Mission Impact: Role of Protection of Information Systems

Use of information technology (IT) hardware and software has become an integral component in the execution of modern combat operations. However, the use of this technology in support of military operations is constantly subject to adversarial threats. Confidentiality, Integrity, Availability, and Other (CIAO) breaches of information can adversely affect the outcome of military operations. In order to enable the quantification of the effect of these breaches, we model military operations using Business Process Modeling Notation (BPMN). Operations are represented as process models as a set of interconnected activities. Each of the activities of a mission is analyzed to identify dependencies on the underlying information technology (IT) resources. IT resources are in turn protected by protector resources. The dependencies are represented using two dependency matrices. One matrix represents the dependency of military activities on information resources. The other matrix represents the dependency of information resources on their protecting resources. Based on one of the author's actual combat experience, we present a hypothetical, but realistic, military operation. For this operation we develop the following: 1) a BPMN representation of the operation from the Receipt of Operations Order (military term for the start of the mission) to the Change of Mission (military term for the end of the operation), 2) the list of information resources that are needed to support the activities of the operation, 3) the list of the protectors for these information resources, 4) the dependency matrix between the components of the activities of the BPMN and the information resources, and 5) the dependency matrix between the information resources and their protectors. We will discuss the impact of CIAO breaches by tracing the chain of affects on the information resources, the activities, and eventually the outcome of the operation itself.