Developing a Military Cyber Maturity Model for Multi-Domain Battle Mission Resilience and Success
David Ormrod (Australian Centre for Cyber-Security, University of New South Wales at the Australian Defence Force Academy, Canberra, Australia), Benjamin Turnbull (Australian Centre for Cyber-Security, University of New South Wales at the Australian Defence Force Academy, Canberra, Australia)
Modern military forces rely heavily on cyber-enabled systems; for logistics, communication, and control. Modern military platforms are heavily integrated with computing capability. This integration and reliance will only increase over time. Modern military operations require the support of flexible, responsive and resilient cyber-capabilities. Current information system security models and information assurance constructs seek to achieve information assurance, a high degree of certainty in the confidentiality, integrity and availability of cyber-systems supporting combat operations. However, this approach assumes that an information assurance approach is a complete and comprehensive defense. History though, has proven otherwise. This work argues that the information assurance approach, whilst a worthy goal, is not reflective of the lessons of history or warfare. Specifically, this work outlines the need for, and introduces The Military Cyber-Maturity Model, a pragmatic model that assumes a technically capable and intelligent adversary. This model assumes the possibility of an adversary utilizing an unknown vulnerability to attack the system, and expends resources to minimise the impact of the successful attack rather than relying entirely on an impregnable defense. This approach extends beyond the assumption that a cyber-attack immediately causes mission failure, by recognizing that each cyber-attack has different requirements and outcomes and will affect different assets and processes. The Military Cyber-Maturity Model seeks to model business continuity through a high degree of cultural change, embedded work practices that parallel analogue and digital work practices with deceptive counterintelligence behavior. The Military Cyber-Maturity Model incorporates the concepts of behavioral defense and mission assurance to provide agility and increase the likelihood of success in combat. Information deception provides a behavioral defense, creating uncertainty and doubt in the adversary's mind and reducing the degree of trust they have in the information available. This paper introduces the model, outlines its aims, components and justifications. This work also outlines the need for simulation and testing to validate the model's effectiveness, and introduces a number of potential use-cases.
The Article is available via the UNSW Library (Search: International Journal of Cyber Warfare and Terrorism. Volume 7, Issue 4, October-December 2017).
To obtain a copy of the entire article directly from IGI Global, click here
To read a PDF sample of this article, click here