Red Team Data Collection and Analysis for the Cyber Assessment Program

July, 2022
IDA document: D-33075
FFRDC: Systems and Analyses Center
Type: Documents
Division: Operational Evaluation Division
Walter R. Dodson, Jason R. Schlup, Shawn C. Whetstone See more authors
Over the past five years, IDA has helped the Department of Defense define standards for the content and form of an action map — a data product produced as part of mission assurance and cyber operations assessments for the Cyber Assessment Program. For these assessments, Red Teams (cyber hackers posing as adversaries) are tasked with identifying and exploring vulnerabilities. In this briefing, the authors define the data elements required in an action map, describe how they are created and explore challenges to their creation. They introduce potentially useful action map analysis techniques with a focus on the potential for using automated techniques. Such techniques can streamline the more time-consuming and error-prone aspects of map creation and analysis and aid in research reproducibility.