Establishing and Maintaining Trust for an Airborne Network. Search and Rescue Enterprise: Security Assessment Report

Abstract : This report was developed under a SBIR contract for topic AF103-165. This report describes the results a security assessment conducted on the Search and Rescue (SAR) enterprise. The purpose of the security assessment is to identify the operational risks to the SAR enterprise. In particular, those resulting from cyber attacks, identify the corresponding vulnerabilities, assess the criticality of the components, and recommend mitigations. SAR case study is a comprehensive illustration to the Department of Defense Architecture Framework (DoDAF) published as part of the international standard UML Profile for DoDAF and MoDAF (UPDM) by the Object Management Group (OMG). For the purposes of this assessment, the SAR is defined by International Aeronautical and Maritime Search and Rescue Manual (IAMSAR) and Canadian National Search and Rescue Manual. The security assessment described herein was one part of an overall project to develop a generic methodology and technology framework for computing a trustworthiness index (TI). A TI is a measure of confidence that risk is low in a claim about a system component supporting mission objectives