Building Secure, Resilient Architectures for Cyber Mission Assurance

Today’s information technology (IT) environments are increasingly subject to escalating cyber attacks. Cyber threats vary widely in sophistication, intent, and the consequences to the targeted systems and networks. The range of attackers extends from users who unintentionally damage systems to hackers, to cyber criminals, to full‐scale cyber spies and cyber warriors; their intentions span from annoying vandalism to economic threats to taking out the electric grid or defeating armed forces. Similarly, the target of the attacks can vary from a single computer or router to an entire on‐line banking system, business enterprise, or global supply chain. At the same time, our missions and businesses fall along a spectrum of criticality—from desirable to necessary, essential, and mission or safety critical. Given the broad spectrums of threat, intent, and consequence to mission‐critical functions, determining exactly where our mission systems lie in this continuum of dimensions is vital to determine the appropriate level of investment and response.