Content area
Full Text
Abstract: Military organizations are attempting to be more proactive in securing critical cyber terrain, which is known as active cyber defense. In this work, we explore a cross-discipline research approach to informing active cyber defense activities. A dataset of empirically observed adversary behaviour activities collected at the 2015 North American International Cyber Summit (NAICS) is added to an existing cyber warfare simulation framework in order to gain new insights about the ways in which defensive cyber operations forces should be deployed. Four virtual experiments are conducted that illuminate important considerations for military planners.
Keywords: agent-based modelling, simulation, adversary behaviour, cyber warfare, military
1. Introduction
Military organizations are confronting the fact that cyber is a contested domain. In a recent interview with Markets Insider, Lt. Gen Bruce T. Crawford, US Army Chief Information Officer/G-6, said: "The bottom line, when it comes to the threat, is that never again will we have the luxury of operating in uncontested space. That's become a part of who we are now" (Markets Insider 2017). To deal with an increasing likelihood of contested cyber space, active cyber defense is an approach that is gaining traction. Denning starts with an active air defense definition, and applies to cyber, giving: "Active Cyber Defense is direct defensive action taken to destroy, nullify, or reduce the effectiveness of cyber threats against friendly forces and assets" (Denning 2014). In this paper we apply a cross-discipline approach to examine the factors that can reduce the likelihood that cyber terrain will become exploited by adversarial action. If an organization seeks to implement an active cyber defense strategy, it must know the factors that will be effective. We use empirical data from a cyber warfare exercise held at the 2015 North American International Cyber Summit (NAICS), which temporally tracked adversary behaviour. This data is then used to model and simulate different attacks against various defensive cyber force packages. In this work, we are primarily focusing on the parameters that will slow down the adversary, in order to allow defenders more time to take appropriate mitigating actions. That is, a cross-discipline approach to improve military organizations' active cyber defense operations.
2. Background
Conventional cyberattack management is response-driven, which has limited efficacy, as it does not reflect advanced and sophisticated...