The Crown Jewels Analysis process provides a repeatable approach to capturing knowledge from organizational subject matter experts, documenting known dependencies, and prioritizing assets based on their criticality to mission.
Crown Jewels Analysis: For Industrial Control Systems
To help assess risks to mission from cyber and non-kinetic threats, organizations need repeatable processes to analyze how failure or compromise of an asset could degrade or cause failure of a critical mission. In Department of Defense Directive 3020.40, DoD Policy and Responsibilities for Critical Infrastructure, an asset is described as being “A distinguishable entity that provides a service or capability. Assets are people, physical entities, or information located either within or outside the United States and employed, owned, or operated by domestic, foreign, public, or private sector organizations.” Understanding mission impacts from cyber, non-kinetic, or kinetic attack(s), and how to achieve mission resilience, requires an understanding of mission tasks, their dependence on various infrastructure elements, and how failure of an asset can translate into a mission-level impact. The Crown Jewels Analysis (CJA) process provides a repeatable approach to capturing knowledge from organizational Subject Matter Experts (SMEs), documenting known dependencies, and prioritizing assets based on their criticality to mission.