0%

Book Description

Introduces readers to the field of cyber modeling and simulation and examines current developmentsin the US and internationally

This book provides an overview of cyber modeling and simulation (M&S) developments. Using scenarios, courses of action (COAs), and current M&S and simulation environments, the author presents the overall information assurance process, incorporating the people, policies, processes, and technologies currently available in the field. The author ties up the various threads that currently compose cyber M&S into a coherent view of what is measurable, simulative, and usable in order to evaluate systems for assured operation.

An Introduction to Cyber Modeling and Simulation provides the reader with examples of tools and technologies currently available for performing cyber modeling and simulation. It examines how decision-making processes may benefit from M&S in cyber defense. It also examines example emulators, simulators and their potential combination. The book also takes a look at corresponding verification and validation (V&V) processes, which provide the operational community with confidence in knowing that cyber models represent the real world. This book:

  • Explores the role of cyber M&S in decision making
  • Provides a method for contextualizing and understanding cyber risk
  • Shows how concepts such the Risk Management Framework (RMF) leverage multiple processes and policies into a coherent whole
  • Evaluates standards for pure IT operations, "cyber for cyber," and operational/mission cyber evaluations—"cyber for others"
  • Develops a method for estimating both the vulnerability of the system (i.e., time to exploit) and provides an approach for mitigating risk via policy, training, and technology alternatives
  • Uses a model-based approach

An Introduction to Cyber Modeling and Simulation is a must read for all technical professionals and students wishing to expand their knowledge of cyber M&S for future professional work. 

Table of Contents

  1. Cover
  2. 1 Brief Review of Cyber Incidents
    1. 1.1 Cyber’s Emergence as an Issue
    2. 1.2 Estonia and Georgia – Militarization of Cyber
    3. 1.3 Conclusions
  3. 2 Cyber Security – An Introduction to Assessment and Maturity Frameworks
    1. 2.1 Assessment Frameworks
    2. 2.2 NIST 800 Risk Framework
    3. 2.3 Cyber Insurance Approaches
    4. 2.4 Conclusions
    5. 2.5 Future Work
    6. 2.6 Questions
  4. 3 Introduction to Cyber Modeling and Simulation (M&S)
    1. 3.1 One Approach to the Science of Cyber Security
    2. 3.2 Cyber Mission System Development Framework
    3. 3.3 Cyber Risk Bow‐Tie: Likelihood to Consequence Model
    4. 3.4 Semantic Network Model of Cyberattack
    5. 3.5 Taxonomy of Cyber M&S
    6. 3.6 Cyber Security as a Linear System – Model Example
    7. 3.7 Conclusions
    8. 3.8 Questions
  5. 4 Technical and Operational Scenarios
    1. 4.1 Scenario Development
    2. 4.2 Cyber System Description for M&S
    3. 4.3 Modeling and Simulation Hierarchy – Strategic Decision Making and Procurement Risk Evaluation
    4. 4.4 Conclusions
    5. 4.5 Questions
  6. 5 Cyber Standards for Modeling and Simulation
    1. 5.1 Cyber Modeling and Simulation Standards Background
    2. 5.2 An Introduction to Cyber Standards for Modeling and Simulation
    3. 5.3 Standards Overview – Cyber vs. Simulation
    4. 5.4 Conclusions
    5. 5.5 Questions
  7. 6 Cyber Course of Action (COA) Strategies
    1. 6.1 Cyber Course of Action (COA) Background
    2. 6.2 Cyber Defense Measurables – Decision Support System (DSS) Evaluation Criteria
    3. 6.3 Cyber Situational Awareness (SA)
    4. 6.4 Cyber COAs and Decision Types
    5. 6.5 Conclusions
    6. 6.6 Further Considerations
    7. 6.7 Questions
  8. 7 Cyber Computer‐Assisted Exercise (CAX) and Situational Awareness (SA) via Cyber M&S
    1. 7.1 Training Type and Current Cyber Capabilities
    2. 7.2 Situational Awareness (SA) Background and Measures
    3. 7.3 Operational Cyber Domain and Training Considerations
    4. 7.4 Cyber Combined Arms Exercise (CAX) Environment Architecture
    5. 7.5 Conclusions
    6. 7.6 Future Work
    7. 7.7 Questions
  9. 8 Cyber Model‐Based Evaluation Background
    1. 8.1 Emulators, Simulators, and Verification/Validation for Cyber System Description
    2. 8.2 Modeling Background
    3. 8.3 Conclusions
    4. 8.4 Questions
  10. 9 Cyber Modeling and Simulation and System Risk Analysis
    1. 9.1 Background on Cyber System Risk Analysis
    2. 9.2 Introduction to using Modeling and Simulation for System Risk Analysis with Cyber Effects
    3. 9.3 General Business Enterprise Description Model
    4. 9.4 Cyber Exploit Estimation
    5. 9.5 Countermeasures and Work Package Construction
    6. 9.6 Conclusions and Future Work
    7. 9.7 Questions
  11. 10 Cyber Modeling & Simulation (M&S) for Test and Evaluation (T&E)
    1. 10.1 Background
    2. 10.2 Cyber Range Interoperability Standards (CRIS)
    3. 10.3 Cyber Range Event Process and Logical Range
    4. 10.4 Live, Virtual, and Constructive (LVC) for Cyber
    5. 10.5 Applying the Logical Range Construct to System Under Test (SUT) Interaction
    6. 10.6 Conclusions
    7. 10.7 Questions
  12. 11 Developing Model‐Based Cyber Modeling and Simulation Frameworks
    1. 11.1 Background
    2. 11.2 Model‐Based Systems Engineering (MBSE) and System of Systems Description (Data Centric)
    3. 11.3 Knowledge‐Based Systems Engineering (KBSE) for Cyber Simulation
    4. 11.4 Architecture ‐Based Cyber System Optimization Framework
    5. 11.5 Conclusions
    6. 11.6 Questions
  13. 12 Appendix: Cyber M&S Supporting Data, Tools, and Techniques
    1. 12.1 Cyber Modeling Considerations
    2. 12.2 Cyber Training Systems
    3. 12.3 Cyber‐Related Patents and Applications
    4. 12.4 Conclusions
  14. Bibliography
  15. Index
  16. End User License Agreement
44.200.77.92