To improve cyber resilience and reduce risks in Navy Industrial Control Systems (ICS), we propose an innovative software tool called Cyber Resilience Modeling and Simulation (CRMSTM). Based on a quantitative agent-based modeling approach, CRMS is designed to establish a common framework that integrates Risk Management Framework (RMF) components into a consolidated resilience model with simulation functions, and evaluates the level of resilience and the effectiveness of mitigation actions under various attack scenarios. CRMS will be a web-based tool to perform cyber resilience evaluation and cost-benefit analysis on ICS and System of Systems (SoS) in general in support of the cybersecurity test and evaluation process during acquisition. Our Phase I effort will focus on the CRMS model architecture and component design, the design of a common resilience metrics, and a use-case driven simulation to demonstrate feasibility of the proposed solution.
