An Architecture for Improving Timeliness and Relevance of Cyber Incident Notifications

Author

James L. Miller

Date of Award

3-11-2011

Document Type

Thesis

Degree Name

Master of Science

Department

Department of Electrical and Computer Engineering

First Advisor

Robert F. Mills, PhD.

Abstract

This research proposes a communications architecture to deliver timely and relevant cyber incident notifications to dependent mission stakeholders. This architecture, modeled in Unified Modeling Language (UML), eschews the traditional method of pushing notifications via message as dictated in Air Force Instruction 33-138. It instead shifts to a pull or publish and subscribe method of making notifications. Shifting this paradigm improves the notification process by empowering mission owners to identify those resources on which they depend for mission accomplishment, provides a direct conduit between providing and dependent mission owners for notifications when an incident occurs, and provides a shared representation for all with authority for that dependent mission. Once the incident's impact is assessed, the architecture provides a conduit for the mission stakeholder(s) receiving the incident notification to then notify their downstream users of their status should it have changed because of the incident. The proposed architecture significantly speeds incident notification by eliminating multiple layers of processing and does so in a relatively noise-free environment as compared to current notification methods.

AFIT Designator

AFIT-GCO-ENG-11-09

DTIC Accession Number

ADA540231

Recommended Citation

Miller, James L., "An Architecture for Improving Timeliness and Relevance of Cyber Incident Notifications" (2011). Theses and Dissertations. 1416.
https://scholar.afit.edu/etd/1416