Contingency analysis based approach for quantifying and examining the resiliency of a cyber system in respect to confidentiality, integrity and availability. A graph representing an organization's cyber system and related resources is used for the availability contingency analysis. The mission critical paths associated with an organization are used to determine the consequences of a potential contingency. A node (or combination of nodes) are removed from the graph to analyze a particular contingency. The value of all mission critical paths that are disrupted by that contingency are used to quantify its severity. A total severity score can be calculated based on the complete list of all these contingencies. A simple n1 analysis can be done in which only one node is removed at a time for the analysis. We can also compute nk analysis, where k is the number of nodes to simultaneously remove for analysis. A contingency risk score can also be computed, which takes the probability of the contingencies into account. In addition to availability, we can also quantify confidentiality and integrity scores for the system. These treat user accounts as potential contingencies. The amount (and type) of files that an account can read to is used to computemore » the confidentiality score. The amount (and type) of files that an account can write to is used to compute the integrity score. As with availability analysis, we can use this information to compute total severity scores in regards to confidentiality and integrity. We can also take probability into account to compute associated risk scores.« less
CCA; 003746MLTPL00 30776-E
DOE Contract Number:
Software Package Number:
Software Package Contents:
Media Directory; Software Abstract; Media includes Source Code; User Guide; Executable Module(s); Sample Problem Input Data; Sample Problem Output Data; Installation Instructions;
Source Code Available:
Pacific Northwest National Laboratory
Mackey, Patrick S Rice, Mark J Best, Daniel M Oler, Kiri
To initiate an order for this software, request consultation services, or receive further information, fill out the request form below. You may also reach us by email at: .
ESTSC staff will begin to process an order for scientific and technical software once the payment and signed site license agreement are received. If the forms are not in order, ESTSC will contact you. No further action will be taken until all required information and/or payment is received. Orders are processed within three to five business days.
Software Package Details
Title: Cyber Contingency Analysis version 1.x
Some links on this page may take you to non-federal websites. Their policies may differ from this site.