Assessments and Methodologies

Cybersecurity experts help decisionmakers identify their dependence on various cyber-related assets. Identifying a facility’s reliance helps decisionmakers add redundancies and backups into their disaster recovery and resilience plans, ensuring that, should disaster strike, they are prepared. Understanding and visualizing the complex relationships that exist between classes of critical infrastructure is of vital national security interest to the U.S. Critical infrastructure such as electrical power plants, power lines, water treatment plants, and data centers operate together to support essential local and national functions like internet service, electricity, and clean water. Infrastructure is often highly complex and interdependent, where the failure at any node could render the larger infrastructure partially or wholly non-functional.

SimDependency: Simulated Dependency Scenarios for Decisionmakers

SIMDependency is an interactive tool that allows decisionmakers to view interconnected assets and dependencies on their infrastructure that allow for normal operations. This tool highlights generic, internet, and consequence-based dependency models. SIMDependency maps upstream and downstream dependencies and can simulate failures within different dependencies and how the loss of that dependency would affect the participating facility. 

In the photo above, SIMDependency simulates an internet outage affecting multiple data centers within a given area. 

Sporting Physical and Risk Tool Assessment (SPARTA) 

SPARTA is a comparative risk assessment tool that seeks to provide high-level assessments to consistently measure the ever-evolving landscape of threats to unique entities and facilities. The growing prevalence of technology in the sports and entertainment sector provides a unique opportunity to utilize comparative assessment methodology compared against like venues. SPARTA is intended to assist venue operators by collecting data on facilities to analyze the current security posture of their facility, both physical and cyber capabilities. SPARTA is available online and mobile, consisting of over 300 questions pertaining to a wide array of measuring various threats and vulnerabilities. Assessment topics focus on access control, training, risk management, incident response, critical systems, emergency planning, communications, and threat management. Varying levels of threats and vulnerabilities can be assessed multiple times for the same venue, taking into consideration the variance of events which occur unique to the venue. SPARTA aims to increase the security posture of the Commercial Facilities Sector, which has a broad range of sites that can bring in large crowds. 

Cyber Infrastructure Survey Tool 

The C-IST is an assessment of essential cybersecurity practices in-place for critical cyber services within critical infrastructure organizations. The C-IST is a structured, interview-based assessment focusing on over 80 cybersecurity controls grouped under five main topics. Following the assessment, participants can review and interact with the surveyed findings through a user-friendly, data-rich dashboard. The C-IST dashboard allows organizations to see their results compared against other like services within the same critical infrastructure sector, review their results in context of specific cyber and physical threat scenarios, and dynamically adjust the status of in-place practices to see the effects on overall cyber protection. The C-IST provides various benefits to an organization, including: an effective, repeatable assessment of cyber security controls in-place for a critical service within public and private sector organizations;) a user-friendly, interactive dashboard to support cybersecurity planning and resource allocation, ; and context-rich information with peer comparison where peer data is available. 

Amanda Joyce
Strategic Cybersecurity Analysis and Research (SCAR) Group Lead
Nate Evans
SCAR Cybersecurity Program Lead