Surveyability
Essay by 24 • November 21, 2010 • 535 Words (3 Pages) • 1,158 Views
We define survivability as the capability of a system to fulfill its mission, in a timely
manner, in the presence of attacks, failures, or accidents. We use the term system in the
broadest possible sense, including networks and large-scale systems of systems.
The term mission refers to a set of very high-level (i.e., abstract) requirements or goals.
Missions are not limited to military settings since any successful organization or project
must have a vision of its objectives whether expressed implicitly or as a formal mission
statement. Judgments as to whether or not a mission has been successfully fulfilled are
typically made in the context of external conditions that may affect the achievement of
that mission. For example, assume that a financial system shuts down for 12 hours
during a period of widespread power outages caused by a hurricane. If the system
preserves the integrity and confidentiality of its data and resumes its essential services
CMU/SEI-97-TR-013 3
after the period of environmental stress is over, the system can reasonably be judged to
have fulfilled its mission. However, if the same system shuts down unexpectedly for 12
hours under normal conditions (or under relatively minor environmental stress) and
deprives its users of essential financial services, the system can reasonably be judged to
have failed its mission, even if data integrity and confidentiality are preserved.
Timeliness is a critical factor that is typically included in (or implied by) the very highlevel
requirements that define a mission. However, timeliness is such an important factor
that we included it explicitly in the definition of survivability.
The terms attack, failure, and accident are meant to include all potentially damaging
events; but these terms do not partition these events into mutually exclusive or even
distinguishable sets. It is often difficult to determine if a particular detrimental event is the
result of a malicious attack, a failure of a component, or an accident. Even if the cause is
eventually determined, the critical immediate response cannot depend on such
speculative future knowledge.
Attacks are potentially damaging events orchestrated by an intelligent adversary. Attacks
include intrusions,
...
...