Developing modelling and simulation standards for including the cyber domain in military training and exercises

More Info
expand_more

Abstract

As cyber operations are evolving to become a major military enabler, cyber activities and their resulting effects should also be represented in simulation environments. Currently much effort is being put into creating simulation environments to enable the simulation of cyber operations at the technical (network) level. At this level the focus is on detection and exploitation of vulnerabilities on the offensive side and on prevention, detection and mitigation of malicious intrusions on the defensive side. Simulations at this level facilitate training of and competition between cyber technicians. Typical examples are so-called “Capture-the-flag” events. However, cyber operations also have an important impact at the tactical, operational and strategical level, but so far little effort has been put into integration of cyber operations and their effects at these levels. What there is, is mainly limited to degrading some of the tactical data communication or switching off C2 systems or simulators. A standard approach is required to integrate offensive and defensive cyber activities and their resulting effects in simulation environments in a timely, efficient, interoperable, and cost-effective manner. A first requirement for a standard approach is to describe the elements of systems that can be affected by cyber operations, their characteristics, the way they interact, offensive and defensive cyber activities and the effects they can have on operational capabilities. For this purpose, taxonomies and ontologies for cyber operations have been described in the literature, but they only cover elements of cyber operations (tailored to specific attacks, threats, vulnerabilities et cetera). All these attempts serve a specific research purpose and there is limited or no coherence between them. With only one exception that we know of, the research results have, beside papers, not been available for further development. Open sources and standards are lacking which hinders further development of interoperable products for introducing cyber operations in modelling and simulation for training and experimentation as they do exist for Land, Sea, Air, and Space. An ontology for the cyber domain is – however – important to the development of (re-usable) simulation conceptual models, simulation scenarios and simulation data exchange models. An ontology provides amongst others consistent naming, meaning, relations and interactions of the various elements used in the different models. TNO Defence Research is strongly involved in many standardisation activities for modelling and simulation in the military domain. In addition, as part of a doctoral research project (Technical University Delft, TNO Defence Research, and Netherlands Defence Academy (NLDA)) aimed at assessing the effects of cyber operations in support of targeting decision making that avoids collateral damage. In this context computational ontologies have been developed to describe cyber operations and to represent and reason around the necessary knowledge to assess the effects of cyber operations. These ontologies can be regarded as a (knowledge-based) simulation environment resulting from empirical research and design studies in the military cyber domain. This paper describes a development method, focussed on the construction of a cyber operations ontology for training and exercises, and the initial steps toward a cyber simulation data exchange model.

Files

2019_SIW_002.pdf
(pdf | 0.856 Mb)
Unknown license