Characterizing identified vulnerabilities and numerically scoring the potential severity using a mission impact focus.
Current methods for analyzing identified cyber vulnerabilities tend to apply traditional information technology focus on impact to system confidentiality, integrity and availability to discern end-user risks. Although sufficient for evaluating traditional information technology systems, it fails to consider the operational ramifications for complex systems-of-systems.
The Risk Scoring System provides a means to characterize identified vulnerabilities and numerically score the potential severity. The two main components include vulnerability characterization and impact to end-system operations. A unique scoring system has been developed for three distinct sectors: Medical, Commercial Aviation and Weapon Systems.
The Risk Scoring System was initially developed in support of the United States Department of Homeland Security Science and Technology (DHS S&T) Aviation Cyber Initiative.