1 of 26

Cyber Risk to Mission Analysis�

Methodology for Assessing and Communicating Mission Risk from Cyber Threats and Hazards

prepared for the

30th International C2 Research and Technology Symposium

Dr. David S. Alberts

Senior Fellow

Institute for Defense Analyses

 

Dr. Jimmie G. McEver, Ph.D., M.P.P.

Principal Scientist

JHU Applied Physics Laboratory

10-1-25

2 of 26

Précis

2

8 November 2025

  • Since the late-1990s militaries embarked on a journey to leverage advancing information age technologies to create a co-evolved network / cyber-enabled force.
  • Over the years, our dependency on cyber and cyber-enabled capabilities has grown to the point that, should these capabilities not be available as expected, it would result in a significant loss of mission capability.
  • This Cyber Risk to Mission (CRM) needs to be understood and effectively managed.
  • CRM impacts C2 by adversely affecting available regions of the C2 Approach Space that, in turn, impacts C2 and Mission Agility.
  • CRM Analysis integrates Cyber Risk and Mission Risk analyses by identifying the subsets of Cyber Terrain that are mission critical and analyzing sets of contingency plans that can be employed to maximize Cyber and Mission Agility.

3 of 26

Power and Vulnerability of a Co-evolved Cyber-Enabled Force

1

2

Impact of Cyber Degradation�Degrades effectiveness and erodes synergies

1

2

Cyber capabilities revolutionize military operations, enabling speed, precision, and agility

But they introduce new risks: disruption, degradation, or denial can reverse advantage

3

4 of 26

Real-World Degradation to DoD Global Logistics Mission/Commercial Airlines: �Notice to Air Missions (NOTAMs)

4

Commercial Critical Infrastructure

DIB, FAA NOTAMs system, communications, transportation sector

Priority DoD Missions (NIST Tier 2)

Global Logistics

DoD Critical Infrastructure

Military airport, DoD installations

DoD Networks (NIST Tier 3)

Defense Internet NOTAM Service (DINS)

Civil Reserve Air Fleet, Supply Chain Risk Management, Commercial NOTAM Management Tool

DoD Weapons Systems / Platforms

USTRANSCOM AOC

DoD Organizations (NIST Tier 1)

USTRANSCOM, USAF

Incident 1

Nov 2022

1

Cyber-attack degrades data integrity for commercial NOTAM management tool; company takes tool offline in response

2

CRAF carrier does not possess trusted NOTAMs data

3

CRAF carrier delays, cancels flights while NOTAMs tool offline

4

PAXs delayed

USTRANSCOM

Global Logistics

FAA NOTAM System

Omni Air

Jeppesen NOTAM Management Tool

1

2

3

4

1

2

Incident 2

Jan 2023

1

Poor database management allowed an inadvertent input error to degrade FAA NOTAM System data integrity; FAA issues ground stop until it can ensure data integrity

2

DoD airlift unaffected as DoD possesses its own NOTAMs system: DINS

System offline for ~14 hours, ~1,100 PAX delayed

First ground stop since September 11, 2001

~1,300 flights cancelled,

~10,000 flights delayed

CRM is a real and present Mission Risk

5 of 26

Cyberspace is a Contested Operational Domain

5

Tier

Adversary Offensive Cyber Capability

IV

Advanced – Have the capacity to conduct complex, long term cyber attack operations that combine multiple intelligence disciplines to obtain access to high-value networks

III

Moderate – Able to use customized malware with OPSEC practices to conduct wider-range intelligence collection operations, gain access to more isolated networks, and create short duration effects against critical infrastructure networks.

II

Limited Able to identify and target for espionage or attack easily accessible unencrypted networks running common operating systems using publicly available tools.

I

Nascent – Little to no organized cyber capabilities, with no knowledge of a networks underlying systems or industry beyond publicly connected open-source information.

Existential

Nuisance

Managing Cyber Risk to Mission is Necessary to Operating �in a Contested Cyber Environment

Tier

IV

$Bs

Tier

III

$Ms ―

Tiers

I - II

$10s

6 of 26

Cyber Attacks Create Mission Effects in Different Ways

6

Attack Type

Definition

Example

Potential Mission Impact

Availability

Prevents access to information or systems needed to perform a mission function.

A distributed denial-of-service (DDoS) attack disables a command and control (C2) node during force deployment.

Delays force coordination, reducing tempo and synchronization of operations, potentially risking mission failure.

Integrity

Alters or corrupts information, causing users to act on false or misleading data.

A logistics database is tampered with to show incorrect fuel depot locations.

Forces misallocation of resources or unit movements, degrading mission effectiveness and increasing vulnerability.

Confidentiality

Exposes sensitive information to unauthorized parties, enabling adversary insight.

Adversary exfiltrates operational plans from an unencrypted email server.

Adversary anticipates friendly actions, allowing them to preempt or neutralize mission objectives.

*National Institute of Standards and Technology. (2017). An Introduction to Information Security (NIST Special Publication 800-12 Rev. 1). Gaithersburg, MD: U.S. Department of Commerce.

7 of 26

Defining Cyber Risk to Mission

  • OUSD A&S Cyber Warfare Directorate (U.S.) developed the concept of Cyber Risk to Mission to enable discussion of mission considerations of cyber events.
  • Cyber Risk to Mission is a function of the likelihood of failure of a cyber or cyber-enabled capability and the impact of that failure to the mission (harm to current or future mission objectives).
    • CRM is present whenever cyber or cyber-enabled capabilities that a commander depends upon can fail to match operational needs, putting the mission at risk.
    • CRM is not about why one’s cyber and cyber-enabled capabilities do not satisfy mission requirements, rather it is about the resulting consequence to the mission.
  • Cyber Risk to Mission is an “All Hazard” Risk.
    • The shortfall can result from a variety of causes.
    • CRM arises not just from cyberattacks – it could also result from the potential for kinetic attack or accidents.
  • Cyber Risk to Mission, as a concept, is useful for both offensive and defensive analyses (mitigating friendly risk, creating adversary risk).

7

8 of 26

CRM Assessment Elements

Define Mission Context and Scope

Characterize the Cyber Threat Environment

Characterize Cyber Defense and Response Capabilities

Identify Plan-related

Mission Critical Cyber Terrain

Translate Cyber Damage

into Mission Impacts

Communicate Findings

Determine Mission Risk

8

Design Primary and Contingency Plans

Project Cyber Damage

8

9 of 26

CRM Analysis Methodology

  • Generalized approach to assessing cyber risk to mission is patterned after approaches for understanding and communicating Risk to Mission as described in the Joint Risk Assessment Methodology (JRAM) (CJCSM 3105.01B)
  • The CRM Analysis Methodology consists of two inter-dependent analyses: a Cyber Risk Assessment, and a Mission Risk Assessment.

“Mission Critical Cyber Capabilities Damaged and not Restored in a Timely Manner” provides the link between cyber-enabled and mission effectiveness.

9

Potential Threats and Hazards

Events

Damage to Critical Cyber Enabled Capability

Cyber Damage Not Restored �in a Timely Manner

Potential Impact on Mission

Impact Mitigation/ Adaptation

Impact on Mission

Cyber

Risk

To

Mission

Deterrence & Prevention Strategy

Damage Assessment & Response

Restoration & Recovery

Risk�Judgement

Risk Management

Cyber Risk AssessmentDetermining Extent/Duration of Damage to Cyber-Enabled Capabilities

Mission Risk AssessmentDetermining Mission Impact of Degraded Capabilities

+

10 of 26

Identifying Mission-Critical Cyber Terrain

8 November 2025

10

Supported Mission

Supporting Mission

Supporting Mission

Mission Critical Cyber Terrain

All cyber-enabled assets

Cyber-enabled assets needed for different missions

Overlap: Assets needed for multiple missions

11 of 26

Importance of C2 Approach

  • Each individual’s understanding of the mission-critical cyber terrain is determined by the C2 Approach that has been adopted because the C2 Approach determines who has access to what information and the individual interactions that are allowed / facilitated.
  • These understandings determine the accuracy of individual and collective perceptions of mission criticality and time-sensitivity.
    • Perceptions determine what assets are defended / attacked and hence the ultimate damage to cyber assets sustained.
    • Perceptions will also determine which CONOP alternative is selected at the time of execution.
  • CRM Analysis employs metrics that reflect correct perceptions as a function of cyber asset criticality and the impact that quality of perception has on decisions.

11

12 of 26

The Impact of Perceptions

12

Cyber Terrain

Cyber Terrain: Defender Perception

Allocation of Defenders to Assets

Cyber Terrain: Attacker Perception

Allocation of Attackers to Targets

Damage to Cyber Terrain

Blue Perception of Cyber Damage

Allocation of Recovery/ Restoration Resources

Cyber Terrain Mission Availability

Decisions

Perception

Ground�Truth

Perception

Decisions

Mission�Risk

Assessment

13 of 26

Contingency Plans Enable Agility

  • Given the volatility of a Contested Cyberspace Environment, the cyber assets upon which a mission depends may not be available.
  • Contingency planning involves developing a set of contingency plans* that vary in the degree to which the mission depends upon cyber and cyber-enabled capabilities.
  • The subsets of mission-critical assets associated with these contingency plans should, to the extent possible, minimize their overlaps so that they do not depend upon the same cyber assets.
  • A Cyber Risk Assessment should be used to inform the selection of which contingency plan is appropriate for a given mission and, should the state of the Cyber Terrain change, if a different plan is now a better option.

*PACE Plans (Primary, Alternate, Contingency, Emergency)

13

14 of 26

Cyber Terrain May Vary for Different Mission Options

8 November 2025

14

Alternative�Plan

Primary�Plan

Contingency�Plan

Mission Critical Cyber Terrain (shaded)

All cyber-enabled assets

Shaded: Cyber-enabled assets needed for different mission plans

Overlap: Assets needed for multiple plans

Emergency�Plan

15 of 26

Need for Timely Switching between Contingency Plan Options

Projected

Mission

Outcome �(e.g., % Objectives Achieved)

20

80

60

40

0

% Primary-Plan Mission Critical Cyber Assets Damaged and �Not Restored in a Timely Manner

0

40

60

80

100

20

Alternative

Continency

Primary

100

Best Contingency Plan Option as a Function of Unrestored Damage

Primary -> Alternate Plan Decision Point

Primary Plan Response Curve to Cyber Asset Damage

Alternative Plan Response Curve

Alternate -> Contingency Plan Decision Point

20

15

16 of 26

Risk Matrix

  • Each Risk Type (unique combination of Probability and Consequences) is individually assessed based upon the mission challenge it represents.
  • Risk scores and its placement in the Risk Matrix communicates both level of risk and scoring uncertainty
  • Operational judgement of significance is needed; Risk Types are not calculated by simply taking the product of Probability and Consequences.

HIGH RISK:

Maximum level of expected impact on the thing of value

SIGNIFICANT RISK:

Severe level of expected impact on the thing of value

MODERATE RISK:

Medium level of expected impact on the thing of value

LOW RISK:

Little to no expected impact on the thing of value

Risk Levels*

* CJCSM 3105.01B

extreme

major

modest

minor

very�unlikely�<20%

unlikely��21-50%

likely��51-80%

very�likely�>80%

Probability

Consequence

16

17 of 26

Notional Mission Impact Scorecard for the Global Logistics Mission�

17

18 of 26

Sources of Insight for CRM Analysis Can Be Varied

 

Source of Evidence

Description

Advantages

Disadvantages

Qualitative

Expert Judgment

SMEs assess based on knowledge, experience, and structured discussion.

Quick, intuitive, accessible to leadership.

Can be biased or inconsistent; limited traceability.

Wargaming / Tabletop Exercises

Structured scenarios with participants role-playing decisions and adversary actions.

Encourages interdisciplinary and cross-domain insights; simulates adversary dynamics.

Less quantitative; facilitator-dependent.

Quantitative-

Informed

Qualitative

Model-Driven Wargaming TTX

Structured scenarios with participants provided with model-driven situation displays that are used to inform their decision-making

Adds transparency to wargames/TTXs and makes them more repeatable

Can be personnel and data intensive to execute

Can be difficult to sync kinetic and cyber elements of the event

Quantitative

Parametric Models

Simplified quantitative models estimating CRM using parameters and assumptions.

Supports transparent, �repeatable analysis across �many cases.

May oversimplify complex, �dynamic effects.

High-Fidelity M&S

Detailed simulations modeling cyber effects, system behavior, and campaign dynamics.

High resolution, rigorous, �captures cascading effects.

Data- and resource-intensive; slower to execute; often lacks means for representing information and cognitive effects

18

19 of 26

Using CRM Analysis Results to Inform Risk Decisions�

  • Cyber force development and configuration (e.g., local defenders, maneuver defenders, response/restoration elements).
  • Allocation of local defenders to cyber assets and placement of maneuver cyber forces.
  • Allocation of restoration elements to damaged assets (based upon perceptions).
  • Formulation and adoption of multi-domain C2 approaches and capabilities.
  • Development and selection of initial plan.
  • Formulation of set of plans and C2 capabilities to enable operational adaptation for foster cyber mission resilience.

19

20 of 26

Backup

8 November 2025

20

21 of 26

Mission Stack for a Generalized Mission

21

22 of 26

The Impact of Perceptions

22

Cyber Terrain

Cyber Terrain: Defender Perception

Allocation of Defenders to Assets

Cyber Terrain: Attacker Perception

Allocation of Attackers to Targets

Damage to Cyber Terrain

Blue Perception of Cyber Damage

Allocation of Recovery/ Restoration Resources

Cyber Terrain Mission Availability

Decisions

Perception

Ground�Truth

Perception

Decisions

Mission�Risk

Assessment

1

3

5

6

9

7

2

4

8

23 of 26

Information/Inputs Needed for CRM Analysis

  • Mission and Mission Objectives, Measures of Mission Success
  • Specification of Mission Relevant Cyber Terrain (cyber assets)
  • Alternative mission CONOPs that might be available in case of asset degradation (e.g., PACE Plans)
  • Relationships between mission effectiveness and systems states (e.g., mission criticality, time-sensitivity of assets) for each CONOPs
  • Characteristics of the friendly and adversarial cyber forces (e.g., force size, force quality, sensemaking capabilities, etc.)
  • CRM-informed Command and Control Approach and Decision-Making Criteria
    • How cyber forces are assigned
    • How mission CONOP is selected, adjusted
  • Assumptions (what kind of assumptions do you mean? Might help to add an example or two)

23

24 of 26

Global Logistics Mission Thread and Mission Stack

Non-DoD Transportation Dependencies

24

25 of 26

Mission Stack for the “Fort-to-Port” Portion of the Global Logistics Mission.�

25

26 of 26

Observed Attacks and ‘Blue on Blue’ Cyber Events

26