Bibliography

  1. Aaron Pendergrass, J., Lee, S.C., and Durward McDonell, C. (2013). Theory and practice of mechanized software analysis. Johns Hopkins APL Technical Digest 32 (2).
  2. Abraham, S. and Nair, S. (2017). Comparative analysis and patch optimization using cyber security analytics framework. Journal of Defense Modeling and Simulation 15 (2): 161–180.
  3. Amina, L. (2012). Patent No. 20120096549.
  4. Arnwine, M. (2015). Developing the infrastructure and methodologies for cyber security. In: 18th Annual Systems Engineering Conference. NDIA.
  5. Australian Government Department of Defence (n.d.). Strategies to Mitigate Cyber Security Incidents. https://www.asd.gov.au/infosec/mitigationstrategies.htm (accessed 4 November 2016).
  6. Backhaus, S., Bent, R., Bono, J. et al. (2013). Cyber physical security: a game theory model of humans interadcting over control systems. IEEE Transactions on Smart Grid 4 (4): 2320–2327.
  7. Bakke, C.P. and Suresh K. Damodaran (2015). The Cyber‐Range Event Process. Cambridge: Cyber Range Interoperability Standards Working Group (CRIS WG).
  8. Becker, J., Knackstedt, R., and Pöppelbuß, J. (2009). Developing maturity models for it management – a procedure model and its application. Business and Information Systems Engineering 1 (3): 213–222.
  9. Beidleman, S. (2009). Defining and Deterring Cyber War. Carlisle: US Army War College.
  10. Ben‐Asher, N., Oltramari, A., Erbacher, R.F., and Gonzalez, C. (2015). Ontology based adaptive systems of cyber defense. Proceedings of the 10th Internatioanl Conference on Semantic Technology for Intelligence, Defense, and Security (STIDS), Fairfax, Virginia (18 November 2015).
  11. Bernier, M. (2015). Cyber Effects Categorization – The MACE Taxonomy. TTCP JSA TP3 Cyber Analysis. Ottawa ON: DRDC Center for Operational Research and Analysis.
  12. Black, F. and Scholes, M. (1973). The pricing of options and corporate liabilities. The Journal of Political Economy 81 (3): 637–654.
  13. Bloom, B.S. (1994). Reflections on the development and use of the taxonomy. In: Bloom's Taxonomy: A Forty‐year Retrospective (ed. K.J. Rehage, L.W. Anderson and L.A. Sosniak). Chicago: National Society for the Study of Education.
  14. Bodeau, D.J., Graubart, R., and Picciotto, J. (2011). Cyber Resiliency Engineering Framework. MITRE. MITRE. McLean.
  15. Bohme, R. and Schwartz, G. (2010). Modeling cyber insurance: towards a unifying framework. In: Workshop on the Economics of Information Security (WEIS). Cambridge, MA: Harvard University.
  16. Boyd, J. R. (n.d.). The Essence of Winning and Losing. http://www.danford.net/boyd/essence.htm (accessed 10 February 2018).
  17. Bucher, N. (2012). Simulation and emulation in support of operational networks: “ALWAYS ON”. In: NDIA 15th Annual Systems Engineering Conference. Washington: NDIA.
  18. Butts, J., Rice, M., and Shenoi, S. (2012). An adversarial model for expressing attacks on control protocols. Journal of Defense Modeling and Simulation 9 (3).
  19. Callahan, C.J. (2013). Security Information and Event Management Tools and Insider Threat Detection. Monterrey: Naval Postgraduate School.
  20. Cam, H. (2015). Risk assessment by dynamic representation of vulnerability, exploitation, and impact. In: Cyber Sensing 2015. Baltimore: SPIE.
  21. Carr, N.B. (2014). Development of a Tailored Methodology and Forensic Toolkit for Industrial Control Systems Incident Response. Monterrey: Naval Postgraduate School.
  22. Chadha, R., Bowen, T., and Chiang, C.J., et al. (2016). CyberVAN: a cyber security virtual assured network testbed. Military Communications Conference, MILCOM 2016, Baltimore, Maryland, USA. IEEE (1–3 November 2016).
  23. Chapman, I.M., Leblanc, S.P., and Partington, A. (2011). Taxonomy of cyber attacks and simulation of their effects. In: Proceedings of the 2011 Military Modeling and Simulation Symposium. San Diego: SCS.
  24. Cheng, C., Tay, W.P., and Huang, G.B. (2012). Extreme learning machines for intrusion detection. In: The 2012 International Joint Conference on Neural Networks (IJCNN), 1–8. Brisbane, Australia: IEEE.
  25. Chi, S.D., Park, J.S., and Lee, J. (2003). A role of DEVS simulation for information assurance. Conference: Information Security Applications, 4th International Workshop, WISA, Jeju Island, Korea (25–27 August 2003).
  26. Cho, J.H. and Gao, J. (2016). Cyber war game in temporal networks. PLoS One 11 (2).
  27. Cho, J.H., Cam, H., and Oltramari, A. (2016). Effect of personality traits on trust and risk to phishing vulnerability: modeling and analysis. In: Cognitive Methods in Situation Awareness and Decision Support (CogSIMA), IEEE International Multi‐Disciplinary Conference. Beirut: IEEE.
  28. Choo, C.S., Ng, E.C., Ang, D., and Chua, C.L. (2008). Data farming in Singapore: a brief history. INFORMS, Washington, DC, USA (7–10 December 2008).
  29. Clark, A., Sun, K., Bushnell, L., and Poovendran, R. (2015). A game‐theoretic approach to ip address randomization in decoy‐based cyber defense. In: International Conference on Decision and Game Theory for Security, 3–21. Springer International Publishing.
  30. ClearSky Research Team (2017, March 17). (C. C. Security, Producer). http://www.clearskysec.com/iec/#att123 (accessed 10 February 2018).
  31. CNSSI (2010). National Information Assurance (IA) Glossary (CNSSI 4009). Committee on National Security Systems.
  32. Colbaugh, R. and Glass, K. (2012). Proactive Defense for Evolving Cyber Threats. Sandia: Sandia National Labs.
  33. Compton, M.D., Hopkinson, K.M., Peterson, G.L., and Moore, J.T. (2010). Using modeling and simulation to examine the benefits of a network tasking order. Journal of Defense Modeling and Simulation 9 (3).
  34. Coolihan, J. and Allen, G. (2012). LVC Architecture Roadmap Implementation – Results of the First Two. Orlando, FL: Joint Training Integration and Evaluation Center.
  35. Couretas, J.M. (1998a). System Entity Structure Enterprise Alternative Evaluator. Tucson: University of Arizona.
  36. Couretas, J.M. (1998b). SEAE‐SES Enterprise Alternative Evaluator: Design and Implementation of a Manufacturing Enterprise Alternative Evaluation Tool. Tucson: University of Arizona.
  37. Couretas, J.M. (2014). Model based system engineering (MBSE) applied to program oversight and complex system of systems analysis. In: NDIA Systems Engineering Conference. Springfield: NDIA (28–30 October 2014).
  38. Couretas J. (2017). A developing science of cyber security – an opportunity for model based engineering and design. SIMULTECH 2017, 27 July 2017.
  39. Cyber Security and Information Assurance Interagency Working Group (CSIA IWG) (2006). Hard Problems List. Washington: INFOSEC Research Council.
  40. Damodaran, S.K. and Couretas, J.M. (2015). Cyber modeling & simulation for cyber‐range events. In: SummerSim, 8. San Diego: SCS.
  41. Damodaran, S.K. and Smith, K. (2015). CRIS Cyber‐Range Lexicon. Cambridge: Cyber Range Interoperability Standards Working Group.
  42. Dandurand, L. and Serrano, O.S. (2013). Towards improved cyber security information sharing. In: 5th International Conference on Cyber Conflict (ed. K. Podins, J. Stinissen and M. Maybaum), 16. Tallinn: NATO CCD COE Publications.
  43. Davis, J. and Magrath, S. (2013). A Survey of Cyber Ranges and Testbeds. Edinburgh, Australia: Defence Science and Technology Organisation.
  44. Defense Advanced Research Projects Agency (DARPA) (2004). Real‐time Evaluation of Cyber‐course of Action (COA) Impact on Performance & Effectiveness. Rome: Air Force Research Lab.
  45. Defense Science Board (2013). Resilient Military Systems and the Advanced Cyber Threat. Washington, DC: Office of the Under Secretary of Defense for Acquisition, Technology and Logistics.
  46. Deming, W.E. (1967). Walter A. Shewhart, 1891–1967. American Statistician 21: 39–40.
  47. Deming, W.E. (2010). Some Theory of Sampling. New York: Dover.
  48. DeMuth, B. and Scharlat, J. (2012). Modeling & simulation of cyber effects in a degraded environment (ManTech). In: ITEA 2012 Cyber Conference, 13. ITEA.
  49. Denil, J. (2013). Verification and Deployment of Software Intensive Systems: A Multi‐Paradigm Modeling Approach. Antwerp: University of Antwerp.
  50. Department of Homeland Security (DHS) (n.d.). ICS CERT. https://ics‐cert.us‐cert.gov/Assessments (accessed 10 February 2018).
  51. Dietrich, N., Smith, D.N., and Edwards, D. (2011). Development and the Deployment of Cosage 2.0. WinterSim, Phoenix, Arizona, USA (p. 8) (11–14 December 2011).
  52. DoD Operatonal Test and Evaluation (DOT&E) (2015). Cyber Security. Washington, DC. https://www.google.com/url?sa=t&rct=j&q=&esrc=s&source=web&cd=1&ved=0ahUKEwjQlu‐d083NAhVGyyYKHbE1BJMQFggeMAA&url=http%3A%2F%2Fwww.dote.osd.mil%2Fpub%2Freports%2Ffy2014%2Fpdf%2Fother%2F2014cybersecurity.pdf&usg=AFQjCNESavr2MbmhDdV60KCXjl1N3ROKWw&cad=rja (accessed 29 June 2016).
  53. DOT&E (2013). Test and Evaluation Resources. http://www.dote.osd.mil/pub/reports/FY2013/pdf/other/2013teresources.pdf (accessed 11 February 2018)
  54. DRDC (Canada) (2013a). Statement of Work for the ARMOUR TD, v2.1. Ottawa: DRDC.
  55. DRDC (Canada) (2013b). System Technical Specification for the ARMOUR TD, v2.1. Ottawa: DRDC.
  56. DRDC (Canada) (2014a). Architectural Design Document for the Automated Computer Network Defence (ARMOUR) Technology Demonstrator (TD) Contract. Ottawa: DRDC.
  57. DRDC (Canada) (2014b). System Concept of Operations (CONOPS) for the Automated Computer Network Defence (ARMOUR) Technology Demonstration (TD) Contract. Ottawa: DRDC.
  58. DRDC Cyber Defence S&T Program (2012). An Overview. Toronto: DRDC.
  59. Duvenage, P. and von Solms, S. (2013). The case for cyber counterintelligence. In: 2013 International Conference on Adaptive Science and Technology (ICAST). Pretoria: IEEE.
  60. Endsley, M. (1995). Toward a theory of situation awareness in dynamic systems. Human Factors Journal 37 (1): 32–64.
  61. Estefan, J.A. (2008). Survey of Model‐Based Systems Engineering (MBSE) Methodologies. Seattle: International Council on Systems Engineering (INCOSE).
  62. Feller, W. (1968). An Introduction to Probability Theory and its Applications. New York: Wiley.
  63. Ferguson, C. (2014). Distributed cyber T&E. NDIA Annual T&E Conference (p. 26). Washington.
  64. FireEye (2017). M‐Trends 2017. https://www.fireeye.com/ppc/m‐trends‐2017.html?utm_source=google&utm_medium=cpc&utm_content=paid‐search&gclid=Cj0KCQjw‐uzVBRDkARIsALkZAdniLMfO9X‐z1aSqYzJsuRVHLVFjroaLajoLjFaTV15jnzjdyyWEvNMaAt5sEALw_wcB (accessed 28 March 2018).
  65. Frankel, M., Scouras, J., and De Simone, A. (2015). Assessing the Risk of Catastrophic Cyber Attack Lessons from the Electromagnetic Pulse Commission. Baltimore: Johns Hopkins University Applied Physics Laboratory.
  66. Frei, S., Fiedler, U., and May, M. (2006). Why to adopt a security metric? Quality of Protection. Advances in Information Security 23: 1–12.
  67. Friedenthal, S., Moore, A., and Steiner, R. (2011). A Practical Guide to SysML, Second Edition: The Systems Modeling Language. Washington: OMG Press.
  68. Friedenthal, S., Moore, A., and Steiner, R. (2012). A Practical Guide to SysML. Waltham, MA: Morgan Kaufmann.
  69. Gagnon, M.N., Truelove, J., Kapadia, A. et al. (2010). Net Centric Survivability for Ballistic Missile Defense. In: First International Symposium on Architecting Critical Systems (ed. H. Giese), 125–141. Springer.
  70. Gallagher, M. and Horta, M. (2013). Cyber joint munitions effectiveness manual (JMEM). M&S Journal 5–14.
  71. Gelbstein, E. (2013). Quantifying information risk and security. ISACA Journal 4.
  72. Gollmann, D., Massacci, F., and Artsiom, Y. (2006). Quality of Protection – Security Measurements and Metrics. Springer.
  73. Grange, F. and Deiotte, R. (2015). DEVS Extensions for Uncertainty Quantification Architectures. Denver: ISSAC Corp.
  74. Grimaila, M., Myers, J., Mills, R.F., and Peterson, G. (2012). Design and analysis of a dynamically configured log‐based distributed security event detection methodology. The Journal of Defense Modeling and Simulation: Applications, Methodology, Technology 9 (3), 219–241.
  75. Guo, R.J. and Sprague, K. (2016). Replication of human operators' situation assessment and decision making for simulated area reconnaissance in wargames. Journal of Defense Modeling and Simulation 13 (2): 213–225.
  76. Guruprasad, S., Ricci, R., and Lepreau, J. (2005). Integrated Network Experimentation using Simulation and Emulation. Testbeds and Research Infrastructures for the Development of Networks and Communities, Tridentcom, 204–212. IEEE.
  77. Hamilton, J. (2013). Architecture‐based network simulation for cyber security. In: Winter Simulation Conference. San Diego: SCS.
  78. Hansen, A.P. (2008). Cyber Flag – A Realistic Cyberspace Training Construct. Wright Patterson Air Force Base: AFIT.
  79. Hariri, S., Guangzhi, Q.U., and Dharmagadda, T. (2003). Impact Analysis of Faults and Attacks in Large Scale Networks. IEEE Security and Privacy 49–54.
  80. Heckman, K.E., Stech, F.J., Schmoker, B.S., and Thomas, R.K. (2015). Denial and deception in cyber defense. Computer 48 (4): 36–44.
  81. Henninger, A. (2008a). Live Virtual Constructive Architecture Roadmap (LVCAR) Final Report (1 of 5). Alexandria, VA: M&S CO Project No. 06OC‐TR‐001.
  82. Henninger, A. (2008b). Live Virtual Constructive Architecture Roadmap (LVCAR) Interim Report. Alexandria, VA: M&SCO.
  83. Henry, V. (2002). The Compstat Paradigm: Management Accountability in Policing, Business and the Public Sector. Looseleaf Law Publications.
  84. Hoffman, D. (2010). The Dead Hand: The Untold Story of the Cold War Arms Race and Its Dangerous Legacy. Anchor.
  85. Hubbard, D.W., Seiersen, R., and Geer, D.E. (2016). How to Measure Anything in Cybersecurity Risk. New York: Wiley.
  86. Humphrey, W. (1989). Managing the Software Process. Addison Wesley.
  87. IEEE Std 1278 Series (n.d.). IEEE Standards for Distributed Interactive Simulation (DIS). https://standards.ieee.org/findstds/standard/1278.1‐2012.html (accessed 18 February 2018).
  88. IEEE Std 1516 (n.d.). High Level Architecture for M&S (HLA). https://standards.ieee.org/findstds/standard/1516‐2010.html (accessed 18 February 2018).
  89. IEEE Std 1730‐2010 (n.d.). IEEE Recommended Practice for Distributed Simulation Engineering and Execution Process (DSEEP). https://standards.ieee.org/findstds/standard/1730‐2010.html (accessed 18 February 2018).
  90. Ingols, K., Lippmann, R., and Piwowarski, K. (2006). Practical attack graph generation for network defense. In: 22nd Annual Computer Security Applications Conference (ACSAC). IEEE.
  91. Ivers, J. (2017, 30 March). Security Week. Security vs. Quality: What’s the Difference? https://www.securityweek.com/security‐vs‐quality‐what%E2%80%99s‐difference (accessed 10 February 2018).
  92. Jabbour, K. and Poisson, J. (2016). Cyber risk assessment in distributed information systems. The Cyber Defense Review 1 (1).
  93. Jajodia, S., Shakarian, P., Subrahmanian, V.S. et al. (2015). Cyber Warfare: Building the Scientific Foundation. Springer.
  94. Jaquith, A. (2007). Security Metrics: Replacing Fear, Uncertainty, and Doubt. Addison‐Wesley, Pearson Education.
  95. Javate, M.S. (2014). Study of Adversarial and defensive components in an Experimental Machinery Control Systems Laboratory Environment. Monterrey: Naval Postgraduate School.
  96. Jens, P., Niehaves, B., Simons, A., and Becker, J. (2011). Maturity models in information systems research: literature search and analysis. Communications of the Association for Information Systems 29 (1).
  97. Johnson, R.E., Isensee, E.K., and Allison, W.T. (1995). A stochastic version of the concepts evaluation model (CEM). Naval Research Logistics 233–246.
  98. Joint Chiefs of Staff. (2014). Information Operations. Joint Publication 3‐13, Joint Chiefs of Staff, Washington.
  99. Jones, J. (2005). An Introduction to Factor Analysis of Information Risk (FAIR). Risk Management Institute.
  100. Jones, R.M., O'Grady, R., and Nicholson, D. (2015). Modeling and integrating cognitive agents within the emerging cyber domain. In: Proceedings of the Interservice / Industry Training, Simulation and Education Conference (I/ITSEC). Orlando: NDIA.
  101. Jonsson, E. and Olovsson, T. (1997). A quantitative model of the security intrusion process based on attacker behavior. IEEE Transactions on Software Engineering 23 (4): 235–245.
  102. Kavak, H. (2016). A characterization of cybersecurity simulation scenarios. Proceedings of the 19th Communications & Networking Symposium. ACM.
  103. Khintchine, A. (1969). Mathematical Methods in the Theory of Queueing. New York: Hafter.
  104. Kick, J. (2014). Cyber Exercise Playbook. Wiesbaden, Germany: MITRE.
  105. Kiesling, E., Ekelhart, A., Grill, B. et al. (2013). Simulation‐based optimization of information security controls: an adversary‐centric approach. In: Winter Simulations Conference (WSC), 2054–2065. Washington, DC, USA: IEEE.
  106. Kim, T., Hwang, M.H., and Kim, D. (2008). DEVS/NS‐2 Environment – Integrated Tool for Efficient Networks Modeling and Simulation. San Diego: SCS.
  107. King, S. (2011). Cyber S&T Priority Steering Council Research Roadmap. Washington: NDIA Disruptive Technologies Conference.
  108. Klein, G., Elphinstone, K., and Heiser, G. (2009). seL4: formal verification of an OS kernel. In: Proceedings of the ACM SIGOPS 22nd Symposium on Operating Systems Principles, 207–220. New York: ACM.
  109. Kossiakoff, A., Sweet, W.N., Seymour, S.J., and Biemer, S.M. (2011). Systems Engineering: Principles and Practice. New York: Wiley.
  110. Kotenko, I. (2005). Agent‐based modeling and simulation of cyber‐warfare between malefactors and security agents in internet. In: Proceedings 19th European Conference on Modelling and Simulation (ed. Y.M.R. Zobel and E. Kerckhoffs).
  111. Kotenko, I. and Chechulin, A. (2013). A cyber attack modeling and impact assessment framework. In: Proceedings of the 5th International Conference on Cyber Conflict. New York: IEEE.
  112. Kotenko, I., Konovalov, A., and Shorov, A. (2012). Agent‐based simulation of cooperative defence against botnets. Concurrency Computation Practice and Experience 573–588.
  113. Kott, A. (2014). Towards fundamental science of cyber security. In: Network Science and Cybersecurity (ed. R.E. Pino), 1–13. New York: Springer.
  114. Kott, A., Stoianov, N., Baykal, N. et al. (2015). Assessing Mission Impact of Cyberattacks: Report of the NATO IST‐128 Workshop. Adelphi: Army Research Lab (ARL‐TR‐7566).
  115. Krepinevich, A. (2012). Cyber Warfare: A “Nuclear Option”. Washington: Center for Strategic and Budgetary Assessments (CSBA).
  116. Lange, M., Kott, A., Ben‐Asher, N. et al. (2017). Recommendations for Model‐Driven Paradigms for Integrated Approaches to Cyber Defense. Adelphi: Army Research Lab.
  117. Lavigne, V. and Gouin, D. (2014). Visual analytics for cyber security and intelligence. Journal of Defense Modeling and Simulation 11 (2): 175–199.
  118. Lee, R.M., Assante, M.J., and Conway, T. (2014). German Steel Mill Cyber Attack. SANS ICS CP/PE (Cyber‐to‐Physical or Process Effects) Case Study Paper. SANS.
  119. Leversage, D.J. and Byres, E.J. (2007). Comparing electronic battlefields: using mean time‐to‐compromise as a comparative security metric. In: Computer Network Security (ed. I.K. Vladimir Gordodetsky). New York: Springer.
  120. Lewis, J. (2015). Deterrence in the Cyber Age. Washington: Center for Strategic and International Studies.
  121. Li, W. and Vaughn, R. (2006). Cluster security research involving the modeling of network exploitations using exploitation graphs. Sixth IEEE International Symposium on Cluster Computing and Grid Workshops, Singapore (30 May 2006).
  122. Littlejohn, A.M. and Makhlouf, E. (2013). Test and evaluation of the Malicious Activity Simulation Tool (MAST) in a Local Area Network (LAN) running the Common PC Operating System Environment (COMPOSE). Monterrey: Naval Postgraduate School.
  123. Lo, A.W. and Hasanhodzic, J. (2010). The Evolution of Technical Analysis. Hoboken: Wiley.
  124. Luenberger, D. (1979). Introduction to Dynamic Systems: Theory, Models and Applications. New York: Wiley.
  125. Lyons, K. (2014). A Recommender System in the Cyber Defense Domain. Wright‐Patterson Air Force Base, OH: AFIT.
  126. Malekzadeh, M., Ghani, A.A.A., Subramaniam, S., and Desa, J. (2011). Validating Reliability of OMNeT in Wireless Networks DoS Attacks: Simulation vs. Testbed. International Journal of Network Security 13–21.
  127. Manadhata, P. and Wing, J.M. (2008). An Attack Surface Metric. Pittsburgh: CMU.
  128. Mandiant (2014). M‐Trends – Beyond the Breach. FireEye.
  129. Manshaei, M.H., Zhu, Q., Alpcan, T. et al. (2013). Game theory meets network security and privacy. ACM Computing Surveys 45 (3).
  130. MANTECH. (2018). Cybersecurity. http://www.mantech.com/solutions/Cyber%20Security/Pages/default.aspx (accessed 11 February 2018).
  131. Marshall, H., Mize, J.R., Hooper, M. et al. (2015). Cyber Operations Battlefield Web Services (COBWebS) – Concept for a Tactical Cyber Warfare Effect Training Prototype. SIW, 8. Orlando: SISO.
  132. Masi, D., Fischer, M., Shortle, J.F., and Chen, C.H. (2011). Simulating network cyber attacks using splitting techniques. In: Proceedings of the Winter Simulation Conference, 3212–3223. Pheonix: IEEE.
  133. Maynard, T. and Beecroft, N. (2015). Business Blackout – The insurance implications of a cyber attack on the US power grid. London: Lloyd's.
  134. McQueen, M.A., Boyer, W.F., Flynn, M.A., and Beitel, G.A. (2006). Time‐to‐compromise model for cyber risk reduction estimation. In: Quality of Protection (ed. D. Golman). New York: Springer.
  135. Millett, L.I., Fischhoff, B., and Weinberger, P.J. (2017). Foundational Cybersecurity Research: Improving Science, Engineering, and Institutions. Washington: National Academy of Sciences, Division on Engineering and Physical Sciences.
  136. MITRE (2014, July 3). Cybersecurity. Collaborative Research Into Threats (CRITs). https://www.mitre.org/capabilities/cybersecurity/overview/cybersecurity‐blog/collaborative‐research‐into‐threats‐crits (accessed 10 February 2018).
  137. MITRE (2015). An Overview of MITRE Cyber Situational Awareness Solutions. McLean: MITRE.
  138. MITRE (n.d.‐a). https://www.mitre.org/capabilities/cybersecurity/overview/cybersecurity‐resources/standards (accessed 10 February 2018).
  139. MITRE (n.d.‐b). https://cybox.mitre.org/language/version2.0/ (accessed 10 February 2018).
  140. MITRE (n.d.‐c). https://www.mitre.org/publications/technical‐papers/standardizing‐cyber‐threat‐intelligence‐information‐with‐the (accessed 10 February 2018).
  141. MITRE (n.d.‐d). https://www.google.com/url?sa=t&rct=j&q=&esrc=s&source=web&cd=3&cad=rja&uact=8&ved=0ahUKEwiNsr‐i4cjOAhXC2yYKHUSMCFwQFggpMAI&url=https%3A%2F%2Ftaxii.mitre.org%2Fabout%2Fdocuments%2FIntroduction_to_TAXII_White_Paper_November_2012.pdf&usg=AFQjCNESIoOZhB8dpH4 (accessed 10 February 2018).
  142. Morse, K.L., Bryan, D.S., Drake, D.L., and Wells, W.D. (2014a). Realizing the Cyber Operational Architecture Training System (COATS) through standards. In: SIW. Orlando: SISO.
  143. Morse, K.L., Drake, D.L., Wells, D., and Bryan, D. (2014b). Realizing the Cyber Operational Architecture Training System (COATS) through standards. In: SIW, 10. Orlando: Simulation Interoperability and Standards Organization (SISO).
  144. Musman, S. and Temin, A. (2017). Playing the cyber security game: an approach to cyber security and resilience decision making. Journal of Defense Modeling and Simulation 15 (2).
  145. Musman, S., Temin, A., Tanner, M. et al. (2013). Evaluating the impact of cyber attacks on missions. M&S Journal 25.
  146. Nadeem, A. and Howarth, M. (2013). Protection of MANETs from a range of attacks using an intrusion detection and prevention system. Telecommun Systems 52: 2047–2058.
  147. National Academy of Engineering (1995). Chapter: 3 Integrated Product and Process Design. Information Technology for Manufacturing: A Research Agenda. https://www.nap.edu/read/4815/chapter/5 (accessed 10 February 2018).
  148. National Vulnerability Database (2014). https://nvd.nist.gov/ (accessed 18 February 2018).
  149. NATO (2012). NATO Allied Joint Doctrine for Information Operations. Brussels: NATO.
  150. NATO (2014). AMSP‐03 M&S Standards Profile for NATO and Multinational Computer Assisted eXercises with Distributed Simulation. NATO.
  151. NATO (2015, March). AMSP‐01 M&S Standards Profile, Edition C v 1.
  152. NATO Cooperative Cyber Defense Center of Excellence (2018). Exercise Crossed Swords Practised Cyber‐Kinetic Operations in Latvia. https://ccdcoe.org/exercise‐crossed‐swords‐practised‐cyber‐kinetic‐operations‐latvia.html (accessed 10 February 2018).
  153. NATO MSG 117 (2015, publication pending). Exploiting Modeling and Simulation in Support of Cyber Defense. Brussels: NATO.
  154. NEWSWEEK (2016). Alleged dam hacking raises fears of cyber threats to infrastructure (30 March). http://www.newsweek.com/cyber‐attack‐rye‐dam‐iran‐441940 (accessed 10 February 2018).
  155. Nilsson, N.J. (1998). Artificial Intelligence. New York: Morgan Kaufmann.
  156. Noel, S., Ludwig, J., Jain, P., et al. (2015). Analyzing Mission Impacts of Cyber Actions (AMICA).
  157. Norman, R. and Christopher, E.D. (2013). Cyber operations research and network analysis (Corona) enables rapidly reconfigurable cyberspace test and experimentation. M&S Journal 15–24.
  158. Norton, C.T. (1979, January). Blue Flag. In: Air University Review.
  159. Nunes‐Vaz, R., Lord, S., and Ciuk, J. (2011). A More Rigorous Framework for Security‐in‐Depth. Journal of Applied Security Researh 23.
  160. Nunes‐Vaz, R., Lord, S., and Bilusich, D. (2014). From strategic security risks to national capability priorities. Security Challenges 10 (3): 23–49.
  161. Nutaro, J. (2016). Towards improving software security by using simulation to inform requirements and conceptual design. Journal of Defense Modeling and Simulation 13 (1).
  162. Object Management Group (OMG) (2012, June). OMG Systems Modeling Language (OMG SysML™).
  163. Okhravi, H., Rabe, M.A., Mayberry, T.J. et al. (2013b). Survey of Cyber Moving Target Techniques. Boston: Lincoln Labs.
  164. Ortalo, R., Deswarte, Y., and Kaâniche, M. (1999). Experimenting with quantitative. IEEE Transactions on Software Engineering 25: 633–650.
  165. Panton, M.B.C., Colombi, J.M., Grimaila, M.R., and Mills, R.F. (2014). Strengthening DoD cyber security with the vulnerability market. Defense ARJ 21 (1): 466–484.
  166. Park, J.S., Lee, J.S., Kim, H.K., and Chi, S.D. (2001). SECUSIM: a tool for the cyber‐attack simulation. Third International Conference on Information and Communications Security, ICICS 2001, Xian, China (13–16 November 2001).
  167. Pathmanathan, A. (2013, November 14). 30th Annual International Test and Evaluation Symposium (ITEA). http://www.itea.org/~iteaorg/images/pdf/conferences/2013_Annual/Panel_2_Pathmanathan.pdf (accessed 6 January 2015).
  168. Paulenich, J., Agbedo, C., and Rea, K. (2014). Identification and Triage of Compromised Virtual Machines. Monterrey, CA, USA: Naval Postgraduate School.
  169. Pawlick, J., Farhang, S., and Quanyan, Z. (2015). Flip the cloud: cyber‐physical signaling games in the presence of advanced persistent threats. In: International Conference on Decision and Game Theory for Security, 289–308. Springer International Publishing.
  170. Peter Beiling, B.H. (2016). Methodology for Anticipating and Responding to Successful Cyber Attacks on Physical Systems. Virginia: Alexandria.
  171. Priest, B.W., Vuksani, E., Wagner, N. et al. (2014). Agent‐based simulation in support of moving target cyber defense technology development and evaluation. In: IEEE Symposium on Security and Privacy, 12. San Jose: IEEE.
  172. Priest, B.W., Vuksani, E., Wagner, N. et al. (2015a). Agent‐based simulation in support of moving target cyber defense technology development and evaluation. In: SpringSim, 8. Alexandria: ACM.
  173. Priest, B.W., Vuksani, E., Wagner, N. et al. (2015b). Agent‐based simulation in support of moving target cyber defense technology development and evaluation. In: Proceedings of the 18th Symposium on Communications & Networking, 16–23. San Diego, USA: Society for Computer Simulation International.
  174. Ratonel, C. (2013). Cyber Security Simulation Overview Brief. Metron: Reston.
  175. Raulerson, E.L., Hopkinson, K.M., and Laviers, K.R. (2014). A framework to facilitate cyber defense situational awareness modeled in an emulated virtual machine testbed. Journal of Defense Modeling and Simulation 12 (3): 229–239.
  176. Rescorla, E. (2005). Is finding security holes a good idea? IEEE Security and Privacy 14–19.
  177. Richards, J.E. (2014). Using the Department of Defense Architecture Framework to Develop Security Requirements. SANS: SANS Institute.
  178. Rimondini, M. (2007). Emulation of Computer Networks with Netkit. Department of Information Automation, Roma Tre University.
  179. Robinson, D. and Cybenko, G. (2012). A Cyber‐based behavioral model. Journal of Defense Modeling and Simulation 9 (3).
  180. Romanosky, S. (2016). Examining the costs and causes of cyber incidents. Journal of Cybersecurity 2 (2).
  181. Romanosky, S., Ablon, L., Kuehn, A., and Jones, T. (n.d.). Content Analysis of Cyber Insurance Policies: How Do Carriers Write Policies and Price Cybersecurity Risk?. SSRN. https://papers.ssrn.com/sol3/papers.cfm?abstract_id=2929137 (accessed 25 October 2017).
  182. Rossey, L.M., Cunningham, R.K., Fried, D.J. et al. (2002). LARIAT: lincoln adaptable real‐time information assurance testbed. In: Aerospace Conference Proceedings, vol. 6, 6‐2671–2676, 6‐2678–6‐2682. IEEE.
  183. Rowe, C., Zadeh, H.S., and Garanovich, I.L. (2017). Prioritising investment in military cyber capability using risk analysis. Journal of Defense Modeling and Simulation.
  184. Roza, M., Voogd, J., van Emmerik, M., and van Lier, A. (2010). Generic methodology for verification and validation for training simulations. In: Interservice/Industry Training, Simulation, and Education Conference (I/ITSEC), 12. Orlando: NDIA.
  185. Roza, M., Voogd, J., and Sebalji, D. (2013). The generic methodology for verification and validation to support acceptance of models, simulations and data. Journal of Defense Modeling and Simulation 347–365.
  186. Saadawi, H. and Wainer, G. (2013). Principles of discrete event system specification model verification. Simulation 41–67.
  187. Saadawi, H., Wainer, G., and Moallemi, M. (2012). Principles of model verification for real‐time embedded applications. In: Real‐Time Simulation Technologies: Principles, Methodologies and Applications (ed. P.M.K. Popovici). Boca Raton, FL: CRC Press.
  188. Sallhammar, K., Helvik, B.E., and Knapskog, S.J. (2006). On stochastic modeling for integrated security and dependability evaluation. Journal of Networks 1 (50).
  189. SANS Institute (2006). A Guide to Security Metrics. Bethesda: SANS.
  190. Schostack, A. (2014). Threat Modeling: Designing for Security. New York: Wiley.
  191. Serban, C., Poylisher, A., Sapello, A. et al. (2015). Testing android devices for tactical networks: a hybrid emulation testbed approach. In: Proceedings of the Military Communications Conference. New York: IEEE.
  192. Serdiouk, V. (2007). Technologies for protection against insider attacks on computer systems. In: Fourth International Conference on Mathematical Methods, Models, and Architectures for Computer Network Security, MMM‐ACNS‐2007 (ed. V. Gorodetsky, I. Kotenko and V. Skormin), 75–84. St. Petersburg: Springer.
  193. Shakshuki, E.M., Kang, N., and Sheltami, T.R. (2013). EAACK – a secure intrusion‐detection system for MANETs. IEEE Transactions on Industrial Electronics 60 (3): 1089–1098.
  194. Simonsson, M., Johnson, P., and Wijkström, H. (2007). Model‐based IT governance maturity assessments with COBIT. In: ECIS 2007 Proceedings. ECIS.
  195. Simulation Interoperability Standards Organization (SISO) (n.d.). Federation Engineering Agreements Template (FEAT). http://www.sisostds.org/FEATProgrammersReference/ (accessed 6 January 2015).
  196. SISO (1999). Fidelity Implementation Study Group Report. Orlando: SISO.
  197. SISO‐STD‐007‐2008 (n.d.). Standard for Military Scenario Definition Language.
  198. SISO‐STD‐011‐2014 (n.d.). Standard for Coalition Battle Management Language (C‐BML) Phase I.
  199. Skare, P. M. (2013). Patent No. 8595831.
  200. Small Business Innovative Research (SBIR) (2012). Cyber‐to‐Physical Domain Mapping Toolkit for Vulnerability Analysis and Critical Resource Identification Enablement (CEPHEID VARIABLE). Award Details. https://www.sbir.gov/sbirsearch/detail/393789 (accessed 11 February 2018).
  201. Sommestad, T. (2013). The cybewr security modeling language: a tool for assessing the vulnerability of enterprise system architectures. IEEE Systems Journal 7 (3): 363–373.
  202. Stella Croom‐Johnson, J.M. (2016). Cyber tools and standards to improve situational awareness. In: Simulation Interoperability Standards Organization, 12. Orlando: SISO.
  203. Stine, K. (2012). Inside NIST's cybersecurity strategy. Washington Technology.
  204. Streilein, W.W., Truelove, J., Meiners, C.R., and Eakman, G. (2011). Cyber situational awareness through operational streaming analysis. In: Military Communiations Conference, 1152–1157. IEEE.
  205. Symantec (2014). Dragonfly: Cyberespionage Attacks Against Energy Suppliers.
  206. Taguchi, G., Chowdhury, S., and Wu, Y. (2004). Taguchi's Quality Engineering Handbook. New York: Wiley.
  207. Taylor, J.G., Yildirim, U.Z., and Murphy, W.S. (2000). Hierarchy of models approach for aggregated attrition. In: Winter Simulation Conference. San Diego: Society for Computer Simulation International.
  208. Tello, B., Winterrose, M., Baah, G., and Zhivich, M. (2015). Simulation based evaluation of a code diversification strategy. 5th International Conference on Simulation and Modeling Methodologies, Technologies and Applications (pp. 36–43), Colmar, Alsace, France. SIMULTECH 2015.
  209. The DETER Testbed: Overview (2004, August 25). http://www.isi.edu/deter/docs/testbed.overview.pdf (accessed 6 May 2015).
  210. The Ponemon Institute, LLC. (2014). Privileged User Abuse & The Insider Threat. http://www.trustedcs.com/resources/whitepapers/Ponemon‐RaytheonPrivilegedUserAbuseResearchReport.pdf (accessed 26 May 2014).
  211. Thompson, M.F. and Irvine, C.E. (2011). Active Learning with the CyberCIEGE Video Game. 4th Workshop on Cyber Security Experimentation and Test, San Francisco, CA (8–12 August 2011).
  212. Tolk, A. and Muguira, J.A. (2003). The levels of conceptual interoperability model (LCIM). In: IEEE Fall Simulation Interoperability Workshop. Orlando: IEEE CS Press.
  213. Torres, G. (2015). Test & Evaluation/Science & Technology Net‐Centric Systems Test (NST) Focus Area Overview. Pt Mugu: USC, Center for Systems and Software Engineering.
  214. Toutonji, O.A., Yoo, S.M., and Park, M. (2012). Stability analysis of VEISV propagation modeling for network worm attack. Applied Mathematical Modeling 2751–2761.
  215. Valilai, O.F. and Houshmand, M. (2009). Advantages of using SysML compatible with ISO 10303‐233 for product design and development based on STEP standard. In: Proceedings of the World Congress on Engineering and Computer Science, vol. II. San Francisco: WCECS.
  216. Velez, T.U. and Morana, M.M. (2015). Risk Centric Threat Modeling: process for attack simulation and threat analysis. Hoboken: John Wiley & Sons, Inc.
  217. Waag, G.L., Kenneth Heist, R., Feinberg, J.M., and Painchaud, L.J. (2001). Information Assurance Modeling & Simulation (IA M&S) State of the Art Report – A Summary. Alexandria: MSIAC.
  218. Wagner, N., Lippmann, R., Winterrose, M. et al. (2015). Agent‐based simulation for assessing network security risk due to unauthorized hardware. In: Proceedings of the Symposium on Agent‐Directed Simulation, 18–26. Society for Computer Simulation International.
  219. Wagner, N., Sahin, C.S., Winterrose, M. et al. (2017). Quantifying the mission impact of network‐level cyber defensive. Journal of Defense Modeling and Simulation 14 (3): 201–216.
  220. Waltz, E. (2000). Information Warfare: Principles and Operations. Boston: ArTech House.
  221. Wang, L., Liu, A., and Jajodia, S. (2006). Using attack graphs for correlating, hypothsizing and predicting instrusion alerts. Computer Communications 29 (15): 2917–2933.
  222. Wells, D. and Bryan, D. (2015). Cyber operational architecture training system – cyber for all. In: Interservice/Industry Training, Simulation, and Education Conference (I/ITSEC), 9. Orlando: NDIA.
  223. White, G. (2007). The community cyber security maturity model. Proceedings of the 40th Hawaii International Conference on System Sciences, Waikoloa, HI, USA (3–6 January 2007).
  224. Wymore, W. (1967a). 1967. A Mathematical Theory of Systems Engineering: The Elements. Huntington, NY: Krieger.
  225. Wymore, W. (1967b). A Mathematical Theory of Systems Engineering: The Elements. New York: Wiley.
  226. Yan, W., Xue, Y., Li, X. et al. (2012). Integrated simulation and emulation platform for cyber‐physical system security experimentation. In: HiCoNS’12, 8. Beijing: ACM.
  227. Yap, G. (2009). When is a Hack an Attack? A Sovereign State's Options if Attacked in Cyberspace: A Case Study of Estonia 2007. Birmingham: Air Command and Staff College Air University Maxwell Air Force Base, Alabama.
  228. Yildrim, U.Z. (1999). Extending the State‐of‐the‐art for the COMAN/ATCAL Methodology. Monterrey: NPS.
  229. Yu, S., Gu, G., Barnawi, A. et al. (2015). Malware propagation in large‐scale networks. IEEE Transactions on Knowledge and Data Engineering 170–179.
  230. Yufik, Y. (2014). Understanding cyber warfare. In: Network Science and Cybersecurity (ed. R.E. Pino), 75–91. New York: Springer.
  231. Zeigler, B.P. and Nutaro, J.J. (2016). Towards a framework for more robust validation and verification of simulation models for systems of systems. Journal of Defense Modeling and Simulation 3–16.
  232. Zeigler, B.P., Praehofer, H., and Kim, T.G. (2000). Theory of Modeling and Simulation. New York: Academic Press.
  233. Zetter, K. (2014). Meet MonsterMind, the NSA Bot That Could Wage Cyberwar Autonomously. Wired (13 August).
..................Content has been hidden....................

You can't read the all page of ebook, please click here login for view all page.
Reset
18.117.186.92