Article Preview
Top1. Introduction
There is limited demonstrable understanding of the immediate and second-order impacts of a cyber-attack. The effects of cyber-attack are potentially diverse, difficult to predict and the impacts widespread (Kramer & Starr, 2009). Cyberspace is mission critical for contemporary military forces (Jabbour & Muccio, 2011). The command and control of military forces to dominate adversaries is performed largely through cyberspace, with few exceptions (Van Creveld, 1985). Nation states have sought to increase their combat power through information dominance, integrating Command, Control, Communications, Computers, Intelligence, Surveillance and Reconnaissance (C4ISR) systems (Tisserand III, 2003). However, the rapid digitization of the military has not been supported with extensive robust analytical consideration of the risks when systems are compromised (Caton, 2013). The United States of America (USA) Director, Operational Test & Evaluation (DOT&E) report for FY2015 noted that military commanders and organizations “should expect cyber-attacks to be present for all critical missions” (Gilmore, 2016, p. 389) and assume that all systems are compromised (‘Assume Breach’). Attacking the C4ISR system has an impact on the human interface and decision making process. This potentially has a corresponding effect on combat capability.
The potential variety of outcomes and scenarios involving cyber-attacks in military combat makes prediction and risk analysis difficult. However, “the benefits to an attacker using cyber exploits are potentially spectacular” (United States Department of Defense, 2013, p. 5). The unique features of cyberspace requires research that considers the causal relationships and cascading effects across domains. A framework is needed that allows researchers to understand and explore the interdependencies between the virtual (cyber) and physical domains, since military command and control rests across multiple dimensions (Moon, Carley, & Kim, 2013). Historical data is not statistically significant when analyzing the cyber-physical (Hartley, 2001). Deterministic models provide good insights at the strategic level, but the number of factors considered in a mathematical model limits the insights available at the tactical level (Taylor, 1980a). Field exercises are expensive and the separation of cause from effect is difficult (Kass, 2006). Simulation, however, provides an opportunity to better understand and/or improve a system through experimentation with a simplified imitation (Stewart Robinson, 2004). Developing a simulation requires decisions on what components of the representation are necessary to reflect the central features of reality (Guetzkow & Jensen, 1966). Computer Generated Forces (CGF) and Semi-Automated Forces (SAF) are simulations that are utilized by the military to model operations for training and experimentation. These military simulations generally concentrate on kinetic action, using physics based calculations and modelling communication links as perfect connections. The experience of building these simulations has arguably assisted in the development of the understanding by military organisations in the significant factors they value and wish to measure in the kinetic combate environment. A similar process in the integration of cyber and kinetic effects would assist in the development of a body of knowledge and expertise in this area, which is lacking and hampers research efforts.