Quantifying risk for decentralized offensive cyber operations
Klipstein, Michael S.
Boger, Dan C.
MetadataShow full item record
Computer networks and the amount of information stored within government computer networks have become ubiquitous. With the possible decentralization of authorities to conduct offensive cyber operations, leaders and their respective staffs of organizations below the national level cannot adequately assess risks and consequences of these operations due to the lack of exposure, experience, and education. Compounding this problem are the heuristics and biases used in decision making when the requisite expertise is absent. This lack of understanding of risks and potentially faulty decision making presents a gap in command and control structures. This research explores the question: How effective is a simulation framework incorporating both subject matter expertise and assessments of uncertainty at overcoming the inexperience of decision makers in assessing risk and subsequent decision making within new operations? This research effort expands multi-criteria decision-making theory by accounting and incorporating both the expertise and uncertainty of the experts into the framework. This proposed framework was tested at national-level cyber organizations and CCMD exercises. The results were then compared to see if the framework could mitigate inexperience. The results are that organizations unfamiliar with cyber operations are able to assess risks at a proficiency level equivalent to an experienced organization.
Includes supplementary material.Reissued 7 Sep 2017 with corrections to committee titles.
RightsThis publication is a work of the U.S. Government as defined in Title 17, United States Code, Section 101. Copyright protection is not available for this work in the United States.
Showing items related by title, author, creator and subject.
Shobe, Katharine K.; Wulfeck, Wally (2009-06);Military operations have all the trademarks of agile decision making due to the complexity, uncertainty, time constraints, high risk and ill-defined goals of the mission environment. Any discussion of the naval command ...
Bernhardt, Kevin M. (Monterey, CA; Naval Postgraduate School, 2020-06);Given the requirement for leaders to accept risk to achieve their goals, how do decision-makers evaluate operational uncertainty and calculate the risk factors that affect operational effectiveness and the achievement of ...
The analytic hierarchy process as a framework for sourcing decisions: management, operations, and maintenance of a PBX Bowens, Desobry E. (Monterey, California. Naval Postgraduate School, 2000-06);With the installation of a new Private Branch Exchange (PBX), a telephone switch system, the Naval Postgraduate School is looking for the most effective method of sourcing the management, operations, and maintenance functions ...