S. John Spey and Zeeve Rogozinski
This report describes a model that simulates cyber conflicts at the high-tactical or operational level of war. The model’s objective is to allow a cyber force commander with one or more tactical-level offensive aggressor1 cyber units to experiment with different strategies and priorities. The model represents tactical details as simply as possible to avoid any dependence on details about individual networks, cyber defenses, and offensive cyber weapons. The simplistic nature of the model allows it to complete a single simulation in a fraction of a second. Many hundreds or thousands of iterations of the simulation with the same initial conditions and strategies can be done to create a distribution of outcomes. The initial conditions can then be changed before running the model another several hundred or thousand times. This approach allows the model to be used to explore new situations rapidly. The model code is written to be easily modified, allowing a wide range of scenarios and strategies to be explored.
In its current state, the model can simulate an arbitrary number of combatants. Combatants send aggressor units using offensive weapons into each other’s cyber terrain, seeking to discover and neutralize their enemy’s defensive tools or offensive weapons, or they seek out other high-value locations on an enemy’s network to score abstract points. A single iteration of a given scenario runs until either one combatant accumulates a set number of points or a set number of timesteps have occurred.
Figure 1 depicts the components and basic actions of the model. It shows two combatants, Blue and Red, at the start of a model run in (a) and after a Blue aggressor unit has penetrated Red’s network in (b). During each model run, each combatant’s aggressor unit maneuvers into the other combatant’s network and seeks out target locations determined by its commander. If an aggressor is detected by enemy defenders, those defenders may kick it out of the network, forcing it to start over with new offensive weapons.
Model overview
Our model is focused on the decisions faced by the cyber force commander at the high-tactical or operational level. 2 The decisions of interest to the model are what priorities and objectives the commander should assign to their offensive and defensive forces and what strategies those forces should employ to achieve them. The ultimate goal of the model is to allow rapid experimentation and exploration of different priorities, objectives, and strategies set by the commander.
The model abstracts away the tactical-level details as much as possible to focus on decisionmaking above the low-tactical level of war. For example, although the details of the target network and how it is defended are of the utmost importance to the individual aggressors penetrating the network, what matters at the high-tactical level is whether the intrusion is successful and how long it takes to achieve its objectives.
The general premise of the model is that the combatants are sending aggressor cyber units against each other to achieve some goal in the cyber domain. This goal is assumed to support some higher level objectives, such as supporting a higher echelon or satisfying intelligence collection objectives.
The commander’s decisions are represented in assigning one or more units their offensive weapons to use and one or more goals to achieve and defining a particular strategy for how they will execute their network intrusion. For aggressors with sufficient skill to spend time specifically reducing the chance that they will be detected inside an enemy network, the commander can also decide what level risk must be reduced to before they progress through the network. The commander may also decide some aspects of the defensive strategy for defending their own networks.
The model user sets the model configuration, which consists of defining the combatants and their initial state, such as number of aggressor units, number and quality of defensive tools and offensive weapons, and so on. It also involves defining basic strategy aspects that each combatant’s commander directed their force to follow, such as when to neutralize an aggressor unit detected in their network and what objectives their aggressor units should have.
No comments:
Post a Comment