Quantifying risk for decentralized offensive cyber operations
Klipstein, Michael S.
Boger, Dan C.
MetadataShow full item record
Computer networks and the amount of information stored within government computer networks have become ubiquitous. With the possible decentralization of authorities to conduct offensive cyber operations, leaders and their respective staffs of organizations below the national level cannot adequately assess risks and consequences of these operations due to the lack of exposure, experience, and education. Compounding this problem are the heuristics and biases used in decision making when the requisite expertise is absent. This lack of understanding of risks and potentially faulty decision making presents a gap in command and control structures. This research explores the question: How effective is a simulation framework incorporating both subject matter expertise and assessments of uncertainty at overcoming the inexperience of decision makers in assessing risk and subsequent decision making within new operations? This research effort expands multi-criteria decision-making theory by accounting and incorporating both the expertise and uncertainty of the experts into the framework. This proposed framework was tested at national-level cyber organizations and CCMD exercises. The results were then compared to see if the framework could mitigate inexperience. The results are that organizations unfamiliar with cyber operations are able to assess risks at a proficiency level equivalent to an experienced organization.
Approved for public release; distribution is unlimitedIncludes supplementary material.Reissued 7 Sep 2017 with corrections to committee titles.
Showing items related by title, author, creator and subject.
Shobe, Katharine K.; Wulfeck, Wally (2009-06);Military operations have all the trademarks of agile decision making due to the complexity, uncertainty, time constraints, high risk and ill-defined goals of the mission environment. Any discussion of the naval command ...
The analytic hierarchy process as a framework for sourcing decisions: management, operations, and maintenance of a PBX Bowens, Desobry E. (Monterey, California. Naval Postgraduate School, 2000-06);With the installation of a new Private Branch Exchange (PBX), a telephone switch system, the Naval Postgraduate School is looking for the most effective method of sourcing the management, operations, and maintenance functions ...
Gaspar, Tamas S. (Monterey, California: Naval Postgraduate School, 1999-06);Current defense planning methods do not ensure a direct connection between national security objectives and military tasks. The Strategy-to-Task method provides a framework for solving this deficiency by establishing a ...