Platform IT system insecurity is expressible as information arbitrage practiced by the attacker (i.e. the attacker knows something the defender doesnt and profits by it). The adversary gains this knowledge by both observing the defenders system over time and practicing their attacks on similar systems or components that are often commercially available. The attacker typically has a limited set of objectives which aids in focused application of his resources. The defender has multiple competing requirements to satisfy. This project enables team sourcing of defender resources and knowledge for improved focus and insights leading to superior vulnerability identification, mitigation, and mission success. The tool developed by this project will mitigate opportunities for information arbitrage by the attacker.
Benefits: This project will produce a methodology/tool that provides for cost effective application of cyber-physical system defensive measures.
Keywords: Platform IT, Avionics, vulnerability identification, threat mitigation, three tenets