Methodology for analyzing the compromise of a deployed tactical network

As the Department of Defense transitions to a ubiquitous computing environment, our military operations become increasingly vulnerable to compromise via cyber attacks at echelons as low as the Brigade Combat Team (BCT). There is a need to design a system to facilitate the analysis of a nation state´s ability to compromise the confidentiality, availability, and integrity of a deployed tactical network. Research demonstrated that, on these networks, compromises due to security protocols violated by humans are much more common than compromises due to technological vulnerabilities. Therefore, this analysis focuses on developing a simulation modeling approach to analyze the effectiveness of security protocols “within the fortress” and to track the damage done by various forms of cyber attacks that have successfully breached the network perimeter. Our network model uses agent-based simulation in order to model the flow of information at the packet level with dictated behavior specific to the agents modeled: individual network packets, computer systems, routers, servers, and files. The advantage to using an agent-based, rather than a discrete-event, simulation model in this situation is that agent-based models focus on the relationship between entities from the bottom-up, such as at the network packet level, rather than the entire system from the top-down. The developed simulation model allows us to simulate various network attacks, observe their interaction with network security protocols, assess the resulting damage in terms of the network´s availability, and quantify the damage in terms of sensitive information lost.