威胁驱动的指挥信息系统韧性评估试验方法
|
摘要
针对复杂赛博威胁环境对指挥信息系统的韧性能力的挑战,提出了一种威胁驱动的指挥信息系统韧性能力评估试验方法。首先,从系统韧性试验任务、试验内容规划、试验环境部署生成及试验运行与评估4个方面,建立了韧性试验运行框架;然后,分析了系统面临的内部/外部赛博威胁,提出了基于规则的外部威胁模拟、基于业务数据变异的内部威胁模拟方法;最后,以持续保障战场态势处理任务为案例,从持续保障核心任务完成角度,选择任务完成波动率及任务完成率等指标,开展不同威胁下态势处理任务保障能力试验,验证了该方法有效性。
Aimed at the challenge of resilience capability for command information system in the complex cyber threat environment, the resilient evaluation and experiment method for threat-driven command information system is proposed. Firstly, the resilient experiment running framework is established from four aspects of the system resilient experiment task, the resilient experiment content planning, the experiment environment deployment and generation, and the experiment operation and evaluation. Then, the interval/external cyber threats to the system are analyzed, an external threat simulating method rule-based and an interval threat simulating method mutation-based are proposed. Finally, taking the battlefield situation processed mission of sustained guaranteed as an example, from the perspective of the completion of the core task of continuous support, the task completion volatility and task completion rate and other indicators are selected, and the situation processing mission guarantee capability test under the different threats is developed to verify the effectiveness of this method.
Aimed at the challenge of resilience capability for command information system in the complex cyber threat environment, the resilient evaluation and experiment method for threat-driven command information system is proposed. Firstly, the resilient experiment running framework is established from four aspects of the system resilient experiment task, the resilient experiment content planning, the experiment environment deployment and generation, and the experiment operation and evaluation. Then, the interval/external cyber threats to the system are analyzed, an external threat simulating method rule-based and an interval threat simulating method mutation-based are proposed. Finally, taking the battlefield situation processed mission of sustained guaranteed as an example, from the perspective of the completion of the core task of continuous support, the task completion volatility and task completion rate and other indicators are selected, and the situation processing mission guarantee capability test under the different threats is developed to verify the effectiveness of this method.
引文
[1] 费爱国.韧性指挥与控制系统设计相关问题探析[J].指挥信息系统与技术,2017,8(2):1-4.
[2] STERBENZ J P G.Evaluation of network resilience,survivability,and disruption tolerance:analysis,topology generation,simulation,and experimentation[J].Telecommunication Systems,2013,52(2):705-736.
[3] TRAN H T,BALCHANOS M,DOMERCANT J C,et al.A framework for the quantitative assessment of performance-based system resilience[J].Reliability Engineering and System Safety,2017,158:73-84.
[4] BODEAU D,GRAUBART R,LAPADULA L,et al.Cyber resiliency metrics[R].Version 1.0,rev.1.Bedford:MITRE:2012.
[5] FRANCIS R,BEKERA B.A metric and frameworks for resilience analysis of engineered and infrastructure systems[J].Reliability Engineering and System Safety,2014,121:90-103.
[6] WILFREDO T P,NASA.An approach for the assessment of system upset resilience[R].[S.l.]:NASA,2013.
[7] NAN C,SANSAVINI G.A quantitative method for assessing resilience of interdependent infrastructure[J].Reliability Engineering and System Safety,2017,157:35-53.
[8] PFLANZA M,LEVS A.An approach to evaluating resilience in command and control architectures[J].Procedia Computer Science,2012,8:141-146.
[9] PFLANZ M A,LEVIS A H.On Evaluating Resilience in C3 System[EB/OL].[2019-03-13].https://onlinelibrary.wiley.com/doi/10.1002/inst.12008.
[10] ARZANI B,CIRACI S,LOO B T.Taking the blame game out of data centers operation with NetPoirot[J].[2019-03-13].https://netdb.cis.upenn.edu/papers/netpoirot.pdf.
[11] AIMAJALI A,VISWANATHAN A,NEUMAN C.Analyzing resiliency of the smart grid communication architectures under cyber attack[EB/OL].[2019-03-13].https://pdfs.semanticscholar.org/9dfe/36da94861e9ebbc 4e08ed4dff60503414ae1.pdf.
[12] LEVY S,TOPP B,FERREIRA K B,et al.Using simulation to evaluate the performance of resilience strategies and process failures[C]//International Workshop on Performance Modeling,Benchmarking and Simulation of High Performance Computer Systems(PMBS 2013).[S.l.]:SANDIA,2013:91-114.
[13] FERREIRA K B,LEVY S,BRIDGES P G.A simulation infrastructure for examining the performance of resilience strategies at scale:SAND 2013-3180[R].[S.l.]:SANDIA,2013.
[14] MADNI A M,JACKSON S.Towards a conceptual framework for resilience engineering[J].IEEE Systems Journal,2009,3(2):181-191.
[15] 崔琼,李建华.网络化指挥信息系统弹性度量方法[J].军事运筹与系统工程程,2016,30(4):18-25.
[16] 崔琼,李建华,冉淏丹,等.基于任务能力的指挥信息系统超网络弹性度量[J].指挥与控制学报,2017,3(2):137-143.
[17] 李亚,翟国方,顾福妹.城市基础设施韧性的定量评估方法研究综述[J].城市发展研究,2016,23(6):113-122.
[18] 刘密霞,朱红蕾.网络弹性研究进展[J].计算机科学,2013,40(11A):46-50.
[19] 黄浪,吴超,王秉.系统安全韧性的塑造与评估建模[J].中国安全生产科学技术,2016,12(12):15-22.
[2] STERBENZ J P G.Evaluation of network resilience,survivability,and disruption tolerance:analysis,topology generation,simulation,and experimentation[J].Telecommunication Systems,2013,52(2):705-736.
[3] TRAN H T,BALCHANOS M,DOMERCANT J C,et al.A framework for the quantitative assessment of performance-based system resilience[J].Reliability Engineering and System Safety,2017,158:73-84.
[4] BODEAU D,GRAUBART R,LAPADULA L,et al.Cyber resiliency metrics[R].Version 1.0,rev.1.Bedford:MITRE:2012.
[5] FRANCIS R,BEKERA B.A metric and frameworks for resilience analysis of engineered and infrastructure systems[J].Reliability Engineering and System Safety,2014,121:90-103.
[6] WILFREDO T P,NASA.An approach for the assessment of system upset resilience[R].[S.l.]:NASA,2013.
[7] NAN C,SANSAVINI G.A quantitative method for assessing resilience of interdependent infrastructure[J].Reliability Engineering and System Safety,2017,157:35-53.
[8] PFLANZA M,LEVS A.An approach to evaluating resilience in command and control architectures[J].Procedia Computer Science,2012,8:141-146.
[9] PFLANZ M A,LEVIS A H.On Evaluating Resilience in C3 System[EB/OL].[2019-03-13].https://onlinelibrary.wiley.com/doi/10.1002/inst.12008.
[10] ARZANI B,CIRACI S,LOO B T.Taking the blame game out of data centers operation with NetPoirot[J].[2019-03-13].https://netdb.cis.upenn.edu/papers/netpoirot.pdf.
[11] AIMAJALI A,VISWANATHAN A,NEUMAN C.Analyzing resiliency of the smart grid communication architectures under cyber attack[EB/OL].[2019-03-13].https://pdfs.semanticscholar.org/9dfe/36da94861e9ebbc 4e08ed4dff60503414ae1.pdf.
[12] LEVY S,TOPP B,FERREIRA K B,et al.Using simulation to evaluate the performance of resilience strategies and process failures[C]//International Workshop on Performance Modeling,Benchmarking and Simulation of High Performance Computer Systems(PMBS 2013).[S.l.]:SANDIA,2013:91-114.
[13] FERREIRA K B,LEVY S,BRIDGES P G.A simulation infrastructure for examining the performance of resilience strategies at scale:SAND 2013-3180[R].[S.l.]:SANDIA,2013.
[14] MADNI A M,JACKSON S.Towards a conceptual framework for resilience engineering[J].IEEE Systems Journal,2009,3(2):181-191.
[15] 崔琼,李建华.网络化指挥信息系统弹性度量方法[J].军事运筹与系统工程程,2016,30(4):18-25.
[16] 崔琼,李建华,冉淏丹,等.基于任务能力的指挥信息系统超网络弹性度量[J].指挥与控制学报,2017,3(2):137-143.
[17] 李亚,翟国方,顾福妹.城市基础设施韧性的定量评估方法研究综述[J].城市发展研究,2016,23(6):113-122.
[18] 刘密霞,朱红蕾.网络弹性研究进展[J].计算机科学,2013,40(11A):46-50.
[19] 黄浪,吴超,王秉.系统安全韧性的塑造与评估建模[J].中国安全生产科学技术,2016,12(12):15-22.