Cyber Assessment Program Action Map Introduction

Analyzing data from DOD Cyber Red Teams is crucial to the DOT&E’s Cyber Assessment Program (CAP) operational Mission Assurance and cyber operations assessments, which help assess and improve the Department of Defense’s ability to defend warfighting capabilities and missions. As part of the program, Cyber Red Teams deliver a data product, called an action map, prior to and during an assessment. Over the past five years, IDA has helped DOT&E define standards for the expected action map content and form. We begin this training briefing by defining action maps and the required data elements each action map should include. Then, we use an example open source cyber attack description to show how Red Teams typically create an action map and highlight some challenges associated with action map creation. Next, we introduce how IDA analyzes action maps, including how the action map data helps inform DOT&E reports. Finally, we focus on future efforts to improve the action map creation and analysis process by using automated data collection capabilities and analysis techniques. Automating the time-consuming and error-prone aspects of using action maps will improve available analysis techniques and the reproducibility of our research.