Details

An Introduction to Cyber Modeling and Simulation


An Introduction to Cyber Modeling and Simulation


Wiley Series in Modeling and Simulation, Band 88 1. Aufl.

von: Jerry M. Couretas

106,99 €

Verlag: Wiley
Format: PDF
Veröffentl.: 19.09.2018
ISBN/EAN: 9781119420811
Sprache: englisch
Anzahl Seiten: 192

DRM-geschütztes eBook, Sie benötigen z.B. Adobe Digital Editions und eine Adobe ID zum Lesen.

Beschreibungen

<p><b>Introduces readers to the field of cyber modeling and simulation and examines current developments</b> <b>in the US and internationally</b></p> <p>This book provides an overview of cyber modeling and simulation (M&S) developments. Using scenarios, courses of action (COAs), and current M&S and simulation environments, the author presents the overall information assurance process, incorporating the people, policies, processes, and technologies currently available in the field. The author ties up the various threads that currently compose cyber M&S into a coherent view of what is measurable, simulative, and usable in order to evaluate systems for assured operation.</p> <p><i>An Introduction to Cyber Modeling and Simulation</i> provides the reader with examples of tools and technologies currently available for performing cyber modeling and simulation. It examines how decision-making processes may benefit from M&S in cyber defense. It also examines example emulators, simulators and their potential combination. The book also takes a look at corresponding verification and validation (V&V) processes, which provide the operational community with confidence in knowing that cyber models represent the real world. This book:</p> <ul> <li>Explores the role of cyber M&S in decision making</li> <li>Provides a method for contextualizing and understanding cyber risk</li> <li>Shows how concepts such the Risk Management Framework (RMF) leverage multiple processes and policies into a coherent whole</li> <li>Evaluates standards for pure IT operations, "cyber for cyber," and operational/mission cyber evaluations—"cyber for others"</li> <li>Develops a method for estimating both the vulnerability of the system (i.e., time to exploit) and provides an approach for mitigating risk via policy, training, and technology alternatives</li> <li>Uses a model-based approach</li> </ul> <p><i>An Introduction to Cyber Modeling and Simulation</i> is a must read for all technical professionals and students wishing to expand their knowledge of cyber M&S for future professional work. </p>
<p><b>1 Brief Review of Cyber Incidents 1</b></p> <p>1.1 Cyber’s Emergence as an Issue 3</p> <p>1.2 Estonia and Georgia – Militarization of Cyber 4</p> <p>1.3 Conclusions 6</p> <p><b>2 Cyber Security – An Introduction to Assessment and Maturity Frameworks 9</b></p> <p>2.1 Assessment Frameworks 9</p> <p>2.2 NIST 800 Risk Framework 9</p> <p>2.2.1 Maturity Models 12</p> <p>2.2.2 Use Cases/Scenarios 13</p> <p>2.3 Cyber Insurance Approaches 14</p> <p>2.3.1 An Introduction to Loss Estimate and Rate Evaluation for Cyber 17</p> <p>2.4 Conclusions 17</p> <p>2.5 Future Work 18</p> <p>2.6 Questions 18</p> <p><b>3 Introduction to Cyber Modeling and Simulation (M&S) 19</b></p> <p>3.1 One Approach to the Science of Cyber Security 19</p> <p>3.2 Cyber Mission System Development Framework 21</p> <p>3.3 Cyber Risk Bow‐Tie: Likelihood to Consequence Model 21</p> <p>3.4 Semantic Network Model of Cyberattack 22</p> <p>3.5 Taxonomy of Cyber M&S 24</p> <p>3.6 Cyber Security as a Linear System – Model Example 25</p> <p>3.7 Conclusions 26</p> <p>3.8 Questions 27</p> <p><b>4 Technical and Operational Scenarios 29</b></p> <p>4.1 Scenario Development 30</p> <p>4.1.1 Technical Scenarios and Critical Security Controls (CSCs) 31</p> <p>4.1.2 ARMOUR Operational Scenarios (Canada) 32</p> <p>4.2 Cyber System Description for M&S 34</p> <p>4.2.1 State Diagram Models/Scenarios of Cyberattacks 34</p> <p>4.2.2 McCumber Model 35</p> <p>4.2.3 Military Activity and Cyber Effects (MACE) Taxonomy 36</p> <p>4.2.4 Cyber Operational Architecture Training System (COATS) Scenarios 37</p> <p>4.3 Modeling and Simulation Hierarchy – Strategic Decision Making and Procurement Risk Evaluation 39</p> <p>4.4 Conclusions 42</p> <p>4.5 Questions 43</p> <p><b>5 Cyber Standards for Modeling and Simulation 45</b></p> <p>5.1 Cyber Modeling and Simulation Standards Background 46</p> <p>5.2 An Introduction to Cyber Standards for Modeling and Simulation 47</p> <p>5.2.1 MITRE’s (MITRE) Cyber Threat Information Standards 47</p> <p>5.2.2 Cyber Operational Architecture Training System 49</p> <p>5.2.3 Levels of Conceptual Interoperability 50</p> <p>5.3 Standards Overview – Cyber vs. Simulation 51</p> <p>5.3.1 Simulation Interoperability Standards Organization (SISO) Standards 52</p> <p>5.3.2 Cyber Standards 54</p> <p>5.4 Conclusions 56</p> <p>5.5 Questions 57</p> <p><b>6 Cyber Course of Action (COA) Strategies 59</b></p> <p>6.1 Cyber Course of Action (COA) Background 59</p> <p>6.1.1 Effects‐Based Cyber‐COA Optimization Technology and Experiments (EBCOTE) Project 59</p> <p>6.1.2 Crown Jewels Analysis 60</p> <p>6.1.3 Cyber Mission Impact Assessment (CMIA) Tool 61</p> <p>6.1.4 Analyzing Mission Impacts of Cyber Actions 63</p> <p>6.2 Cyber Defense Measurables – Decision Support System (DSS) Evaluation Criteria 64</p> <p>6.2.1 Visual Analytics 65</p> <p>6.2.2 Managing Cyber Events 67</p> <p>6.2.3 DSS COA and VV&A 68</p> <p>6.3 Cyber Situational Awareness (SA) 68</p> <p>6.3.1 Active and Passive Situational Awareness for Cyber 69</p> <p>6.3.2 Cyber System Monitoring and Example Approaches 69</p> <p>6.4 Cyber COAs and Decision Types 70</p> <p>6.5 Conclusions 71</p> <p>6.6 Further Considerations 72</p> <p>6.7 Questions 72</p> <p><b>7 Cyber Computer‐Assisted Exercise (CAX) and Situational Awareness (SA) via Cyber M&S 75</b></p> <p>7.1 Training Type and Current Cyber Capabilities 77</p> <p>7.2 Situational Awareness (SA) Background and Measures 78</p> <p>7.3 Operational Cyber Domain and Training Considerations 79</p> <p>7.4 Cyber Combined Arms Exercise (CAX) Environment Architecture 81</p> <p>7.4.1 CAX Environment Architecture with Cyber Layer 82</p> <p>7.4.2 Cyber Injections into Traditional CAX – Leveraging Constructive Simulation 84</p> <p>7.4.3 Cyber CAX – Individual and Group Training 85</p> <p>7.5 Conclusions 86</p> <p>7.6 Future Work 87</p> <p>7.7 Questions 87</p> <p><b>8 Cyber Model‐Based Evaluation Background 89</b></p> <p>8.1 Emulators,Simulators, and Verification/Validation for Cyber System Description 89</p> <p>8.2 Modeling Background 90</p> <p>8.2.1 Cyber Simulators 91</p> <p>8.2.2 Cyber Emulators 93</p> <p>8.2.3 Emulator/Simulator Combinations for Cyber Systems 94</p> <p>8.2.4 Verification, Validation, and Accreditation (VV&A) 96</p> <p>8.3 Conclusions 99</p> <p>8.4 Questions 100</p> <p><b>9 Cyber Modeling and Simulation and System Risk Analysis 101</b></p> <p>9.1 Background on Cyber System Risk Analysis 101</p> <p>9.2 Introduction to using Modeling and Simulation for System Risk Analysis with Cyber Effects 104</p> <p>9.3 General Business Enterprise Description Model 105</p> <p>9.3.1 Translate Data to Knowledge 107</p> <p>9.3.2 Understand the Enterprise 114</p> <p>9.3.3 Sampling and Cyber Attack Rate Estimation 114</p> <p>9.3.4 Finding Unknown Knowns – Success in Finding Improvised Explosive Device Example 116</p> <p>9.4 Cyber Exploit Estimation 116</p> <p>9.4.1 Enterprise Failure Estimation due to Cyber Effects 118</p> <p>9.5 Countermeasures and Work Package Construction 120</p> <p>9.6 Conclusions and Future Work 122</p> <p>9.7 Questions 124</p> <p><b>10 Cyber Modeling & Simulation (M&S) for Test and Evaluation (T&E) 125</b></p> <p>10.1 Background 125</p> <p>10.2 Cyber Range Interoperability Standards (CRIS) 126</p> <p>10.3 Cyber Range Event Process and Logical Range 127</p> <p>10.4 Live,Virtual, and Constructive (LVC) for Cyber 130</p> <p>10.4.1 Role of LVC in Capability Development 132</p> <p>10.4.2 Use of LVC Simulations in Cyber Range Events 133</p> <p>10.5 Applying the Logical Range Construct to System under Test (SUT) Interaction 134</p> <p>10.6 Conclusions 135</p> <p>10.7 Questions 136</p> <p><b>11 Developing Model‐Based Cyber Modeling and Simulation Frameworks 137</b></p> <p>11.1 Background 137</p> <p>11.2 Model‐ Based Systems Engineering (MBSE) and System of Systems Description (Data Centric) 137</p> <p>11.3 Knowledge‐ Based Systems Engineering (KBSE) for Cyber Simulation 138</p> <p>11.3.1 DHS and SysML Modeling for Buildings (CEPHEID VARIABLE) 139</p> <p>11.3.2 The Cyber Security Modeling Language (CySeMoL) 140</p> <p>11.3.3 Cyber Attack Modeling and Impact Assessment Component (CAMIAC) 140</p> <p>11.4 Architecture‐ Based Cyber System Optimization Framework 141</p> <p>11.5 Conclusions 141</p> <p>11.6 Questions 142</p> <p><b>12 Appendix: Cyber M&S Supporting Data, Tools, and Techniques 143</b></p> <p>12.1 Cyber Modeling Considerations 143</p> <p>12.1.1 Factors to Consider for Cyber Modeling 143</p> <p>12.1.2 Lessons Learned from Physical Security 144</p> <p>12.1.3 Cyber Threat Data Providers 146</p> <p>12.1.4 Critical Security Controls (CSCs) 147</p> <p>12.1.5 Situational Awareness Measures 147</p> <p>12.2 Cyber Training Systems 148</p> <p>12.2.1 Scalable Network Defense Trainer (NDT) 153</p> <p>12.2.2 SELEX ES NetComm Simulation Environment (NCSE) 153</p> <p>12.2.3 Example Cyber Tool Companies 154</p> <p>12.3 Cyber‐ Related Patents and Applications 154</p> <p>12.4 Conclusions 160</p> <p>Bibliography 161</p> <p>Index 175</p>
<p><b>JERRY M. COURETAS, P<small>H</small>D,</b> is Technology Lead for the Office of Secretary Defense's (OSD) Modeling and Simulation Coordination Office (DM&SCO) of Booz, Allen & Hamilton in McLean, VA, USA. He is currently the Editor-in-Chief of <i>The Journal of Defense Modeling and Simulation</i>. Dr. Couretas is a Global Industrial Cyber Security Professional (GICSP), a Project Management Professional (PMP), and a Certified Enterprise Architect (FEAC Institute).
<p><b>INTRODUCES READERS TO THE FIELD OF CYBER MODELING AND SIMULATION AND EXAMINES CURRENT DEVELOPMENTS IN THE US AND INTERNATIONALLY</b> <p>This book provides an overview of cyber modeling and simulation (M&S) developments. Using scenarios, courses of action (COAs), and current M&S and simulation environments, the author presents the overall information assurance process, incorporating the people, policies, processes, and technologies currently available in the field. The author ties up the various threads that currently compose cyber M&S into a coherent view of what is measurable, simulative, and usable in order to evaluate systems for assured operation. <p><i>An Introduction to Cyber Modeling and Simulation</i> provides the reader with examples of tools and technologies currently available for performing cyber modeling and simulation. It examines how decision-making processes may benefit from M&S in cyber defense. It also examines example emulators, simulators and their potential combination. The book also takes a look at corresponding verification and validation (V&V) processes, which provide the operational community with confidence in knowing that cyber models represent the real world. This book: <ul> <li>Explores the role of cyber M&S in decision making</li> <li>Provides a method for contextualizing and understanding cyber risk</li> <li>Shows how concepts such the Risk Management Framework (RMF) leverage multiple processes and policies into a coherent whole</li> <li>Evaluates standards for pure IT operations, "cyber for cyber," and operational/mission cyber evaluations—"cyber for others"</li> <li>Develops a method for estimating both the vulnerability of the system (i.e., time to exploit) and provides an approach for mitigating risk via policy, training, and technology alternatives</li> <li>Uses a model-based approach</li> </ul> <p><i>An Introduction to Cyber Modeling and Simulation</i> is a must read for all technical professionals and students wishing to expand their knowledge of cyber M&S for future professional work.

Diese Produkte könnten Sie auch interessieren:

Aqueous Zinc Ion Batteries
Aqueous Zinc Ion Batteries
von: Haiyan Wang, Qi Zhang, Yixin Li, Yougen Tang
EPUB ebook
133,99 €
Multiphase Transport of Hydrocarbons in Pipes
Multiphase Transport of Hydrocarbons in Pipes
von: Juan J. Manzano-Ruiz, Jose G. Carballo
EPUB ebook
123,99 €