Author(s): Maxwell Dondo;
|
Joint functions, which for the Canadian Armed Forces (CAF) are command, sense, act, shield, and sustain [1], provide a critical operational framework of related activities and capabilities at all levels that allow commanders to plan, execute, synchronise, and oversee activities in joint operations [1], [2], [3]. These functions, which can be further broken down into subordinate tasks and related capabilities [2], [4], [5], are increasingly conducted in and through cyberspace. This shift makes them vulnerable to disruptive cyber breaches from sophisticated adversaries whose Tactics, Techniques, and Procedures (TTPs) are continuously evolving and increasing in frequency.
Citation:
ABSTRACT
The ability to plan, execute, and oversee military operations relies on well-defined operational functions, which for the Canadian Armed Forces (CAF) are command, sense, act, shield, and sustain. These functions, crucial in collaborative engagements and coalition campaigns, constitute a tailored balance essential for battlespace roles and are increasingly conducted in and through cyberspace. However, the increased frequency and sophistication of cyber attacks targeting the military’s operations in and through cyberspace pose a threat to these foundational pillars of military capability, potentially endangering ongoing missions. Understanding the consequences of a cyber breach on these mission functions is therefore imperative for commanders to make informed decisions. To address this need, we propose employing Cyber Damage Assessment (CDA) measures to estimate the impact on specific operational functions following a cyber breach. Our approach involves ingesting operational and business data to determine metrics and measures representing losses resulting from a cyber breach. We then use fuzzy logic to aggregate measures for multiple key performance indicators for cyber damage with commanders’ experiential knowledge regarding military capabilities and their corresponding losses, thereby providing estimates to the impacts on specific military functions following a cyber breach. Our results, which are self-consistent, offer impact estimates aligned with commanders’ experiential insights, thus providing valuable input for decision-making in the face of a cyber breach scenario.
