An Introduction to Cyber Modeling and Simulation
eBook - ePub

An Introduction to Cyber Modeling and Simulation

  1. English
  2. ePUB (mobile friendly)
  3. Available on iOS & Android
eBook - ePub

An Introduction to Cyber Modeling and Simulation

About this book

Introduces readers to the field of cyber modeling and simulation and examines current developments in the US and internationally

This book provides an overview of cyber modeling and simulation (M&S) developments. Using scenarios, courses of action (COAs), and current M&S and simulation environments, the author presents the overall information assurance process, incorporating the people, policies, processes, and technologies currently available in the field. The author ties up the various threads that currently compose cyber M&S into a coherent view of what is measurable, simulative, and usable in order to evaluate systems for assured operation.

An Introduction to Cyber Modeling and Simulation provides the reader with examples of tools and technologies currently available for performing cyber modeling and simulation. It examines how decision-making processes may benefit from M&S in cyber defense. It also examines example emulators, simulators and their potential combination. The book also takes a look at corresponding verification and validation (V&V) processes, which provide the operational community with confidence in knowing that cyber models represent the real world. This book:

  • Explores the role of cyber M&S in decision making
  • Provides a method for contextualizing and understanding cyber risk
  • Shows how concepts such the Risk Management Framework (RMF) leverage multiple processes and policies into a coherent whole
  • Evaluates standards for pure IT operations, "cyber for cyber, " and operational/mission cyber evaluationsā€”"cyber for others"
  • Develops a method for estimating both the vulnerability of the system (i.e., time to exploit) and provides an approach for mitigating risk via policy, training, and technology alternatives
  • Uses a model-based approach

An Introduction to Cyber Modeling and Simulation is a must read for all technical professionals and students wishing to expand their knowledge of cyber M&S for future professional work.

Frequently asked questions

Yes, you can cancel anytime from the Subscription tab in your account settings on the Perlego website. Your subscription will stay active until the end of your current billing period. Learn how to cancel your subscription.
No, books cannot be downloaded as external files, such as PDFs, for use outside of Perlego. However, you can download books within the Perlego app for offline reading on mobile or tablet. Learn more here.
Perlego offers two plans: Essential and Complete
  • Essential is ideal for learners and professionals who enjoy exploring a wide range of subjects. Access the Essential Library with 800,000+ trusted titles and best-sellers across business, personal growth, and the humanities. Includes unlimited reading time and Standard Read Aloud voice.
  • Complete: Perfect for advanced learners and researchers needing full, unrestricted access. Unlock 1.4M+ books across hundreds of subjects, including academic and specialized titles. The Complete Plan also includes advanced features like Premium Read Aloud and Research Assistant.
Both plans are available with monthly, semester, or annual billing cycles.
We are an online textbook subscription service, where you can get access to an entire online library for less than the price of a single book per month. With over 1 million books across 1000+ topics, weā€™ve got you covered! Learn more here.
Look out for the read-aloud symbol on your next book to see if you can listen to it. The read-aloud tool reads text aloud for you, highlighting the text as it is being read. You can pause it, speed it up and slow it down. Learn more here.
Yes! You can use the Perlego app on both iOS or Android devices to read anytime, anywhere ā€” even offline. Perfect for commutes or when youā€™re on the go.
Please note we cannot support devices running on iOS 13 and Android 7 or earlier. Learn more about using the app.
Yes, you can access An Introduction to Cyber Modeling and Simulation by Jerry M. Couretas in PDF and/or ePUB format, as well as other popular books in Technology & Engineering & Materials Science. We have over one million books available in our catalogue for you to explore.

Information

Publisher
Wiley
Year
2018
Print ISBN
9781119420873
eBook ISBN
9781119420835
Edition
1
Topic
Technology & Engineering
Subtopic
Materials Science
Index
Technology & Engineering

1
Brief Review of Cyber Incidents

When it comes to national security, I think this [i.e., cyber warfare] represents the battleground for the future. Iā€™ve often said that I think the potential for the next Pearl Harbor could very well be a cyberā€attack. If you have a cyberā€attack that brings down our power grid system, brings down our financial systems, brings down our government systems, you could paralyze this country.1
Leon Panetta
The 1988 Morris Worm, designed to estimate the size of the Internet, caused the shutting down of thousands of machines and resulted in the Defense Advanced Research Projects Agency (DARPA) funding the first Computer Emergency Response Team (CERT) at Carnegie Mellon University (CMU). As shown in Table 1.1, cyberattacks have continued since 1988, with effects that range from data collection to controlling critical infrastructure.
Table 1.1 Select cyber incidents.
Year Cyberattack Objective Effects
1988 Morris Worm Understand the number of hosts connected to the Internet Removed thousands of computers from operation
2003 Slammer Worm Denial of service Disabled Ohio's Davisā€“Besse nuclear power plant safety monitoring system for nearly 5 h
2008 Conficker Implant malware on target machines Control target machines
2010 STUXNET Take control of Siemens industrial control systems (ICSā€™) Destroyed centrifuges used for Iranian nuclear program
2012 Saudi Aramco (oil provider) business systems (aka Al Shamoon) Wipe disks on Microsoft Windowsā€based systems Destroyed ARAMCO business systems to cause financial losses due to their inability to bill customers for oil shipments
2013 South Korean Banks ā€œDarkSeoulā€ virus used to deny service and destroy data Destroyed hard drives of selected business systems
US Banks Distributed Denial of Service (DDoS) Caused financial losses through banksā€™ inability to serve customers
Rye Dam (NY) Access control gates for opening and closing at will Controlled dam gate system
2014 Sony Pictures Data breach Downloaded a large amount of data and posted it on the Internet; 3 wk before the release of a satirical film about North Korea
2015 Office of Personnel Management (OPM) breach Gain access to information on US Government Personnel Downloaded over 21 million US Government and contractor personnel files
2017 Equifax breach Gain access to consumer credit information Downloaded credit history and private information on over 143 million consumers
Table 1.1 also provides a mix of documented cyber incidents, with only the Morris Worm in question, as to malevolent intent. Due to the multiple actors and actions, involving cyberattacks, a conversation around ā€œresilienceā€ (e.g. NIST Cybersecurity Framework) provides a means for communicating about how the overall system will continue to perform, in the face of adversity. In addition, resilience frames the discussion about an organizationā€™s operational risk; due to cyber, in this case. More specifically, the resilience view provides a means to organize the challenges associated with measuring and quantifying the broad scope of an organizationā€™s cyberattack surface by:
  1. Recognizing that the autonomy and efficiencies that information systems provide are too valuable to forego, even if the underlying technologies provide a potential threat to business operations.
  2. Understanding that cyber ā€œsecurityā€ (i.e. the ability to provide an effective deterrent to cyberattacks) is not achievable for most organizations in the short term, so resilience is one way to develop organizational policies and processes around
    1. mitigation scenarios for general cyberattacks
    2. comparing tacitly accepted cyber risk to business risks that we already transfer (e.g. hurricanes, earthquakes, natural disasters, etc.) to other organizations (e.g. insurance companies).
  3. Coordinating the challenges associated with an organizationā€™s people being a key source of cyber vulnerability.
Resilience, therefore, provides an overarching approach, with some elements already modeled, for bundling the exposure associated with cyber and moving the discussion to a more manageable set of risks; analogous to operational challenges already mitigated or transferred through an organizationā€™s policies and processes. In addition, cyber risk management requires analytical evaluation and testable scenarios that enable contingency planning for each respective organization. Cyber risk assessment is a growing area of interest, and an inspiration for developing cyber modeling and simulation techniques.

1.1 Cyberā€™s Emergence as an Issue

The issue of cyber security, somewhat slow to be recognized during information technologyā€™s rapid rate of development and dissemination into business enterprises over the last half century, often gets the same level of news coverage as natural disasters or stock market anomalies. While an Office of Personnel Management (OPM)2 breach disclosing the private information of millions of US civil servants gets a few days of news, a new iPhone release will create weeks of chatter on social networks. Cyber insecurity is much less interesting to the general public than the Internetā€™s entertainment and socialization prospects.
The same market growth for personal computing technologies, however, adds to unforesee...

Table of contents

  1. Cover
  2. Table of Contents
  3. 1 Brief Review of Cyber Incidents
  4. 2 Cyber Security ā€“ An Introduction to Assessment and Maturity Frameworks
  5. 3 Introduction to Cyber Modeling and Simulation (M&S)
  6. 4 Technical and Operational Scenarios
  7. 5 Cyber Standards for Modeling and Simulation
  8. 6 Cyber Course of Action (COA) Strategies
  9. 7 Cyber Computerā€Assisted Exercise (CAX) and Situational Awareness (SA) via Cyber M&S
  10. 8 Cyber Modelā€Based Evaluation Background
  11. 9 Cyber Modeling and Simulation and System Risk Analysis
  12. 10 Cyber Modeling & Simulation (M&S) for Test and Evaluation (T&E)
  13. 11 Developing Modelā€Based Cyber Modeling and Simulation Frameworks
  14. 12 Appendix: Cyber M&S Supporting Data, Tools, and Techniques
  15. Bibliography
  16. Index
  17. End User License Agreement