Ensuring U.S. Air Force Operations During Cyber Attacks Against Combat Support Systems
Guidance for Where to Focus Mitigation Efforts
ResearchPublished May 29, 2015
Assessing mission assurance for combat support when under a cyber attack is challenging because of the sheer number of information systems, the range of vulnerabilities, and the number of combat support functions they support. RAND researchers developed a tool that presents a sequential process for prioritizing those functions and information systems most likely to be problematic for the operational mission during cyber attacks.
While combat support communities are not responsible for defending cyber networks, they are required to ensure mission execution, including when under cyber attack. Assessing mission assurance for combat support when under a cyber attack is challenging. The fact that many combat support systems do not reside on the most secure networks indicates potential vulnerabilities to cyber attack. Yet the sheer number of information systems that can be attacked, the range of vulnerabilities that these might have, the large number of combat support functions they support, and the complicated connections all of these have to operational missions makes assessments difficult. Add to this the evolving nature of the threats and vulnerabilities in cyberspace, and the task of finding adequate mitigation plans for all possibilities is formidable. RAND researchers developed a tool that presents a sequential process for identifying those functions and information systems most likely to be problematic for the operational mission during cyber attacks.
Key Findings
Making the Data Manageable Is Crucial
- Analyzing this issue with a brute force approach is impractical because of the sheer number of permutations to assess and the constantly evolving nature of the information systems, vulnerabilities, and threats.
- The Air Force counts 25 combat support functional communities, many of which have numerous subfunctions, and the sum of the functions are supported by hundreds of information systems.
- There are numerous ways in which a cyber attack can occur and a variety of impacts that might result. These include denial-of-service attacks from outside a firewall, manipulating data from within a firewall, interrupting communications, taking control of a system, and others.
- Analyzing every possible attack on all systems and assessing the impact to both combat support and operations would be impractical. Even if it were done, the results from such an analysis would be obsolete before completion.
A Sequential Process Prioritizes Those Programs Most in Need of Mitigation
- RAND researchers developed a sequential process for identifying those functions and information systems most likely to be problematic for the operational mission during cyber attacks.
- The approach finds the functions and information systems that are simultaneously the most critical to the mission — those that cause repercussions to the operational mission the fastest and those that have the highest risk of attack as defined by the threat, their vulnerability, and the impact of an attack.
- The method is implemented in a Microsoft Excel-hosted decision support tool that does not require any special expertise in the cyber domain.
Topics
Document Details
- Copyright: RAND Corporation
- Availability: Web Only
- Year: 2015
- Pages: 36
- Document Number: RR-620-AF
Citation
RAND Style Manual
Snyder, Don, George E. Hart, Kristin F. Lynch, and John G. Drew, Ensuring U.S. Air Force Operations During Cyber Attacks Against Combat Support Systems: Guidance for Where to Focus Mitigation Efforts, RAND Corporation, RR-620-AF, 2015. As of May 5, 2026: https://www.rand.org/pubs/research_reports/RR620.html
Chicago Manual of Style
Snyder, Don, George E. Hart, Kristin F. Lynch, and John G. Drew, Ensuring U.S. Air Force Operations During Cyber Attacks Against Combat Support Systems: Guidance for Where to Focus Mitigation Efforts. Santa Monica, CA: RAND Corporation, 2015. https://www.rand.org/pubs/research_reports/RR620.html.
Research conducted by
The research described in this report was conducted within the Resource Management Program of RAND Project AIR FORCE and was commissioned by the U.S. Air Force Materiel Command.
This publication is part of the RAND research report series. Research reports present research findings and objective analysis that address the challenges facing the public and private sectors. All RAND research reports undergo rigorous peer review to ensure high standards for research quality and objectivity.
This document and trademark(s) contained herein are protected by law. This representation of RAND intellectual property is provided for noncommercial use only. Unauthorized posting of this publication online is prohibited; linking directly to this product page is encouraged. Permission is required from RAND to reproduce, or reuse in another form, any of its research documents for commercial purposes. For information on reprint and reuse permissions, please visit www.rand.org/pubs/permissions.
RAND is a nonprofit institution that helps improve policy and decisionmaking through research and analysis. RAND's publications do not necessarily reflect the opinions of its research clients and sponsors.