Human Impact
Human Impact (ssvc:HI:2.0.2)
Human Impact is a combination of Safety and Mission impacts.
| Value | Definition |
|---|---|
| Low (L) | Safety Impact:(Negligible) AND Mission Impact:(Degraded OR Crippled) |
| Medium (M) | (Safety Impact:Negligible AND Mission Impact:MEF Failure) OR (Safety Impact:Marginal AND Mission Impact:(Degraded OR Crippled)) |
| High (H) | (Safety Impact:Critical AND Mission Impact:(Degraded OR Crippled)) OR (Safety Impact:Marginal AND Mission Impact:MEF Failure) |
| Very High (VH) | Safety Impact:Catastrophic OR Mission Impact:Mission Failure |
Human Impact (ssvc:HI:2.0.2) JSON Example
{
"namespace": "ssvc",
"key": "HI",
"version": "2.0.2",
"name": "Human Impact",
"definition": "Human Impact is a combination of Safety and Mission impacts.",
"schemaVersion": "2.0.0",
"values": [
{
"key": "L",
"name": "Low",
"definition": "Safety Impact:(Negligible) AND Mission Impact:(Degraded OR Crippled)"
},
{
"key": "M",
"name": "Medium",
"definition": "(Safety Impact:Negligible AND Mission Impact:MEF Failure) OR (Safety Impact:Marginal AND Mission Impact:(Degraded OR Crippled))"
},
{
"key": "H",
"name": "High",
"definition": "(Safety Impact:Critical AND Mission Impact:(Degraded OR Crippled)) OR (Safety Impact:Marginal AND Mission Impact:MEF Failure)"
},
{
"key": "VH",
"name": "Very High",
"definition": "Safety Impact:Catastrophic OR Mission Impact:Mission Failure"
}
]
}
Human Impact is a combination of how a vulnerability can affect an organization's mission essential functions as well as safety considerations, whether for the organization's personnel or the public at large. We observe that the day-to-day operations of an organization often have already built in a degree of tolerance to small-scale variance in mission impacts. Thus in our opinion we need only concern ourselves with discriminating well at the upper end of the scale. Therefore we combine the two lesser mission impacts of degraded and MEF support crippled into a single category, while retaining the distinction between MEF Failure and Mission Failure at the extreme. This gives us three levels of mission impact to work with. On the other hand, most organizations tend to have lower tolerance for variance in safety. Even small deviations in safety are unlikely to go unnoticed or unaddressed. We suspect that the presence of regulatory oversight for safety issues and its absence at the lower end of the mission impact scale influences this behavior. Because of this higher sensitivity to safety concerns, we chose to retain a four-level resolution for the safety dimension. We then combine Mission Impact with Situated Safety impact and map them onto a 4-tiered scale (Low, Medium, High, Very High).
See also
Human Impact is a combination of Safety Impact and Mission Impact
Safety Impact (ssvc:SI:2.0.0)
The safety impact of the vulnerability. (based on IEC 61508)
| Value | Definition |
|---|---|
| Negligible (N) | Any one or more of these conditions hold. - Physical harm: Minor injuries at worst (IEC 61508 Negligible). - Operator resiliency: Requires action by system operator to maintain safe system state as a result of exploitation of the vulnerability where operator actions would be well within expected operator abilities; OR causes a minor occupational safety hazard. - System resiliency: Small reduction in built-in system safety margins; OR small reduction in system functional capabilities that support safe operation. - Environment: Minor externalities (property damage, environmental damage, etc.) imposed on other parties. - Financial: Financial losses, which are not readily absorbable, to multiple persons. - Psychological: Emotional or psychological harm, sufficient to be cause for counselling or therapy, to multiple persons. |
| Marginal (M) | Any one or more of these conditions hold. - Physical harm: Major injuries to one or more persons (IEC 61508 Marginal). - Operator resiliency: Requires action by system operator to maintain safe system state as a result of exploitation of the vulnerability where operator actions would be within their capabilities but the actions require their full attention and effort; OR significant distraction or discomfort to operators; OR causes significant occupational safety hazard. - System resiliency: System safety margin effectively eliminated but no actual harm; OR failure of system functional capabilities that support safe operation. - Environment: Major externalities (property damage, environmental damage, etc.) imposed on other parties. - Financial: Financial losses that likely lead to bankruptcy of multiple persons. - Psychological: Widespread emotional or psychological harm, sufficient to be cause for counselling or therapy, to populations of people. |
| Critical (R) | Any one or more of these conditions hold. - Physical harm: Loss of life (IEC 61508 Critical). - Operator resiliency: Actions that would keep the system in a safe state are beyond system operator capabilities, resulting in adverse conditions; OR great physical distress to system operators such that they cannot be expected to operate the system properly. - System resiliency: Parts of the cyber-physical system break; system’s ability to recover lost functionality remains intact. - Environment: Serious externalities (threat to life as well as property, widespread environmental damage, measurable public health risks, etc.) imposed on other parties. - Financial: Socio-technical system (elections, financial grid, etc.) of which the affected component is a part is actively destabilized and enters unsafe state. - Psychological: N/A. |
| Catastrophic (C) | Any one or more of these conditions hold. - Physical harm: Multiple loss of life (IEC 61508 Catastrophic). - Operator resiliency: Operator incapacitated (includes fatality or otherwise incapacitated). - System resiliency: Total loss of whole cyber-physical system, of which the software is a part. - Environment: Extreme externalities (immediate public health threat, environmental damage leading to small ecosystem collapse, etc.) imposed on other parties. - Financial: Social systems (elections, financial grid, etc.) supported by the software collapse. - Psychological: N/A. |
Safety Impact (ssvc:SI:2.0.0) JSON Example
{
"namespace": "ssvc",
"key": "SI",
"version": "2.0.0",
"name": "Safety Impact",
"definition": "The safety impact of the vulnerability. (based on IEC 61508)",
"schemaVersion": "2.0.0",
"values": [
{
"key": "N",
"name": "Negligible",
"definition": "Any one or more of these conditions hold.<br/><br/>- *Physical harm*: Minor injuries at worst (IEC 61508 Negligible).<br/>- *Operator resiliency*: Requires action by system operator to maintain safe system state as a result of exploitation of the vulnerability where operator actions would be well within expected operator abilities; OR causes a minor occupational safety hazard.<br/>- *System resiliency*: Small reduction in built-in system safety margins; OR small reduction in system functional capabilities that support safe operation.<br/>- *Environment*: Minor externalities (property damage, environmental damage, etc.) imposed on other parties.<br/>- *Financial*: Financial losses, which are not readily absorbable, to multiple persons.<br/>- *Psychological*: Emotional or psychological harm, sufficient to be cause for counselling or therapy, to multiple persons."
},
{
"key": "M",
"name": "Marginal",
"definition": "Any one or more of these conditions hold.<br/><br/>- *Physical harm*: Major injuries to one or more persons (IEC 61508 Marginal).<br/>- *Operator resiliency*: Requires action by system operator to maintain safe system state as a result of exploitation of the vulnerability where operator actions would be within their capabilities but the actions require their full attention and effort; OR significant distraction or discomfort to operators; OR causes significant occupational safety hazard.<br/>- *System resiliency*: System safety margin effectively eliminated but no actual harm; OR failure of system functional capabilities that support safe operation.<br/>- *Environment*: Major externalities (property damage, environmental damage, etc.) imposed on other parties.<br/>- *Financial*: Financial losses that likely lead to bankruptcy of multiple persons.<br/>- *Psychological*: Widespread emotional or psychological harm, sufficient to be cause for counselling or therapy, to populations of people."
},
{
"key": "R",
"name": "Critical",
"definition": "Any one or more of these conditions hold.<br/><br/>- *Physical harm*: Loss of life (IEC 61508 Critical).<br/>- *Operator resiliency*: Actions that would keep the system in a safe state are beyond system operator capabilities, resulting in adverse conditions; OR great physical distress to system operators such that they cannot be expected to operate the system properly.<br/>- *System resiliency*: Parts of the cyber-physical system break; system’s ability to recover lost functionality remains intact.<br/>- *Environment*: Serious externalities (threat to life as well as property, widespread environmental damage, measurable public health risks, etc.) imposed on other parties.<br/>- *Financial*: Socio-technical system (elections, financial grid, etc.) of which the affected component is a part is actively destabilized and enters unsafe state.<br/>- *Psychological*: N/A."
},
{
"key": "C",
"name": "Catastrophic",
"definition": "Any one or more of these conditions hold.<br/><br/>- *Physical harm*: Multiple loss of life (IEC 61508 Catastrophic).<br/>- *Operator resiliency*: Operator incapacitated (includes fatality or otherwise incapacitated).<br/>- *System resiliency*: Total loss of whole cyber-physical system, of which the software is a part.<br/>- *Environment*: Extreme externalities (immediate public health threat, environmental damage leading to small ecosystem collapse, etc.) imposed on other parties.<br/>- *Financial*: Social systems (elections, financial grid, etc.) supported by the software collapse.<br/>- *Psychological*: N/A."
}
]
}
Mission Impact (ssvc:MI:2.0.0)
Impact on Mission Essential Functions of the Organization
| Value | Definition |
|---|---|
| Degraded (D) | Little to no impact up to degradation of non-essential functions; chronic degradation would eventually harm essential functions |
| MEF Support Crippled (MSC) | Activities that directly support essential functions are crippled; essential functions continue for a time |
| MEF Failure (MEF) | Any one mission essential function fails for period of time longer than acceptable; overall mission of the organization degraded but can still be accomplished for a time |
| Mission Failure (MF) | Multiple or all mission essential functions fail; ability to recover those functions degraded; organization’s ability to deliver its overall mission fails |
Mission Impact (ssvc:MI:2.0.0) JSON Example
{
"namespace": "ssvc",
"key": "MI",
"version": "2.0.0",
"name": "Mission Impact",
"definition": "Impact on Mission Essential Functions of the Organization",
"schemaVersion": "2.0.0",
"values": [
{
"key": "D",
"name": "Degraded",
"definition": "Little to no impact up to degradation of non-essential functions; chronic degradation would eventually harm essential functions"
},
{
"key": "MSC",
"name": "MEF Support Crippled",
"definition": "Activities that directly support essential functions are crippled; essential functions continue for a time"
},
{
"key": "MEF",
"name": "MEF Failure",
"definition": "Any one mission essential function fails for period of time longer than acceptable; overall mission of the organization degraded but can still be accomplished for a time"
},
{
"key": "MF",
"name": "Mission Failure",
"definition": "Multiple or all mission essential functions fail; ability to recover those functions degraded; organization’s ability to deliver its overall mission fails"
}
]
}
The mapping is shown in the diagram and table below.
---
title: Human Impact Decision Table (ssvc:DT_HI:1.0.0)
---
graph LR
subgraph inputs[Inputs]
n1(( ))
subgraph s1["ssvc:SI:2.0.0"]
N_L0([N])
M_L0([M])
R_L0([R])
C_L0([C])
end
subgraph s2["ssvc:MI:2.0.0"]
N_D_L1([D])
N_MSC_L1([MSC])
N_MEF_L1([MEF])
N_MF_L1([MF])
M_D_L1([D])
M_MSC_L1([MSC])
M_MEF_L1([MEF])
M_MF_L1([MF])
R_D_L1([D])
R_MSC_L1([MSC])
R_MEF_L1([MEF])
R_MF_L1([MF])
C_D_L1([D])
C_MSC_L1([MSC])
C_MEF_L1([MEF])
C_MF_L1([MF])
end
end
subgraph outputs[Outcome]
subgraph s3["ssvc:HI:2.0.2"]
N_D_L_L2([L])
N_MSC_L_L2([L])
N_MEF_M_L2([M])
N_MF_VH_L2([VH])
M_D_L_L2([L])
M_MSC_L_L2([L])
M_MEF_M_L2([M])
M_MF_VH_L2([VH])
R_D_M_L2([M])
R_MSC_H_L2([H])
R_MEF_H_L2([H])
R_MF_VH_L2([VH])
C_D_VH_L2([VH])
C_MSC_VH_L2([VH])
C_MEF_VH_L2([VH])
C_MF_VH_L2([VH])
end
end
n1 --- N_L0
n1 --- M_L0
n1 --- R_L0
n1 --- C_L0
N_L0 --- N_D_L1
N_D_L1 --- N_D_L_L2
N_L0 --- N_MSC_L1
N_MSC_L1 --- N_MSC_L_L2
N_L0 --- N_MEF_L1
N_MEF_L1 --- N_MEF_M_L2
N_L0 --- N_MF_L1
N_MF_L1 --- N_MF_VH_L2
M_L0 --- M_D_L1
M_D_L1 --- M_D_L_L2
M_L0 --- M_MSC_L1
M_MSC_L1 --- M_MSC_L_L2
M_L0 --- M_MEF_L1
M_MEF_L1 --- M_MEF_M_L2
M_L0 --- M_MF_L1
M_MF_L1 --- M_MF_VH_L2
R_L0 --- R_D_L1
R_D_L1 --- R_D_M_L2
R_L0 --- R_MSC_L1
R_MSC_L1 --- R_MSC_H_L2
R_L0 --- R_MEF_L1
R_MEF_L1 --- R_MEF_H_L2
R_L0 --- R_MF_L1
R_MF_L1 --- R_MF_VH_L2
C_L0 --- C_D_L1
C_D_L1 --- C_D_VH_L2
C_L0 --- C_MSC_L1
C_MSC_L1 --- C_MSC_VH_L2
C_L0 --- C_MEF_L1
C_MEF_L1 --- C_MEF_VH_L2
C_L0 --- C_MF_L1
C_MF_L1 --- C_MF_VH_L2| Row | Safety Impact v2.0.0 | Mission Impact v2.0.0 | Human Impact v2.0.2 |
|---|---|---|---|
| 0 | negligible | degraded | low |
| 1 | negligible | mef support crippled | low |
| 2 | negligible | mef failure | medium |
| 3 | negligible | mission failure | very high |
| 4 | marginal | degraded | low |
| 5 | marginal | mef support crippled | low |
| 6 | marginal | mef failure | medium |
| 7 | marginal | mission failure | very high |
| 8 | critical | degraded | medium |
| 9 | critical | mef support crippled | high |
| 10 | critical | mef failure | high |
| 11 | critical | mission failure | very high |
| 12 | catastrophic | degraded | very high |
| 13 | catastrophic | mef support crippled | very high |
| 14 | catastrophic | mef failure | very high |
| 15 | catastrophic | mission failure | very high |
Safety and Mission Impact Decision Points for Industry Sectors
We expect to encounter diversity in both safety and mission impacts across different organizations. However, we also anticipate a degree of commonality of impacts to arise across organizations within a given industry sector. For example, different industry sectors may have different use cases for the same software. Therefore, vulnerability information providers—that is, vulnerability databases, Information Sharing and Analysis Organizations (ISAOs), or Information Sharing and Analysis Centers (ISACs)—may provide SSVC information tailored as appropriate to their constituency's safety and mission concerns. For considerations on how organizations might communicate SSVC information to their constituents, see Guidance on Communicating Results.
Prior Versions
Mission and Well-Being Impact (ssvc:MWI:1.0.0)
Mission and Well-Being Impact is a combination of Mission Prevalence and Public Well-Being Impact.
| Value | Definition |
|---|---|
| Low (L) | Mission Prevalence:Minimal AND Public Well-Being Impact:Minimal |
| Medium (M) | Mission Prevalence:Support AND Public Well-Being Impact:(Minimal OR Material) |
| High (H) | Mission Prevalence:Essential OR Public Well-Being Impact:(Irreversible) |
Mission and Well-Being Impact (ssvc:MWI:1.0.0) JSON Example
{
"namespace": "ssvc",
"key": "MWI",
"version": "1.0.0",
"name": "Mission and Well-Being Impact",
"definition": "Mission and Well-Being Impact is a combination of Mission Prevalence and Public Well-Being Impact.",
"schemaVersion": "2.0.0",
"values": [
{
"key": "L",
"name": "Low",
"definition": "Mission Prevalence:Minimal AND Public Well-Being Impact:Minimal"
},
{
"key": "M",
"name": "Medium",
"definition": "Mission Prevalence:Support AND Public Well-Being Impact:(Minimal OR Material)"
},
{
"key": "H",
"name": "High",
"definition": "Mission Prevalence:Essential OR Public Well-Being Impact:(Irreversible)"
}
]
}
Human Impact (ssvc:HI:2.0.0)
Human Impact is a combination of Safety and Mission impacts.
| Value | Definition |
|---|---|
| Low (L) | Safety Impact:(None OR Minor) AND Mission Impact:(None OR Degraded OR Crippled) |
| Medium (M) | (Safety Impact:(None OR Minor) AND Mission Impact:MEF Failure) OR (Safety Impact:Major AND Mission Impact:(None OR Degraded OR Crippled)) |
| High (H) | (Safety Impact:Hazardous AND Mission Impact:(None OR Degraded OR Crippled)) OR (Safety Impact:Major AND Mission Impact:MEF Failure) |
| Very High (VH) | Safety Impact:Catastrophic OR Mission Impact:Mission Failure |
Human Impact (ssvc:HI:2.0.0) JSON Example
{
"namespace": "ssvc",
"key": "HI",
"version": "2.0.0",
"name": "Human Impact",
"definition": "Human Impact is a combination of Safety and Mission impacts.",
"schemaVersion": "2.0.0",
"values": [
{
"key": "L",
"name": "Low",
"definition": "Safety Impact:(None OR Minor) AND Mission Impact:(None OR Degraded OR Crippled)"
},
{
"key": "M",
"name": "Medium",
"definition": "(Safety Impact:(None OR Minor) AND Mission Impact:MEF Failure) OR (Safety Impact:Major AND Mission Impact:(None OR Degraded OR Crippled))"
},
{
"key": "H",
"name": "High",
"definition": "(Safety Impact:Hazardous AND Mission Impact:(None OR Degraded OR Crippled)) OR (Safety Impact:Major AND Mission Impact:MEF Failure)"
},
{
"key": "VH",
"name": "Very High",
"definition": "Safety Impact:Catastrophic OR Mission Impact:Mission Failure"
}
]
}
Human Impact (ssvc:HI:2.0.1)
Human Impact is a combination of Safety and Mission impacts.
| Value | Definition |
|---|---|
| Low (L) | Safety Impact:(Negligible) AND Mission Impact:(None OR Degraded OR Crippled) |
| Medium (M) | (Safety Impact:Negligible AND Mission Impact:MEF Failure) OR (Safety Impact:Marginal AND Mission Impact:(None OR Degraded OR Crippled)) |
| High (H) | (Safety Impact:Critical AND Mission Impact:(None OR Degraded OR Crippled)) OR (Safety Impact:Marginal AND Mission Impact:MEF Failure) |
| Very High (VH) | Safety Impact:Catastrophic OR Mission Impact:Mission Failure |
Human Impact (ssvc:HI:2.0.1) JSON Example
{
"namespace": "ssvc",
"key": "HI",
"version": "2.0.1",
"name": "Human Impact",
"definition": "Human Impact is a combination of Safety and Mission impacts.",
"schemaVersion": "2.0.0",
"values": [
{
"key": "L",
"name": "Low",
"definition": "Safety Impact:(Negligible) AND Mission Impact:(None OR Degraded OR Crippled)"
},
{
"key": "M",
"name": "Medium",
"definition": "(Safety Impact:Negligible AND Mission Impact:MEF Failure) OR (Safety Impact:Marginal AND Mission Impact:(None OR Degraded OR Crippled))"
},
{
"key": "H",
"name": "High",
"definition": "(Safety Impact:Critical AND Mission Impact:(None OR Degraded OR Crippled)) OR (Safety Impact:Marginal AND Mission Impact:MEF Failure)"
},
{
"key": "VH",
"name": "Very High",
"definition": "Safety Impact:Catastrophic OR Mission Impact:Mission Failure"
}
]
}
-
In pilot implementations of SSVC, we received feedback that organizations tend to think of mission and safety impacts as if they were combined into a single factor: in other words, the priority increases regardless which of the two impact factors was increased. We therefore combine Safety Impact and Mission Impact for deployers into a single Human Impact factor as a dimension reduction step. ↩