Software Engineering Institute

Society is increasingly dependent on large-scale, networked information systems of remarkable scope and complexity. This dependency magnifies the far-reaching consequences of system damage from attacks and intrusions. Yet no amount of security can guarantee that systems will not be penetrated. Incorporating survivability capabilities into an organizations systems can mitigate the risks. Survivability is the capability of a system to fulfill its mission in a timely manner despite intrusions, failures, or accidents. The three tenets of survivability are (1) resistance to intrusions, (2) recognition of intrusion effects, and (3) recovery of services despite successful intrusions. The survivability of existing or planned systems can be analyzed at the level of system architectures or requirements. This report describes the Survivable Network Analysis (SNA) method developed at the SEI's CERT Coordination Center. The four-step SNA method guides stakeholders through an analysis process intended to improve system survivability when a system is threatened. The method focuses on preservation of essential system services that support the organizational mission. SNA findings are summarized in a Survivability Map that enumerates current and recommended architectural strategies. SNA has been successfully applied to commercial and governmental systems, and continues to evolve toward increasing rigor in its application.