Developing a software model to assess a nation's capability to conduct sustained, offensive cyber warfare
McElheny, Aric L.
Buettner, Raymond R.
Denning, Dorothy E.
MetadataShow full item record
This research provides a Situational Influence Assessment Module (SIAM) software model for assessing the capability of a country to conduct sustained, offensive cyber warfare. The SIAM Cyber Warfare Capability Model identifies a process to quantify the baseline information needed to evaluate a complex problem. The model is a tool and allows analysts to understand the reasoning behind the assessments made by the model. The SIAM Cyber Warfare Capability Model is meant to be used as a mechanism to examine in detail the factors that should indicate a country's cyber warfare capabilities. The SIAM Cyber Warfare Capability Model is a four level, hierarchical model that relies on user-defined relationships (links) to inform and assess whether a country has the capability to conduct, sustained offensive cyber warfare. The model requires the user provide a confidence value for the information contained within the Initial Nodes at the lowest level, level four, which will propagate up through the model based on user defined link strengths. The model accounts for the cumulative effect that multiple inputs may have on a nation state's cyber warfare capability through Causal Strengths (CAST) Logic. The analyst is also able to alter the information contained in the level four nodes along with the strength of the links, as more information is made available. This provides for a readily updateable model that considers multiple indicators and relationships. The SIAM Cyber Warfare Capability Model required 15,010 evaluations in its design once the four level structure was adopted. During the development of the model, we constrained ourselves to work within the data considerations provided by the sponsor. The model requires the user to decide the relative importance of pertinent considerations, as defined within the model, when defining the level four Initial Nodes. The model becomes easily expandable if the analyst determines there is a key consideration missing for an Initial Node it can be incorporated and documented. Furthermore, the model is readily transferrable. The models link strengths and reasoning are well documented allowing for it to be applied to a variety of nations and utilized by multiple organizations. The SIAM Cyber Warfare Capability Model was delivered to the sponsor, who then shared the model with other members of the Intelligence Community (IC). The sponsor endorsed the approach in our model and felt it provided a solid foundation for future modeling efforts. The sponsor used the Cyber Warfare Capability Model to account for resources in a separate model that analyzes a state's cyber program by taking a capability equals sophistication times resources approach. We view this feedback and subsequent use of our model in a separate product as a validation of the methodology employed in the Cyber Warfare Capability Model.
Approved for public release; distribution is unlimited.
Showing items related by title, author, creator and subject.
Housel, Tom; Wessman, Mark D.; Mun, Johnathan (Monterey, California. Naval Postgraduate School, 2010-04-30); NPS-AM-10-069Program Executive Office''Integrated Warfare Systems (PEO-IWS) engaged a team from the Naval Postgraduate School (NPS) to conduct a pilot study to apply the Knowledge Valued Added + Real Options + Integrated Risk Management ...
Aydin, Erhan. (Monterey, California. Naval Postgraduate School, 2000-03-01);Ship defense in convoy operations against Anti-Surface Missiles (ASM) has been an important aspect of Naval Warfare for the last two decades. Countries in a state of conflict often conduct threatening operations in their ...
Coffman, James Wyatt. (Monterey, California. Naval Postgraduate School, 2001-09);The Information Assurance Vulnerability Alert (IAVA) process was established to provide an early warning and tracking capability for protecting Department of Defense (DoD) networks against identified system vulnerabilities. ...