Omslagsbillede

An Open Source Tool to Support the Quantitative Assessment of Cybersecurity

Guardado en:
Udgivet i:International Conference on Cyber Warfare and Security (2017), p. 244-254
Hovedforfatter: Nagaraju, Vidhyashree
Andre forfattere: Fiondella, Lance, Wandji, Thierry
Udgivet:
Academic Conferences International Limited
Fag:
United States > US
Computer engineering
Software reliability
National security
Open source software
Contractors
Reliability analysis
Defense programs
Information systems
Public buildings
Cost estimates
Cybersecurity
Risk reduction
Reliability
Exploitation
Termination
Software
Economic well being
Government agencies
Well being
Morality
Copyright
Evaluation
Costs
Deployment
Cost analysis
Government contracts
Economic wellbeing
Military policy
Information technology
Thresholds
Penetration
Defense contracts
Violations
Online adgang:Citation/Abstract
Full Text
Full Text - PDF
Tags: Tilføj Tag
Ingen Tags, Vær først til at tagge denne postø!
Resumen:Software reliability and cybersecurity are critical to system integrity. Security violations in defense systems are an especially grave threat to national security and the focus of significant resources. Major defense acquisition programs (MDAP) are those that meet or exceed Acquisition Category One (ACAT I), which is determined by a cost estimate in excess of hundreds of millions of dollars. Inadequate cybersecurity has contributed to at least one MDAP declaring a Nunn-McCurdy Breach, which requires (i) Congress be notified when the cost per unit increases more than 25% beyond what was originally estimated and (ii) program termination for cost growth greater than 50%. Achieving cybersecurity cost effectively is therefore critical to the national defense and economic well-being of the United States. This paper presents an open source tool to support the quantitative assessment of software reliability and cybersecurity as well as the underlying mathematical theory and algorithmic details. The tool enables assessment of a system's security from penetration testing data and can be used to estimate the number of vulnerabilities remaining within the software as well as the additional penetration testing required to reduce the rate of vulnerability exploitation to a desired level with a specified level of confidence. This top down approach can be applied to systems such as vehicles as well as information systems, including those that must safeguard defense facilities, their contractors, and other government buildings. This approach will enable organizations that acquire software to establish quantitative requirements that can be included in contracts, providing clear thresholds for software and system developers to achieve. The tool will enable contractors to regularly assess the security of their software with respect to requirements, thereby facilitating the identification and reporting of programs that may fail to achieve contractually specified security objectives. This regular assessment and reporting will enable closer collaboration between government agencies and contractors to ensure that systems achieve a desired level of security to reduce the risk of cost and schedule overruns that would otherwise threaten deployment of secure systems.
Fuente:Political Science Database