A deterministic risk analysis and measurement model for assessing availability and integrity in command and control systems

Abstract

Military command and control (C2) systems are increasingly challenged by a host of modern problems, namely, internal vulnerabilities and external threats. Several approaches have been suggested in the literature to measure availability and integrity in C2 systems. Despite the importance of developing and maintaining self-protecting and self-healing processes, the simultaneous consideration of availability and integrity has received little attention in the literature. We propose a deterministic quantitative risk analysis and measurement (Q-RAM) framework for C2 systems which is focused on the failure risk induced by internal vulnerabilities and external threats present in the C2 systems. The proposed system allows risk managers to get a comprehensive snapshot of the system availability and integrity, assess the failure risks with the assistance of a multi-factor risk metric, and manage those risks by searching for the best combination of countermeasures, allowing the user to determine the preferred tradeoff between the system's availability and integrity costs.