STO-Activities: (no title)
Activity title:
Applying and Validating the Cyber Security Risk Assessment Process for Military Systems
Activity Reference:
IST-188 (IWA)
Panel:
IST
Security Classification:
NATO UNCLASSIFIED
Status:
Active
Activity type:
RTG
Start date:
2020-09-01T00:00:00Z
Actual End date:
2025-09-01T00:00:00Z
Keywords:
Cyber Security Risk Assessment Process for Military Systems
Background:
Between 2016 and 2020, the NATO RTG IST-151 “Cyber security of military systems” shared risk management and assessment approaches and developed a common cyber security risk assessment process adapted to military systems. Military systems are mostly embedded systems and cyber security risk assessment processes for embedded systems are presently inexistent. The IST-151 team thus provided a process that NATO nations can use to improve the cyber security posture of NATO military equipment.
Objectives:
The two main scientific objectives of this activity are:
1- validate the process created by RTG IST-151 and make improvements when necessary and
2- perform a larger-scale evaluation of the process in its way to potentially be proposed as a NATO standard.
A corollary effect will be to bring NATO nations’ awareness to the process.
The following sub-activities will take place:
- Each member nation selects assessment targets.
- Each member nation applies the process on selected targets.
- Each member nation reports back on their assessments. Since assessment results can be classified SECRET and above, assessment results do not need to be reported. Only the experience of process applications, the pros and cons, and improvement suggestions must be reported.
- The team makes the suggested improvements to the process.
- The team selects and participates to events such as conferences in order to promote the process to NATO nations.
At the end of the activity, a validated and potentially improved cyber security risk assessment process for military systems is produced and made available to NATO nations to improve current and future NATO systems’ cyber security.
Topics:
- Cyber security risk assessment of military systems: the process published at the end of this activity will be the first and only validated NATO process to assess the cyber security risks of military systems.
- The process covers the following selected topics:
o Military missions, capabilities, functions
o System documentation
o CONOPS
o Mission criticality analysis
o Preliminary and full risk assessments
o System architecture
o Threat events, sources and scenarios
o Security controls
o Test plan and evaluation criteria
o Vulnerability research and discovery
o Static and dynamic analyses
o Penetration testing
o Firmware analysis
o Reverse engineering
o Fuzzing
o Necessary resources estimation
Contact:
Open2Partners:
Title:
Created at 04/06/2020 17:00 by System Account
Last modified at 16/05/2024 12:00 by System Account
Go back to list
Home(NATO STO)