6Cyber Course of Action (COA) Strategies
This chapter examines how decision‐making in cyber defense may benefit from Modeling and Simulation (M&S). The cyber domain presents scale and scope issues that require decision aids to meet the accuracy and timeliness demands for securing the network. The use of “models,” for cyber decision support spans from longer‐term decision support, in categorizing projected network events, to real‐time visualization of developing threats, and using these models to analyze attack graphs and projected second‐ and third‐order effects for each COA candidate.
Developing COAs to respond to cyberattacks is especially challenging with the rise of threat capability, and the number of nefarious actors (Mandiant 2014). Cyber actors have the ability to coordinate (e.g. via botnets [Kotenko 2005]) and scale an attack at time constants potentially much faster than standard human cognition. M&S, in Decision Support Systems (DSS), can enhance situational awareness (SA) through training. The knowledge imparted by M&S, used in the design and development of DSS, trades directly against the technical advantages and experience of a cyber attacker. Understanding how a DSS’ COA effectiveness will be measured is therefore key in DSS design.1
6.1 Cyber Course of Action (COA) Background
6.1.1 Effects‐Based Cyber‐COA Optimization Technology and Experiments (EBCOTE) Project
In 2004, DARPA developed a cyber test bed for real‐time evaluation of COA impact, evaluating performance ...
Get An Introduction to Cyber Modeling and Simulation now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.