Approaches to Modeling the Impact of Cyber Attacks on a Mission

The success of a business mission is highly dependent on the Communications and Information Systems (CIS) that support the mission. Mission Impact Assessment (MIA) seeks to assist the integration of business or military operations with cyber defense, particularly in bridging the cognitive gap between operational decision-makers and cyber defenders. Recent years have seen a growing interest in model-driven approaches to MIA. Such approaches involve construction and simulation of models of the mission, systems, and attack scenarios in order to understand an attack's impact, including its nature, dependencies involved, and the extent of consequences. This paper discusses representative examples of recent research on model-driven approach to MIA, highlights its potential value and cautions about serious remaining challenges.Comment: This is an earlier version (more verbose and less polished) of the paper titled "Assessing Mission Impact of Cyberattacks: Toward a Model-Driven Paradigm" that appeared in October 2017 issue of IEEE Security & Privacy. arXiv admin note: text overlap with arXiv:1601.0091