Information Design Assurance Red Team
The Information Design Assurance Red (IDART) methodology is optimized to evaluate system designs and identify vulnerabilities by adopting, in detail, the varying perspectives of a system’s most likely adversaries. The results provide system owners with an attacker’s-eye view of their system’s strengths and weaknesses.
IDART can be applied to a diversity of complex networks, systems and applications, including those that mix cyber technology with industrial machinery or other equipment. The CASA team employs IDART regularly, augmenting its own skills with deep subject-matter expertise in multiple disciplines from across the Labs. The methodology can be used throughout a system’s lifecycle, but the assessments are less expensive and more beneficial during design and development, when weaknesses can be found and mitigated more easily.
Built for rigor
Developed at Sandia in the mid-1990s and updated frequently, the IDART framework is NIST-recognized and designed for repeatability and measurable results. A typical assessment includes the following high-level activities:
- Characterizing the target system and its architecture
- Identifying nightmare consequences
- Analyzing the system for security strengths and weaknesses
- Identifying potential vulnerabilities that could lead to nightmare consequences
- Documenting results and providing prioritized mitigation strategies
An adversarial viewpoint…
IDART assessors think like adversaries. To do this, they first develop a range of categorical profiles or “models” of a system’s most likely attackers. Factors include an adversary’s specific capabilities (i.e., domain knowledge, access, resources) as well as intangibles such as motivation and risk tolerance. The assessment team then uses this adversarial lens to measure the risks posed by system weaknesses and to prioritize mitigations.
…with a cooperative approach
For efficiency and thoroughness, IDART relies on a free exchange of information. System personnel share documentation and participate in discussions that help assessors efficiently find as many attack paths as possible. In turn, the IDART team is transparent in conducting its assessment activities, giving system owners greater confidence in the work and the resulting analysis.
All of these traits combine to make IDART a highly flexible tool. The methodology helps system owners identify critical vulnerabilities, understand adversary threats and weigh appropriate strategies for delivering components, systems, and plans that are both effective and secure.