Seeing is Believing Quantifying and Visualizing Offensive Cyber Operations Risk

• Published in: The cyber defense review Vol. 4; no. 1; pp. 85 - 106
• Main Author: Klipstein, Michael
• Format: Journal Article
• Language: English
• Published: Army Cyber Institute 01.04.2019
• Subjects: Cognition; Emotional states; Heuristics; Military doctrines; Military operations; Military personnel; Minimization of cost; Payroll; Risk analysis; Simulations
• ISSN: 2474-2120; 2474-2139

This paper presents an integration of decision-maker preferences, quantitative risk analysis, and simulation modeling to aid commanders in choosing a course of action (COA) for conducting offensive cyber operations (OCO). It incorporates information from subject matter experts (SMEs) to parameterize a simulation model which provides decision support to mission planners when evaluating different COAs. The methodology is exercised and evaluated by cyberwarfare practitioners. The research findings demonstrate its value for increasing the ability of inexperienced personnel to make COA selections on par with experienced personnel, providing greater perceived understanding of risk defined as meeting the constraints of both cost and effectiveness, mitigating confusion or ambiguity resulting from subjective terms, and providing greater consensus of COA selection among practitioners in the aggregate. The advantages of this approach are significant as it produces a portrait of each COA that reveals the effect of the uncertainties that the SMEs admit pertaining to each of their outcome estimates. Given the value functions and trade-off weights of the commander, these translate into a meaningful portrayal of the risk to the decision maker in each COA.