Sage Journals: Discover world-class research

Abstract

Defense capability planning traditionally uses scenario-based war-gaming to support force design decision making and to prioritize investment. Some aspects of cyber warfare are problematic for war-gaming, such as poor characterization of cyber effects and difficulty estimating the true capability of own and opposing forces. In addition, strategic-level assessments typically draw on the expert judgment of senior officers, whose tactical experience likely precedes cyber warfare, and this will limit their intuition in the emerging cyber domain. Risk analysis, and specifically the strategic risk framework, is an alternative approach to prioritizing investment in cyber capabilities, which is well-suited to analysis of cross-domain and whole-of-government functions. This paper illustrates the application of risk analysis to cyber risk for the novel purpose of developing insights for whole-of-force capability analysis.

Keywords

Risk analysis force design military cyber capability investment prioritisation strategic risk framework

Get full access to this article

View all access options for this article.

References

Nunes-Vaz

Lord

Ciuk

. A more rigorous framework for security-in-depth. J Appl Secur Res 2011; 6: 372–393.

Australian Government Department of Defence. Defence white paper. Canberra, 2016.

National Security Strategy. USA, 2010.

The White House. International strategy for cyberspace: prosperity, security and openness in a networked world. USA, 2011.

Kantola

Hamalainen

. Modelling cyber warfare as a hierarchic error effect of information. In: Proceedings of the European conference on information warfare and security (ed Kuusisto

), Jyvaskyla, Finland, 11–12 July 2013, pp.322–327. Curtis Farm, Kidmore End: Academic Conferences Ltd.

Stytz

Banks

. Addressing simulation issues posed by cyber warfare technologies. SCS Model Simulat Mag 2010; 1: 1–8.

ISO/IEC 310000:2009. Risk management - principles and guidelines.

Norman

. Risk analysis and security countermeasure selection. Boca Raton, FL: CRC Press; 2009.

Davis

II Libicki

Johnson

et al . A framework for programming and budgeting for cybersecurity. Santa Monica, CA: RAND Corporation, 2016.

10.

Burgman

. Trusting judgements: how to get the best out of experts. Cambridge: Cambridge University Press, 2016, p.214.

11.

De Spiegeleire

. Ten trends in capability planning for defence and security. RUSI J 2011; 156: 20–28.

12.

Nunes-Vaz

Lord

Bilusich

. From strategic security risks to national capability priorities. Secur Chall 2014; 10: 23–49.

13.

Ween

Dortmans

Thakur

et al . Framing cyber warfare – an analyst’s perspective. J Defense Model Simulat 2016 (in press).

14.

Deibert

Rohozinski

. Risking security: policies and paradoxes or cyberspace security. Int Pol Soc 2010; 4: 15–32.

15.

Hartley

. DIME/PMESII models. In: Fellman

Bar-Yam

Minai

(eds) Conflict and complexity. New York: Springer, 2015, pp.111–136.

Prioritizing investment in military cyber capability using risk analysis

Abstract

Keywords

Get full access to this article

References