2024-09-11 CERIAS - IDART (Information Design Assurance Red Team): A Red Team Assessment Methodology

Recorded: 09/11/2024 CERIAS Security Seminar at Purdue University

The Information Design Assurance Red(IDART) methodology is optimized to evaluate system designs and identify vulnerabilities by adopting, in detail, the varying perspectives of a system’s most likely adversaries. The results provide system owners with an attacker’s-eye view of their system’s strengths and weaknesses.

IDART can be applied to a diversity of complex networks, systems, and applications, including those that mix cyber technology with industrial machinery or other equipment. The methodology can be used throughout a system's lifecycle but the assessments are less expensive and more beneficial during design and development, when weaknesses can be found and mitigated more easily.

Developed at Sandia National Laboratories in the mid-1990s and updated frequently, the IDART framework is NIST-recognized and designed for repeatability and measurable results. Atypical assessment includes the following high-level activities:Characterizing the target system and its architecture Identifying nightmare consequences Analyzing the system for security strengths and weaknesses Identifying potential vulnerabilities that could lead to nightmare consequences
Documenting results and providing prioritized mitigation strategies

IDART assessors think like adversaries. To do this, they first develop a range of categorical profiles or“models” of a system’s most likely attackers. Factors include an adversary’s specific capabilities (i.e., domain knowledge, access, resources) as well as intangibles such as motivation and risk tolerance. The assessment team then uses this adversarial lens to measure the risks posed by system weaknesses and to prioritize mitigations.

For efficiency and thoroughness, IDART relies on a free exchange of information. System personnel share documentation and participate in discussions that help assessors efficiently find as many attack paths as possible. In turn, the IDART team is transparent in conducting its assessment activities, giving system owners greater confidence in the work and the resulting analysis.

All of these traits combine to make IDART a highly flexible tool. The methodology helps system owners identify critical vulnerabilities, understand adversary threats, and weigh appropriate strategies for delivering components, systems, and plans that are both effective and secure.

Russel Waymire is a manager at Sandia National Laboratories in the area of Cyber-Physical Security.
(Visit: www.cerias.purdue.edu\