Protection Strategies Incorporated (PSI), through a contract with ManTech International Corporation (ManTech), provided Critical Infrastructure Protection support to the Department of State in response to the Presidential Decision Directive (PDD-63) issued by President Clinton in May 1998.

To understand an operating environment, PSI assessed threats to that environment from an evolutionary perspective commencing with current operations and culminating with system retirement. With respect to PDD-63, this process enabled us to pinpoint system vulnerabilities, identify intrusion pathways, and formulate remediation plans.

PSI employs an analytic methodology that assigns credible and realistic definitions to threats and characterizes the motivation, capabilities, and intent of adversarial groups over a predetermined period of time. We have found this methodology enables development of a full range of attack scenarios - from sophisticated cyber masquerades to simple but lethal fertilizer bombs.

The PSI methodology for conducting PDD-63 vulnerability assessments recognized such assessments usually require more rigor than other types of risk reviews. We consistently showed that only vulnerabilities with potential negative impact on minimum essential infrastructures were relevant to the PDD-63 process; however, other weaknesses were also identified and documented, even if they were not PDD-63 priorities.

PSI's vulnerability assessment methodology identifies a series of faults that realistically may result in negative impact upon both strategic mission essential infrastructures and mission essential processes.

PSI's pathway analyses and remediation methodology provide explicit strategies for reducing the likelihood that specific vulnerabilities will be exploited through predefined pathways or avenues. Our strategies are designed to remediate system faults through application of administrative, technical, physical, personnel, and counterintelligence security controls.

Prior to prescribing specific mitigation strategies, PSI assesses the cost versus the benefit of each strategy in relation to the impact a successful infrastructure attack will have upon the organization's mission essential processes and minimum essential infrastructures.