Since the cyberspace consolidated as fifth warfare dimension, the different actors of the defense sector began an arms race toward achieving cyber superiority, on which research, academic and industrial stakeholders contribute from a dual vision, mostly linked to a large and heterogeneous heritage of developments and adoption of civilian cybersecurity capabilities. In this context, augmenting the conscious of the context and warfare environment, risks and impacts of cyber threats on kinetic actuations became a critical rule-changer that military decision-makers are considering. A major challenge on acquiring mission-centric Cyber Situational Awareness (CSA) is the dynamic inference and assessment of the vertical propagations from situations that occurred at the mission supportive Information and Communications Technologies (ICT), up to their relevance at military tactical, operational and strategical views. In order to contribute on acquiring CSA, this paper addresses a major gap in the cyber defence state-of-the-art: the dynamic identification of Key Cyber Terrains (KCT) on a mission-centric context. Accordingly, the proposed KCT identification approach explores the dependency degrees among tasks and assets defined by commanders as part of the assessment criteria. These are correlated with the discoveries on the operational network and the asset vulnerabilities identified thorough the supported mission development. The proposal is presented as a reference model that reveals key aspects for mission-centric KCT analysis and supports its enforcement and further enforcement by including an illustrative application case.
翻译:自网络空间被合并为第五战层面以来,国防部门不同行为体开始军备竞赛,争取实现网络优势,为此,研究、学术和工业利益攸关方从双重愿景出发,主要与庞大和多样的发展和民用网络安全能力的采用相联系,研究、学术和工业利益攸关方从这一愿景出发,主要与民用网络安全能力的发展和采用有关,在这方面,增进了对背景和战争环境的认识,网络威胁对动能动力动力动力作用的风险和影响已成为军事决策者正在考虑的关键规则变化因素。因此,拟议的KCT识别方法探索了指挥官在评估标准中界定的任务和资产之间的依赖度。这些与行动支持信息和通信技术(信通技术)所发生情况的纵向传播的动态推论和评估相关,以其与在军事战术、业务和战略观点上的相关性为主。为帮助获得CSA,本文件探讨了网络防御状态和战争环境、网络威胁对动能动能动力动力动力动力的危害和影响方面的一大差距:在以任务为中心的背景下动态识别关键网络地形(KCT),因此,拟议的KCT识别方法探讨了指挥官确定的任务和资产作为评估标准的一部分所具有的依赖度。这些与业务网络和资产脆弱性分析模型的发现相关联,并展示了KC核心执行案例,以支持了任务。