Dr. Paul Ratazzi
Title: Mission Assurance: An Enabler for Emergency and Contested Operations
Bio:
Paul Ratazzi received the B.S. in Electrical Engineering from Rensselaer Polytechnic Institute in 1987, M.S. in Electrical Engineering from Syracuse University in 1992, M.S. in Management from Rensselaer in 2006, and PhD in Electrical & Computer Engineering from Syracuse in 2016. Currently, Dr. Ratazzi is Technical Advisor to the Air Force Research Laboratory’s Information Exploitation & Operations Division in Rome, NY. In this position, he is the Senior Advisor to the Division Chief, where he provides oversight and direction to the Division’s portfolio spanning interests in cyber agile and resilient architectures and systems, automation of cyber operations, cyber vulnerability analysis, system survivability, cyberspace effects generation, cyberspace/SIGINT integration, multi-sensor data processing for signal intelligence, and automation of coordinated multi-domain signal and signature exploitation. Dr. Ratazzi is a Senior Member of IEEE, and Past Chair of the Mohawk Valley Section.
Abstract:
Most IT components and systems are designed using assumptions that are valid primarily in benign environments. When exposed to adverse conditions, including natural disasters, degraded or intermittent connectivity, and threat actors, these systems will fail in ways that can amplify the crisis at hand. Although numerous information assurance (IA) frameworks exist to guide the design of secure systems, these do not usually consider the various missions that the system must support. Instead, these information-centric models focus on providing confidentiality, integrity, and availability, without regard to how information must be generated, processed, transmitted, stored, and destroyed to accomplish the mission. The result can be a rigid, inflexible implementation of policy, encryption, access controls, and various other “best practice” security requirements that fail spectacularly when assumptions of a benign environment are no longer valid. In these situations, the very things intended to provide assurance can prevent operators from completing the mission. Moving from an information-centric to a mission-centric notion of assurance enables a much richer security design space than has been possible under a traditional IA framework. Rather than existing as fixed requirements, in a mission-driven security architecture, IA controls must be flexible and dynamically adjust to the environment at hand. As such, the mission determines the objective function, with security controls as parameters rather than constants. This talk will expand on the concept of mission assurance in the context of critical systems expected to perform their mission, even in the face of unexpected and unplanned-for emergencies and contested environments. Some high-level characteristics of a mission assurance framework will be proposed, and ideas for employment of various emerging technologies to achieve mission assurance will be discussed.