To improve cyber resilience and reduce risks in Navy Industrial Control Systems (ICS), we propose an innovative software tool called Cyber Resilience Modeling and Simulation (CRMSTM). Based on a quantitative agent-based modeling approach, CRMS is designed to establish a common framework that integrates Risk Management Framework (RMF) components into a consolidated resilience model with simulation functions, and evaluates the level of resilience and the effectiveness of mitigation actions under various attack scenarios. CRMS will be a web-based tool to perform cyber resilience evaluation and cost-benefit analysis on ICS and System of Systems (SoS) in general in support of the cybersecurity test and evaluation process during acquisition. Our Phase I effort will focus on the CRMS model architecture and component design, the design of a common resilience metrics, and a use-case driven simulation to demonstrate feasibility of the proposed solution.
Benefit: CRMS will be a first-of-its-kind tool to fill an important technology gap in support of the latest DON cybersecurity requirements for ICS-related acquisitions. The result of this SBIR will support the assessment of ICS resiliency across SoS and contribute directly to DON/NAVSEAs efforts in enhancing cybersecurity resilience at system design stage and reducing cybersecurity related acquisition costs. Once developed, CMCS can be easily adopted by other DOD Components and commercial industries, such as electric power and utilities, healthcare, gas and oil, and manufacturing.
Keywords: Cybersecurity Risk Management, Cybersecurity Risk Management, Cyber Resilience Engineering, Industrial Control Systems, Cybersecurity Defense-in-depth, critical infrastructure protection, System of Systems Engineering
