Application of the armament cyber assessment framework: a security assessment methodology for military systems
Authors: 
Aidan McCarthy, Liam Furey, Keagan Smith, Daniel Hawthorne, and Raymond BlaineAuthors Info & Claims
Aidan McCarthy, Liam Furey, Keagan Smith, Daniel Hawthorne, and Raymond BlaineAuthors Info & ClaimsSeptember 2020
Article No.: 20, Pages 1 - 2
Abstract
As the Army modernizes, its weapon systems are becoming increasingly more cyber dependent. This increased connectivity provides incredible opportunities, but also introduces new risks. This paper introduces the Armament Cyber Assessment Framework (ACAF), a schema for creating security assessment workflows integrated into the design process. The goal of ACAF is to introduce a security oriented mindset into the solution prior to release, and to provide meaningful results at every level. This goal is accomplished through the study and incorporation of multiple industry leading frameworks into a uniquely iterative process. ACAF is implemented for testing via the Global Vulnerability Assessment and Penetration Platform (GVAPP). GVAPP works to provide automated vulnerability information during the armament design process. It offers meaningful risk calculus to armament designers without cyber security backgrounds to mitigate potential vulnerabilities prior to fielding the system. This work focuses on military applications, but is applicable to similar civilian platform technologies.
References
[1]
2020. Cyber Kill Chain. https://www.lockheedmartin.com/content/dam/lockheed-martin/rms/documents/cyber/Gaining_the_Advantage_Cyber_Kill_Chain.pdf
[2]
0daysecurity.com. 2011. Penetration Testing Methodology - 0DAYsecurity.com. http://www.0daysecurity.com/pentest.html
[3]
Sean Barnum. 2012. Standardizing cyber threat intelligence information with the structured threat information expression (stix). Mitre Corporation 11 (2012), 1--22. http://stixproject.github.io/about/STIX_Whitepaper_v1.1.pdf
[4]
Rick Hayes. 2012. PTES Technical Guidelines - The Penetration Testing Execution Standard. http://www.pentest-standard.org/index.php/PTES_Technical_Guidelines
[5]
J. D. Mireles, J. Cho, and S. Xu. 2016. Extracting attack narratives from traffic datasets. In 2016 International Conference on Cyber Conflict (CyCon U.S.). 1--6.
[6]
U.S. Army Chief of Public Affairs. 2018. STAND-TO! http://www.army.mil/standto/2018-01-16
[7]
U.S. Department of the Army. 2016. FIELD ARTILLERY MANUAL CANNON GUNNERY. https://armypubs.army.mil/epubs/DR_pubs/DR_a/pdf/web/tc3_09x81.pdf
[8]
Blake Strom. 2019. Getting Started with ATT&CK: Adversary Emulation and Red Teaming. https://medium.com/mitre-attack/getting-started-with-attack-red-29f074ccf7e3
[9]
Cedric T. Wins. 2018. RDECOM's road map to modernizing the Army: Long-range precision fires. https://www.army.mil/article/211569/rdecoms_road_map_to_modernizing_the_army_long_range_precision_fires
Index Terms
- Application of the armament cyber assessment framework: a security assessment methodology for military systems
Recommendations
Improving offensive cyber security assessments using varied and novel initialization perspectives
ACMSE '18: Proceedings of the ACMSE 2018 ConferenceOffensive cyber security assessment methods such as red teaming and penetration testing have grown in parallel with evolving threats to evaluate traditional and diverging attack surfaces. This paper provides a taxonomy of ethical hacker conducted ...
Cyber–physical risk assessment for false data injection attacks considering moving target defences: Best practice application of respective cyber and physical reinforcement assets to defend against FDI attacks
AbstractIn this paper, we examine the factors that influence the success of false data injection (FDI) attacks in the context of both cyber and physical styles of reinforcement. Existing research considers the FDI attack in the context of the ability to ...
A practical framework for cyber defense generation, enforcement and evaluation
AbstractIt is challenging to enforce and evaluate cyber-defenses for large networks. The current state-of-the-art approaches on defense enforcement and evaluations are manually performed by a security expert and they are executed separately ...
Highlights- A novel framework for automating the defense (blue) team operations.
- An ...
Comments
Information & Contributors
Information
Published In
September 2020
189 pages
ISBN:9781450375610
DOI:10.1145/3384217
- General Chair:
- Perry Alexander,
- Program Chairs:
- Drew Davidson,
- Baek-Young Choi
Copyright © 2020 Owner/Author.
Permission to make digital or hard copies of part or all of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for third-party components of this work must be honored. For all other uses, contact the Owner/Author.
Publisher
Association for Computing Machinery
New York, NY, United States
Publication History
Published: 21 September 2020
Check for updates
Author Tags
Qualifiers
- Poster
Conference
HotSoS '20
Acceptance Rates
Overall Acceptance Rate 34 of 60 submissions, 57%
Contributors
Other Metrics
Bibliometrics & Citations
Bibliometrics
Article Metrics
- 0Total Citations
- 89Total Downloads
- Downloads (Last 12 months)11
- Downloads (Last 6 weeks)2
Other Metrics
Citations
View Options
Get Access
Login options
Check if you have access through your login credentials or your institution to get full access on this article.
Sign in