Emergency responders (e.g. police, fire fighters, etc.) commonly use training exercises to develop both individual and team skills for known scenarios. These exercises, simulations of real events, are often categorized as “modeling and simulation,” with simulacra of real entities composing the “models” in these events. Cyber defenders’ use of M&S is relatively new.

As described in Chapter 2, analytic models are used to evaluate cyber system risk via assessment frameworks. Combining these legacy IA frameworks with developing cyber modeling theory provides a foundation for tools that perform the “what if” analyses enabling a science of cyber security.

3.1 One Approach to the Science of Cyber Security

Cyber M&S will be the tools through which future engineers and technologists practice a Science of Cyber Security. Kott (2014), for example, provides a cyber description based on a defense against malicious software with the following definition:

“… the domain of science of cyber security is comprised of phenomena that involve malicious software (as well as legitimate software and protocols used maliciously) used to compel a computing device or a network of computing devices to perform actions desired by the perpetrator of malicious software (the attacker) and generally contrary to the intent (the policy) of the legitimate owner or operator (the defender) of the computing device(s).”

In addition, Kott (2014) notes that the ...