Report of Break Out Group 1: Network Vulnerability and Risk Assessment

To help understand a network and its ability to continue operating when under attack, the break out group discussed issues that need to be considered when presenting network vulnerability information to an analyst, manager or commander in effective support of that person's "observe, orient, decide, action" (OODA) loop. The break out group discussed vulnerability presentation needs common across various application domains, particularly in support of network discovery and network analysis tasks in those domains. Finally, the break out group wished to determine whether there is a means of characterizing a vulnerability. This would take into account the potential for the vulnerability to be exploited as well as the potential impact on the operations supported by the network, and on the network structure itself, of a successful exploit of that vulnerability.