Cover
1 Brief Review of Cyber Incidents
1. 1.1 Cyber’s Emergence as an Issue
2. 1.2 Estonia and Georgia – Militarization of Cyber
3. 1.3 Conclusions
2 Cyber Security – An Introduction to Assessment and Maturity Frameworks
1. 2.1 Assessment Frameworks
2. 2.2 NIST 800 Risk Framework
3. 2.3 Cyber Insurance Approaches
4. 2.4 Conclusions
5. 2.5 Future Work
6. 2.6 Questions
3 Introduction to Cyber Modeling and Simulation (M&S)
1. 3.1 One Approach to the Science of Cyber Security
2. 3.2 Cyber Mission System Development Framework
3. 3.3 Cyber Risk Bow‐Tie: Likelihood to Consequence Model
4. 3.4 Semantic Network Model of Cyberattack
5. 3.5 Taxonomy of Cyber M&S
6. 3.6 Cyber Security as a Linear System – Model Example
7. 3.7 Conclusions
8. 3.8 Questions
4 Technical and Operational Scenarios
1. 4.1 Scenario Development
2. 4.2 Cyber System Description for M&S
3. 4.3 Modeling and Simulation Hierarchy – Strategic Decision Making and Procurement Risk Evaluation
4. 4.4 Conclusions
5. 4.5 Questions
5 Cyber Standards for Modeling and Simulation
1. 5.1 Cyber Modeling and Simulation Standards Background
2. 5.2 An Introduction to Cyber Standards for Modeling and Simulation
3. 5.3 Standards Overview – Cyber vs. Simulation
4. 5.4 Conclusions
5. 5.5 Questions
6 Cyber Course of Action (COA) Strategies
1. 6.1 Cyber Course of Action (COA) Background
2. 6.2 Cyber Defense Measurables – Decision Support System (DSS) Evaluation Criteria
3. 6.3 Cyber Situational Awareness (SA)
4. 6.4 Cyber COAs and Decision Types
5. 6.5 Conclusions
6. 6.6 Further Considerations
7. 6.7 Questions
7 Cyber Computer‐Assisted Exercise (CAX) and Situational Awareness (SA) via Cyber M&S
1. 7.1 Training Type and Current Cyber Capabilities
2. 7.2 Situational Awareness (SA) Background and Measures
3. 7.3 Operational Cyber Domain and Training Considerations
4. 7.4 Cyber Combined Arms Exercise (CAX) Environment Architecture
5. 7.5 Conclusions
6. 7.6 Future Work
7. 7.7 Questions
8 Cyber Model‐Based Evaluation Background
1. 8.1 Emulators, Simulators, and Verification/Validation for Cyber System Description
2. 8.2 Modeling Background
3. 8.3 Conclusions
4. 8.4 Questions
9 Cyber Modeling and Simulation and System Risk Analysis
1. 9.1 Background on Cyber System Risk Analysis
2. 9.2 Introduction to using Modeling and Simulation for System Risk Analysis with Cyber Effects
3. 9.3 General Business Enterprise Description Model
4. 9.4 Cyber Exploit Estimation
5. 9.5 Countermeasures and Work Package Construction
6. 9.6 Conclusions and Future Work
7. 9.7 Questions
10 Cyber Modeling & Simulation (M&S) for Test and Evaluation (T&E)
1. 10.1 Background
2. 10.2 Cyber Range Interoperability Standards (CRIS)
3. 10.3 Cyber Range Event Process and Logical Range
4. 10.4 Live, Virtual, and Constructive (LVC) for Cyber
5. 10.5 Applying the Logical Range Construct to System Under Test (SUT) Interaction
6. 10.6 Conclusions
7. 10.7 Questions
11 Developing Model‐Based Cyber Modeling and Simulation Frameworks
1. 11.1 Background
2. 11.2 Model‐Based Systems Engineering (MBSE) and System of Systems Description (Data Centric)
3. 11.3 Knowledge‐Based Systems Engineering (KBSE) for Cyber Simulation
4. 11.4 Architecture ‐Based Cyber System Optimization Framework
5. 11.5 Conclusions
6. 11.6 Questions
12 Appendix: Cyber M&S Supporting Data, Tools, and Techniques
1. 12.1 Cyber Modeling Considerations
2. 12.2 Cyber Training Systems
3. 12.3 Cyber‐Related Patents and Applications
4. 12.4 Conclusions
Bibliography
Index
End User License Agreement

List of Tables

Chapter 01
1. Table 1.1 Select cyber incidents.
Chapter 02
1. Table 2.1 NIST SP 800‐30 risk assessment.
2. Table 2.2 Maturity levels for policy implementation and process assessment.
3. Table 2.3 Resilience lines of effort (LOEs).
4. Table 2.4 Resilience steps and system security assessment.
5. Table 2.5 Standard security description references.
Chapter 03
1. Table 3.1 Taxonomy and models for cyber defense.
Chapter 04
1. Table 4.1 Stages of Process for Attack Simulation and Threat Analysis (PASTA) threat modeling methodology.
2. Table 4.2 Operational examples.
3. Table 4.3 Proactive and reactive ARMOUR scenarios (DRDC (Canada) 2014a, b).
4. Table 4.4 ARMOUR operational scenarios (DRDC (Canada) 2014a, b).
5. Table 4.5 Cyber effects and military activities.
6. Table 4.6 Cyber Operational Architecture Training System (COATS) scenarios.
7. Table 4.7 Cyber effects and attack type examples.
Chapter 05
1. Table 5.1 Example cyber standards.
2. Table 5.2 Cyber description tools (MITRE).
Chapter 06
1. Table 6.1 Cyber Decision Support System (DSS) metrics and example use.
2. Table 6.2 Situational Awareness and available M&S tools for improving cyber defense decision making.
Chapter 07
1. Table 7.1 Group training capabilities.
2. Table 7.2 Situational awareness learning – tactical and strategic processes and outcomes.
3. Table 7.3 LVC contributions to cyber CAX realism.
4. Table 7.4 CAX environment components.
5. Table 7.5 Description of Red Computer Network Attack (CNA) on Blue systems to demonstrate degradation effects on operator workstations.
6. Table 7.6 Individual training – games and administrator training.
7. Table 7.7 Example Cyber CAX and training levels.
Chapter 08
1. Table 8.1 System attributes – flexibility, scalability, and fidelity.
2. Table 8.2 Conceptual definitions of activities and modeling and simulation framework (MSF) equivalents.
3. Table 8.3 Cyber range types.
4. Table 8.4 Verification, Validation and Accreditation (VV&A) properties.
5. Table 8.5 Conceptual definitions of objects and modeling and simulation framework (MSF) equivalents.
Chapter 09
1. Table 9.1 Cyber modeling and the bathtub failure curve.
2. Table 9.2 Internal threat scenario examples.
3. Table 9.3 Example security metrics.
4. Table 9.4 Enterprise evaluation – areas and time periods.
5. Table 9.5 People/policy/process/technology example breakdown (vulnerability analysis).
6. Table 9.6 Situational awareness (SA) – levels and indicators.
7. Table 9.7 Example countermeasures as work packages.
8. Table 9.8 Deep packet inspection platform examples (Einstein and SORM).
Chapter 10
1. Table 10.1 Current US government cyber ranges.
2. Table 10.2 System Under Test (SUT) evaluation approaches.
Chapter 12
1. Table 12.1 Cyber M&S knowledge categories and examples.
2. Table 12.2 Factors affecting time requirements for threat modeling.
3. Table 12.3 Selected Underwriters Laboratory (UL) safe burglary ratings.
4. Table 12.4 Open‐source cyber threat reports – organizations and missions.
5. Table 12.5 Critical Security Controls (CSCs).
6. Table 12.6 Australian Signals Directorate computer network defense controls.
7. Table 12.7 Methods of measuring situational awareness.
8. Table 12.8 Cyber trainer examples (defense emphasis).
9. Table 12.9 Sample commercial training companies and offerings.
10. Table 12.10 Granted patents.
11. Table 12.11 Patent applications.

List of Illustrations

Chapter 01
1. Figure 1.1 Organizations targeted by China.
2. Figure 1.2 Map of N. Europe with Estonia (Google Maps).
Chapter 02
1. Figure 2.1 Assessment levels – enterprise risk, process modeling, and vulnerability analysis.
2. Figure 2.2 Information security – business impact and enterprise risk analysis.
3. Figure 2.3 Business blackout due to US east coast grid compromise (Maynard and Beecroft 2015).
Chapter 03
1. Figure 3.1 DoD’s cyber S&T priority steering council research roadmap (King 2011).
2. Figure 3.2 Cyber risk “bow‐tie” – prevention, attack, and remediation.
3. Figure 3.3 Semantic network of current and anticipated threats (Yufik 2014).
4. Figure 3.4 Scenarios through model development approach.
5. Figure 3.5 Cyber analysis elements.
6. Figure 3.6 Cyber modeling and simulation elements.
7. Figure 3.7 State model of attacker (behavioral example).
8. Figure 3.8 Cyber security as a linear system (Cam).
Chapter 04
1. Figure 4.1 Cyber‐range event process overview.
2. Figure 4.2 Attack path model using “CIA” system states.
3. Figure 4.3 McCumber model.
4. Figure 4.4 Components of information security.
5. Figure 4.5 Cyber Operational Architecture Training System (COATS) (OV‐1).
6. Figure 4.6 Cyber effects and mission evaluation Rowe et al. (2017) – http://journals.sagepub.com/doi/abs/10.1177/1548512917707077?journalCode=dmsa
7. Figure 4.7 Risk bow‐tie (Nunes‐Vaz et al. 2011, 2014).
8. Figure 4.8 Strategic cyber decision making – leveraging M&S tools and cyber controls. US Army’s CobWEBS (Marshall 2015) and Vencore Corporation’s CyberVAN are models currently used to evaluate defense concepts.
Chapter 05
1. Figure 5.1 Military operator and cyber IA overlaps.
2. Figure 5.2 Levels of Conceptual Interoperability Model.
3. Figure 5.3 Cyber “Bow‐Tie” – Prevention, Attack, and Remediation
Chapter 06
1. Figure 6.1 Three research phases in the evolution of the EBCOTE system.
2. Figure 6.2 The Mission Assurance Engineering (MAE) Process.
3. Figure 6.3 Mission needs, MOPs, MOEs, and KPPs.
4. Figure 6.4 AMICA – Information Technology (IT) to mission simulator.
5. Figure 6.5 Cyber decision support system.
6. Figure 6.6 General Methodology for Verification and Validation (GM‐VV) technical framework design and operational use concept.
7. Figure 6.7 Three layers of Information Operations – physical, informational, and cognitive.
8. Figure 6.8 SIEM data, CSCs, and key cyber terrain – the what, how, and why of cyber decision making.
9. Figure 6.9 Course of Action implementations (automated and human assisted).
Chapter 07
1. Figure 7.1 Bloom Taxonomy for learning domains.
2. Figure 7.2 Network, cyberspace, and mission operations – information flows and events (Stine 2012).
3. Figure 7.3 Live–Virtual–Constructive (LVC) and skills development.
4. Figure 7.4 Generic CAX environment architecture.
5. Figure 7.5 Generic CAX environment architecture including a cyber layer.
6. Figure 7.6 COATS cyber injection architecture.
7. Figure 7.7 Network emulation (StealthNet) injection into Network System Under Test (NSUT) (Bucher 2012).
Chapter 08
1. Figure 8.1 Validity of base and lumped models in Experimental Frame (EF).
2. Figure 8.2 Architecture for System of Systems (SoS) Verification and Validation (V&V) based on M&S framework.
3. Figure 8.3 Emulator–simulator combination for Cyber–Physical System.
4. Figure 8.4 Time/data synchronization for combined emulation–simulation environment.
5. Figure 8.5 Development vs. operational testing – verification and validation.
6. Figure 8.6 VV&A goal–claim network structure.
7. Figure 8.7 Utility, validity, correctness, and meta‐properties relationship diagram.
Chapter 09
1. Figure 9.1 The bathtub curve – when and why of failures.
2. Figure 9.2 Systems engineering and project management for preventive cyber security.
3. Figure 9.3 The “V” model of systems engineering.
4. Figure 9.4 Enterprise security view – people, process, and technology domains.
5. Figure 9.5 Audit timeline – people/process/technology evaluation.
6. Figure 9.6 Enterprise connections (people/policy/process/technology) and COA planning.
7. Figure 9.7 Question & answer process (Q&A) for system entity structure (Ontology) development.
8. Figure 9.8 Enterprise model and parameterization.
9. Figure 9.9 Data to strategy evaluation.
10. Figure 9.10 Enterprise vulnerability – exploit rates by domain.
11. Figure 9.11 Mean time to exploit example.
Chapter 10
1. Figure 10.1 Cyber event process overview.
2. Figure 10.2 Logical range and the control, event, and instrumentation planes.
Chapter 11
1. Figure 11.1 UML 2 and SysML.
2. Figure 11.2 SysML diagram types.
3. Figure 11.3 Legacy simulation‐based acquisition development approach.
4. Figure 11.4 CAMIAC prototype architecture.
5. Figure 11.5 Federated Analysis of Cyber Threats (FACT) (MITRE 2015).

This edition first published 2019
© 2019 John Wiley & Sons, Inc.

All rights reserved. No part of this publication may be reproduced, stored in a retrieval system, or transmitted, in any form or by any means, electronic, mechanical, photocopying, recording or otherwise, except as permitted by law. Advice on how to obtain permission to reuse material from this title is available at http://www.wiley.com/go/permissions.

The right of Jerry M. Couretas to be identified as the author of this work has been asserted in accordance with law.

Registered Office
John Wiley & Sons, Inc., 111 River Street, Hoboken, NJ 07030, USA

Editorial Office
111 River Street, Hoboken, NJ 07030, USA

For details of our global editorial offices, customer services, and more information about Wiley products visit us at www.wiley.com.

Wiley also publishes its books in a variety of electronic formats and by print‐on‐demand. Some content that appears in standard print versions of this book may not be available in other formats.

Limit of Liability/Disclaimer of Warranty
The publisher and the authors make no representations or warranties with respect to the accuracy or completeness of the contents of this work and specifically disclaim all warranties; including without limitation any implied warranties of fitness for a particular purpose. This work is sold with the understanding that the publisher is not engaged in rendering professional services. The advice and strategies contained herein may not be suitable for every situation. In view of on‐going research, equipment modifications, changes in governmental regulations, and the constant flow of information relating to the use of experimental reagents, equipment, and devices, the reader is urged to review and evaluate the information provided in the package insert or instructions for each chemical, piece of equipment, reagent, or device for, among other things, any changes in the instructions or indication of usage and for added warnings and precautions. The fact that an organization or website is referred to in this work as a citation and/or potential source of further information does not mean that the author or the publisher endorses the information the organization or website may provide or recommendations it may make. Further, readers should be aware that websites listed in this work may have changed or disappeared between when this works was written and when it is read. No warranty may be created or extended by any promotional statements for this work. Neither the publisher nor the author shall be liable for any damages arising here from.

Library of Congress Cataloging‐in‐Publication Data

Names: Couretas, Jerry M., 1966– author.
Title: An introduction to cyber modeling and simulation / Jerry M. Couretas.
Description: Hoboken, NJ : John Wiley & Sons, 2019. | Series: Wiley series in modeling and simulation | Includes bibliographical references and index. |
Identifiers: LCCN 2018023900 (print) | LCCN 2018036433 (ebook) | ISBN 9781119420811 (Adobe PDF) | ISBN 9781119420835 (ePub) | ISBN 9781119420873 (hardcover)
Subjects: LCSH: Computer simulation. | Computer security. | Cyberinfrastructure.
Classification: LCC QA76.9.C65 (ebook) | LCC QA76.9.C65 C694 2018 (print) | DDC 005.8–dc23
LC record available at https://lccn.loc.gov/2018023900

Cover Design: Wiley
Cover Image: © MimaCZ/Getty Images

1
Brief Review of Cyber Incidents

When it comes to national security, I think this [i.e., cyber warfare] represents the battleground for the future. I’ve often said that I think the potential for the next Pearl Harbor could very well be a cyber‐attack. If you have a cyber‐attack that brings down our power grid system, brings down our financial systems, brings down our government systems, you could paralyze this country.¹

Leon Panetta

The 1988 Morris Worm, designed to estimate the size of the Internet, caused the shutting down of thousands of machines and resulted in the Defense Advanced Research Projects Agency (DARPA) funding the first Computer Emergency Response Team (CERT) at Carnegie Mellon University (CMU). As shown in Table 1.1, cyberattacks have continued since 1988, with effects that range from data collection to controlling critical infrastructure.

Table 1.1 Select cyber incidents.

Year	Cyberattack	Objective	Effects
1988	Morris Worm	Understand the number of hosts connected to the Internet	Removed thousands of computers from operation
2003	Slammer Worm	Denial of service	Disabled Ohio's Davis–Besse nuclear power plant safety monitoring system for nearly 5 h
2008	Conficker	Implant malware on target machines	Control target machines
2010	STUXNET	Take control of Siemens industrial control systems (ICS’)	Destroyed centrifuges used for Iranian nuclear program
2012	Saudi Aramco (oil provider) business systems (aka Al Shamoon)	Wipe disks on Microsoft Windows‐based systems	Destroyed ARAMCO business systems to cause financial losses due to their inability to bill customers for oil shipments
2013	South Korean Banks	“DarkSeoul” virus used to deny service and destroy data	Destroyed hard drives of selected business systems
	US Banks	Distributed Denial of Service (DDoS)	Caused financial losses through banks’ inability to serve customers
	Rye Dam (NY)	Access control gates for opening and closing at will	Controlled dam gate system
2014	Sony Pictures	Data breach	Downloaded a large amount of data and posted it on the Internet; 3 wk before the release of a satirical film about North Korea
2015	Office of Personnel Management (OPM) breach	Gain access to information on US Government Personnel	Downloaded over 21 million US Government and contractor personnel files
2017	Equifax breach	Gain access to consumer credit information	Downloaded credit history and private information on over 143 million consumers

Table 1.1 also provides a mix of documented cyber incidents, with only the Morris Worm in question, as to malevolent intent. Due to the multiple actors and actions, involving cyberattacks, a conversation around “resilience” (e.g. NIST Cybersecurity Framework) provides a means for communicating about how the overall system will continue to perform, in the face of adversity. In addition, resilience frames the discussion about an organization’s operational risk; due to cyber, in this case. More specifically, the resilience view provides a means to organize the challenges associated with measuring and quantifying the broad scope of an organization’s cyberattack surface by:

Recognizing that the autonomy and efficiencies that information systems provide are too valuable to forego, even if the underlying technologies provide a potential threat to business operations.
Understanding that cyber “security” (i.e. the ability to provide an effective deterrent to cyberattacks) is not achievable for most organizations in the short term, so resilience is one way to develop organizational policies and processes around
1. mitigation scenarios for general cyberattacks
2. comparing tacitly accepted cyber risk to business risks that we already transfer (e.g. hurricanes, earthquakes, natural disasters, etc.) to other organizations (e.g. insurance companies).
Coordinating the challenges associated with an organization’s people being a key source of cyber vulnerability.

Resilience, therefore, provides an overarching approach, with some elements already modeled, for bundling the exposure associated with cyber and moving the discussion to a more manageable set of risks; analogous to operational challenges already mitigated or transferred through an organization’s policies and processes. In addition, cyber risk management requires analytical evaluation and testable scenarios that enable contingency planning for each respective organization. Cyber risk assessment is a growing area of interest, and an inspiration for developing cyber modeling and simulation techniques.

1.1 Cyber’s Emergence as an Issue

The issue of cyber security, somewhat slow to be recognized during information technology’s rapid rate of development and dissemination into business enterprises over the last half century, often gets the same level of news coverage as natural disasters or stock market anomalies. While an Office of Personnel Management (OPM)² breach disclosing the private information of millions of US civil servants gets a few days of news, a new iPhone release will create weeks of chatter on social networks. Cyber insecurity is much less interesting to the general public than the Internet’s entertainment and socialization prospects.

The same market growth for personal computing technologies, however, adds to unforeseen security challenges that networked technologies provide. Increased connectivity, often leading to tighter coupling (i.e. both technically and socially), challenges “open” information system architectures and their intended benefit. In addition, this increased connectivity provides, for the first time, an artificial domain, or space, through which nefarious actors can exercise potentially catastrophic effects. Cyber’s ability to deny or manipulate entire regions of a state, at time constants much shorter than current management structures can handle, is a relatively recent realization. For example, by 2015, reports (Frankel et al. 2015; Maynard and Beecroft 2015) on the potentially catastrophic nature of a cyberattack started to emerge. Along with the increasing importance of cyber, as a physical threat, there is an increased awareness, via news coverage (Figure 1.1).

A chart with lines and dots indicating the organizations targeted by China from 2006 to 2012, including information technology, transport, high-tech electronics, financial services, and navigation. — **Figure 1.1** Organizations targeted by China.

*Source:* Mandiant (2014), Fireeye https://www.fireeye.com/content/dam/fireeye‐www/services/pdfs/mandiant‐apt1‐report.pdf.

In addition to Figure 1.1’s profile of commercial cyber activity, military applications are expanding as well, with notable uses in Estonia and Georgia over the last decade.

1.2 Estonia and Georgia – Militarization of Cyber

For three weeks in 2007, the Republic of Estonia suffered a crippling cyberattack that left government, political, and economic facets of the country helpless (Yap 2009) (Figure 1.2).

Map of Northern Europe with Estonia (encircled). — **Figure 1.2** Map of N. Europe with Estonia (Google Maps).

This scenario provides a template to examine the policy, training, and technology options of a cyber‐attacked state. Estonia’s policy options were limited for a number of reasons, including:

difficulty of attribution
lack of international standards
current political environment

Ultimately, unless a cyberattack causes indisputable damage, loss of human life, and can be traced back to a source with high certainty, it is unlikely that a state will conventionally respond in self‐defense. Currently, there are no clear international laws,³ or rules of engagement, that govern the rights of any sovereign state in the event of a cyberattack, without people dying or significant physical damage. The current approach is to take the existing laws and treaties and interpret them to fit cyber domain activities.

However, unlike a conventional attack, there are many more factors that blur the line in cyberspace. Attribution is usually spread across different sovereign states with limited physical evidence. Without a common, and agreed upon, definition of what constitutes a cyberattack, how can nations defend themselves without risking ethical, legal, and moral obligations? The fundamental dilemma a state faces is to balance its retaliatory options with the requisite legal justifications, if they cannot be confident of the source for the attack.

While policy frameworks are still evolving to deal with cyber as a conflict domain, newly employed technologies provide unprecedented platforms for launching cyberattacks. For example, the major part of Estonia’s assault suddenly stopped roughly a month after it began, suggesting that a botnet had been leased for the attacks. One Estonian official concluded that the attacks represented “a new form of public–private partnership” where the attacks were executed by organized crime, but directed by the Kremlin. “In Estonia,” said then US National Security Agency chief General Keith Alexander, “all of a sudden we went from cybercrime to cyberwarfare.”⁴

Some experts (Krepinevich 2012) believe the Estonia attack provided a way for Moscow to test its new technology, cyber weaponry, as a “proof of concept,” in which the Russian Business Network (RBN) was given a target to show the Russian authorities how valuable cyber could be. In this way, the attacks on Estonia might be compared to how the Spanish Civil War provided a testing ground for German, Italian, and Soviet equipment and war‐fighting concepts. While the evidence is circumstantial, it appears that just as Germany used its military’s experience in Spain to assist in its development of the blitzkrieg form of warfare that it employed against Poland, the Low Countries, and France, shortly thereafter, the Russians used lessons learned from Estonia to better integrate cyber operations with traditional military operations in Georgia.

A year after the Estonia attacks, Georgia suffered the world’s first mixed cyber–conventional attacks (Beidleman 2009). The cyberattacks were staged to kick off shortly before the initial Russian airstrikes as part of the Russian invasion in August 2008. The cyberattacks focused on government websites, with media, communications, banking, and transportation companies also targeted.

These botnet‐driven DDoS attacks were accompanied by a cyber blockade that rerouted all Georgian Internet traffic through Russia and blocked electronic traffic in and out of Georgia. The impact of the cyberattacks on Georgia was significant, but less severe than the Estonia attacks since Georgia is a much less‐advanced Internet society. Nonetheless, the attacks severely limited Georgia’s ability to communicate its message to the world and its own people, and to shape international perception while fighting the war.

1.3 Conclusions

Modeling the broadly scoped set of systems that “cyber” currently covers, along with their associated effects, is a challenge without specifying the technical, process, or policy aspects of a scenario in question. While constructive modeling and simulation has made great contributions to describing the technical aspects of engineered systems for their testing and development, murky process and policy threads are still very much present in most cyber case studies – often providing the real security issues for the systems at risk. For example, computer technologies are often, simply, the implementation of processes for complex systems that support us. A “cyber” attack is really an attack on one of these processes we trust for our day‐to‐day business.

Cyber’s overarching use has implications across both a country’s business systems and its supporting civil infrastructure. Understanding the current state, in the cyber domain, therefore requires accurately assessing our systems and evaluating their maturity from a cyber standpoint. Using these assessments for defensive, or resiliency, analysis is the first step to verify M&S for cyber systems. Real‐world cyber scenarios then use these assessments, as baselines, to represent both the scope and scale of networks with technologies and configurations that can easily span multiple generations of information technology.

Wiley Series in Modeling and Simulation

An Introduction to Cyber Modeling and Simulation