECA) •Methodologies to identify potential failure](https://reader035.vdocuments.mx/reader035/viewer/2022062505/5e966db60132906e7c7d49a2/html5/thumbnails/13.jpg)
Measuring and Metrics• Failure Modes, Effects and Criticality Analysis
(FMECA)▫ Widespread Use Today
▫ Identifies Risks
▫ Determines Severity and Probability
• Cyber Failure Modes, Effects and Criticality Analysis (CFMECA)▫ Possible Metric For Cyber Risk Analysis
![Page 14: Cyber Failure Modes, Effects and Criticality Analysis (CFMECA) · 2017-05-19 · Failure Modes, Effects and Criticality Analysis (FMECA) •Methodologies to identify potential failure](https://reader035.vdocuments.mx/reader035/viewer/2022062505/5e966db60132906e7c7d49a2/html5/thumbnails/14.jpg)
![Page 15: Cyber Failure Modes, Effects and Criticality Analysis (CFMECA) · 2017-05-19 · Failure Modes, Effects and Criticality Analysis (FMECA) •Methodologies to identify potential failure](https://reader035.vdocuments.mx/reader035/viewer/2022062505/5e966db60132906e7c7d49a2/html5/thumbnails/15.jpg)
Failure Modes, Effects and Criticality Analysis (FMECA)• Methodologies to identify potential
failure modes • Assess the risk associated with failure
modes• Rank issues in terms of importance• Identify and carry out corrective actions
for most serious concerns• MIL STD – 1629a• Developed by US Military, published
1949
![Page 16: Cyber Failure Modes, Effects and Criticality Analysis (CFMECA) · 2017-05-19 · Failure Modes, Effects and Criticality Analysis (FMECA) •Methodologies to identify potential failure](https://reader035.vdocuments.mx/reader035/viewer/2022062505/5e966db60132906e7c7d49a2/html5/thumbnails/16.jpg)
Risk Reporting MatrixL
ikel
ihood
Consequence
1
2
3
4
5
1 2 3 4 5
![Page 17: Cyber Failure Modes, Effects and Criticality Analysis (CFMECA) · 2017-05-19 · Failure Modes, Effects and Criticality Analysis (FMECA) •Methodologies to identify potential failure](https://reader035.vdocuments.mx/reader035/viewer/2022062505/5e966db60132906e7c7d49a2/html5/thumbnails/17.jpg)
![Page 18: Cyber Failure Modes, Effects and Criticality Analysis (CFMECA) · 2017-05-19 · Failure Modes, Effects and Criticality Analysis (FMECA) •Methodologies to identify potential failure](https://reader035.vdocuments.mx/reader035/viewer/2022062505/5e966db60132906e7c7d49a2/html5/thumbnails/18.jpg)
Cyber Systems Evaluation
CyberSystemAnalysis
CyberModeling
& Simulation
CyberAttack
Scenarios
CyberSusceptibility
Analysis
CyberTesting
And Forensics
CyberDefensiveConcepts
AndDesigns
CyberValidation
Re-TestAnd
Forensics
SystemPerformance
Validation
OperationalImplementation
And Training
CyberThreat
Definition
![Page 19: Cyber Failure Modes, Effects and Criticality Analysis (CFMECA) · 2017-05-19 · Failure Modes, Effects and Criticality Analysis (FMECA) •Methodologies to identify potential failure](https://reader035.vdocuments.mx/reader035/viewer/2022062505/5e966db60132906e7c7d49a2/html5/thumbnails/19.jpg)
CyberSystemAnalysis
CyberModeling
& Simulation
CyberAttack
Scenarios
CyberSusceptibility
Analysis
CyberThreat
Definition
CFMECA FLOW DIAGRAM
System Assessment
![Page 20: Cyber Failure Modes, Effects and Criticality Analysis (CFMECA) · 2017-05-19 · Failure Modes, Effects and Criticality Analysis (FMECA) •Methodologies to identify potential failure](https://reader035.vdocuments.mx/reader035/viewer/2022062505/5e966db60132906e7c7d49a2/html5/thumbnails/20.jpg)
Cyber System Analysis• Define the system to be analyzed
▫ System boundaries ▫ Main system missions and functions ▫ Operational and environmental conditions to be considered
• Collect available information that describes the system to be analyzed▫ Drawings▫ Specifications▫ Schematics▫ Component lists▫ Interfaces
• Focus on the Computational Components in the system
![Page 21: Cyber Failure Modes, Effects and Criticality Analysis (CFMECA) · 2017-05-19 · Failure Modes, Effects and Criticality Analysis (FMECA) •Methodologies to identify potential failure](https://reader035.vdocuments.mx/reader035/viewer/2022062505/5e966db60132906e7c7d49a2/html5/thumbnails/21.jpg)
Software Testing• Software Penetration Test
▫ Method of evaluating the security of a computer, system or network
• Simulated Attack from a Malicious Source
• Production Environment ▫ Directed at Operational and Configuration Issues
• Currently Most Common Mechanism Used to “Inject” Security
• Tool Driven
![Page 22: Cyber Failure Modes, Effects and Criticality Analysis (CFMECA) · 2017-05-19 · Failure Modes, Effects and Criticality Analysis (FMECA) •Methodologies to identify potential failure](https://reader035.vdocuments.mx/reader035/viewer/2022062505/5e966db60132906e7c7d49a2/html5/thumbnails/22.jpg)
Modeling The Functionality Of The Boolean Mathematics
Model The Mathematical Functionality Of A Single Chip
Model the Mathematical Functionality Of Several Chassis
Model the MathematicalFunctionality Of A System
![Page 23: Cyber Failure Modes, Effects and Criticality Analysis (CFMECA) · 2017-05-19 · Failure Modes, Effects and Criticality Analysis (FMECA) •Methodologies to identify potential failure](https://reader035.vdocuments.mx/reader035/viewer/2022062505/5e966db60132906e7c7d49a2/html5/thumbnails/23.jpg)
Summary Questions• How can each part conceivably fail?
• What attack vectors might produce these modes of failure?
• What could the effects be if the failures did occur?
• How is the failure detected?
• What inherent provisions are provided in the design to compensate for the failure?