The Air Force Research Laboratory (AFRL) developed a Network Intrusion, Risk and Vulnerability Analysis (NIRVANA) software tool under a Small Business Innovation Research (SBIR) project to provide a comprehensive cyber security analysis capability. The tool uses data from multiple intrusion detection systems to produce a comprehensive situation awareness picture, including a static evaluation of network vulnerabilities. In this tool, network vulnerabilities are identified using the novel attack graphs associated with applications and mission requirements, allowing the tool to identify the consequences of actions. The technology can estimate the probable targets intended by the attacker, allowing operators to counter with near-real-time actions, effectively denying the attacker’s goals. The technique is designed to scale, allowing for coordination of multiple security domains, and several runtime operators. Using this tool, the Air Force, Department of Defense (DoD) and other large enterprises have the first comprehensive capability to visualize the implications of a cyber attack. Operators will be able to anticipate the actions of attackers, even when a slow-brewed or multi-prong attack is in progress. The ability to anticipate and adjust in order to maintain mission readiness during the attack, although present in DoD cyber security strategy, is a missing component of our current cyber deterrence arsenal. This NIRVANA technology is the first to provide coherent enterprise-wide network cyber attack damage assessment.

U.S. Air Force Air Force Civilian Sercice
© 2017 Air Force STEM. All Rights Reserved.