TRACE: A MagicDraw Plugin for Automated Cyber Risk Assessment
Conducting cyber risk assessments today is a largely manual process that requires subject matter experts to collect and synthesize system information in order to reach conclusions and recommendations. However, much of the information relevant to assessing cyber risk (network topology, configuration details, functional dependency, etc.) may already be captured in system engineering artifacts created in tools such as MagicDraw. MITRE has developed a prototype methodology and MagicDraw plugin, Traversal-driven Risk Assessment of Composite Effects (TRACE), which makes use of this cyber-relevant system information to conduct an automated cyber risk assessment. TRACE estimates the time required for a cyber attacker to develop the ability to traverse a system’s infrastructure and disrupt its functionality. In this presentation, we will demonstrate the plugin and discuss its potential uses as well as current limitations and future work.