An Introduction to Cyber Modeling and Simulation Wiley Series in Modeling and Simulation Series

Introduces readers to the field of cyber modeling and simulation and examines current developmentsin the US and internationally

This book provides an overview of cyber modeling and simulation (M&S) developments. Using scenarios, courses of action (COAs), and current M&S and simulation environments, the author presents the overall information assurance process, incorporating the people, policies, processes, and technologies currently available in the field. The author ties up the various threads that currently compose cyber M&S into a coherent view of what is measurable, simulative, and usable in order to evaluate systems for assured operation.

An Introduction to Cyber Modeling and Simulation provides the reader with examples of tools and technologies currently available for performing cyber modeling and simulation. It examines how decision-making processes may benefit from M&S in cyber defense. It also examines example emulators, simulators and their potential combination. The book also takes a look at corresponding verification and validation (V&V) processes, which provide the operational community with confidence in knowing that cyber models represent the real world. This book:

• Explores the role of cyber M&S in decision making
• Provides a method for contextualizing and understanding cyber risk
• Shows how concepts such the Risk Management Framework (RMF) leverage multiple processes and policies into a coherent whole
• Evaluates standards for pure IT operations, "cyber for cyber," and operational/mission cyber evaluations?"cyber for others"
• Develops a method for estimating both the vulnerability of the system (i.e., time to exploit) and provides an approach for mitigating risk via policy, training, and technology alternatives
• Uses a model-based approach

An Introduction to Cyber Modeling and Simulation is a must read for all technical professionals and students wishing to expand their knowledge of cyber M&S for future professional work. 

1 Brief Review of Cyber Incidents 1

1.1 Cyber’s Emergence as an Issue 3

1.2 Estonia and Georgia – Militarization of Cyber 4

1.3 Conclusions 6

2 Cyber Security – An Introduction to Assessment and Maturity Frameworks 9

2.1 Assessment Frameworks 9

2.2 NIST 800 Risk Framework 9

2.2.1 Maturity Models 12

2.2.2 Use Cases/Scenarios 13

2.3 Cyber Insurance Approaches 14

2.3.1 An Introduction to Loss Estimate and Rate Evaluation for Cyber 17

2.4 Conclusions 17

2.5 Future Work 18

2.6 Questions 18

3 Introduction to Cyber Modeling and Simulation (M&S) 19

3.1 One Approach to the Science of Cyber Security 19

3.2 Cyber Mission System Development Framework 21

3.3 Cyber Risk Bow‐Tie: Likelihood to Consequence Model 21

3.4 Semantic Network Model of Cyberattack 22

3.5 Taxonomy of Cyber M&S 24

3.6 Cyber Security as a Linear System – Model Example 25

3.7 Conclusions 26

3.8 Questions 27

4 Technical and Operational Scenarios 29

4.1 Scenario Development 30

4.1.1 Technical Scenarios and Critical Security Controls (CSCs) 31

4.1.2 ARMOUR Operational Scenarios (Canada) 32

4.2 Cyber System Description for M&S 34

4.2.1 State Diagram Models/Scenarios of Cyberattacks 34

4.2.2 McCumber Model 35

4.2.3 Military Activity and Cyber Effects (MACE) Taxonomy 36

4.2.4 Cyber Operational Architecture Training System (COATS) Scenarios 37

4.3 Modeling and Simulation Hierarchy – Strategic Decision Making and Procurement Risk Evaluation 39

4.4 Conclusions 42

4.5 Questions 43

5 Cyber Standards for Modeling and Simulation 45

5.1 Cyber Modeling and Simulation Standards Background 46

5.2 An Introduction to Cyber Standards for Modeling and Simulation 47

5.2.1 MITRE’s (MITRE) Cyber Threat Information Standards 47

5.2.2 Cyber Operational Architecture Training System 49

5.2.3 Levels of Conceptual Interoperability 50

5.3 Standards Overview – Cyber vs. Simulation 51

5.3.1 Simulation Interoperability Standards Organization (SISO) Standards 52

5.3.2 Cyber Standards 54

5.4 Conclusions 56

5.5 Questions 57

6 Cyber Course of Action (COA) Strategies 59

6.1 Cyber Course of Action (COA) Background 59

6.1.1 Effects‐Based Cyber‐COA Optimization Technology and Experiments (EBCOTE) Project 59

6.1.2 Crown Jewels Analysis 60

6.1.3 Cyber Mission Impact Assessment (CMIA) Tool 61

6.1.4 Analyzing Mission Impacts of Cyber Actions 63

6.2 Cyber Defense Measurables – Decision Support System (DSS) Evaluation Criteria 64

6.2.1 Visual Analytics 65

6.2.2 Managing Cyber Events 67

6.2.3 DSS COA and VV&A 68

6.3 Cyber Situational Awareness (SA) 68

6.3.1 Active and Passive Situational Awareness for Cyber 69

6.3.2 Cyber System Monitoring and Example Approaches 69

6.4 Cyber COAs and Decision Types 70

6.5 Conclusions 71

6.6 Further Considerations 72

6.7 Questions 72

7 Cyber Computer‐Assisted Exercise (CAX) and Situational Awareness (SA) via Cyber M&S 75

7.1 Training Type and Current Cyber Capabilities 77

7.2 Situational Awareness (SA) Background and Measures 78

7.3 Operational Cyber Domain and Training Considerations 79

7.4 Cyber Combined Arms Exercise (CAX) Environment Architecture 81

7.4.1 CAX Environment Architecture with Cyber Layer 82

7.4.2 Cyber Injections into Traditional CAX – Leveraging Constructive Simulation 84

7.4.3 Cyber CAX – Individual and Group Training 85

7.5 Conclusions 86

7.6 Future Work 87

7.7 Questions 87

8 Cyber Model‐Based Evaluation Background 89

8.1 Emulators,Simulators, and Verification/Validation for Cyber System Description 89

8.2 Modeling Background 90

8.2.1 Cyber Simulators 91

8.2.2 Cyber Emulators 93

8.2.3 Emulator/Simulator Combinations for Cyber Systems 94

8.2.4 Verification, Validation, and Accreditation (VV&A) 96

8.3 Conclusions 99

8.4 Questions 100

9 Cyber Modeling and Simulation and System Risk Analysis 101

9.1 Background on Cyber System Risk Analysis 101

9.2 Introduction to using Modeling and Simulation for System Risk Analysis with Cyber Effects 104

9.3 General Business Enterprise Description Model 105

9.3.1 Translate Data to Knowledge 107

9.3.2 Understand the Enterprise 114

9.3.3 Sampling and Cyber Attack Rate Estimation 114

9.3.4 Finding Unknown Knowns – Success in Finding Improvised Explosive Device Example 116

9.4 Cyber Exploit Estimation 116

9.4.1 Enterprise Failure Estimation due to Cyber Effects 118

9.5 Countermeasures and Work Package Construction 120

9.6 Conclusions and Future Work 122

9.7 Questions 124

10 Cyber Modeling & Simulation (M&S) for Test and Evaluation (T&E) 125

10.1 Background 125

10.2 Cyber Range Interoperability Standards (CRIS) 126

10.3 Cyber Range Event Process and Logical Range 127

10.4 Live,Virtual, and Constructive (LVC) for Cyber 130

10.4.1 Role of LVC in Capability Development 132

10.4.2 Use of LVC Simulations in Cyber Range Events 133

10.5 Applying the Logical Range Construct to System under Test (SUT) Interaction 134

10.6 Conclusions 135

10.7 Questions 136

11 Developing Model‐Based Cyber Modeling and Simulation Frameworks 137

11.1 Background 137

11.2 Model‐ Based Systems Engineering (MBSE) and System of Systems Description (Data Centric) 137

11.3 Knowledge‐ Based Systems Engineering (KBSE) for Cyber Simulation 138

11.3.1 DHS and SysML Modeling for Buildings (CEPHEID VARIABLE) 139

11.3.2 The Cyber Security Modeling Language (CySeMoL) 140

11.3.3 Cyber Attack Modeling and Impact Assessment Component (CAMIAC) 140

11.4 Architecture‐ Based Cyber System Optimization Framework 141

11.5 Conclusions 141

11.6 Questions 142

12 Appendix: Cyber M&S Supporting Data, Tools, and Techniques 143

12.1 Cyber Modeling Considerations 143

12.1.1 Factors to Consider for Cyber Modeling 143

12.1.2 Lessons Learned from Physical Security 144

12.1.3 Cyber Threat Data Providers 146

12.1.4 Critical Security Controls (CSCs) 147

12.1.5 Situational Awareness Measures 147

12.2 Cyber Training Systems 148

12.2.1 Scalable Network Defense Trainer (NDT) 153

12.2.2 SELEX ES NetComm Simulation Environment (NCSE) 153

12.2.3 Example Cyber Tool Companies 154

12.3 Cyber‐ Related Patents and Applications 154

12.4 Conclusions 160

Bibliography 161

Index 175

JERRY M. COURETAS, PHD, is Technology Lead for the Office of Secretary Defense's (OSD) Modeling and Simulation Coordination Office (DM&SCO) of Booz, Allen & Hamilton in McLean, VA, USA. He is currently the Editor-in-Chief of The Journal of Defense Modeling and Simulation. Dr. Couretas is a Global Industrial Cyber Security Professional (GICSP), a Project Management Professional (PMP), and a Certified Enterprise Architect (FEAC Institute).