|Modelling and Simulation S&T: Critical enabler for Cyber Defence|
|Information Systems Technology|
Adversary Models, Communications and Information Systems, Cyber Defence, Cyber Education and Training, Graph Theory, Human Cognition, likelihood and Impact Models, Model Based Systems Engineering, Modelling and Simulation, Resilience Engineering, Risk, Synthetic environments
This technical activity proposal for a workshop addresses the recommendation from the research of the NATO Information Systems and Technology (IST) panel exploratory team, IST-ET-094 on “Model driven paradigms for integrated approaches for Cyber Defense”. Key findings of this research are that the Science and Technology (S&T) underpinning the developments of models, simulators/emulators, methods and tools in support of an integrated Cyber Defense approach remain immature. Though some progress has been made in a few individual cyber-related topic areas (e.g., emulation for cyber ranges and training environments, and attack graphs analysis) there is less evidence of integration and an inter-disciplinary approach to address challenges in Cyber Defense, a priority strategic risk area for NATO and most, if not all, of its coalition nations.
It is therefore argued that a new model driven paradigm, inter-disciplinary and coherent by design to link the technical areas, is needed for cyber defense to assist the integration of business or military operations with cyber defense, particularly in bridging the cognitive gap between operational decision-makers and cyber defenders. That is supports the ability, at the required level of abstraction, to translate operational priorities into cyber defense priorities, and to translate impacts on the supporting cyber infrastructure into consequences expressed in operational terms.
The objectives of the workshop are to provide such a forum and consider the S&T developments (what?, where?, and how?) that could be leveraged and form an integral part of a model driven approach to arrive at a better representation, with varying levels of fidelity, of the socio-technical system (of systems) that comprise cyber, their security and defense against cyber threats. This includes the underpinning analytics to determine, with certain levels of validation or assurance, the effects/impacts of threats, options and consequences of mitigations and actions. This needs outputs and evidence from a broad range of analysis activities: detecting attacks in a mission-supporting manner, assessing damages relevant to the mission, investigating impacts on mission elements, recovering from attacks in order to continue missions to the maximum extent possible, and deciding on how to respond to cyber-attacks in a manner that maximizes mission success. Additionally, forensics methods and tools are necessary to determine key facts relevant to assessing mission impact. Such tools are used for evidence collection, analysis of the attack, identification of the attacker, understanding the attack, damage assessment, and attribution of attackers. Depending on the mission and the type of an attack, there may be different degrees of relative importance and resources attached to attack detection, continuity of the mission, damage assessment, evidence collection, attribution, and other activities. Usage of related methods, procedures, tools or technology should depend largely on the mission.
The following four themes emerge to provide focus for the workshop for modeling and simulation within this overall Cyber Defense context described above:
1. Model Based Systems Engineering (MBSE) approaches:- from MBSE developments in other sectors (e.g. land, air and space), which methods, tools and techniques can be best applied to socio-technical system (of systems) that define cyber, their utility and measures of effectiveness. In particular how well a MBSE approach can address all layers from the cognitive, virtual to the physical and over the system lifecycles?
2. Models for and Simulation of attack (and defend) processes:- what can be identified and inferred at a detailed level of observable events (e.g. system logs at lower levels) suitable for the validation of the model and verification of defensive measures. Important aspects include comparison with real-events (threats and counter-measures where available), forensics and warnings and indicators?
3. Better representation of modeling and sim(em)ulation of adversarial interactions between attackers and defenders, and adversaries themselves:- what are the effective high level techniques as well as detailed game theoretic techniques for ‘war gaming’ of range of simple to complex scenarios. To provide means by which solutions can be explored in an overall end-to-end chain of actions-counteraction in an attack or goal-compromise episode?
4. Modeling and Sim(em)ulation of Human Cognition and Behaviors:- how can we model and ‘encode’ human decision making and action/reaction of a human defender, including working with machines with increasing levels of autonomy, as a function of the environments, the situation at hand, different stimuli, knowledge, experience and training?
The expected outcome of the workshop is deeper insight into the S&T art of the possible, now and in the future, of model based systems approach applied to Cyber Defense, the utility, benefits and challenges. Specific technical challenges that need to be addressed to extract value for enhanced Cyber Defense capability of NATO and coalition nations. In addition also expect some foresight on how the two areas may evolve in the future and the opportunities and threats posed.
1. Mature Model Based Systems Engineering (MBSE) approaches for Cyber Defence;
2. Enhance models for and simulation of attack (and defend) processes;
3. Better representation of modelling and sim(em)ulation of adversarial interactions between attackers and defenders, and adversaries themselves; and
4. Effective in the modelling and sim(em)ulation of Human Cognition and Behaviours.