Podcasting is Free and Easy Cheryl D’Amico John Paydo Mayfield Middle School.
Visualizing Time Patterns and Mission Impact of Cyber Security Breaches Contract # DAAH01-01-C-R044...
-
Upload
alicia-dennis -
Category
Documents
-
view
216 -
download
0
Transcript of Visualizing Time Patterns and Mission Impact of Cyber Security Breaches Contract # DAAH01-01-C-R044...
![Page 1: Visualizing Time Patterns and Mission Impact of Cyber Security Breaches Contract # DAAH01-01-C-R044 20 February 2001 through 20 March 2003 Anita D’Amico.](https://reader030.fdocuments.us/reader030/viewer/2022032723/56649cf85503460f949c8ceb/html5/thumbnails/1.jpg)
Visualizing Time Patterns and Visualizing Time Patterns and Mission Impact of Cyber Mission Impact of Cyber
Security BreachesSecurity Breaches
Visualizing Time Patterns and Visualizing Time Patterns and Mission Impact of Cyber Mission Impact of Cyber
Security BreachesSecurity Breaches
Contract # DAAH01-01-C-R044 20 February 2001 through 20 March 2003
Anita D’Amico
Stephen Salas
A Division of Applied Visions, Inc.
![Page 2: Visualizing Time Patterns and Mission Impact of Cyber Security Breaches Contract # DAAH01-01-C-R044 20 February 2001 through 20 March 2003 Anita D’Amico.](https://reader030.fdocuments.us/reader030/viewer/2022032723/56649cf85503460f949c8ceb/html5/thumbnails/2.jpg)
Background
![Page 3: Visualizing Time Patterns and Mission Impact of Cyber Security Breaches Contract # DAAH01-01-C-R044 20 February 2001 through 20 March 2003 Anita D’Amico.](https://reader030.fdocuments.us/reader030/viewer/2022032723/56649cf85503460f949c8ceb/html5/thumbnails/3.jpg)
3
DARPA Visualization ProjectDARPA Visualization Project Contract # DAAH01-01-C-R044Contract # DAAH01-01-C-R044
Phase 2 Small Business Innovative Research (SBIR) contract
Cathy McCollum of DARPA ATO (formerly ISO) is program manager
Effort is part of Cyber Panel (formerly Cyber C2) Contract commenced February 20, 2001 and will
run for 20 months
![Page 4: Visualizing Time Patterns and Mission Impact of Cyber Security Breaches Contract # DAAH01-01-C-R044 20 February 2001 through 20 March 2003 Anita D’Amico.](https://reader030.fdocuments.us/reader030/viewer/2022032723/56649cf85503460f949c8ceb/html5/thumbnails/4.jpg)
4
Key Objectives of Phase II SBIRKey Objectives of Phase II SBIR
1. Field a prototype system that will visually represent time patterns in IA “events”
Enhance discovery of time trends in events Show progression of an attack Show activity patterns of attackers
2. Field a prototype system that will visually represent the mission impact of IA events
Effect of security breaches on mission-critical tasks Effect on mission-critical tasks of taking a cyber
asset off line
![Page 5: Visualizing Time Patterns and Mission Impact of Cyber Security Breaches Contract # DAAH01-01-C-R044 20 February 2001 through 20 March 2003 Anita D’Amico.](https://reader030.fdocuments.us/reader030/viewer/2022032723/56649cf85503460f949c8ceb/html5/thumbnails/5.jpg)
5
IA Analysts Want to Know …IA Analysts Want to Know …
About temporal patterns in probes and attacks Do certain types of security events* occur more frequently at
specific times of day, week, month or year? Are certain adversaries more active at specific times of day,
week, month or year? Do certain events occur in a specific sequence? Do certain host devices get attacked in a specific sequence?
*A security event can be a vulnerability, an incident that precedes an attack (e.g. a probe), or an attack.
About the progress of a security breach over time What has changed since the last time I monitored the status? When did the attack really start? How rapidly is the attack progressing? How long does it take a new vulnerability to be exploited?
![Page 6: Visualizing Time Patterns and Mission Impact of Cyber Security Breaches Contract # DAAH01-01-C-R044 20 February 2001 through 20 March 2003 Anita D’Amico.](https://reader030.fdocuments.us/reader030/viewer/2022032723/56649cf85503460f949c8ceb/html5/thumbnails/6.jpg)
6
Historical
Data
IA Analysts Want to Relate Historical InfoIA Analysts Want to Relate Historical Infoto Current Information About Security Eventsto Current Information About Security Events
IDS
Scanner
Firewall
SensorsSensors
• Management Consoles
• Visualization Aids
• Data Mining
Pattern Pattern DetectionDetection
IntrusionsIntrusions
VulnerabilitiesVulnerabilities
Access eventsAccess events
Integrated RDBMS of Security Events
Collection of Collection of Sensor DataSensor Data
Data Data RepositoryRepository
10 year old technology
< 5 year old technology
![Page 7: Visualizing Time Patterns and Mission Impact of Cyber Security Breaches Contract # DAAH01-01-C-R044 20 February 2001 through 20 March 2003 Anita D’Amico.](https://reader030.fdocuments.us/reader030/viewer/2022032723/56649cf85503460f949c8ceb/html5/thumbnails/7.jpg)
7
IA Analysts Want to Know …IA Analysts Want to Know …
* A cyber asset can be a hardware device, software applications running on that device, data files or databases, or connectivity
If a particular cyber asset* is breached, what mission-critical task won’t get done?
For a particular mission-critical task to be completed successfully, which cyber assets must be secured?
If I defensively shut down a cyber asset in order to protect it or the network from breaches, what mission-critical tasks will be impaired?
![Page 8: Visualizing Time Patterns and Mission Impact of Cyber Security Breaches Contract # DAAH01-01-C-R044 20 February 2001 through 20 March 2003 Anita D’Amico.](https://reader030.fdocuments.us/reader030/viewer/2022032723/56649cf85503460f949c8ceb/html5/thumbnails/8.jpg)
8
Analysts Grapple with AssessingAnalysts Grapple with Assessingthe Mission Impact of Cyber Security Eventsthe Mission Impact of Cyber Security Events
IA analysts in military and commercial settings want to know the mission impact or business impact of cyber security events
Currently, security officers make educated guesses about the mission impact of security breaches and of removing certain cyber services to ensure security
Almost no one currently documents the importance of a specific cyber asset to the organization’s mission-critical tasks. Exceptions: Y2K analyses Disaster recovery departments
![Page 9: Visualizing Time Patterns and Mission Impact of Cyber Security Breaches Contract # DAAH01-01-C-R044 20 February 2001 through 20 March 2003 Anita D’Amico.](https://reader030.fdocuments.us/reader030/viewer/2022032723/56649cf85503460f949c8ceb/html5/thumbnails/9.jpg)
9
IDS
Scanner
Firewall
SensorsSensors
• Management Consoles
• Visualization Aids
• Data Mining
Pattern Pattern DetectionDetection
IntrusionsIntrusions
VulnerabilitiesVulnerabilities
Access eventsAccess events
Integrated RDBMS of Security Events
Collection of Collection of Sensor DataSensor Data
Data Data RepositoryRepository
IDS
Scanner
Firewall
SensorsSensors
IDS
Scanner
Firewall
SensorsSensors
• Management Consoles
• Visualization Aids
• Data Mining
Pattern Pattern DetectionDetection
• Management Consoles
• Visualization Aids
• Data Mining
Pattern Pattern DetectionDetection
IntrusionsIntrusions
VulnerabilitiesVulnerabilities
Access eventsAccess events
Integrated RDBMS of Security Events
Collection of Collection of Sensor DataSensor Data
Data Data RepositoryRepository
IntrusionsIntrusions
VulnerabilitiesVulnerabilities
Access eventsAccess events
Integrated RDBMS of Security Events
Collection of Collection of Sensor DataSensor Data
Data Data RepositoryRepository
Historical
Data
Historical
Data
Future Systems Should Be Able To AccessFuture Systems Should Be Able To Accessand Visualize Mission Dependency Dataand Visualize Mission Dependency Data
COA Simulation &
Modeling
Mission Dependency
Tables
![Page 10: Visualizing Time Patterns and Mission Impact of Cyber Security Breaches Contract # DAAH01-01-C-R044 20 February 2001 through 20 March 2003 Anita D’Amico.](https://reader030.fdocuments.us/reader030/viewer/2022032723/56649cf85503460f949c8ceb/html5/thumbnails/10.jpg)
Progress on Temporal Displays
![Page 11: Visualizing Time Patterns and Mission Impact of Cyber Security Breaches Contract # DAAH01-01-C-R044 20 February 2001 through 20 March 2003 Anita D’Amico.](https://reader030.fdocuments.us/reader030/viewer/2022032723/56649cf85503460f949c8ceb/html5/thumbnails/11.jpg)
11
Requirements for Temporal ScenesRequirements for Temporal Scenes
1. User-selectable time gradations (e.g. seconds, minutes, hours, days, months)
2. User-selectable time range (e.g. from May 1 through June 15)
3. User ability to annotate time grid (e.g. “June 13 – Checkpoint firewall vulnerability becomes public.”)
4. Relate security events and their characteristics to time
5. Relate attack sources and their characteristics to time
6. Relate targeted assets and their characteristics to time
7. Simultaneously relate events, attack sources and target characteristics to time
![Page 12: Visualizing Time Patterns and Mission Impact of Cyber Security Breaches Contract # DAAH01-01-C-R044 20 February 2001 through 20 March 2003 Anita D’Amico.](https://reader030.fdocuments.us/reader030/viewer/2022032723/56649cf85503460f949c8ceb/html5/thumbnails/12.jpg)
12
Requirements for Temporal ScenesRequirements for Temporal Scenes
8. Depict frequencies of specific classes of events (e.g. number of probes on each day for period of May 1 - May 7)
9. View sequence of events irrespective of absolute time (e.g. at Hanscom site #125, these events occurred in sequence from May 1-7)
10. Depict duration of events (length of a DOS attacks on February 6-12; length of a telnet session or FTP session)
11. Simultaneously compare patterns of events over multiple user-specified time ranges (e.g. compare number of probes during April 1-7, May 1-7, June 1-7)
12. Show time lapse between exposure (I.e. insertion of a vulnerability) and a related exploit
13. Show differences between two user-selected times (e.g. show differences in vulnerabilities on a specific network on April 1 and June 1)
![Page 13: Visualizing Time Patterns and Mission Impact of Cyber Security Breaches Contract # DAAH01-01-C-R044 20 February 2001 through 20 March 2003 Anita D’Amico.](https://reader030.fdocuments.us/reader030/viewer/2022032723/56649cf85503460f949c8ceb/html5/thumbnails/13.jpg)
13
Additional Reqts for Temporal ScenesAdditional Reqts for Temporal Scenes
14. Show the time patterns of general level of security-related activity, irrespective of type of attack
15. Show observed time trends against a “normal” profile of time trends16. Show security events over time in comparison to typical measures
of network traffic (e.g. FTPs)17. Show time vs events vs a third variable (e.g. location) (e.g. put
location on wall and event classes on the floor)18. Show geographical movement of an attack from one location to
another vs time19. User should be able to input a sequence of events and then ask the
system to match to that sequence 20. System should suggest scenes of interest to the analyst, based on
previously identified combinations of data in the database or sequences of events
21. User should be able to apply filters to what is presented on the temporal wall (e.g. show me only events on mission-critical devices)
![Page 14: Visualizing Time Patterns and Mission Impact of Cyber Security Breaches Contract # DAAH01-01-C-R044 20 February 2001 through 20 March 2003 Anita D’Amico.](https://reader030.fdocuments.us/reader030/viewer/2022032723/56649cf85503460f949c8ceb/html5/thumbnails/14.jpg)
14
Temporal Event Wall Can Display Event Temporal Event Wall Can Display Event Frequencies, Sequences & DurationsFrequencies, Sequences & Durations
Frequencies of Each Event Over Time
Event Class (Vulnerabilities
& Attacks)
Time
User can click on frequency bar to see
which hosts were the targets of the events
Days in May
Provisional Patent Filed by Applied Visions, Inc.
![Page 15: Visualizing Time Patterns and Mission Impact of Cyber Security Breaches Contract # DAAH01-01-C-R044 20 February 2001 through 20 March 2003 Anita D’Amico.](https://reader030.fdocuments.us/reader030/viewer/2022032723/56649cf85503460f949c8ceb/html5/thumbnails/15.jpg)
15
Classes of Vulnerabilities
& Attacks
(Can be listed hierarchically)
Specific time of each event is associated to the targeted host
Event Wall Scene Links Events, Event Wall Scene Links Events, Targets & Attackers in TimeTargets & Attackers in Time
Time can be shown as a specific point in time or relative sequence
Provisional Patent Filed by Applied Visions, Inc.
![Page 16: Visualizing Time Patterns and Mission Impact of Cyber Security Breaches Contract # DAAH01-01-C-R044 20 February 2001 through 20 March 2003 Anita D’Amico.](https://reader030.fdocuments.us/reader030/viewer/2022032723/56649cf85503460f949c8ceb/html5/thumbnails/16.jpg)
16
Rear Plane Can Show Attacker Rear Plane Can Show Attacker Characteristics or Sensor SourcesCharacteristics or Sensor Sources
Attack Sources and the Times
That They Strike or
Sensors Reporting the
Events
Provisional Patent Filed by Applied Visions, Inc.
![Page 17: Visualizing Time Patterns and Mission Impact of Cyber Security Breaches Contract # DAAH01-01-C-R044 20 February 2001 through 20 March 2003 Anita D’Amico.](https://reader030.fdocuments.us/reader030/viewer/2022032723/56649cf85503460f949c8ceb/html5/thumbnails/17.jpg)
17
Top View Allows Simultaneous ViewingTop View Allows Simultaneous Viewingof Activities Related to Timeof Activities Related to Time
Time (in hours)
Target Hosts
Lines Show Times That
Target Hosts Were Hit
Attacker Information
(Could Also be Reporting Sensors)
Provisional Patent Filed by Applied Visions, Inc.
![Page 18: Visualizing Time Patterns and Mission Impact of Cyber Security Breaches Contract # DAAH01-01-C-R044 20 February 2001 through 20 March 2003 Anita D’Amico.](https://reader030.fdocuments.us/reader030/viewer/2022032723/56649cf85503460f949c8ceb/html5/thumbnails/18.jpg)
18
Comparison of Several User-SelectedComparison of Several User-SelectedTime RangesTime Ranges
Time (in hours)
Sun
Mon
Tues
Wed
Thur
Fri
Sat
Provisional Patent Filed by Applied Visions, Inc.
.
![Page 19: Visualizing Time Patterns and Mission Impact of Cyber Security Breaches Contract # DAAH01-01-C-R044 20 February 2001 through 20 March 2003 Anita D’Amico.](https://reader030.fdocuments.us/reader030/viewer/2022032723/56649cf85503460f949c8ceb/html5/thumbnails/19.jpg)
19
Status of Work on Temporal DisplaysStatus of Work on Temporal Displays
Software will be completed October 2001 Test installation of temporal displays at
Army’s Land Information Warfare Agency (LIWA) at Fort Belvoir in December 2001
![Page 20: Visualizing Time Patterns and Mission Impact of Cyber Security Breaches Contract # DAAH01-01-C-R044 20 February 2001 through 20 March 2003 Anita D’Amico.](https://reader030.fdocuments.us/reader030/viewer/2022032723/56649cf85503460f949c8ceb/html5/thumbnails/20.jpg)
Progress on Mission Impact Displays
![Page 21: Visualizing Time Patterns and Mission Impact of Cyber Security Breaches Contract # DAAH01-01-C-R044 20 February 2001 through 20 March 2003 Anita D’Amico.](https://reader030.fdocuments.us/reader030/viewer/2022032723/56649cf85503460f949c8ceb/html5/thumbnails/21.jpg)
21
Approach to Mission Impact DisplaysApproach to Mission Impact Displays
Starting Points We have good list of requirements We have two concepts for visualization
Mission association scene Mission dependency ring
Requirements have to be modified to align with mission model work to date
Visualization concepts will have to be modified after requirements are refined
![Page 22: Visualizing Time Patterns and Mission Impact of Cyber Security Breaches Contract # DAAH01-01-C-R044 20 February 2001 through 20 March 2003 Anita D’Amico.](https://reader030.fdocuments.us/reader030/viewer/2022032723/56649cf85503460f949c8ceb/html5/thumbnails/22.jpg)
22
Requirements for Mission Impact SceneRequirements for Mission Impact Scene
1. Illustrate all dependencies between cyber assets and mission-critical tasks
2. For a specific mission, highlight cyber assets that must be secured (I.e. top down view)
3. For a specific cyber asset, highlight the mission-critical tasks that depend on it (I.e. bottom up view)
4. Show strength of dependencies (low, medium, high) between cyber assets and mission critical tasks
5. Show “and/or” dependencies between cyber assets and mission critical tasks, I.e. substitutability (e.g. to perform ATO generation I need the Joint mapping application, the imagery database and either access to a e-mail, or access to a printer and a secure fax machine)
6. Depict the sequence in specific cyber assets are needed for a mission-critical task
![Page 23: Visualizing Time Patterns and Mission Impact of Cyber Security Breaches Contract # DAAH01-01-C-R044 20 February 2001 through 20 March 2003 Anita D’Amico.](https://reader030.fdocuments.us/reader030/viewer/2022032723/56649cf85503460f949c8ceb/html5/thumbnails/23.jpg)
23
More Requirements for Mission SceneMore Requirements for Mission Scene
7. Latest time that a critical asset can be used.
8. Show broad status of a mission-critical task (red, yellow, green)
![Page 24: Visualizing Time Patterns and Mission Impact of Cyber Security Breaches Contract # DAAH01-01-C-R044 20 February 2001 through 20 March 2003 Anita D’Amico.](https://reader030.fdocuments.us/reader030/viewer/2022032723/56649cf85503460f949c8ceb/html5/thumbnails/24.jpg)
24
Mission Association Scene Relates MissionMission Association Scene Relates Mission to Security Events or Devices to Security Events or Devices That Have Experienced EventsThat Have Experienced Events
Line thickness indicates strength of dependency
![Page 25: Visualizing Time Patterns and Mission Impact of Cyber Security Breaches Contract # DAAH01-01-C-R044 20 February 2001 through 20 March 2003 Anita D’Amico.](https://reader030.fdocuments.us/reader030/viewer/2022032723/56649cf85503460f949c8ceb/html5/thumbnails/25.jpg)
25
Mission Dependency Rings Show Dependencies Mission Dependency Rings Show Dependencies Between Cyber Resources and MissionsBetween Cyber Resources and Missions
Network Devices
Simple Cyber Resources
(hosted on devices)
Compound Cyber Resources
Mission Critical Tasks/FunctionsMissions
Provisional Patent Filed by Applied Visions, Inc.
![Page 26: Visualizing Time Patterns and Mission Impact of Cyber Security Breaches Contract # DAAH01-01-C-R044 20 February 2001 through 20 March 2003 Anita D’Amico.](https://reader030.fdocuments.us/reader030/viewer/2022032723/56649cf85503460f949c8ceb/html5/thumbnails/26.jpg)
26
Mission Dependency Rings Scene Can Mission Dependency Rings Scene Can Relate Critical Mission Function to Relate Critical Mission Function to
Specific Device CharacteristicsSpecific Device Characteristics
A specific device is selected by the user, based on its
characteristics (e.g. location, OS, organization)
Missions associated with selected device
Mission-critical tasks dependent on that
deviceCompound cyber resources to which that device contributes (e.g. e-mail)
Resource hosted by device
Provisional Patent Filed by Applied Visions, Inc.
![Page 27: Visualizing Time Patterns and Mission Impact of Cyber Security Breaches Contract # DAAH01-01-C-R044 20 February 2001 through 20 March 2003 Anita D’Amico.](https://reader030.fdocuments.us/reader030/viewer/2022032723/56649cf85503460f949c8ceb/html5/thumbnails/27.jpg)
27
Requirements for Populating Requirements for Populating Current Mission Impact ScenesCurrent Mission Impact Scenes
Type of information that needs to be stored in a database Network devices and their characteristics (type of platform; location;
OS; organization to which they are assigned) Resources (e.g. services, data, communications) hosted by devices
(resource x device dependency) Critical tasks and missions dependent on those resources (mission task
x resource dependency) Strength of each dependency (none, low, medium, high) Specific time and sequence requirements for each resource needed for
a mission critical task Substitutability of cyber assets
User should be able to enter mission date manually Capture network data from a network manager (e.g. CA Unicenter
stores “business process” information)
![Page 28: Visualizing Time Patterns and Mission Impact of Cyber Security Breaches Contract # DAAH01-01-C-R044 20 February 2001 through 20 March 2003 Anita D’Amico.](https://reader030.fdocuments.us/reader030/viewer/2022032723/56649cf85503460f949c8ceb/html5/thumbnails/28.jpg)
28
Status of Work on Status of Work on Mission Impact DisplaysMission Impact Displays
Additional requirements are being gathered To be completed in December 2001
Display concepts will be modified to conform to new requirements and human factors principles
Software development will commence in February 2002
Test sites are being sought for installation in October 2002
![Page 29: Visualizing Time Patterns and Mission Impact of Cyber Security Breaches Contract # DAAH01-01-C-R044 20 February 2001 through 20 March 2003 Anita D’Amico.](https://reader030.fdocuments.us/reader030/viewer/2022032723/56649cf85503460f949c8ceb/html5/thumbnails/29.jpg)
Technologies Underlying
Temporal and Mission Impact
Visual Scenes
![Page 30: Visualizing Time Patterns and Mission Impact of Cyber Security Breaches Contract # DAAH01-01-C-R044 20 February 2001 through 20 March 2003 Anita D’Amico.](https://reader030.fdocuments.us/reader030/viewer/2022032723/56649cf85503460f949c8ceb/html5/thumbnails/30.jpg)
30
SecureScope Console and Server Have Been SecureScope Console and Server Have Been Modified So That Temporal & Mission Impact Modified So That Temporal & Mission Impact
Scenes Can Interface Easily to Customer RDBMSScenes Can Interface Easily to Customer RDBMS
Console Server
Java RMI JDBC
Windows 32-bit client, C++,
Cortona 3-D Viewer
Central repository for security event data
Receives scene data requests from console and fetches necessary data from database.
Handles complexity of data storage.
Responsible for building and rendering of 3D visualizations.
User interface
Customer’s Relational Database
Java Oracle 7.3, 8i, Access, etc…
![Page 31: Visualizing Time Patterns and Mission Impact of Cyber Security Breaches Contract # DAAH01-01-C-R044 20 February 2001 through 20 March 2003 Anita D’Amico.](https://reader030.fdocuments.us/reader030/viewer/2022032723/56649cf85503460f949c8ceb/html5/thumbnails/31.jpg)
31
Technology Needed to Run Temporal and Technology Needed to Run Temporal and Mission Impact Scenes At Customer SiteMission Impact Scenes At Customer Site
Secure Decisions Provides Proprietary SecureScope visualization software that includes
association, temporal and mission impact scenes Parallel Graphics’ Cortona 3-D Viewer licensed software Sun Microsystems and Microsoft XML parsers JDBC driver for the customer’s relational database Sun Microsystems Java Runtime Environment (JRE)
Customer Provides Pentium III hardware platform with 256 MB RAM and 100 MB
free hard disk space Windows 2000 (or NT 4.0 for older version) Microsoft Internet Explorer Commercial RDBMS Database schema
![Page 32: Visualizing Time Patterns and Mission Impact of Cyber Security Breaches Contract # DAAH01-01-C-R044 20 February 2001 through 20 March 2003 Anita D’Amico.](https://reader030.fdocuments.us/reader030/viewer/2022032723/56649cf85503460f949c8ceb/html5/thumbnails/32.jpg)
Additional Program Information
![Page 33: Visualizing Time Patterns and Mission Impact of Cyber Security Breaches Contract # DAAH01-01-C-R044 20 February 2001 through 20 March 2003 Anita D’Amico.](https://reader030.fdocuments.us/reader030/viewer/2022032723/56649cf85503460f949c8ceb/html5/thumbnails/33.jpg)
33
Project ScheduleProject Schedule
Schedule for VisRep2
Task Q2 Q3 Q4 Q1 Q2 Q3 Q4 Q1 Q2 Deliverables
1. Implement temporal displays Month 9 - Standalone demo
2. Integrate temporal displays at test site Mo 11 - Integrated demo
3. Adopt a mission impact database schema Mo 11 - Draft schema interface
4. Modify mission impact displays Mo 13 Static display designs
5. Implement mission impact displays Mo 18 - Standalone demo
6. Integrate mission displays at test site Mo 20 - Integrated demo
7. Document results Mo 6, 12 - Interim Reports; Mo 21 - Final
8. Prepare commercialization report Mo 22 - Commercialization report
9. Manage project Mos 4, 9, 13, 20 - Program ReviewsJ F M A M J J A S O N D J F M A M J J A S O N D J F M
FY01 FY02 FY03
2001 2002 2003
![Page 34: Visualizing Time Patterns and Mission Impact of Cyber Security Breaches Contract # DAAH01-01-C-R044 20 February 2001 through 20 March 2003 Anita D’Amico.](https://reader030.fdocuments.us/reader030/viewer/2022032723/56649cf85503460f949c8ceb/html5/thumbnails/34.jpg)
34
Recent Publications & ConferencesRecent Publications & Conferences
D’Amico, A. “Cyber Defense Situational Awareness.” Computer Security in a Collaborative Research Environment, Brookhaven National Laboratory Symposium, Brookhaven, NY, June 27, 2000.
D’Amico, A. “Cyber Defense Situational Awareness.” InfoWarCon, Washington, DC, September 13, 2000.
D’Amico, A. and Larkin, M. “Methods of Visualizing Temporal Patterns in and Mission Impact of Computer Security Breaches”, Accepted for DISCEX conference, June 2001
![Page 35: Visualizing Time Patterns and Mission Impact of Cyber Security Breaches Contract # DAAH01-01-C-R044 20 February 2001 through 20 March 2003 Anita D’Amico.](https://reader030.fdocuments.us/reader030/viewer/2022032723/56649cf85503460f949c8ceb/html5/thumbnails/35.jpg)
35
Key StaffKey Staff
Anita D’Amico, P.I. Manages program; Provides overall direction; Gathers user
requirements; Guides changes to display designs
Stephen Salas, Project Engineer Directs software implementation and installation of prototype
system; Develops software
John O’Hara, Sub-Contractor Provides access to human factors requirements for 3-D displays
from other industries
David Spector, Sub-Contractor Provides commercial information security expertise as input into
user requirements
![Page 36: Visualizing Time Patterns and Mission Impact of Cyber Security Breaches Contract # DAAH01-01-C-R044 20 February 2001 through 20 March 2003 Anita D’Amico.](https://reader030.fdocuments.us/reader030/viewer/2022032723/56649cf85503460f949c8ceb/html5/thumbnails/36.jpg)
36
Visualization of Temporal Patterns inVisualization of Temporal Patterns inand Mission Impact of Cyber Security Breachesand Mission Impact of Cyber Security Breaches
• Implement visualization aids to the discovery and analysis of time patterns in cyber security breaches
• Implement visualization aids to understanding the impact of cyber security breaches on mission-critical tasks
• Develop methods for easily interfacing visualization aids to most database schema containing temporal & mission impact data
New Ideas
Frequencies of Each Event Over Time
Event Class (Vulnerabilities
& Attacks)
Time
User can click on frequency bar to see
which hosts were the targets of the events
User can click on frequency bar to see
which hosts were the targets of the events
Days in May
Provisional Patent Filed by Applied Visions, Inc.
• Speeds IA analysts’ access to information about the progression, sequence and time urgency of an impending cyber attack
• Improves speed of comprehending the impact of cyber threats to critical missions
• Improves maintenance of critical mission operations in the presence of cyber threats
ImpactTASK
1. Implement temporal displays
2. Integrate temporal displays at test site
3. Cooperate with mission model programs
4. Modify mission impact displays
5. Implement mission impact displays
6. Integrate mission displays at test site
7. Document results
8. Prepare commercialization report
9. Manage project
FY 01 FY 02 FY 03
Quarterly ReportsProgram Reviews
Schedule
A Division of Applied Visions, Inc. www.SecureDecisions.com
![Page 37: Visualizing Time Patterns and Mission Impact of Cyber Security Breaches Contract # DAAH01-01-C-R044 20 February 2001 through 20 March 2003 Anita D’Amico.](https://reader030.fdocuments.us/reader030/viewer/2022032723/56649cf85503460f949c8ceb/html5/thumbnails/37.jpg)
37