Applying Cause-Effect Mapping to Assess Cybersecurity Vulnerabilities in Model-Centric Acquisition Program Environments

Jack Reid; Donna H. Rhodes

Please use this identifier to cite or link to this item: https://dair.nps.edu/handle/123456789/1606

Full metadata record

DC Field	Value	Language
dc.contributor.author	Jack Reid
dc.contributor.author	Donna H. Rhodes
dc.date.accessioned	2020-03-16T17:59:47Z	-
dc.date.available	2020-03-16T17:59:47Z	-
dc.date.issued	2018-04-30
dc.identifier.citation	Published--Unlimited Distribution
dc.identifier.uri	https://dair.nps.edu/handle/123456789/1606	-
dc.description	Acquisition Management / Defense Acquisition Community Contributor
dc.description.abstract	Digital engineering approaches are increasingly used in acquisition of systems, changing the current paradigm from documentation-centric to model-centric. Not only are these systems highly vulnerable to cyber threats, so too are their enabling environment and digital assets. While good practices have emerged to support the shift to model-centric program acquisition, such programs experience perturbations over their life cycles that introduce new vulnerabilities that may lead to cascading failures. Cybersecurity vulnerabilities are of particular concern given digital transformation and increasing threat actors, making vulnerability assessment essential throughout acquisition program life cycles. This paper discusses ongoing research that seeks to provide program managers with the means to identify cybersecurity vulnerabilities within model-centric programs (along with other model-related vulnerabilities) and determine where interventions can most effectively be taken. The research builds on recent work in developing a reference model for model-centric program vulnerability assessment that uses the Cause-Effect Mapping (CEM) analytic technique. This research investigates cybersecurity specifically, using CEM and other dynamic analysis approaches, including a prototype for proactive assessment of cybersecurity and evaluation of potential interventions.
dc.description.sponsorship	Acquisition Research Program
dc.language	English (United States)
dc.publisher	Acquisition Research Program
dc.relation.ispartofseries	Acquisition Management
dc.relation.ispartofseries	SYM-AM-18-090
dc.subject	Cause-Effect Mapping
dc.subject	Cybersecurity
dc.subject	Model-Centric Acquisition
dc.subject	Digital Engineering
dc.subject	Cause-Effect Mapping
dc.subject	CEM
dc.title	Applying Cause-Effect Mapping to Assess Cybersecurity Vulnerabilities in Model-Centric Acquisition Program Environments
dc.type	Article
Appears in Collections:	Annual Acquisition Research Symposium Proceedings & Presentations

Files in This Item:

File	Size	Format
SYM-AM-18-090.pdf	2.04 MB	Adobe PDF	View/Open

Show simple item record

DSpace JSPUI

DSpace preserves and enables easy and open access to all types of digital content including text, images, moving images, mpegs and data sets