The James Madison University (JMU) CIPP research team is developing Network Security Risk Assessment Modeling (NSRAM) tools that will enable the assessment of both cyber and physical infrastructure security risks. The effort is driven by the need to predict and compute the probability of adverse effects stemming from system attacks and malfunctions, to understand their consequences, and to improve existing systems to minimize these consequences.

The tools are targeted at systems supporting critical infrastructures varying from individual systems to organization-wide systems, to systems covering entire geographical regions. Early work emphasizes computing systems, but systems sharing the network nature of computing systems, such as electrical and water supply systems are potential targets.

Input consisting of network topologies and interdependencies, recovery and repair capabilities, attack scenarios, and traffic analysis data, will enable the NSRAM tools to evaluate critical dependability issues including potential outage longevity and costs, data loss and such risks as are associated with network problems for user specified scenarios. Decision-making analysis support will be included such that it will provide modeling to support design, operation, maintenance, continuity, and recovery of these systems.

It is expected that the initial products will be somewhat technical in nature, for the use of JMU consultant-level experts, with the immediate future development work concentrating on modeling computer security phenomena and user interface refinements to increase accessibility.