Abstract
The discussion so far has been limited to relatively narrow abstractions of systems and networks. Such abstractions allow effective assessment and analysis methodologies but do not cover the richness and diversity of realistic organizations, systems and processes. Therefore, this chapter explains how to build a multidimensional simulation model of an organization’s business processes. This multidimensional view incorporates physical objects, human factors, time and cyberspace aspects. Not all systems, the components within a system, or the connections and interfaces between systems and domains are equally resilient to attack. It is important to test complex systems under load in a variety of circumstances to both understand the risks inherent in the systems but also to test the effectiveness of redundant and degenerate systems. There is a growing need to test and compare the limitations and consequences of potential mitigation strategies before implementation. Simulation is a valuable tool because it can explore and demonstrate relationships between environmental variables in a controlled and repeatable manner. This chapter introduces the integrated cyber-physical effects (ICPE) model as a means of describing the synergistic results obtained through the simultaneous, parallel or sequential prosecution of attacking and defensive measures in both the physical and cyber domains.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Similar content being viewed by others
References
Aguilar-Saven, R. S. (2004). Business process modeling: Review and framework. International Journal of Production Economics. Amsterdam, The Netherlands, 90(2), 129–149.
Allen, P. D., & Gilbert, D. P., Jr. (2009). The information sphere domain–increasing understanding and cooperation. The Virtual Battlefield: Perspectives on Cyber Warfare, 3, 132.
Amoroso, E. (2012). Cyber attacks: Protecting national infrastructure. New York: Butterworth-Heinemann Elsevier.
Ashby, W. R. (1956). An introduction to cybernetics (4th Impression, 1961 ed.). London: Chapman and Hall Ltd.
Barber, D. E., Bobo, T. A., & Strum, K. P. (2015). Cyberspace operations planning: Operating a technical military force beyond the kinetic domains. Military Cyber Affairs, South Florida, USA, 1(1), 3.
Barnett, A., Smith, S., & Whittington, R. P. (2014). Using causal models to manage the cyber threat to C2 agility: Working with the benefit of hindsight. In 19th International Command and Control Research and Technology Symposium. Alexandria, Virginia, 16–19 June 2014.
Bishop, M., Carvalho, M., Ford, R., & Mayron, L. M. (2011). Resilience is more than availability. In S. Peisert, & C. Gates (Eds.), Proceedings of the 2011 Workshop on New Security Paradigms Workshop (pp. 95–104). Marin County, California: ACM
Box, G. E. (1976). Science and statistics. Journal of the American Statistical Association. Alexandria, VA, 71(356), 791–799.
Buckheit, J. B., & Donoho, D. L. (1995). Wavelab and reproducible research. In A. Antoniadis & G. Oppenheim (Eds.), Wavelets and statistics (pp. 55–81). New York: Springer.
Burch, R. (2013). A method for calculation of the resilience of a space system. In Military Communications Conference, MILCOM 2013–2013 IEEE: IEEE (pp. 1002–1007)
Cohn, M. (2004). User stories applied: For agile software development. Boston, MA, USA: Addison-Wesley Professional.
D’Aubeterre, F., Iyer, L. S., & Singh, R. (2009). An empirical evaluation of information security awareness levels in designing secure business processes. In V. Vaishanvi (Ed.), Proceedings of the 4th International Conference on Design Science Research in Information Systems and Technology (pp. 16). ACM.
Dalle, O. (2012). On reproducibility and traceability of simulations. In 2012 Winter Simulation Conference (WSC) (pp. 1–12). Berlin, Germany: IEEE, 09–12 December 2012.
Davis, P. K. (1995). Distributed interactive simulation in the evolution of DoD warfare modeling and simulation. In R. Corporation (ed.), Proceedings of the IEEE (pp. 1138–1155). Santa Monica, CA: IEEE.
Department of Defense. (2008). Fm 3-0 operations. Washington, DC: Department of the Army.
Department of Defense. (2009a). Dod modeling and simulation (M&S) verification, validation, and accreditation (Vv&a). Washington, DC: Department of Defense.
Department of Defense. (2009b). The United States Air Force blueprint for cyberspace. Washington, DC: Department of Defense.
DiMase, D., Collier, Z. A., Heffner, K., & Linkov, I. (2015). Systems engineering framework for cyber physical security and resilience. Environment Systems and Decisions, 35(2), 291–300.
Dishaw, M. T., & Strong, D. M. (1999). Extending the technology acceptance model with task–technology fit constructs. Information Management, 36(1), 9–21.
Drogoul, A., Vanbergue, D., & Meurisse, T. (2003). Multi-agent based simulation: Where are the agents? In J. Simão Sichman, F. Bousquet & P. Davidsson (Eds.), Multi-Agent-Based Simulation II: Third International Workshop, MABS 2002 (pp. 1–15). Bologna, Italy: Springer Berlin Heidelberg, 15–16 July 2002.
Edelman, G. M., & Gally, J. A. (2001). Degeneracy and complexity in biological systems. Proceedings of the National Academy of Sciences. Washington DC, USA, 98(24), 13763–13768.
Endsley, M. R., & Garland, D. J. (2000). Situation awareness analysis and measurement. Boca Raton: Taylor & Francis.
Epstein, J. M. (1999). Agent-based computational models and generative social science. Washington, DC: Wiley.
Fortson, L. W. (2007). Towards the development of a defensive cyber damage and mission impact methodology. Wright-Patterson AFB: Air Force Institute of Technology. Wright-Patterson Air Force Base. School of Engineering and Management.
Frankel, M. S. (2000). Report of the defense science board task force on tactical battlefield communications. Washington, DC: Defense Science Board, Department of Defense.
Garrett, R. K., Anderson, S., Baron, N. T., & Moreland, J. D. (2011). Managing the interstitials, a system of systems framework suited for the ballistic missile defense system. Systems Engineering, 14(1), 87–109.
Ghosh, S., Heching, A. R., & Squillante, M. S. (2013). A two-phase approach for stochastic optimization of complex business processes. In Simulation Conference (WSC), 2013 Winter (pp. 1856–1868).
Gisladottir, V., Ganin, A. A., Keisler, J. M., Kepner, J., & Linkov, I. (2016). Resilience of cyber systems with over-and underregulation. Risk Analysis. September 2017. 37(9), 1644–1651.
Hernandez, A. S., Lucas, T. W., & Sanchez, P. J. (2012). Selecting random Latin hypercube dimensions and designs through estimation of maximum absolute pairwise correlation. In 2012 Winter Simulation Conference (WSC) (pp. 1–12). Berlin, Germany: IEEE, 09–12 Dec 2012.
Hiniker, P. J. (2004). C3x: Correlation, causation and controlled experimentation for C2. In 19th International Command and Control Research and Technology Symposium (ICCRTS), Copenhagen, Denmark: Defense Information Systems Agency, 14–16 Sep 2004.
Hofmann, M. (2013). Ontologies in modeling and simulation: An epistemological perspective. In Ontology, epistemology, and teleology for modeling and simulation (pp. 59–87). Berlin, Germany: Springer.
Ingber, L., & Sworder, D. D. (1991). Statistical mechanics of combat with human factors. Mathematical and Computer Modeling, 15(11), 99–127.
Jajodia, S., & Noel, S. (2010). Advanced cyber attack modeling analysis and visualization. Fairfax: DTIC Document. George Mason University. http://www.dtic.mil/get-tr-doc/pdf?AD=ADA516716
Jakobson, G. (2011). Extending situation modeling with inference of plausible future cyber situations. In IEEE 2011 First International Multi-Disciplinary Conference on Cognitive Methods in Situation Awareness and Decision Support (CogSIMA) (pp. 48–55). IEEE.
Jakobson, G. (2014). Mission resilience. In A. Kott (Ed.), Cyber defense and situational awareness. Switzerland: Springer.
Lange, M., Kott, A., Ben-Asher, N., Mees, W., Baykal, N., Vidu, C.-M., Merialdo, M., Malowidzki, M., & Madahar, B. (2017). Recommendations for model-driven paradigms for integrated approaches to cyber defense. arXiv preprint arXiv:1703.03306.
Lauren, M., & Stephen, R. (2002). Map-aware non-uniform automata (Mana)-a New Zealand approach to scenario modeling. Journal of Battlefield Technology, 5, 27–31.
Linkov, I., Eisenberg, D. A., Plourde, K., Seager, T. P., Allen, J., & Kott, A. (2013). Resilience metrics for cyber systems. Environment Systems and Decisions, 33(4), 471–476.
Llanso, T., & Klatt, E. (2014). Cymrisk: An approach for computing mission risk due to cyber attacks. In 2014 8th Annual Systems Conference (SysCon) (pp. 1–7). Ottawa, ON: Institute of Electrical and Electronics Engineers.
Lucas, T. W., & Sanchez, S. M. (2003). Smart experimental designs provide military decision-makers with new insights from agent-based simulations. Monterey: Naval Postgraduate School Operations Research Department.
MacCalman, A. D. (2013). Flexible space-filling designs for complex system simulations. Monterey: DTIC Document. Naval Post Graduate School. http://hdl.handle.net/10945/34701
Machado, A. F., Barreto, A. B., & Yano, E. T. (2013). Architecture for cyber defense simulator in military applications. In 18th International Command and Control Research and Technology Symposium (ICCRTS). Alexandria, VA, 19–21 June 2013.
Mancuso, V. F., Christensen, J. C., Cowley, J., Finomore, V., Gonzalez, C., & Knott, B. (2014). Human factors in cyber warfare II emerging perspectives. In Human Factors and Ergonomics Society Annual Meeting (pp. 415–418). Chicago, Illinois: Sage publications, 27–31 October 2014.
Marmick, B. (2015). How computers broke science – and what we can do to fix it. Science and Technology. Retrieved 11 Feb 2017, from http://theconversation.com/how-computers-broke-science-and-what-we-can-do-to-fix-it-49938
Maughan, D. (2009). A roadmap for cybersecurity research. In I.R.C. (IRC) (Ed.), Washington, DC: US Department of Homeland Security.
Musman, S., & Agbolosu-Amison, S. (2014). A measurable definition of resiliency using “mission risk” as a metric. McLean: Mitre Corp.
Musman, S., & Grimaila, M. R. (2013). Mission assurance challenges within the military environment. International Journal of Interdisciplinary Telecommunications and Networking (IJITN), 5(2), 51–65.
Musman, S., Temin, A., Tanner, M., Fox, D., & Pridemore, B. (2010). Evaluating the impact of cyber attacks on missions. In Proceedings of the 5th International Conference on Information Warfare and Security (pp. 446–456).
Musman, S., Tanner, M., Temin, A., Elsaesser, E., & Loren, L. (2011). A systems engineering approach for crown jewels estimation and mission assurance decision making. In 2011 I.E. Symposium on Computational Intelligence in Cyber Security (CICS) (pp. 210–216). IEEE.
Nagge, J. W. (1932). Regarding the law of parsimony. The Pedagogical Seminary and Journal of Genetic Psychology, 41(2), 492–494.
National Defense Industrial Association. (2008). National Defense Industrial Association Engineering for System Assurance V1.0.
Nidumolu, S. R., Menon, N. M., & Zeigler, B. P. (1998). Object-oriented business process modeling and simulation: A discrete event system specification framework. Simulation Practice and Theory, 6(6), 533–571.
Object Management Group. (2013). Business process model and notation V2.0.2. Retrieved 01 Jun 2017, from http://www.omg.org/spec/BPMN/2.0.2/
Park, C. L. (2004). What is the value of replicating other studies? Research Evaluation, 13(3), 189–195.
Pearl, J. (2000). Causality: Models, reasoning and inference. Cambridge: Cambridge University Press.
Rafferty, L., Stanton, N. A., & Walker, G. (2012). The human factors of fratricide. Burlington: Ashgate Publishing.
Rittel, H. W., & Webber, M. M. (1973). Dilemmas in a general theory of planning. Policy Sciences, 4(2), 155–169.
Robinson, S. (2008). Conceptual modeling for simulation. Part I: Definition and requirements. The Journal of the Operational Research Society, 59(3), 278–290.
Robinson, S. B. (2009). A Modeling process to understand complex system architectures. In: School of Aerospace Engineering. Atlanta: Georgia Institute of Technology.
Sanchez, S. M. (2007). Work smarter, not harder: Guidelines for designing simulation experiments. In Simulation Conference, 2007 Winter (pp. 84–94).
Sanchez, S. M. (2014). Simulation experiments: Better data, not just big data. In Simulation Conference (WSC), 2014 Winter (pp. 805–816).
Sanchez, S. M., & Lucas, T. W. (2002). Exploring the world of agent-based simulations: Simple models, complex analyses: Exploring the world of agent-based simulations: Simple models, complex analyses. In Proceedings of the 34th Conference on Winter Simulation: Exploring New Frontiers: Winter Simulation Conference (pp. 116–126).
Sober, E. (1981). The principle of parsimony. British Journal for the Philosophy of Science, 32, 145–156.
Stewart, J. M., Chapple, M., & Gibson, D. (2015). Certified information systems security professional (Cissp) official study guide. Indianapolis: Sybex/Wiley.
Tolk, A. (2012). Challenges of combat modeling and distributed simulation. In E.M.a.S. Engineering (Ed.), Engineering principles of combat modeling and distributed simulation (pp. 1–22). New Jersey: Wiley.
Tolk, A. (2013). Ontology, epistemology, and teleology for modeling and simulation. Berlin/Heidelberg: Springer.
Trkman, P. (2010). The critical success factors of business process management. International Journal of Information Management. Amsterdam, The Netherlands, 30(2), 125–134.
United States Department of Defense. (2013). Task force report: resilient military systems and the advanced cyber threat. D.S.B.O.o.t.U.S.o.D.f.A.T.a. Logistics (Ed.). Washington, D.C: Department of Defense.
von Rosing, M., White, S., Cummins, F., & de Man, H. (2013). Business process model and notation—Bpmn. Massachusetts: Object Management Group.
Weber, E. P., & Khademian, A. M. (2008). Wicked problems, knowledge challenges, and collaborative capacity builders in network settings. Public Administration Review. Washington DC, USA, 68(2), 334–349.
Whitacre, J. M. (2010). Degeneracy: A link between evolvability, robustness and complexity in biological systems. Theoretical Biology and Medical Modeling, 7(1), 6.
Whitacre, J., & Bender, A. (2010). Degeneracy: A design principle for achieving robustness and evolvability. Journal of Theoretical Biology. Amsterdam, The Netherlands, 263(1), 143–153.
Whitacre, J., & Bender, A. (2013). Pervasive flexibility in living technologies through degeneracy-based design. Artificial life. MIT Press. Cambridge, MA, USA, 19(3–4), 365–386.
Wit, E., van den Heuvel, E., & Romeijn, J. W. (2012). All models are wrong...: An introduction to model uncertainty. Statistica Neerlandica. Groningen, the Netherlands, 66(3), 217–236.
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2019 Springer International Publishing AG, part of Springer Nature
About this chapter
Cite this chapter
Ormrod, D., Turnbull, B. (2019). Modeling and Simulation Approaches. In: Kott, A., Linkov, I. (eds) Cyber Resilience of Systems and Networks. Risk, Systems and Decisions. Springer, Cham. https://doi.org/10.1007/978-3-319-77492-3_8
Download citation
DOI: https://doi.org/10.1007/978-3-319-77492-3_8
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-77491-6
Online ISBN: 978-3-319-77492-3
eBook Packages: EngineeringEngineering (R0)