Cyber Table Top

The Cyber Table Top (CTT) method is a type of mission-based cyber risk assessment that defense programs can use to produce actionable information on potential cyber threats across a system’s acquisition life cycle. Actionable information includes potential system vulnerabilities, demonstrated means of exploitation of those vulnerabilities, and an assessment of the resulting mission impacts. CTT is a tool intended to increase understanding of the cyber warfare domain for any system (i.e., business, logistic, or weapon system) in a mission context to help programs better allocate engineering and testing resources. The process involves a discussion-based, wargame-like exercise that identifies potential cybersecurity vulnerabilities in a system. Then a series of analysis activities categorizes the associated cyber risks into possible threats to an operational mission.

CTTs are useful for early characterization of cyber vulnerabilities and associated mission impacts; they are easily adapted as DoD policies are updated. DTE&A refined the CTT methodology, in coordination with the Institute for Defense Analyses (IDA), by taking the lessons learned from CTTs and incorporating them into the recently published Department of Defense Cyber Table Top Guide V2.0 (ac.cto.mil/erpo). Some benefits of the CTT process include:

• Bridges the gap between information technology (IT) and functional mission viewpoints through a disciplined approach to co-educate.
• Aids in identifying vulnerable components and interfaces that can help focus supply chain risk management efforts.
• Identifies areas for improved operator, defender, and maintainer training.
• Defines the first steps for early testing that can be conducted to collect empirical data to answer key questions aimed at the most critical unknowns.

The CTT, in conjunction with other tools and processes, provides the developers, and engineering and test teams, with opportunities for risk reduction throughout the life cycle of the acquisition program and reduces the likelihood of discovering cyber vulnerabilities in a system during operational test.