Defense capability planning traditionally uses scenario-based war-gaming to support force design decision making and to prioritize investment. Some aspects of cyber warfare are problematic for war-gaming, such as poor characterization of cyber effects and difficulty estimating the true capability of own and opposing forces. In addition, strategic-level assessments typically draw on the expert judgment of senior officers, whose tactical experience likely precedes cyber warfare, and this will limit their intuition in the emerging cyber domain. Risk analysis, and specifically the strategic risk framework, is an alternative approach to prioritizing investment in cyber capabilities, which is well-suited to analysis of cross-domain and whole-of-government functions. This paper illustrates the application of risk analysis to cyber risk for the novel purpose of developing insights for whole-of-force capability analysis.
Understanding how new phenomenon impacts complex systems requires the capacity to examine and characterize how the system might respond. A soft-systems approach to analyzing cyber warfare can be flexible enough to deal with the inherent complexity and rates of change and still support a more rigorous representation. This paper presents high-level models that use distinct lenses to provide an understanding of cyber implications in the system. These reference models are intended to allow a consistent approach to be applied across conventional and cyber warfare domains and provide a common language to underpin debate and discussion.
scite is a Brooklyn-based organization that helps researchers better discover and understand research articles through Smart Citations–citations that display the context of the citation and describe whether the article provides supporting or contrasting evidence. scite is used by students and researchers from around the world and is funded in part by the National Science Foundation and the National Institute on Drug Abuse of the National Institutes of Health.