Cyberspace Weaponisation: Modelling Cyber-Effects and Their Impacts on Mission Success, Human Factors and Kinetic Outcomes in the Tactical Land Combat Environment

Home , Good Housekeeping

Cyberspace Weaponisation: Modelling Cyber-Effects and their Impacts on Mission Success, Human Factors and Kinetic Outcomes in the Tactical Land Combat Environment. Lieutenant Colonel David Ormrod.

Cyberspace Weaponisation: Modelling Cyber- Effects and their Impacts on Mission Success, Human Factors and Kinetic Outcomes in the

Tactical Land Combat Environment

Lieutenant Colonel David Ormrod

A thesis in fulfilment of the requirements for the degree of

Doctor of Philosophy (Computer Science)

ACSCAR1885

Australian Centre for Cyber-Security

School of Engineering and Information Technology

University of New South Wales at the Australian Defence Force Academy, Canberra

Supervisor: Dr Benjamin Turnbull (UNSW)

Co-Supervisor: Dr Fred Bowden (DSTG) and Prof Jill Slay (UNSW)

Submitted 17 March 2017, Modified 29 August 2017 Cyberspace Weaponisation: Modelling Cyber-Effects and their Impacts on Mission Success, Human Factors and Kinetic Outcomes in the Tactical Land Combat Environment. Lieutenant Colonel David Ormrod.

THE UNIVERSITY OF NEW SOUTH WALES Thesis/Dissertation Sheet

Surname or Family name: ORMROD

First name: DAVID Other name/s: GEORGE ALEXANDER

Abbreviation for degree as given in the University calendar: ACSCAR1885

School: ENGINEERING AND INFORMATION TECHNOLOGY Faculty: AUSTRALIAN DEFENCE FORCE ACADEMY

Title: CYBERSPACE WEAPONISATION: MODELLING CYBER-EFFECTS AND THEIR IMPACTS ON MISSION SUCCESS, HUMAN FACTORS AND KINETIC OUTCOMES IN THE TACTICAL LAND COMBAT ENVIRONMENT.

Abstract 350 words maximum: (PLEASE TYPE)

This thesis addresses the research question: How can cyber-effects in the tactical land combat environment be modelled and measured in terms of mission success, human factors and kinetic outcomes? This research question is answered through an exploratory analysis of literature, doctrine, interviews with military decision makers and the development of multiple contributions to knowledge. Mixed methods triangulate qualitative and quantitative data, using design science research, grounded theory and Q methodology, together with agent-based modelling methods. The combination of approaches elicits different perspectives on the ‘system-of-systems’ problem space.

This thesis demonstrates a relationship between cyber-effects, mission success, human factors and kinetic outcomes through the command and control of combat forces by decision makers. Compromising situational awareness of decision makers has a potentially significant impact on mission success. Kinetic outcomes may also be impacted. When a cyber-attack, technology domain, information target, system vulnerability and combat capability converge, it is possible that a cyber-effect can contribute to significant casualties.

Human factors form a critical link between the physical and virtual domains, through decision makers. A decision maker can dynamically respond to the environment, providing a degree of mission resilience, if they can detect a change in the environment and respond. Agent personalities support human factor exploration in a simulated environment.

This thesis contributes to knowledge through a cyber conceptual framework, a methodology to guide cyber-kinetic research, the development of agent personalities through grounded theory, a semantic model, cyber-effect measures as they relate to mission and kinetic outcomes, and a simulation proof of concept to demonstrate the interaction between cyber-effects, human factors, mission success and kinetic outcomes. The findings of this thesis are significant for military decision makers and researchers. Increased mission resilience in the tactical land combat environment can be achieved through cyber-defence capabilities, robust doctrine, a clear cyber-lexicon and training against a capable cyber-adversary.

Declaration relating to disposition of project thesis/dissertation

I hereby grant to the University of New South Wales or its agents the right to archive and to make available my thesis or dissertation in whole or in part in the University libraries in all forms of media, now or here after known, subject to the provisions of the Copyright Act 1968. I retain all property rights, such as patent rights. I also retain the right to use in future works (such as articles or books) all or part of this thesis or dissertation.

I also authorise University Microfilms to use the 350 word abstract of my thesis in Dissertation Abstracts International (this is applicable to doctoral theses only).

………………………………………………Signature ……………………………Witness Signature ……….……………… Date

The University recognises that there may be exceptional circumstances requiring restrictions on copying or conditions on use. Requests for restriction for a period of up to 2 years must be made in writing. Requests for a longer period of restriction may be considered in exceptional circumstances and require the approval of the Dean of Graduate Research.

FOR OFFICE USE ONLY Date of completion of requirements for Award:

Cyberspace Weaponisation: Modelling Cyber-Effects and their Impacts on Mission Success, Human Factors and Kinetic Outcomes in the Tactical Land Combat Environment. Lieutenant Colonel David Ormrod.

Originality Statement

‘I hereby declare that this submission is my own work and to the best of my knowledge it contains no materials previously published or written by another person, or substantial proportions of material which have been accepted for the award of any other degree or diploma at UNSW or any other educational institution, except where due acknowledgement is made in the thesis. Any contribution made to the research by others, with whom I have worked at UNSW or elsewhere, is explicitly acknowledged in the thesis. I also declare that the intellectual content of this thesis is the product of my own work, except to the extent that assistance from others in the project's design and conception or in style, presentation and linguistic expression is acknowledged.’

Signed ……………………………………………......

Date ……………………………………………......

Authenticity Statement

‘I certify that the Library deposit digital copy is a direct equivalent of the final officially approved version of my thesis. No emendation of content has occurred and if there are any minor variations in formatting, they are the result of the conversion to digital format.’

Signed ……………………………………………......

Date ……………………………………………......

Cyberspace Weaponisation: Modelling Cyber-Effects and their Impacts on Mission Success, Human Factors and Kinetic Outcomes in the Tactical Land Combat Environment. Lieutenant Colonel David Ormrod.

Table of Contents

Indemnity statement and releaseability of this document ...... 6 Ethics clearance ...... 7 Abstract ...... 8 Acknowledgements ...... 9 List of Figures ...... 10 List of Tables ...... 14 Acronyms ...... 15 Related research by the author utilised within this thesis ...... 19 1. Chapter One – Introduction ...... 22 1.1 Motivation and Rationale ...... 22 1.2 The Problem ...... 25 1.3 Purpose of the Thesis ...... 28 1.4 Thesis Structure ...... 30 1.5 Contributions to Knowledge ...... 31 1.6 Chapter One - Conclusion ...... 33 2. Chapter Two - Literature Review ...... 35 2.0 Chapter Two Introduction ...... 35 2.1 The Digitisation of Tactical Land Combat ...... 36 2.2 Military Cyber-Doctrine ...... 51 2.3 Proposed Cyber-Conceptual Framework ...... 63 2.4 Cyber-Attack Impact ...... 76 2.5 Chapter Two Summary ...... 96 3. Chapter Three - Epistemology, Ontology and Methodology...... 100 3.0 Chapter Three Introduction ...... 100 3.1 Epistemology ...... 101 3.2 Ontology ...... 101 3.3 Methodology ...... 106 3.4 Chapter Three Summary ...... 125 4. Chapter Four - Environmental Elicitation...... 128 4.0 Chapter Four Introduction ...... 128 4.1 Interviews - Intrinsic Knowledge Acquisition ...... 129 4.1.1 Interview Conduct ...... 129 4.2 Digital C2 Human Factors Combat Model – Extrinsic Knowledge...... 191 4.3 Business Process Representation – Extrinsic Knowledge...... 204 4.4 Cyber-Attack and Defence Representation – Extrinsic Knowledge ...... 212 4.5 Measures of Combat Effect Model – Extrinsic Knowledge ...... 231 4.6 Chapter Four Summary ...... 239 5. Chapter Five - Semantic Model ...... 242 5.0 Chapter Five Introduction ...... 242 5.1 Ontology Language ...... 243

Cyberspace Weaponisation: Modelling Cyber-Effects and their Impacts on Mission Success, Human Factors and Kinetic Outcomes in the Tactical Land Combat Environment. Lieutenant Colonel David Ormrod.

5.2 The Domains Depicted in the Semantic Model ...... 243 5.3 Tools, Queries and Visualisation ...... 257 5.4 Ontological Design Review ...... 262 5.5 Chapter Five Summary...... 263 6. Chapter Six - Requirements ...... 266 6.0 Chapter Six Introduction ...... 266 6.1 Requirements Specification...... 266 6.2 Use Case Artefacts ...... 272 6.3 Chapter Six Summary ...... 291 7. Chapter Seven - Tool Analysis and Selection ...... 293 7.0 Chapter Seven Introduction ...... 293 7.1 Tools for Consideration ...... 294 7.2 Qualitative Comparison of Simulations ...... 296 7.3 Quantitative Comparison of Simulations ...... 298 7.4 Simulation Tool Selection ...... 298 7.5 Chapter Seven Summary ...... 298 8. Chapter Eight - Simulation and Experimental Design ...... 300 8.0 Chapter Eight Introduction ...... 300 8.1 Design Philosophy...... 300 8.2 Simulation Design ...... 301 8.3 Experiment Design ...... 309 8.4 Experiment Conduct ...... 322 8.5 Raw Simulation Outputs ...... 323 8.6 Chapter Eight Summary ...... 327 9. Chapter Nine - Data Analysis ...... 329 9.0 Chapter Nine Introduction ...... 329 9.1 Simulation Data Analysis ...... 330 9.2 Design Science Research Validation...... 336 9.3 Refactoring ...... 338 9.4 Chapter Nine Summary ...... 338 10. Chapter Ten - Conclusion ...... 341 10.0 Chapter Ten Introduction ...... 341 10.1 Outcomes in Relation to the Research Questions ...... 344 10.2 Contributions to Knowledge ...... 347 10.3 Key Research Findings...... 349 10.4 Limitations of Research and Future Work ...... 352 10.5 Conclusion ...... 354 Glossary of Terms ...... 356 References ...... 363

Cyberspace Weaponisation: Modelling Cyber-Effects and their Impacts on Mission Success, Human Factors and Kinetic Outcomes in the Tactical Land Combat Environment. Lieutenant Colonel David Ormrod.

Indemnity statement and releaseability of this document

The views expressed are the author’s and not necessarily those of the Australian Army or the Department of Defence. The Commonwealth of Australia will not be legally responsible in contract, tort or otherwise for any statement made in this publication.

All sources contained within this document are available through the internet or unclassified defence sources. Each key component of this thesis has been cleared by the Australian Department of Defence, Army Headquarters.

‘I hereby grant the University of New South Wales or its agents the right to archive and to make available my thesis or dissertation in whole or part in the University libraries in all forms of media, now or here after known, subject to the provisions of the Copyright Act 1968. I retain all proprietary rights, such as patent rights. I also retain the right to use in future works (such as articles or books) all or part of this thesis or dissertation.

I also authorise University Microfilms to use the 350 word abstract of my thesis in Dissertation Abstract International (this is applicable to doctoral theses only). I have either used no substantial portions of copyright material in my thesis or I have obtained permission to use copyright material; where permission has not been granted I have applied/will apply for a partial restriction of the digital copy of my thesis or dissertation.'

Signed ……………………………………………......

Date ……………………………………………......

6 Cyberspace Weaponisation: Modelling Cyber-Effects and their Impacts on Mission Success, Human Factors and Kinetic Outcomes in the Tactical Land Combat Environment. Lieutenant Colonel David Ormrod.

Ethics clearance

This thesis received ethics approval on 09 Dec 13 under Australian Defence Human Research Ethics Committee (ADHREC) Protocol 731-13, prior to commencement of the collection of human research data. Defence provided access to Army personnel to support this research.

All information has been managed in accordance with ADHREC Protocol 731-13. This research adheres to the National Statement on Ethical Conduct in Human Research.

Cyberspace Weaponisation: Modelling Cyber-Effects and their Impacts on Mission Success, Human Factors and Kinetic Outcomes in the Tactical Land Combat Environment. Lieutenant Colonel David Ormrod.

Abstract

Modern military forces utilise networked command and control systems to maintain situational awareness and support decision making. However, digital command and control networks are a highly desirable target and vulnerable to cyber-attack. This thesis addresses the research question: How can cyber-effects in the tactical land combat environment be modelled and measured in terms of mission success, human factors and kinetic outcomes? This research question is answered through an exploratory analysis of literature, doctrine, interviews with military decision makers and the development of multiple contributions to knowledge. Mixed methods triangulate qualitative and quantitative data, using design science research, grounded theory and Q methodology, together with agent-based modelling methods. The combination of these approaches elicits different perspectives on the ‘system-of-systems’ problem space.

This thesis demonstrates a relationship between cyber-effects, mission success, human factors and kinetic outcomes through the command and control of combat forces by military decision makers. Compromising the situational awareness of decision makers has a potentially significant impact on mission success. Kinetic outcomes may also be impacted. When a cyber- attack, technology domain, information target, system vulnerability and combat capability converge, it is possible that a cyber-effect can contribute to significant casualties.

Human factors form a critical link between the physical and virtual domains, through the decision maker. The decision maker can dynamically respond to the environment, providing a degree of mission resilience, if the decision maker is able to detect a change in the environment and respond appropriately. Agent personalities support human factor exploration in a simulated environment.

This thesis contributes to knowledge through a cyber conceptual framework, a methodology to guide cyber-kinetic research, the development of agent personalities through grounded theory, a semantic model, cyber-effect measures as they relate to mission and kinetic outcomes, and a simulation proof of concept to demonstrate the interaction between cyber-effects, human factors, mission success and kinetic outcomes. The findings of this thesis are significant for military decision makers and cyber-security researchers. Increased mission resilience in the tactical land combat environment can be achieved through cyber-defence capabilities, robust doctrine, a clear cyber-lexicon and training against a capable cyber-adversary.

Cyberspace Weaponisation: Modelling Cyber-Effects and their Impacts on Mission Success, Human Factors and Kinetic Outcomes in the Tactical Land Combat Environment. Lieutenant Colonel David Ormrod.

Acknowledgements

This thesis was made possible by my wife, friends, family and scotch.

Dr Ben Turnbull has been a supportive and engaging supervisor. I thank you for your friendship and for patiently allowing me to hijack your whiteboard and visit your home. I look forward to many academic, board game and fun filled adventures in the future. I feel privileged and lucky to have met you and your wonderful family.

I thank Dr Fred Bowden for the support and guidance you have provided as an extra-curricular activity around your busy job. You have helped me fashion a better thesis through your insights.

Professor Jill Slay has provided me with invaluable advice and assistance. Thank you for the chats and for your work developing a cyber education capability across Defence.

To my fellow compatriots, the men and women who serve to protect our society, thank you. Through your dedication and sacrifice I have enjoyed a privileged life with many opportunities.

I acknowledge the collaborative work undertaken with Kent O’Sullivan as a fellow student. Graeme, Brady, Steve and Steve have provided invaluable support with components of the simulation proof-of-concept. Tim’s sage words of advice and support have always been gratefully received. I acknowledge the proof reading services provided by John.

Thanks to my great friends who support me in so many ways. I enjoy spending time with you and getting up to crazy adventures. I look forward to many more.

To my family, Mary, Andrew and Matthew. Thank you for listening to me explain how I’ll finish my thesis next year, each year that has passed. Your support and love has been amazing.

To my parents, I wish you had been able to see me finish my doctorate and grow into the person I am today. I miss you. Thank you for giving me confidence and providing a loving environment to become the best person I could be. I will always love you.

Finally, to my wife, Amy. You have been my rock throughout this entire process. I love you. You are my best friend and I count myself lucky every day I spend with you. I look forward to spending many more hours together now that this Thesis is complete. Thank you for your patience, sense of humour and red pen. Here’s to all our future adventures! Just remember, the Doctor is always right.

Cyberspace Weaponisation: Modelling Cyber-Effects and their Impacts on Mission Success, Human Factors and Kinetic Outcomes in the Tactical Land Combat Environment. Lieutenant Colonel David Ormrod.

List of Figures

Figure 1 - Domain models in Australian, UK and US national publications and doctrine...... 61 Figure 2 - The CCF nested domain model ...... 67 Figure 3 - The CCF Cyber-Attack Causal Chain ...... 72 Figure 4 - Stoic Meta-ontology (De Harven, 2012, p89) ...... 103 Figure 5 - BICKE Method Process Overview ...... 114 Figure 6 - Environmental elicitation stage of the BICKE process...... 128 Figure 7 - Scenario One Depiction ...... 138 Figure 8 - Scenario Two Depiction ...... 139 Figure 9 - Coded Themes ...... 150 Figure 10 - Coded Theme - Digital C2 Systems Experience ...... 152 Figure 11 - Coded Theme - Digital C2 Systems Training ...... 153 Figure 12 - Coded Theme - Computer Aptitude ...... 154 Figure 13 - Coded Themes - Preferred Digital C2 System by Factor ...... 155 Figure 14 - Coded Themes - Digital C2 Systems Benefits ...... 156 Figure 15 - Coded Themes - Digital C2 Systems Benefits by Factor ...... 160 Figure 16- Coded Themes - Digital C2 Systems Issues ...... 161 Figure 17 - Coded Themes - Digital C2 Systems Issues by Factor ...... 166 Figure 18 - Coded Themes - Digital C2 Systems Trust ...... 167 Figure 19 - Coded Themes - Digital C2 Systems Trust by Factor ...... 168 Figure 20 - Coded Themes - Compromised Opposing Force C4ISR System ...... 169 Figure 21 - Compromised OPFOR C4ISR System By Factor ...... 171 Figure 22 - Coded Themes - Compromised Blue Force Tracker...... 172 Figure 23 - Compromised Blue Force Tracker Themes by Factor ...... 173 Figure 24 - Coded Themes - Thoughts about Digital C2 Systems ...... 174 Figure 25 - Coded Themes - Thoughts about the Use of Digital C2 Systems ...... 176 Figure 26 - Coded Themes - Training Comments ...... 177 Figure 27 - Coded Themes - Training Comments by Factor ...... 179 Figure 28 - Coded Themes - Deception Employment and Considerations ...... 180 Figure 29 - Deception Consideration Responses by Factor ...... 182 Figure 30 - Coded Themes - Responses to Scenarios by Factor...... 183 Figure 31 - Coded Themes - Scenario Responses ...... 183 Figure 32 - Digital C2 Human Factors Combat Model (DC2HFC Model) ...... 191

Cyberspace Weaponisation: Modelling Cyber-Effects and their Impacts on Mission Success, Human Factors and Kinetic Outcomes in the Tactical Land Combat Environment. Lieutenant Colonel David Ormrod.

Figure 33 - Compromised Enemy Digital C2 System Sub-model ...... 192 Figure 34 - Compromised Friendly Digital C2 System Sub-model ...... 193 Figure 35 - Digital C2 System Trust Sub-model ...... 194 Figure 36- Agent Personality Sub-model ...... 195 Figure 37 - Agent A Personality ...... 197 Figure 38 - Agent B Personality ...... 198 Figure 39 - Agent C Personality ...... 199 Figure 40 - Agent D Personality ...... 200 Figure 41 - Deception Model ...... 202 Figure 42 - E2E Use Case for OS Fire Mission ...... 205 Figure 43 - BPD 19 Fire Mission ...... 206 Figure 44 - Business Process Interactions - High Level View ...... 209 Figure 45 - Business Process Interactions - Detailed Schematic ...... 210 Figure 46 - BPD 26 Cyber-Attack ...... 213 Figure 47 - BPD 26A Cyber-Attack Identify Resources ...... 214 Figure 48 - BPD 26B Cyber-Attack Establish Foothold ...... 215 Figure 49 - BPD 26C Cyber-Attack Recon ...... 216 Figure 50 - BPD 26D Cyber-Attack Weaponisation ...... 217 Figure 51 - BPD 26E Cyber-Attack Delivery ...... 218 Figure 52 - BPD 26F Cyber-Attack Exploitation ...... 218 Figure 53 - BPD 26G Cyber-Attack Control ...... 219 Figure 54 - BPD 26H Cyber-Attack Execute ...... 219 Figure 55 - BPD 26I Cyber-Attack Mission Failure Analysis ...... 220 Figure 56 - BPD 26J Cyber-Attack Objective Analysis ...... 221 Figure 57 - BPD 26K Cyber-Attack Expand Control ...... 222 Figure 58 - BPD 27 Cyber-Defence...... 223 Figure 59 - BPD 27A Cyber-Defence Identify Resources...... 224 Figure 60 - BPD 27B Cyber-Defence Prevent Foothold ...... 224 Figure 61 - BPD 27C Cyber-Defence Restrict Control ...... 225 Figure 62 - BPD 27D Cyber-Defence Obscure ...... 225 Figure 63 - BPD 27E Cyber-Defence Maintain ...... 226 Figure 64 - BPD 27F Cyber-Defence Detect ...... 226 Figure 65 - BPD 27G Cyber-Defence Remediate...... 227 Figure 66 - BPD 27H Cyber-Defence Prevent ...... 228 11

Cyberspace Weaponisation: Modelling Cyber-Effects and their Impacts on Mission Success, Human Factors and Kinetic Outcomes in the Tactical Land Combat Environment. Lieutenant Colonel David Ormrod.

Figure 67 - BPD 27I Cyber-Defence Restrict Damage ...... 229 Figure 68 - BPD 27J Cyber-Defence Restore Control...... 230 Figure 69 - Measures of Combat Effect Model (MCEM) ...... 232 Figure 70 - MOFE Matrix ...... 233 Figure 71 - MCEM Aggregated Schema ...... 238 Figure 72 - Semantic Model ...... 242 Figure 73 - Stoic-Inspired Ontology Nested Domain Model...... 243 Figure 74 - BCEO Visualisation in WebVOWL ...... 258 Figure 75 - Screenshot of Entity Class in Webvowl ...... 259 Figure 76 - Protege BCEO Class View...... 260 Figure 77 - Requirements...... 266 Figure 78 - High Level Concept Graphic ...... 273 Figure 79 - Experimental User Use Case ...... 274 Figure 80 - Simulation Actor Use Cases...... 275 Figure 81 - Mission Capabilities ...... 287 Figure 82 - Mission Capability and Cyber-Attack Risks ...... 291 Figure 83 - Tool Analysis and Selection ...... 293 Figure 84 - Simulation and Experimental Design...... 300 Figure 85 - Flanking Behaviour ...... 306 Figure 86 - Terrain Manoeuvre Behaviour ...... 306 Figure 87 - Combat Power Values (Raymond 1991, pp. 63-68) ...... 307 Figure 88 - Cross-domain view of the message sending process ...... 307 Figure 89 - CELTS GUI Display ...... 309 Figure 90 - CELTS Organisation Creator ...... 311 Figure 91 - ORBAT One...... 312 Figure 92 - ORBAT Two ...... 313 Figure 93 - ORBAT Three ...... 314 Figure 94 - ORBAT Four ...... 315 Figure 95 - Terrain One ...... 316 Figure 96 - Terrain Two ...... 317 Figure 97 - Terrain Three ...... 317 Figure 98 - Terrain Four ...... 318 Figure 99 - Extensive Connectivity Network ...... 318 Figure 100 - Hub and Spoke Network ...... 319 12

Cyberspace Weaponisation: Modelling Cyber-Effects and their Impacts on Mission Success, Human Factors and Kinetic Outcomes in the Tactical Land Combat Environment. Lieutenant Colonel David Ormrod.

Figure 101 - Complete Connectivity...... 319 Figure 102 - Data Analysis and Experiment Refactoring ...... 329 Figure 103 - MOFE result by side and simulation ...... 330 Figure 104 - Scenarios of interest by MOFE result ...... 331 Figure 105 - Relationship between MOFE and cyber-attack/defence capability ...... 334

Cyberspace Weaponisation: Modelling Cyber-Effects and their Impacts on Mission Success, Human Factors and Kinetic Outcomes in the Tactical Land Combat Environment. Lieutenant Colonel David Ormrod.

List of Tables

Table 1 - Volunteer Participant Categorisation ...... 131 Table 2 - Interview Questions for Thematic Analysis ...... 134 Table 3 - Q Sample Statements for the Card Sort ...... 136 Table 4 - Q Sorting Frequency Distribution ...... 141 Table 5 - Factor Analysis Results ...... 142 Table 6 - Factor A to D Composite Factor Array Comparison of Q Sort Ranking Values ... 143 Table 7 - Factor A Statements and Z-Scores ...... 144 Table 8 - Factor B Statements and Z-Scores ...... 146 Table 9 - Factor C Statements and Z-Scores ...... 147 Table 10 - Factor D Statements and Z-Scores ...... 148 Table 11 - BPDs Created as Thesis Artefacts ...... 208 Table 12 - Summary of Epics ...... 281 Table 13 - User Story - Experimental User ...... 282 Table 14 - User Story - JFT ...... 282 Table 15 - User Story – JFCC ...... 283 Table 16 - User Story - Gun Battery ...... 283 Table 17 - User Story – Commander ...... 284 Table 18 - User Story - Entity ...... 285 Table 19 - User Story - Red Force ...... 285 Table 20 - User Story - Blue Force ...... 285 Table 21 - Simulation Comparison ...... 297 Table 22 - Simulation Prototype Target Prioritisation Table ...... 304 Table 23 - Network Topology Configuration file ...... 318 Table 24 - Experimental Parameters Combined ...... 321 Table 25- SEED NOLH Designs v6 Output for 9 Factors (Sanchez, 2011)...... 322 Table 26 - Exercise scenario parameters ...... 323 Table 27 - Example CELTS message state log ...... 324 Table 28 - Example CELTS Message Status Log ...... 324 Table 29 - Example CELTS network log ...... 324 Table 30 - Example CELTS kinetic outcomes log ...... 325 Table 31 - Data output for all scenarios (across 100 runs) ...... 326 Table 32 - Data Output Format for Each Simulation Run ...... 353

Cyberspace Weaponisation: Modelling Cyber-Effects and their Impacts on Mission Success, Human Factors and Kinetic Outcomes in the Tactical Land Combat Environment. Lieutenant Colonel David Ormrod.

Acronyms ABM - Agent-Based Modelling. CAMUS - Cyber-Assets to Missions and Users.

ABSNEC - Agent-Based System for Network CAPT - Captain. Enabled Capabilities. CAS - Complex Adaptive Systems. ADDP - Australian Defence Doctrine Publication. CCDCOE - NATO Cooperative Cyber-Defence ADF - Australian Defence Force. Centre of Excellence

ADHREC - Australian Defence Human Research CCF - Cyber-Conceptual Framework. Ethics Committee. CEC - Cooperative Engagement Capability. AFATDS - Advanced Field Artillery Tactical Data System. CELTS - Cyber-Effects Land Tactics Simulation.

AI - Artificial Intelligence. CEMA - Cyber-Electro-Magnetic Activities.

AII - Adversary Intent Inferencing. CERF - Cyber-Effects Request Form.

AMSAA - Army Materiel Systems Analysis CERT - Computer Emergency Response Team. Activity. CFZ - Critical Friendly Zone. APC - Armoured Personnel Carrier. CGF - Computer Generated Forces. APHAKS - AMSAA Probability of Hit and Kill Simulation. CI - Critical Infrastructure.

APT - Advanced Persistent Threat. CIA - Confidentiality-Integrity-Availability.

AQ - Agility Quotient. CIMIA - Cyber-incident Mission Impact Assessment. ARMS - Arms Corps. CIS - Communication and Information Systems. ASD - Australian Signals Directorate. CISSP - Certified Information Systems Security ASI - Application Scripting Interface. Professional.

AURUM - Automated Risk and Utility CISSPBK - Certified Information Systems Security Management. Professional Body of Knowledge.

BCEO - Battlespace Cyber-Effects Ontology. CLIOS - Complex, Large-scale, Integrated, Open Systems. BDA - Battle Damage Assessment. CMIA - Cyber-Mission Impact Assessment. BDI - Belief-Desire-Intention. CNO - Computer Network Operations. BFT - Blue Force Tracker. CO - Cyberspace Operations. BHQ - Battalion Head Quarters. COP - Common Operational Picture. BICKE - Battlespace Integrated Cyber-Kinetic Effects. CP – Combat Power.

BN - Battalion. CPL - Corporal.

BOS - Battlefield Operating System. CROCADILE - Conceptual Research Oriented Combat Agent Distillation Implemented in the C2 - Command and Control. Littoral Environment.

C4ISR - Command, Control, Communication, CROP - Common Relevant Operating Picture. Computers, Intelligence, Surveillance and Reconnaissance. CSP - Combat Support Corps.

Cyberspace Weaponisation: Modelling Cyber-Effects and their Impacts on Mission Success, Human Factors and Kinetic Outcomes in the Tactical Land Combat Environment. Lieutenant Colonel David Ormrod.

CSS - Combat Service Support Corps. IA - Information Activities.

CTEM - Command Team Effectiveness Model. IACM - Information Age Combat Model.

DAG - Directed Acyclic Graph. ICCWS - International Conference on Cyber- Warfare and Security. DC2HFC - Digital C2 Human Factors Combat. ICS - Industrial Control System. DCO - Defensive Cyberspace Operations. IDART - Information Design Assurance Red DEVS - Discrete Event System. Team.

DF - Direct Fire. IDS - Intrusion Detection System.

DOD - Department of Defense. IHL - International Humanitarian Law.

DODAF - Department of Defence Architecture INCIDER - Integrative Combat Identification Framework. Entity Relationship.

DODIN - Department of Defence Information IO - Information Operations. Network. IRC - Information-Related Capabilities. DoS - Denial of Service. IS - Information System. DSR - Design Science Research. ISAAC - Irreducible Semi-Autonomous Adaptive DSTG - Defence Science Technology Group. Combat

E2E - End-to-End. IT - Information Technology.

EA - Engagement Area. JC3IEDM - Joint C3 Information Exchange Data Model. EBO - Effects-Based Operations. JFCC - Joint Fire Control Centre. EINSTein - Enhanced ISAAC Neural Simulation Toolkit. JFIRE - Joint Application of Firepower.

EM - Electromagnetic. JFT - Joint Fire Team.

EMS - Electromagnetic Spectrum. JP - Joint Publication.

ERL - Enterprise Readiness Level. LCPL - Lance Corporal.

EW - Electronic Warfare. LER - Loss Exchange Ratio.

FBCB2 - Force XXI Battle Command Brigade and LFORRAT - Log function of the FORce RATio. Below. LHELMRAT - Log function of the fraction in two FIC - Fundamental Inputs to Capability. forces’ respective force ratios.

FM - Field Manual. LOD - Likelihood of Detection.

FSO - Full Spectrum Operations. LOI - Likelihood of Identification.

FT - Full time. LOS - Line of Sight.

FuSIA - Future Situation and Impact Awareness. LT - Lieutenant.

GUI - Graphical User Interface. M&S - Modelling and Simulation.

HBR - Human Behaviour Representation. MAE - Mission Assurance Engineering.

HVT - High Value Target. MANA - Map Aware Non-Uniform Automata.

Cyberspace Weaponisation: Modelling Cyber-Effects and their Impacts on Mission Success, Human Factors and Kinetic Outcomes in the Tactical Land Combat Environment. Lieutenant Colonel David Ormrod.

MASON - Multi-Agent Simulation. PHPK - Probability Hit and Probability Kill.

MC - Mission Command. PK - Probability Kill.

MCP - Mission Capability Packages. PROGNOS - Probabilistic OntoloGies for Net- centric Operation Systems. MCEM - Measures of Combat Effect Model. PT - Part time. MEBN - Multi-Entity Bayesian Networks. PTE - Private. MILCOM - Military Communications Conference. RAF - Royal Air Force. MIP - Multilateral Interoperability Programme. RDF - Resource Description Framework. MOD - Ministry of Defence. ROI - Return on Investment. MODAF - Ministry of Defence Architecture Framework. RPD - Recognition Primed Decision.

MOE - Measures of Effectiveness. RPG - Rocket Propelled Grenade.

MOFE - Measure of Force Effectiveness. SA - Situational Awareness.

MOP - Measures of Performance. SAF - Semi-Automated Forces.

MRM - Multi-Resolution Modelling. SDR - Software Defined Radio.

NAF - NATO Architecture Framework. SEAROADS - Simulation, Evaluation, Analysis and Research on Air Defence Systems. NASA - National Aeronautics and Space Administration. SGT - Sergeant.

NATO - North Atlantic Treaty Organisation. SME - Subject Matter Expert.

NCMAA - Network-Centric Multi-Agent SOS - System of Systems. Architecture. SOSE - System of Systems Engineering NCW - Network-Centric Warfare. Conference.

NIC – Network Interface Card. SOTCAC - Self-Organised Terrorist- Counterterrorist Adaptive Co-evolutions. NSA - National Security Agency. SPOC - Simulation Proof-of-Concept. NZ - New Zealand. SRL - Systems Readiness Level. OAKOC - Observation and fields of fire, Avenues of approach, Key and decisive terrain, Obstacles, STO - Situation Theory Ontology. Cover and concealment. STS - Socio-Technical Systems. OBJ - Objective. TAI - Targeted Area of Interest. OCO - Offensive Cyber-Operations. TEO - Tactical Effects Ontology. OODA - Observe, Orient, Decide and Act. TLCE - Tactical Land Combat Environment. ORBAT - Order of Battle. UAV - Unmanned Aerial Vehicle. OS - Offensive Support. UBOM - Unified Battlespace Ontology Model. PAA - Position Area for Artillery. UK - United Kingdom. PEOSTRI - Program Executive Office for Simulation, Training and Instrumentation. UNSW - University of New South Wales.

Cyberspace Weaponisation: Modelling Cyber-Effects and their Impacts on Mission Success, Human Factors and Kinetic Outcomes in the Tactical Land Combat Environment. Lieutenant Colonel David Ormrod.

US - United States of America.

USS - United States Ship.

VBS3 - Virtual Battle Space 3.

VV&A - Verification, Validation and Accreditation.

W3C - World Wide Web Consortium.

WISDOM - Warfare Intelligent System for Dynamic Optimisation of Missions.

WoG – Whole-of-Government.

WO1 - Warrant Officer Class One.

WO2 - Warrant Officer Class Two.

WSC - Winter Simulation Conference.

WWII - World War Two.

Cyberspace Weaponisation: Modelling Cyber-Effects and their Impacts on Mission Success, Human Factors and Kinetic Outcomes in the Tactical Land Combat Environment. Lieutenant Colonel David Ormrod.

Related research by the author utilised within this thesis

Sections of this thesis have been submitted for peer-review and published. Expert peer-review has allowed the author to develop his thinking and models through external feedback. Peer- review also ensures that the thesis content is suitable for publication, through presentation at conferences or in reputable research journals. The following peer-reviewed papers have been written by the author and used in components of this thesis:

1. Ormrod, D 2014. ‘A ‘Wicked Problem’ – Predicting SOS behaviour in tactical land combat with compromised C4ISR’ in Cook, S et al (eds), Proceedings of the 9th International System of Systems Engineering Conference (SOSE) 09-13 Jun 2014, Adelaide, South Australia. [Peer-reviewed, published]. http://ieeexplore.ieee.org/abstract/document/6892472/ 2. Ormrod, D 2014. ‘The Coordination of Cyber and Kinetic Deception for Operational Effect’ in Whatmough, S et al (eds), Proceedings of the Military Communications Conference (MILCOM) 06-08 Oct 2014. Baltimore, Maryland. [Peer-reviewed, published]. http://ieeexplore.ieee.org/document/6956747/ 3. Ormrod, D; O’Sullivan, K and Turnbull, B 2015. ‘System of Systems Cyber-Effects Simulation Ontology’ in Macal, C et al (eds), Proceedings of the Winter Simulation Conference (WSC) 06-09 Dec 2015. Huntington Beach, California. [Peer-reviewed, published]. http://ieeexplore.ieee.org/document/7408358/ 4. Ormrod, D and Turnbull, B 2016. ‘Attrition Rates and Manoeuvre in Agent Based Simulation Model’s. Journal of Defence Modelling and Simulation [Peer-reviewed, published]. http://journals.sagepub.com/doi/pdf/10.1177/1548512917692693 5. Ormrod, D and Turnbull, B 2016. ‘The Cyber-Conceptual Framework for Developing Military Doctrine’. Defence Studies. Volume 16. Issue 3. pp 270-298. [Peer-reviewed, published]. http://www.tandfonline.com/doi/abs/10.1080/14702436.2016.1187568?journalCode=fdef20 6. Ormrod, D and Turnbull, B 2016. ‘The Military Cyber-Maturity Model - Preparing Modern Cyber-Enabled Military Forces for Future Conflicts’ in Zlateva, T & Greiman, V (eds), Proceedings of the 11th International Conference on Cyber-Warfare and Security (ICCWS) 2016. Boston, Massachusetts. [Peer-reviewed, published]. http://search.proquest.com/openview/16016445fbacbcbc0ab06276204fa45d/1?pq- origsite=gscholar&cbl=396500

19 Cyberspace Weaponisation: Modelling Cyber-Effects and their Impacts on Mission Success, Human Factors and Kinetic Outcomes in the Tactical Land Combat Environment. Lieutenant Colonel David Ormrod.

7. Ormrod, D and Turnbull, B. 2017. ‘Understanding Military Cyber-Maturity - Preparing Modern Cyber-Enabled Military Forces for Future Conflicts’. International Journal of Cyber Warfare and Terrorism (IJCWT). [Peer-reviewed, accepted, not yet published]. 8. Ormrod, D and Turnbull, B. 2017. ‘A Framework for the Modelling and Simulation of Battlespace Integrated Cyber-Kinetic Effects’. 16th European Conference on Cyber Warfare and Security (ECCWS) 29-30 Jun 2017. Dublin, Ireland, UK. [Peer-reviewed, accepted, not yet published].

Declaration

I certify that the publications above were a direct result of my research towards this PhD, and that reproduction in this thesis does not breach copyright regulations.

Signed ……………………………………………......

Date ……………………………………………......

The paper ‘Coordination of Cyber and Kinetic Deception for Operational Effect’ presented at MILCOM 2014 was subsequently awarded a Science for Security Citation. The United States of America National Security Agency Research Directorate sponsors the Science of Security Initiative to promote foundational cybersecurity science that is needed to mature the cybersecurity discipline and to underpin advances in cyber-defence. The Science of Security website is located at: http://cps-vo.org/group/SOS

Cyberspace Weaponisation: Modelling Cyber-Effects and their Impacts on Mission Success, Human Factors and Kinetic Outcomes in the Tactical Land Combat Environment. Lieutenant Colonel David Ormrod.

Chapter One - Introduction

Cyberspace Weaponisation: Modelling Cyber-Effects and their Impacts on Mission Success, Human Factors and Kinetic Outcomes in the Tactical Land Combat Environment. Lieutenant Colonel David Ormrod.

1. Chapter One – Introduction

1.1 Motivation and Rationale

The author is an Australian Defence Force (ADF) Army officer with over twenty years’ military experience. Throughout his career, he has observed the benefits of digital technologies and their enhancement of combat capabilities. One example is the application of the blue force tracker (BFT) system to better inform and support decision makers on the battlefield (Dreier & Birgl 2010). However, technology is a double-edged sword. Information can be wrong. The adversary can deceive, and human error can incorrectly input or perceive data. Experienced military decision makers are aware of the risk inherent in relying on specific data feeds, whether digital or analogue. However, less experienced military decision makers may rely on information without full consideration of its source, the networks it has traversed and the likelihood an adversary has access to the information.

The author has observed different standards of assessing physical and virtual attack success by military members throughout his career. Some people associate the existence of malicious software on a computer network with a successful cyber-attack. Others would interpret a port scan as a cyber-attack. However, when considering a physical attack in a conventional military operation, many military members would equate success with the degree to which the mission was accomplished. Whilst a cyber-attack is different to a physical kinetic-attack, they are both generally prosecuted in a military context as part of a broader objective or mission. The measures of success as they relate to the mission are the same. For example, a cyber-attack which compromises an enemy machine but does not lead to any mission advantage is not a success from the perspective of the mission commander. If the resources expended on the cyber-attack did not contribute to mission success, they could have been better employed elsewhere. These observations led to the author’s desire to understand cyber-effects, describe the relationship between cyber-effects and human factors such as decision making, explore how cyber-effects could be measured against mission success and kinetic outcomes, and identify what broad mitigation strategies are available to reduce the effect of a cyber-attack.

History supports the contention that technological systems present risks which are difficult to mitigate when combined with humans in an uncertain, complex environment. “Many people and institutions still cling to the illusion that technology provides security… Absolute security was a myth in 1939 and remains a myth in the twenty-first century” (Ratcliff 2006, pp. 234-6).

Cyberspace Weaponisation: Modelling Cyber-Effects and their Impacts on Mission Success, Human Factors and Kinetic Outcomes in the Tactical Land Combat Environment. Lieutenant Colonel David Ormrod.

The German military’s trust in the Enigma machine and cipher during WWII led to significant tactical and strategic losses, despite a number of internal German investigations into the security of the system (Ratcliff 2006). Cryptographic and communication attacks (the equivalent for their time to a cyber-attack) on the German communication system, including the Enigma code, resulted in kinetic events, leading to tactical and operational losses. These losses led to an investigation by German agencies into the security provided by the Enigma system. For example, the German Navy conducted inquiries due to the loss of U-Boats and other assets. Admiral Donitz observed, “either our ciphers have been compromised or it is a case of leakage... The Naval Staff is requested to take the necessary measures to safeguard the cipher system” (Erskine & Smith 2002, p. 374). The Germans had, themselves, broken an Enigma machine earlier in the war and knew of its weaknesses (Ratcliff 2006). Their efforts to strengthen the system did not result in sufficient security to prevent continued breaches. Users were advised the system was unbreakable. Protection and assurance of the system was the responsibility of other agencies. However, the failure of the system to provide secure communications, caused by a combination of compounding failures throughout the system, led to real effects for sailors, soldiers and airmen at a tactical level.

Technologies intended to support combatants can create a reliance between the decision maker and the supporting system, even when it is inappropriate for the circumstances (Stevenson 2006). Technological overreliance amounts to a level of trust inappropriate for the environment and scenario. Trust, which predicts another party’s future actions as favourable, is a psychological and subjective state linked to organisational effectiveness (Petraki & Abbass 2014; Powley et al. 2010). Trust in a digital context involves a greater number of variables. Trust extends from the human operating the digital system, across a network, through to another human operator. The operators must trust the devices, the software on the devices, the technology securing the system, and network performance.

The value of a digital system as an enabler to the military decision maker results in the system being equally valuable as a target for the opposing force, assuming the adversary has the capability to interdict the system and either deny or compromise its operation. Trust in technology is central to contemporary combat (United States Department of Defense 2013). In addition to the risk of human or system error, the adversary can employ denial of service (DoS) attacks, information overload and deception (Conti et al. 2005; Department of Defense 2012). The modern digital system includes sensors, user cognitive filters and social systems, combined to create a system-of-systems (SOS) (Sage & Cuppan 2001). These SOS are tightly-coupled

Cyberspace Weaponisation: Modelling Cyber-Effects and their Impacts on Mission Success, Human Factors and Kinetic Outcomes in the Tactical Land Combat Environment. Lieutenant Colonel David Ormrod.

systems featuring independent aspects, emergent behaviour and evolutionary development (Rittel & Webber 1973). The data shared across technological platforms is interpreted by combatants and informs combat decisions (Endsley et al. 2000). The coordination of combat forces through integrated technology, of both the digital and analogue varieties, has been described as an information system (IS) (Checkland 1999; Citino 2004).

This thesis models the impact of cyber-effects on mission success, human factors and kinetic outcomes in the tactical land combat environment. It will define and expand upon each of these concepts. Definitions are provided here, noting they will be further developed and discussed in later chapters. Impact is measured by comparing the outcomes from different types of missions with varying environmental conditions, and the resources utilised to achieve those missions. Cyber-effects are events in cyberspace influencing the outcome of a mission. Mission success refers to a military objective and whether it is achieved by an assigned force. Human factors refers to the human use of digital systems for tactical land combat decision making. Kinetic outcomes result from physical conflict. They are measured as attrition of casualties and damaged or destroyed equipment. Tactical land combat is conducted at the battalion level and below, using infantry, armour, artillery and weapon systems as combined arms teams to conduct close combat operations. Combined arms teams synchronise capabilities and systems to create an effect on an adversary that is greater than if those capabilities and systems were utilised alone (Department of Defense 2001a, pp. 2-6). The tactical land combat environment is a complex mix of physical and cognitive variables such as terrain, military capabilities and adversarial decision making. Having modelled the impact of cyber-effects on tactical land combat, this thesis develops broad mitigation strategies to reduce mission capability impacts. The research question this thesis answers is: How can cyber-effects in the tactical land combat environment be modelled and measured as they relate to mission success, human factors and kinetic outcomes?

The answer to the research question is framed by the intersection of technology, processes and people. Technology provides enhanced digital communication capabilities to military forces. The benefits of technology can be undermined through cyber-attacks. Processes describe typical behaviours and activities. Processes use technology and people to transform available resources and produce outputs, which contribute to achieving a mission. People prosecute combat operations to achieve assigned objectives. The way people interact with communication technologies, make decisions and undertake processes to achieve tasks, provides agility to systems in environments of uncertainty. Whereas technology and processes

Cyberspace Weaponisation: Modelling Cyber-Effects and their Impacts on Mission Success, Human Factors and Kinetic Outcomes in the Tactical Land Combat Environment. Lieutenant Colonel David Ormrod.

perform in predefined ways, people can adapt and improvise. The intersection of technology, processes and people results in a complicated and multi-dimensional problem space. This thesis explores the problem space and develops a coherent and comprehensive understanding of some factors related to measurement of cyber-effects in the tactical land combat environment. This understanding is intended to inform future research and study.

1.2 The Problem

Digitisation provides documented advantages in tactical land combat (Alberts et al. 2000; Garstka 2004). The problem is that cyber-effects are not modelled or measured in the tactical land combat environment using models accessible to the general researcher. The author contends that the failure to measure cyber-effects relates to our limited understanding of the causal links between physical, virtual and human systems. Efforts to defend against cyber- effects are technologically focused, based on this limited understanding. However, many military systems contributing to battlefield success can continue to operate independently despite cyber-attacks. The processing of information and the underlying decision-making of military commanders often relies on cyber-enabled systems. In most cases, this processing occurs in a human mind rather than in a computer. Conversely, much of the information used by these human decision makers is derived from, or transmitted via, cyber-enabled systems. Therefore, cyber-effects have the potential to inflict significant damage on the battlefield. Understanding mission and kinetic outcomes from cyber-effects requires the incorporation of human factors.

Command, Control, Communication, Computers, Intelligence, Surveillance and Reconnaissance (C4ISR) systems enable the rapid and efficient sharing of data and information between troops on the battlefield, resulting in shared knowledge and collective situational understanding (Bernier & Treurniet 2010). These C4ISR systems are depicted in literature through two diverging views, equating to optimism or pessimism about their potential impact on combat outcomes. One perspective describes how “integrated C4I systems… help military forces to prevail against adversaries by operating in a rapid, coherent, and coordinated fashion never previously achieved” (Berson et al. 1999, p. 22). This positive perspective is matched with an opposing view within the same report—the Department of Defense (DOD) “is in an increasingly compromised position. The rate at which information systems are being relied on outstrips the rate at which they are being protected… The result is vulnerability…” (Berson, Kemmerer, & Lampson 1999, p. 33). The emergence of advanced persistent threats

Cyberspace Weaponisation: Modelling Cyber-Effects and their Impacts on Mission Success, Human Factors and Kinetic Outcomes in the Tactical Land Combat Environment. Lieutenant Colonel David Ormrod.

(APT), such as Stuxnet, offer tantalising alternatives for technologically-advanced nations to disrupt near peer adversaries in combat. The opportunity for DoS is one option available to an adversary capable of attacking a C4ISR system. Alternatives include compromising the system and gathering information, passively observing the adversary’s activities, or actively manipulating data as a means of deception to create false situational awareness (SA).

A military adversary capable of advanced cyber-attacks can erode the trust of commanders by degrading information feeds and SA. Potential impacts extend beyond the technological. The US Task Force Report on Resilient Military Systems and the Advanced Cyber-Threat observed that “the benefits to an attacker using cyber-exploits are potentially spectacular… Military Commanders may rapidly lose trust in the information… Once lost, that trust is very difficult to regain” (United States Department of Defense 2013, p. 5). Corrupt data can depict false information and mislead decision makers. In turn, those decisions can have a deleterious effect on the battlefield. Lives can be lost, opportunities missed and resources wasted. In this context, the effect of a cyber-attack on C4ISR systems, as part of a larger, orchestrated tactical deception plan, remains unexplored within the literature.

An effect on the battlefield is “every action that changes the parameters towards the desired end-state… of the ongoing operation” (Tolk 2012b, p. 145). Effects link to actions or other effects. “An effect is a physical and/or behavioural state of a system that results from an action, a set of actions, or another effect. A desired effect can also be thought of as a condition that can support achieving an associated objective, while an undesired effect is a condition that can inhibit progress toward an objective” (Joint Staff 2011, pp. III-3). Kinetic effects are force-on- force engagements which are physically observable in space and time, generally resulting in attrition to either side. In contrast, cyber-effects occur in a virtual domain. Cyber-effects leverage the cyberspace environment with potential cascading effects through other domains, leading to kinetic effects. However, not every cyber-effect influences the physical domain. For a cyber-effect to have an effect on the battlefield, it must change a parameter linking to the end-state of an operation. Despite the intangible nature of the virtual domain, cyber-effects should be measured as they relate to the mission. Measures of Effectiveness (MoE) “…enable commanders to identify the impact of a targeting action in relation to the overall mission” (Commonwealth of Australia 2009a, p. 28). Therefore, the relationship between cyber-effects, missions and MoE is an essential part of any model describing impacts on the tactical land combat environment.

Cyberspace Weaponisation: Modelling Cyber-Effects and their Impacts on Mission Success, Human Factors and Kinetic Outcomes in the Tactical Land Combat Environment. Lieutenant Colonel David Ormrod.

Measurement requires a comprehensive understanding of the mission, the organisations in conflict, and the connections between the cyber, physical and human/social systems. Variety, in the context of the viable systems model (VSM), is the “number of distinguishable elements in a system, or by extension the number of distinguishable systemic states” (Beer 1984, p. 6). Even in a limited tactical combat scenario, the number of possible states is extensive. However, the number of possible states increases significantly when one considers human cognitive states. The human interface forms a critical link between the human and virtual domains, in the form of the decision maker. It is the human decision maker who commands and controls land combat forces. Cyber-enabled systems support decision-making, SA and communication. Cyber-enabled systems are yet to control combat engagements. Even future autonomous combat systems are likely to require human input for mission assignment and to measure mission success. Therefore, variety includes the human decision makers’ cognitive states, the mission and the physical states of the system.

The potential variety of outcomes and scenarios involving cyber-attacks in military combat makes prediction and risk analysis difficult. However, “the benefits to an attacker using cyber- exploits are potentially spectacular” (United States Department of Defense 2013, p. 5). The unique features of cyberspace require research considering causal relationships and cascading effects across domains. Conducting research into such a complex area requires abstraction through a model (Velten 2009). A model is needed allowing researchers to understand and explore the interdependencies between the virtual and physical domains, since military command rests across multiple dimensions (Moon et al. 2013). The purpose of this thesis is to develop such a model.

Cyberspace Weaponisation: Modelling Cyber-Effects and their Impacts on Mission Success, Human Factors and Kinetic Outcomes in the Tactical Land Combat Environment. Lieutenant Colonel David Ormrod.

1.3 Purpose of the Thesis

1.3.1 Purpose

The purpose of this thesis is to model cyber-effects and their impacts on mission success, human factors and kinetic outcomes in the tactical land combat environment.

1.3.2 Aim

This thesis addresses the problem of modelling and measuring mission success, human factors and kinetic outcomes resulting from cyber-effects in the tactical land combat environment. The aim of the thesis is to produce a model of cyber-effects by measuring them in the tactical land combat environment and establishing their relationships with kinetic effects and mission outcomes.

1.3.3 Research Questions

This thesis seeks to answer the following research master question:

How can cyber-effects in the tactical land combat environment be modelled and measured as they relate to mission success, human factors and kinetic outcomes?

Five additional sub-questions (SQs) were developed to guide the research:

SQ1. What are the relationships between tactical land combat human factors and cyber- systems?

Human Factors refers to the human use of digital command and control (C2) systems for tactical land combat decision making. Human factors in this context include SA, tactical decision making and trust in digital C2 devices. Tactics are also included within the scope of this analysis. The extent to which tactical decision makers rely upon cyber-systems is not apparent in the literature. Some models, such as Yildiz (2014), appear to consider cyber- systems as critical to the most basic of land combat processes, such as direct fire targeting. Others may not consider cyber-systems at all (McIntosh 2009). This thesis seeks to establish the relationship between cyber-systems and tactical decision makers. A sample of human military decision makers is used to investigate the relationship between decision makers and cyber-systems. This thesis develops measures of cyber-effects and a model for understanding their impacts on human factors.

Cyberspace Weaponisation: Modelling Cyber-Effects and their Impacts on Mission Success, Human Factors and Kinetic Outcomes in the Tactical Land Combat Environment. Lieutenant Colonel David Ormrod.

SQ2. What are the relationships between tactical land combat kinetic outcomes and cyber- systems?

Many kinetic systems operate without cyber-systems. However, kinetic systems are employed through tactical manoeuvres, which are facilitated by cyber-systems. Therefore, it is likely there is an indirect influence on kinetic systems by cyber-systems. The extent of this influence is not known. This thesis establishes relationships between cyber-systems and tactical land combat business processes, which produce kinetic outcomes through tactics.

SQ3. What are the relationships between cyber-effects and tactical land combat mission success?

A documented advantage, in terms of SA and subsequent combat efficiency, is provided by C4ISR systems. Investment in C4ISR is based on the perceived return on investment (ROI) that these systems achieve by digitising specific land combat capabilities. For example, faster and more accurate target acquisition is thought to increase the effectiveness of offensive support (OS) and joint fires. Cyber-effects are capable of degrading C4ISR systems and disrupting SA. However, many of these effects are indirect, due to a basic weapon systems’ ability to operate without the assistance of cyber-systems. Battlefield commanders make decisions despite limitations in their SA. Therefore, the relationship between cyber-effects and tactical land combat mission success is not fully known. This thesis establishes the relationship between cyber-effects and tactical land combat mission success.

SQ4. How can the impact of cyber-effects on tactical land combat mission success be described and measured?

The impact of cyber-effects and how they are described and measured from a SOS perspective has not been extensively considered in the tactical land combat environment. This thesis provides a framework for describing and measuring cyber-effect in a tactical land combat environment. The impact of cyber-effects on tactical land combat mission success is described and measured using a proof-of-concept simulation. The relationship between measures of performance at a system and sub-system level is considered within a semantic model and an aggregated schematic of tactical land combat measures.

Cyberspace Weaponisation: Modelling Cyber-Effects and their Impacts on Mission Success, Human Factors and Kinetic Outcomes in the Tactical Land Combat Environment. Lieutenant Colonel David Ormrod.

SQ5. What broad mitigation strategies are available to reduce the mission impact of a cyber- effect?

Mitigation strategies, as they relate to cyber-effects outside of the general IS Business Continuity domain, are generally inadequately described. This thesis relates mission assurance and resilience strategies to the military land combat domain. Broad mitigation strategies are discussed as they relate to organisational and cyber-resilience. The impact of some broad mitigation strategies are considered as they relate to the proof of concept simulation results.

1.4 Thesis Structure

Chapter 1, Introduction, provides context and background to the problem. The thesis’ motivation, problem, purpose, structure, research findings and contributions to knowledge are described.

Chapter 2, Literature Review, consists of four parts laying the foundation for key concepts. Part One describes the digitisation of tactical land combat, including network-centric warfare, surveys the literature for the modelling and simulation (M&S) of cyber and kinetic effects, and discusses the measurement and correlation of digitised tactical land combat. Part Two explains the military cyber-doctrine of five nations pertaining to cyberspace, and addresses the issue of cyberspace as a domain. The Cyber-Conceptual Framework (CCF) is proposed in Part Three as a contribution to knowledge that defines cyberspace, cyber-warfare, cyber-conflict and cyber-attack. The CCF identifies the value of domains and the causal chain and components of cyber-attacks. The CCF is a foundation upon which to consider cyber-effects in the tactical land combat environment. Part Four describes contemporary cyber-attacks, mission impacts, mitigation through resilience, human factors and a description of cyber-effects.

Chapter 3, Methodology, introduces the epistemology, ontology and methodology utilised throughout this thesis. A method is presented for experimentation, applying a semantically rigorous, mixed methods, iterative design research approach. This model is systematically applied in subsequent chapters, to guide the structure and content of the thesis.

Chapter 4, Environmental Elicitation, describes factors influencing the problem, environmental settings, and the interdependencies between systems. Elicitation seeks to understand the causal factors contributing to the problem, considering both intrinsic and extrinsic knowledge. Part One, Intrinsic Knowledge, resulted from interviews with serving Australian Army tactical combat decision makers. Part Two, Extrinsic Knowledge, describes

Cyberspace Weaponisation: Modelling Cyber-Effects and their Impacts on Mission Success, Human Factors and Kinetic Outcomes in the Tactical Land Combat Environment. Lieutenant Colonel David Ormrod.

four components developed using the policy, doctrine and literature pertaining to the problem. Extrinsic knowledge critically transforms components of the literature into models and representations of business processes. These models and business processes are contributions to knowledge.

Chapter 5, Semantic Model, analyses the problem and its effects by defining the relationships across domains and between objects. The author develops artefacts integrated into a semantic description of the problem. The semantic description is produced as an ontology.

Chapter 6, Requirements, defines the requirements that tools must satisfy to solve the specific research question. This chapter consists of two parts—Part One specifies the requirements, while Part Two develops use case artefacts for use in the simulation.

Chapter 7, Tool Analysis and Selection, describes the simulation models reviewed and the tools available for conducting the experiments. It considers the available simulation models that fit the identified requirements, then reviews specific models to identify the best ones. Qualitative and quantitative comparison of the models evaluates their utility for addressing the research question.

Chapter 8, Simulation and Experimental Design, describes design philosophy, simulation design and experimental design. It describes the simulation and its components, and provides justification for design decisions. The raw simulation outputs are also described.

Chapter 9, Data Analysis and Experiment Refactoring, describes the results of the simulation experiment. It consists of three parts—Part One analyses the simulation data, Part Two reviews the validity of the experiment, and Part Three describes the refactoring of the experiment for future iterations.

Chapter 10, Conclusion, presents the outcomes and highlights areas with potential for further research and development. This chapter discusses the outcomes in terms of the research questions, contributions to knowledge, key research findings, limitations of the research and future work.

1.5 Contributions to Knowledge

This thesis presents six contributions which are important for filling existing knowledge gaps.

Cyberspace Weaponisation: Modelling Cyber-Effects and their Impacts on Mission Success, Human Factors and Kinetic Outcomes in the Tactical Land Combat Environment. Lieutenant Colonel David Ormrod.

• The Cyber Conceptual Framework (CCF) is a synthesis of literature and doctrine which provides a consistent and unified approach using a clear lexicon. This is outlined in Chapter 2.3.

• The Battlespace Integrated Cyber-Kinetic Effect (BICKE) Method combines the components of different simulation models to provide a research method for cyber- kinetic effects. This is outlined in Chapter 3.3.3.

• The Digital C2 Human Factors Combat (DC2HFC) Model generalises the results of qualitative data collection to support the agent-based simulation of human factors (Chapter 4.2). The integration of Q methodology and grounded theory thematic analysis for semi-structured interviews—to develop agent personalities for simulation—is unique. Parallel, rather than sequential application of the two approaches, has allowed the author to combine the Q methodology factor results and the thematic analysis for each participant.

• The Measures of Combat Effect Model (MCEM) presents a comprehensive series of measures suited to assessing tactical land combat success. Combat Effect is measured through force effectiveness, effectiveness and performance (Chapter 4.5).

• The Battlespace Cyber-Effects Ontology (BCEO) provides a consistent, unified model for examining the relationships between different domains influencing cyber-effects with semantic reasoning. The BCEO utilises a Stoic Meta-Ontology and nested domain model to describe relationships across the tactical land combat environment, including mission success, human factors and kinetic outcomes (Chapter 5).

• The Cyber-Effects Land Tactics Simulation (CELTS) is a Simulation Proof-of-Concept (SPOC) that explores the relationships and measures described in this thesis. The SPOC measures cyber-effects on a tactical land combat environment using mission success and kinetic outcomes (Chapter 8 and Chapter 9). The CELTS provides a preliminary understanding of the causal links between cyber-effects and their impact on mission success and kinetic outcomes in the tactical land combat environment. The influence of human factors on these outcomes is also explored. These results are described and analysis is provided in Chapter 9. These results provide preliminary insights for future research and further development of the models described throughout this thesis.

Cyberspace Weaponisation: Modelling Cyber-Effects and their Impacts on Mission Success, Human Factors and Kinetic Outcomes in the Tactical Land Combat Environment. Lieutenant Colonel David Ormrod.

1.6 Chapter One - Conclusion

This chapter introduces the problem space and key concepts relating to cyber-effects in the tactical land combat environment. A master research question was developed: How can cyber- effects in the tactical land combat environment be modelled and measured as they relate to mission success, human factors and kinetic outcomes? The research within this thesis is important for filling gaps in existing knowledge. The next chapter reviews the literature relating to cyber-warfare doctrine, cyber-effects, tactical land combat measures and reductions in mission impact.

Cyberspace Weaponisation: Modelling Cyber-Effects and their Impacts on Mission Success, Human Factors and Kinetic Outcomes in the Tactical Land Combat Environment. Lieutenant Colonel David Ormrod.

Chapter Two – Literature Review

Cyberspace Weaponisation: Modelling Cyber-Effects and their Impacts on Mission Success, Human Factors and Kinetic Outcomes in the Tactical Land Combat Environment. Lieutenant Colonel David Ormrod.

2. Chapter Two - Literature Review

2.0 Chapter Two Introduction

The literature review provides a background of the key concepts used in this thesis. This chapter contributes to answering the research question by providing a critical analysis of the literature and grounding the thesis in state-of-the-art knowledge through synthesising the existing literature. Section One describes the digitisation of tactical land combat. The use of digitised networks in combat, the M&S of cyber- and kinetic effects, and the measurement and correlation of digitised tactical land combat are discussed. Section Two discusses the military cyber-doctrines of Australia, the United States of America (US), Canada, New Zealand (NZ), the United Kingdom (UK) and the North Atlantic Treaty Organisation (NATO). It specifically focuses on the unique multinational relationship between Australia, Canada, NZ, the UK and the US, also known as the ‘Five Eyes Community’ (United States Army Combined Arms Center 2008). NATO doctrine is also reviewed due to the Organisation’s close relationship with the Five Eyes Community. Section Three introduces a single, cohesive and comprehensive baseline framework of cyberspace and cyber-effect, upon which the remainder of the thesis is built. This is a contribution to knowledge based on critical analysis of doctrine and literature. The impact of cyber-attacks, cyber-attack mechanics and components, the links between cyber and kinetic outcomes, and impact descriptions are all considered within this section. Section Four reviews existing cyber-attack models, the modelling of mission impacts, and impact mitigation through resilience and degeneracy. Human factors and the ways that they influence the use of information and digital systems in combat are considered. Cyber-effect impacts are described.

The following peer-reviewed papers, written by the author, have been used to contribute to this chapter:

Ormrod, D 2014. ‘A ‘Wicked Problem’ – Predicting SOS behaviour in tactical land combat with compromised C4ISR’ in Cook, S et al (eds), Proceedings of the 9th International System of Systems Engineering Conference (SOSE) 09-13 Jun 2014, Adelaide, South Australia. [Peer-reviewed, published]. http://ieeexplore.ieee.org/abstract/document/6892472/

Ormrod, D 2014. ‘The Coordination of Cyber and Kinetic Deception for Operational Effect’ in Whatmough, S et al (eds), Proceedings of the Military Communications Conference

Cyberspace Weaponisation: Modelling Cyber-Effects and their Impacts on Mission Success, Human Factors and Kinetic Outcomes in the Tactical Land Combat Environment. Lieutenant Colonel David Ormrod.

(MILCOM) 06-08 Oct 2014. Baltimore, Maryland. [Peer-reviewed, published]. http://ieeexplore.ieee.org/document/6956747/

Ormrod, D and Turnbull, B 2016. ‘Attrition Rates and Manoeuvre in Agent Based Simulation Model’s. Journal of Defence Modelling and Simulation [Peer-reviewed, published].

http://journals.sagepub.com/doi/pdf/10.1177/1548512917692693

Ormrod, D and Turnbull, B 2016. ‘The Cyber-Conceptual Framework for Developing Military Doctrine’. Defence Studies. Volume 16. Issue 3. pp 270-298. [Peer-reviewed, published]. http://www.tandfonline.com/doi/abs/10.1080/14702436.2016.1187568?journalCode=fdef20

2.1 The Digitisation of Tactical Land Combat

2.1.1 Network-Centric Warfare

Network-centric warfare (NCW) refers to the increased combat power attainable by a networked force with information superiority (Alberts, Garstka, & Stein 2000). Significant increases in mission and operational effectiveness are gained through information superiority (Garstka 2003). Wilson (2007) described numerous benefits resulting from networked C4ISR systems, including self-synchronisation, enhanced SA and reduced confusion in combat through shared information. The contemporary US military strategy requires land forces to be networked and capable of synchronised action (Mullen 2011). Transformation through technological development and organisational reform has continued across the US DOD, NATO and other forces (Tuukkanen 2011). Transformation has been used to justify a reduced number of weapon platforms within military forces, as “…a far smaller, lighter and more mobile force can operate at a greater range and with higher precision than at any time in human history” (Adamsky 2010, p. 7).

Networked C4ISR systems are capable of providing a common operational picture (COP), defined in the context of land operations as “…the best available, assured, attributed and time synchronised ‘ground truth’ of friendly, opposing and neutral force dispositions, mapped against terrain, geospatial and environmental features…” (Jahnk & Maskell 2010, p. 134). Digitised networks and BFT systems provide benefits in land combat operations (Gonzales 2005; Tisserand III 2003). The effectiveness of a COP in combat has been demonstrated by simulations involving groups of military officers tasked with preventing an enemy force from

Cyberspace Weaponisation: Modelling Cyber-Effects and their Impacts on Mission Success, Human Factors and Kinetic Outcomes in the Tactical Land Combat Environment. Lieutenant Colonel David Ormrod.

capturing or destroying key assets by coordinating their troops. Those groups provided with a COP significantly outperformed the groups who lacked information feeds from other team members (Hiniker 2008). Experiments have demonstrated that a COP provides near-real-time awareness of the battlefield, enabling efficiency at the operational and strategic levels, and initiative at the tactical level (US Defense Science Board Task Force 1999). The COP enhances situational awareness (SA)—the individual perceptions and shared knowledge that decision makers possess at a given moment in time, relative to their location (Department of Defense 2008, pp. 6-13).

Command and control (C2) seeks to manage the uncertainty and complexity of combat to accomplish a mission through the exercise of authority and direction by a commander over their assigned forces (Dreier & Birgl 2010). C2 requires a means to communicate instructions and receive updates between combat elements and commanders. Control is dependent on information flow between the commander and their subordinates. The more effective the communication system and network, the greater the potential level of control (Army 2003). However, C2 is not just about communication, it requires decision making in hostile, uncertain environments. Decision making in combat is “…characterised by rapidly evolving and changing conditions, severe time compression, and high degrees of ambiguity and uncertainty” (Cannon-Bowers & Salas 1998, p. 18). Von Clausewitz’s ‘friction’ reflects the complexity of the environment and the inherent danger, uncertainty, risk and unpredictability of war (Watts 1996; Von Clausewitz 2008).

A survey of 114 US Marine Corps Iraq war combat veterans studied the effects of a specific US C4ISR system, Force XXI Battle Command Brigade and Below (FBCB2) on operational decision-making (Dreier & Birgl (2010). The study concluded that despite the extensive literature testifying to the transformational impact of C4ISR systems and their use by the Marine Corps in combat, there was no statistically significant difference in how C2 or decision- making occurred in land combat units with or without digital C4ISR systems, from the perspective of users and commanders (Dreier & Birgl 2010).

Decision makers in this dynamic environment rely on Situational Awareness (SA) to maintain their understanding of friendly and enemy locations, orientations and postures. This includes terrain, civilian and environmental conditions. Whereas C2 provides direction and assigns decision rights, tactics allows synchronisation and applies combat power at the optimal location and time relative to the opposing force. C2 has a direct relationship with tactics. Tactics “is the employment of units in combat. It includes the ordered arrangement and manoeuvre of units in

Cyberspace Weaponisation: Modelling Cyber-Effects and their Impacts on Mission Success, Human Factors and Kinetic Outcomes in the Tactical Land Combat Environment. Lieutenant Colonel David Ormrod.

relation to each other, the terrain and the enemy to translate potential combat power into victorious battles and engagements” (Department of Defense 2001a, p. 1). The intersection of C2 and tactics emphasises mission command, when control is relaxed in favour of a clearly- defined mission and strong leadership (US Army 2004). Changes in C2 arrangements must consider potential tactical implications and combat power employment across the battlespace. The employment of tactics and command extends beyond the technological reach of the network into human cognitive processes.

The C4ISR system is a technological target, one of many battlefield systems worthy of attack. However, as a SOS, the C4ISR interface with human decision makers is critical. It is where data and information are transformed into decision and action. The operational effect of a cyber-attack on a C4ISR system therefore needs to focus on the larger system-wide impact, rather than on the technology itself. Mission impact, as a third-order effect, does not refer to network DoS or compromised data. Mission impacts resulting from a successful deception operation include unnecessarily expended fuel and ammunition, poor coordination, confused action, destroyed vehicles, casualties and wasted opportunity. Cyber-attacks on the interface between the C4ISR system and the human decision maker undermine the information within the system and the network’s entire value proposition. Despite the differences in military forces around the world, digital C4ISR systems are utilised by many nations and there is a desire to expand these capabilities (Meijer 2013). Multinational operations are often supported by digital C4ISR systems, linking different nationalities through a COP (Carreno et al. 2010).

2.1.2 Models of Digitised Tactical Land Combat

2.1.2.1 Modelling Cyber and Kinetic Effects Modelling is the “…purposeful abstraction and simplification of the perception of a real or imagined system with the intention to solve a sponsor’s problem or to answer a research question. Combat modelling therefore purposefully abstracts and simplifies combat entities, their behaviours, activities and interrelations to answer defence-related questions” (Tolk 2012a). Despite the underlying paradigms embedded within the various simulation approaches, all simulations and their underlying models are simplifications of reality. Simulation complexity increases as more accurate outcomes are sought (Robinson 2008; Robinson 2009; Lucas & Sanchez 2003). The development of a model capable of providing complex interactions and demonstrating emergent effects comparable to the real world is difficult

Cyberspace Weaponisation: Modelling Cyber-Effects and their Impacts on Mission Success, Human Factors and Kinetic Outcomes in the Tactical Land Combat Environment. Lieutenant Colonel David Ormrod.

without creating an inordinately complex system (Robinson 2009; Lucas & Sanchez 2003). However, many small interactions can result in macroscopic effects (Epstein 1999).

Models are forced to balance two competing concepts. The law of parsimony and the principle of alignment of data are two forces that create tension when developing simulation models. The law of parsimony (Occam’s razor) seeks to minimise the complexity of a model and its components relative to other models that equally explain an observed outcome (Nagge 1932; Sober 1981). Occam’s razor is evident in some combat models, including Lanchester (1916) and Hartley & Helmbold (1995). The use of a small number of variables allows for a clearer conceptual view of the problem and has been demonstrated to create complex and emergent results through complex adaptive systems (CAS). However, it is difficult to define the ‘right’ number of variables (Wit et al. 2012).

Critical components of the real world need to be incorporated into a model if it is to accurately reflect the complexity of the land combat environment (Tolk 2012a). Dupuy (1987), for example, identified numerous factors influencing land combat. Simplistic models of combat, such as the Lanchester model, insufficiently describe the multitude of factors contributing to tactical land combat scenarios. Simulations are therefore used within the Defence experimentation and training construct to provide greater fidelity to the combat modelling environment. The selection of the correct model to answer an identified research question has been discussed in Bowden & Williams (2013). Internal, external and philosophical validity are all relevant considerations when considering cause and effect.

The objective of experimentation is “to develop and refine innovative concepts of operation and to co-evolve mission capability packages to turn these concepts into real operational capabilities” (Alberts 2006, pp. 2-8). Mission capability packages (MCPs) consist of the information, people, systems, organisation, doctrine, training, materiel and leadership that form a deployable military capability (Alberts 2006). The concept of the MCP is to combine skilled soldiers, networked technology, surveillance devices, purpose-built equipment, specific doctrine and organisation into a single package. The package then provides the commander with the ability to “…see friendly forces, see the enemy, see the terrain, conduct rapid effective decision-making, and bring effects and/or forces to bear at identified decisive points” (Gonzales 2005, p. 26). Thus, enhanced SA leads to increased combat effectiveness and efficiency.

Cyberspace Weaponisation: Modelling Cyber-Effects and their Impacts on Mission Success, Human Factors and Kinetic Outcomes in the Tactical Land Combat Environment. Lieutenant Colonel David Ormrod.

There are a wide variety of tools, models and approaches applicable to the study of combat, C2 and cyber-effects. A broad survey of pertinent literature exposes numerous models that could be applied to the problem space, which are briefly discussed below. Deterministic approaches have been applied to both kinetic and cyber-models. Lanchester models have been applied and developed for a variety of combat scenarios (Taylor 1980a, 1980b). Yildiz (2014) examined the interaction of cyber and kinetic combat environments through deterministic equations. Stochastic Lanchester models have been developed in an effort to extend the limitations of deterministic approaches (Kress & Talmor 1999; McNaught 1999). Graph theory can model the pairwise relationship between objects. The Information Age Combat Model (IACM) applies graph theory to examine the effect of networked combat elements and their interactions (Cares 2004). However, the IACM does not incorporate cyber-effects.

Petri net models are a mathematical description of a distributed-state transition system. They have been utilised to examine the simulation of military C2 systems (Bowden 1996; DiLeo 1994). Stochastic petri nets have also been used to simulate cyber-models (Moody et al. 2014; Lin et al. 2008). The impact of cyber-effects on networked combat systems has been considered, but experimental data is needed (Alberts 2014). A Bayesian network is a probabilistic graphical model that contains a set of variables and conditional dependencies using a directed acyclic graph (DAG). Bayesian networks have been utilised for modelling SA (Park et al. 2013a; Laskey & Laskey 2002), the detection of hostile activity (Dahlbom & Nordlund 2013), air combat simulation (Poropudas & Virtanen 2007), predicting cyber-attacks (Wu et al. 2012) and tactical decision making (Synnaeve & Bessiere 2012).

Military decision making was considered in the context of game theory by Haywood (1954). Some military and cybersecurity scenarios have subsequently been reviewed using game theory (Cantwell 2003; Hamilton et al. 2002; Ravid 1990; Shiva et al. 2010). The US Navy has considered the development of a methodology for cyberwarfare and electronic warfare (EW) battle damage assessment (BDA) using game theory (US Department of Defense 2014). Hypergame theory extends on game theory, using mathematical structures that model perception in conflict (Hipel et al. 1988). Misperceptions in the military environment have been modelled using hypergames (Kovach et al. 2015). Hypergames have also been applied to the information warfare environment (Kopp 2003). Hypergames are useful for determining military strategy or relevant courses of action at the operational and tactical levels (Geldenhuys 2003), noting that as the number of participants and strategies increase, the complexity of the hypergame escalates (Bennett & Huxham 1982).

Cyberspace Weaponisation: Modelling Cyber-Effects and their Impacts on Mission Success, Human Factors and Kinetic Outcomes in the Tactical Land Combat Environment. Lieutenant Colonel David Ormrod.

All models are wrong, in that they are only simplified approximations of the real world (Box 1976). However, models allow researchers to understand the variables that affect outcomes, and their relationships. A conceptual model is not software specific, meaning that the focus of this thesis is on finding the best model rather than a specific software implementation (Robinson 2013). Modelling and simulation (M&S) provides hypotheses that, if proven valid, becomes theory (Tolk 2013). Understanding the variables of experiments is critical for correctly modelling an environment. Simply reusing existing simulations is not always effective for answering real-world questions or developing practical insights. Unless the simulation’s underlying assumptions and modelling are known to the researcher, data analysis can be difficult. M&S is a process of transition from micro-knowledge to macro-knowledge through observation of the overall system behaviour that emerges from its individual actors and rule sets (Drogoul et al. 2003). Davis & Blumenthal (1991) viewed combat models as tools for exploring knowledge that has been captured both objectively and subjectively, rather than as machines that produce definitive answers. Reproducibility and peer review of models is vital in this context.

There are three main types of combat models which form a spectrum of models: war games, simulations and analytical models (Taylor 1980a). Increasing realism, such as that attained at the war game end of the spectrum, leads to decreased abstraction and accessibility. The reverse is also true, as evident in analytical models which may bear little relationship to the real world. Critical analysis of historic events is an established means of establishing trends and links between variables; however, historical data suitable for verifying combat models is simply not available (Taylor 1980a).

Historical data are generally incomplete and subject to selection by historians based on their personal, cultural and research biases (Schroth 1989). The data that is available for battles consisting of less than 5000 troops on one side are not statistically significant, meaning that analysts generally seek to infer factors from large-scale warfighting operations and strategy, then apply those principles at the tactical level (Hartley 2001). Similarly, the dataset available for modern battles (1956—1989) is small (53 battles), although it is evident that there is a stable and consistent trend in attrition results across time. Issues with data collection and analysis are extensive. Force ratios are generally difficult to align with engaged forces, bias is evident in the collection and recording of data throughout history, and the level of detail for battles is invariably scant, which makes analysis beyond basic factors difficult (Hartley 2001). Historical

Cyberspace Weaponisation: Modelling Cyber-Effects and their Impacts on Mission Success, Human Factors and Kinetic Outcomes in the Tactical Land Combat Environment. Lieutenant Colonel David Ormrod.

analysis is affected by knowledge of outcomes (i.e. hindsight), resulting in different perceptions of which data are considered relevant (Fischhoff 2003).

Live battlefield exercises are a standard method applied by the military to train troops for combat. However, they are time-consuming and resource-intensive activities. The collection of data is limited because the exercise participants must concentrate on a wide variety of training activities, which introduces a host of uncontrolled variables. Further variability results from participants’ experience and personality. These human factors are relevant to real combat but are difficult to measure. They differ between individuals, and the way they influence behaviour may be different when facing an adversary in a fight to the death, compared to a routine training activity. It is for these reasons that exercises provide qualitative results; the outcomes are often not reliable as they are based on too many extraneous factors and may be shaped by the training, environmental and political requirements imposed upon the exercise participants. The pressures on exercise participants to achieve defined training objectives is one reason that cyber-attacks and red teaming capabilities are rarely employed in contemporary military training exercises (Gilmore 2016). Kass (2006) identified that live exercises, whilst generating data that can be easily related to real operations, did not allow for the isolation of cause from effect when comparing different experimental approaches for the military environment.

Scenario thinking is a strategic reasoning approach that seeks to utilise historical knowledge whilst embracing the intuition of planners. Scenario thinking provides a degree of foresight in dynamic organisational environments by employing stories about how the future could evolve (MacKay & McKiernan 2004). Scenario planning is a technique applied throughout history; however, the degree of sophistication applied to the analysis of scenarios is important, “so that our responses may fit the ambiguities of our information and minimise the risks both of error and inaction” (Wohlstetter 1965, p. 41). Scenarios are intended to develop more robust organisational outcomes under various alternate futures (Van der Heijden 2005). Analytic wargames based on scenarios are incapable of identifying large quantities of connected variables. The reliance on experience is common to both analytic wargames and human-in-the- loop simulations. Wargames introduce the potential for bias and personality to influence experimental results, in a way that cannot be easily quantified or documented. Such methods should not be discounted because of these issues, but they should be used as part of a triangulated experimental approach, rather than as standalone techniques.

Cyberspace Weaponisation: Modelling Cyber-Effects and their Impacts on Mission Success, Human Factors and Kinetic Outcomes in the Tactical Land Combat Environment. Lieutenant Colonel David Ormrod.

Constructive simulation is the best method for detecting changes in effects and identifying the reasons for them, compared to analytic wargames and human-in-the-loop experiments (Kass 2006). However, it is less able to relate simulated results to real operations than the alternatives. Computer simulations provide descriptive, abstract models of the real world. These simulation models can be used to evaluate, compare and analyse system alternatives. Carson (2004) outlined the variety of situations in which a simulation is most useful. Notably, simulations can help understand complex, interdependent systems in which it is difficult to predict the effect of system changes (Carson 2004). Building a model that is sufficiently detailed to allow the observation of effects propagation, yet is not inordinately complex, is challenging (Robinson 2009; Robinson et al. 2013; Lucas & Sanchez 2003). The right balance will enable the researcher to observe the effects that changing the attributes of specific assets in the model have on the SOS, especially the microscopic changes that have macroscopic effects (Epstein 1999). Such an approach has been discussed extensively in Kott et al. (2014).

Multi resolution modelling (MRM) uses fast, low resolution simulations and then higher fidelity simulations (Vorobeychik & Porche 2009). Agent-based modelling (ABM) simulates agents that make decisions based on rule sets. The interaction between agents is capable of generating behaviour that is representative of real-world effects, although the degree of this representation is not known, and few military ABMs have been accredited or validated (Miller; Horne & Seichter 2014). The ABM approach allows a large parameter space to be examined, including intangibles such as morale and leadership (Essam & Abbass 2006). Some ABMs have been used to examine historical battles and understand their decisive factors (Hill et al. 2004). Emergency response environments have been modelled as SOS using different approaches and simulation techniques (Ross et al. 2014). High fidelity simulations are generally incapable of supporting extensive data farming or numerous simulation runs with a broad array of factors and little human intervention.

2.1.2.2 Existing Agent-Based Models

The best tools for data farming experiments are ABMs such as Map Aware Non-Uniform Automata (MANA) and Enhanced ISAAC Neural Simulation Toolkit (EINSTein)/Irreducible Semi-Autonomous Adaptive Combat (ISAAC) (Chau & Grieger 2013; Sanchez 2005). However, these tools are beset with limitations produced by their simplicity. For example, the differences between the real-world implications of combat and the way they are modelled have been identified as weaknesses in areas such as doctrine, sensing, communication, elevation and

Cyberspace Weaponisation: Modelling Cyber-Effects and their Impacts on Mission Success, Human Factors and Kinetic Outcomes in the Tactical Land Combat Environment. Lieutenant Colonel David Ormrod.

weapon models (Straver et al. 2006). Critically, the approach adopted by MANA, EINSTEIN/ISAAC and other ABM models relies on emergent behaviour at the expense of the high levels of coordination, control and formation fighting present in real warfare (Straver, Vincent, & Fournier 2006; Ilachinski 2004). A simulation that seeks to examine the effects of a cyber-attack could balance the emergent behaviour of altered SA with the high degrees of C2 utilised by highly networked combatants.

Introduced in 1997, ISAAC was a proof-of-concept simulation used to test the reproduction of combat behaviour. It uses swarms of virtual software agents following simple rules (Ilachinski 2004). EINSTein extended upon ISAAC with a new code base, and consists of a combat engine, graphical user interface (GUI) and a data collection function (Alberts 2014). Both ISAAC and EINSTein were developed to address the research question “to what extent is land combat a self-organised complex adaptive system?” (Alberts 2014, p. 14). Self-Organised Terrorist-Counterterrorist Adaptive Coevolutions (SOTCAC) uses agents coupled with information spaces to extend on the physical domain depicted in EINSTein and capture the social contacts relevant to counter-terrorist operations (Ilachinski 2005).

The Multi-Agent Simulation (MASON) is an ABM toolkit consisting of a simulation model and visualisation tools. The simulation model comprises a discrete event system (DEVS) representing time, and fields representing space (Luke et al. 2004). NetLogo is a programming language written in Java that has also been used as an ABM tool to model combat environments as an extension to the original turtle graphics (Tisue & Wilensky 2004). The Network-Centric Multi-Agent Architecture (NCMAA) system is based on network theory and maps the relationships between agents to represent networks. Influence diagrams, consisting of directed graphs, form the basis for a meta-level reasoning system driven by a finite state machine representing the state of each network in the system. The Warfare Intelligent System for Dynamic Optimisation of Missions (WISDOM-II) is built on the NCMAA (Yang et al. 2005b). Yang (2006) identified six limitations of other ABMs, including:

• no agent reasoning during the simulation; • computationally expensive calculations; • no connection between tactics and strategy; • difficulty in conducting verification, validation and accreditation (VV&A) of the models, and a lack of sound software architecture; • no explicit model of the underlying structural interaction between agents; and

Cyberspace Weaponisation: Modelling Cyber-Effects and their Impacts on Mission Success, Human Factors and Kinetic Outcomes in the Tactical Land Combat Environment. Lieutenant Colonel David Ormrod.

• difficulty in applying the correct inputs at an entity level given the complexity of the environment.

WISDOM has been used to consider the effect of personality characteristics on combat (Yang et al. 2005a). Despite these criticisms of other models, neither the WISDOM-II code nor architecture are available. Only Yang’s thesis is available for analysis (Yang 2006).

The role of military C2 processes and hierarchy has been largely omitted in the development of simulations such as EINStein/ISAAC, SOCRATES and MANA. For example, SOCRATES has three levels in its C2 hierarchy; the frontline agent (moves and employs weapons), squad leader (maintains hierarchies) and platoon commander (manages missions) (Wan 2002). The type of combat represented in these simulations is more akin to special operations, with little in the way of C2 in the sense of controlling subordinate actions or even the issuing of orders through a command hierarchy as the situation changes. Despite the emergent effects observed in these simulations (Ilachinski 2004) the lack of command structure is an important gap. This gap has apparently been addressed in Wisdom-II (Yang, Abbass, & Sarker 2005b). However, even Wisdom-II appears to only offer two levels of command. A typical tactical unit in the Army has at least five levels (if the entity is considered a level) and potentially many more, as well as higher levels feeding it with strategic and operational missions and information. Levels above the soldier entity can include vehicle crews, fire teams, squads, platoons or troops, companies/squadrons/combat teams, and battlegroups/battalions. The military seeks to mitigate the complexity of the modern combat environment through a command-driven approach (UK Ministry of Defence 2011). Three-level hierarchies do not represent the extensive web of C2 network connections on a real battlefield and the degree of coordination that digital and analogue C2 systems must provide to support close combat operations.

2.1.3 Measuring and Correlating Digitised Tactical Land Combat

Measuring the results of digitised tactical land combat often relies on an assessment of relative casualties and losses between forces (Anderson 1995; Davis; Taylor et al. 2000; Fricker 1998). Measures of success and measures of effectiveness are difficult concepts for modellers, due to the qualitative nature of success in combat (Hayward 1968; Perry 2002). The Loss-Exchange Ratio (LER) is the traditional measure applied to determine mission success by comparing the relative force ratios both before and after combat (Hartley 1995). Breakpoints may be introduced based on a minimum force level, because military units rarely fight until they are

Cyberspace Weaponisation: Modelling Cyber-Effects and their Impacts on Mission Success, Human Factors and Kinetic Outcomes in the Tactical Land Combat Environment. Lieutenant Colonel David Ormrod.

completely destroyed (Helmbold 1971). However, there is some evidence that breakpoints may not be related to force ratio at all and instead reflect the commander’s assessment of the likelihood of mission success (Adkins 1975). The measures discussed above all relate to casualties, inferring that mission success is directly related to relative force losses.

The difficulties inherent in the tactical environment are shaped by intangible variables such as terrain and time. Simple quantitative measures can incorrectly assess success and failure, because of strategic and operational factors. For example, if a unit was assigned a mission to seize and hold an objective, destroying an opposing force would not constitute success if the unit incurred such heavy casualties that it was unable to defend the objective from counterattack. Success and effectiveness extend beyond casualties. Spatial or temporal measures may also reflect mission success.

2.1.3.1 Attrition Numerous papers use attrition as the primary measure of success in land combat operations (Anderson 1995; Davis; Taylor, Yildirim, & Murphy 2000; Fricker 1998). Attrition is the “…reduction in the number of personnel, weapons and/or equipment in a military unit, organisation or force” (Dupuy 1995, p. 1). Attrition is a measure of digitised tactical land combat and is used extensively in combat effectiveness models to determine their sensitivity to specific combat factors. Lanchester and Osipov independently developed deterministic attrition formulas early in the Twentieth Century that focused on relative force sizes and their corresponding effectiveness and firepower (Helmbold & Rehm 1995; Lanchester 1916). These attrition formulas have been discussed extensively by a diversity of authors, including Hartley & Helmbold (1995), Anderson (1995) and Ancker & Gafarian (1988). Hartley & Helmbold (1995) considered Lanchester’s square law and its effect on attrition. These efforts were expanded into a broader attempt to explain the effects of combat and to attribute a broad array of factors to attrition and mission success (Hartley 1995). Hartley sought to link historical combat outcomes to the Helmbold space, bounded by two variables: LFORRAT and LHELMRAT. Variable LFORRAT is the log function of the force ratio, whilst LHELMRAT is the log function of the fraction describing the change in the two forces’ respective force ratios. Anderson (1995) provided a taxonomy for attrition equations based on two characteristics; the level of coordination and the type of fire being used (point or area fire). Ancker & Gafarian (1988) analysed the validity of the underlying assumptions in Lanchester attrition rates and found that they did not apply for large numbers of combatants, either in the deterministic or stochastic Lanchester forms (Ancker & Gafarian 1988; Ancker & Gafarian

Cyberspace Weaponisation: Modelling Cyber-Effects and their Impacts on Mission Success, Human Factors and Kinetic Outcomes in the Tactical Land Combat Environment. Lieutenant Colonel David Ormrod.

1992). These attrition models are useful, as they provide a means of comparing relative forces as a measure of success, and a way of comparing simulation models against known deterministic models. However, attrition does not account for modern military tactics where a force will fix, suppress or out-manoeuvre another and achieve a mission without committing to decisive close combat. Therefore, a broader measurement framework is required.

2.1.3.2 Measurement Frameworks

The use of an effectiveness measures hierarchy (EMH) has been advocated by Green & Johnson (2002). The EMH consists of three effectiveness measures:

• Measures of force effectiveness (MOFE) are a measure of the SOS and its performance of the military mission. • Measures of effectiveness (MOE) relate to system and capability performance, linked to desired battlefield effects. • Measures of performance (MOP) relate to system parameters and behaviour, linked to task accomplishment (Green & Johnson 2002).

The EMH approach is utilised without the inclusion of MOFE by Joint Staff (2011). The US DOD employs a complex system of mission attributes, task attributes and system attributes, broken down based on mission, tasks (a mission consists of tasks), desired effects (of the mission), performance (of the tasks), system functions, and object attributes (Department of Defense 2011). The EMH has been used for the remainder of this thesis.

The problem with system-level attributes is that each system functions as part of a SOS. A system can be constrained by another interconnected system (Goldratt et al. 2004). “The inability to isolate C2 as a purposeful system in its own right contributes to the difficulty in formulating MOEs… It has no existence in its own right…C2 only becomes purposeful when it is integrated into a meta-system and its change of state is brought about by its ability to make a contribution to the meta-system” (Sproles 2001, p. 15). Equally, specific measures can be counter-intuitive when considered in the light of the larger SOS. For example, “faster C2 does not always mean better; in fact, faster can be worse in trade-off situations, for example, if increasing speed reduces the survivability of the system in terms of development and operational costs” (Yun et al. 2015, p. 10). Despite these observations, efforts to connect measures at the soldier and computer level to battlefield outcomes have been recommended (Throne et al. 2000).

Cyberspace Weaponisation: Modelling Cyber-Effects and their Impacts on Mission Success, Human Factors and Kinetic Outcomes in the Tactical Land Combat Environment. Lieutenant Colonel David Ormrod.

2.1.3.3 Causal Links between Measures Perry (2002) sought to develop measures appropriate to NCW in the maritime context. In this model, complexity increases as the connections across the network increase. The degree of collaboration and complexity combine to produce knowledge, as SA is shared and processed. This knowledge is used to make decisions, with a resulting effect on the battlefield. The NATO Network-Centric Value Chain links multiple domains as it describes the value added from sensor detection through to mission effectiveness (Alberts et al. 2010, p. 27). The NATO model is useful as a broad approach; however, it does not provide detailed links between domains and processes. Perry & Signori (2001) provided a mathematical framework for measuring the effects of information and collaboration on SA. The information superiority value chain (ISVC) consists of successive functions. The connected functions lead from sensor detection through to SA. Once information from sensors has been fused and transformed into a COP, it is broadcast to individual agents who are decision makers. The COP received by individual agents is processed based on their capability, resulting in SA. Perry et al. (2004) developed exemplar decision agents (ranging from highly capable to incapable). Individual SA in a collaborative context produces shared SA. The transition from SA to understanding, decision making and action is not addressed in the ISVC.

Higher quality C2 improves mission assurance, meaning greater confidence in success (Alberts & Dorofee 2005, p. 13). Bernier et al. adopted three levels of metrics for experimentation purposes; analysis of C2 performance, C2 effectiveness and force effectiveness (Bernier et al. 2012; Bernier et al. 2013). Metrics and measures of C2 quality and mission success, called measures of merit (MOM), have been developed as a hierarchy of measures presented in the NATO Code of Best Practice for C2 Assessment. The MOM hierarchy includes policy effectiveness, force effectiveness, C2 effectiveness and C2 performance measures, as well as dimensional parameters (Stenbit et al. 2002). The C2 Effectiveness and Performance measures are considered as part of the C2 approach space, a region of dimensions across the allocation of decision rights, patterns of interaction, and distribution of information between combatants (Alberts, Huber, & Moffat 2010). Dimensional parameters focus on physical characteristics of the C2 system. In contrast, Measures of Policy Effectiveness focus on strategic outcomes. Sitting between these measures is Force Effectiveness.

Fewell & Hazen (2003) developed a series of NCW force characteristics, from which they distilled numerous properties and metrics. For example, the ‘speed of command’ characteristic can be measured by the ‘observe, orient, decide, act (OODA)-loop cycle time’ and ‘outcome

Cyberspace Weaponisation: Modelling Cyber-Effects and their Impacts on Mission Success, Human Factors and Kinetic Outcomes in the Tactical Land Combat Environment. Lieutenant Colonel David Ormrod.

effectiveness’. Fewell & Hazen (2003) concluded that a military experiment must include a MOE, to ensure military effectiveness overrides all other considerations. “The official DoD definition provides only one way to assess the quality of C2 and that is to equate the quality of C2 to mission accomplishment” (Alberts & Hayes 2006, p. 32). The NATO NEC C2 Maturity Model uses endeavour effectiveness as a measure of mission success, and then applies a series of metrics for relative effectiveness and efficiency, given effectiveness, and the agility of the collective C2 process for the combat element (Alberts, Huber, & Moffat 2010).

Miller (2006) used different measures across the physical, information and cognitive domains. Sensor detection distance was used to measure the physical domain. The performance (number of messages handled) of each communication channel is a metric of the information domain. The number of kills per platform measures the cognitive domain of NCW. These measures infer a relationship across domains. However, the use of an attrition metric to measure the cognitive domain infers a relationship which may not exist. The exploitation of information and precision manoeuvres to attack the enemy’s weaknesses could bypass enemy forces, leading to reduced detection and kill metrics. Missions can, therefore, potentially be accomplished with minimal casualties on either side. Metrics which focus on casualties and attrition measure C2 effectiveness incorrectly, if mission success can be achieved through manoeuvres without significant attrition.

The causal relationships between attrition and a variety of combat factors were incorporated into Dupuy’s quantified judgement method (Dupuy 1987). Whilst the model provided insights, it has been criticised, and subsequent modifications have been proposed to rectify mathematical inconsistencies and unreasonable assumptions (Ciano 1988; Clark 1989). The practical relationship between attrition and combat remains uncertain, with a host of variables influencing the outcome of battle. Leadership, fire support, morale, training and the condition of troops are all influential factors (Clark 1954). Indeed, it is possible for highly trained troops to seize an objective without loss, or to avoid combat altogether through raiding, mobility, infiltration and vertical assault (Forczyk 2010). The variety of factors in these models is relevant to a metrics framework because their influences on each other, and how they are measured, are not clearly understood. There are numerous different options available to select metrics, but the way that they tie together and the causal relationships between these models remains unexplored in the literature. Hayward defined combat effectiveness as the probability of success in combat operations. He proposed a relative measure in n-dimensional space using three variable types, consisting of

Cyberspace Weaponisation: Modelling Cyber-Effects and their Impacts on Mission Success, Human Factors and Kinetic Outcomes in the Tactical Land Combat Environment. Lieutenant Colonel David Ormrod.

capabilities, environment and missions. Combat effectiveness in this context includes the enemy, although this can be averaged out by representing external factors in a combat situation with a single value (Hayward 1968, pp. 316-9). Lee & Lee (2014, pp. 115-22) sought to unite the combat effectiveness measure proposed by Hayward with the NCW-based metrics of synchronisation and shared information flow, leading to their classification of isolated and networked attack opportunities as measures of combat effectiveness in a direct fire engagement meta-network. Combat effectiveness is a future-focused calculation of the probability of success. However, it can also be applied as a historical assessment and measure of effectiveness. Dupuy (1987) developed a detailed model of combat power (CP) to deal with the heterogeneous nature of combat forces. The CP model assigns different values to weapon systems based on their combat capabilities. The CP values can be modified for different scenarios (Dupuy 1976; Dupuy 1985, 1995). Dupuy’s combat power method has some recognised flaws (Clark 1989). The concept of CP has been extended by Raymond (1991) who proposed a method that tactical decision makers can use to estimate the combat power of ground forces. Although the methodology is not as comprehensive as Dupuy’s approach, it is based on surveys of military decision makers rather than assessments of historical battles. Situation Force Scoring is a similar process, based on weapon category scores and calculated combat outcomes, including casualties and movement rates (Allen 1992).

Cyberspace Weaponisation: Modelling Cyber-Effects and their Impacts on Mission Success, Human Factors and Kinetic Outcomes in the Tactical Land Combat Environment. Lieutenant Colonel David Ormrod.

2.1.4 Critical Analysis of the Digitisation of Tactical Land Combat

The tactical land combat environment is complex. Measures relating to digital system effectiveness, SA and networks have been correlated with attrition and other combat measures. Comparative measures and predictive tools such as LER and CP support the inference of relationships between different combat domains. However, causal relationships are more complicated and difficult to describe. Causal relationships between CPs, force ratios and combat effectiveness have been sought using real data; however, statistically significant relationships have not been found. Simulation, analytical and experimental models have had some success in describing the relationships between cyber-effects, mission success and tactical outcomes. However, these relationships are generally broad. This section has contributed to the following SQs:

SQ2. What are the relationships between tactical land combat kinetic outcomes and cyber- systems? The relationship between kinetic outcomes, such as attrition and LER, to NCW and digital C2 systems has been established. However, the extent of this relationship and the capacity for cyber-effects to influence kinetic outcomes has not been established and remains unknown.

SQ4. How can the impact of cyber-effects on tactical land combat mission success be described and measured? Cyber-effects on mission success have not been explained. However, the measurement frameworks, and the links between combat effectiveness and NCW maturity, are both pertinent in describing these impacts.

2.2 Military Cyber-Doctrine

Military doctrine provides “…fundamental principles by which military forces guide their actions in support of national objectives.” (Commonwealth of Australia 2012a, pp. 3-1). There are potentially catastrophic consequences faced by a military which has not kept up with the developments of the environment in which it must operate, or the capabilities of its adversaries. The failure to develop relevant, future-focused doctrine was a significant factor in France’s failure to adequately prepare for the rapid pace of mobile warfare in WWII (Doughty 2014). The transition from concept to doctrine is a result of debate, analysis and testing (Commonwealth of Australia 2012a). Therefore, a strong conceptual baseline is necessary. Doctrine developed without vigorous discussion and robust analysis of its conceptual foundations risks being irrelevant. Simply recounting definitions from the doctrines of other

Cyberspace Weaponisation: Modelling Cyber-Effects and their Impacts on Mission Success, Human Factors and Kinetic Outcomes in the Tactical Land Combat Environment. Lieutenant Colonel David Ormrod.

nations, who may fight and conceptualise warfare in different ways and with different capabilities, does not necessarily aid capability development. Doctrine, when applied, must adapt to the political imperatives of conflict. Therefore, doctrine must incorporate the role of civil agencies in military operations (noting it is not binding upon civil agencies) and seek to bring coherence to a multi-disciplinary, diverse environment (Maclntosh et al. 2011). Doctrine also provides a useful reflection of the state of thinking about a topic within that nation’s military forces. Understanding another nation’s doctrine allows for critical reflection on how a nation is likely to frame specific problems.

Doctrine is used by military forces to guide their actions and training at a fundamental level, which are then executed using defined tactics, techniques and procedures. The coherence evident within the various doctrines used by different partner nations becomes important as cyberspace becomes increasingly pervasive and immersive, nations and militaries become more dependent on the cyber-environment and threats become more advanced (Deibert 2012). Rather than operating in a vacuum, military doctrine is influenced by national security imperatives and national capabilities. However, doctrine also influences the way specific capabilities are employed and resourced, meaning it has a fundamental role in analysing cyber- warfare and military cyber-capabilities. A number of papers have identified potential improvements in national military doctrine. Colarik & Janczewski (2012) proposed that nations define their own cyber-warfare doctrine through national collaboration and stakeholder buy- in.

Lewis & Timlin (2011) identified that in 2011, 33 nations included cyber-warfare in their military planning and organisation. This number increased the next year (2012) to 47 nations with cyber-security programs that included a role for the armed forces (Lewis & Neuneck 2013). Bernier & Treurniet (2010) contended that new doctrine is necessary to incorporate a full-spectrum, integrated perspective, as the cyber-environment is more dynamic and less distinct than the physical environment. Lewis & Neuneck (2013) highlighted the disparity of cyber-warfare definitions according to policy, military doctrine and law. The line between cyber-sabotage and cyber-attack, for example, is not clear (Lewis & Neuneck 2013). Deibert (2012) criticised the lack of explanation of what things require security in cyberspace and why, the absence of first-order principles, and the scant understanding of the international dimensions of cyberspace security. The first recommendation for developing a comprehensive cyber-security strategy, proposed by Deibert (2012), is the articulation of the fundamental first- principles underpinning the strategy. The advent of networked, computerised environments has

Cyberspace Weaponisation: Modelling Cyber-Effects and their Impacts on Mission Success, Human Factors and Kinetic Outcomes in the Tactical Land Combat Environment. Lieutenant Colonel David Ormrod.

led to needs for new ways of addressing conflict, new processes and new forces (New Zealand Government 2014).

2.2.1 Cyber-Doctrine and Cyberspace

Cyberspace has been defined as “a global domain within the information environment whose distinctive and unique character is framed by the use of electronics and the electromagnetic spectrum to create, store, modify, exchange and exploit information via interdependent and interconnected networks using information-communication technologies” (Kuehl 2009, p. 3). This definition is repeated in slightly different ways throughout international doctrine. The US DOD joint publication (JP) 3-12 (R), cyberspace operations (US CO) provides the doctrine for US DOD joint cyberspace operations. The JP 3-12 (R) defines cyberspace as a global domain within the information environment, “…consisting of the interdependent network of Information Technology (IT) infrastructures and resident data, including the Internet, telecommunications networks, computer systems, and embedded processors and controllers” (US Department of Defense 2013, pp. I-1).

The UK Joint Doctrine Publication 0-01, UK Defence Doctrine, defines cyberspace as “the interdependent network of information technology infrastructures, (including the Internet, telecommunications networks, computer systems, as well as embedded processors and controllers) and the data therein within the information environment” (Ministry of Defence 2014, p. 15). Despite the similarities of these definitions, differences can have significant impacts on doctrinal development, such as the specific inclusion of the electromagnetic spectrum in Kuehl’s definition in comparison to the US CO doctrine, which is addressed in Section 2.3.1.

The US DOD Strategy for Operating in Cyberspace compares the reliance of military operations on cyberspace with the security used to defend it (United States Department of Defense 2011). The JP 3-12 (R) US CO document provides the guidance necessary for joint force commanders and their personnel to plan, execute and assess CO (US Department of Defense 2013). The US CO are “the employment of cyberspace capabilities where the primary purpose is to achieve objectives in or through cyberspace” (US Department of Defense 2013, p. v). The US CO are categorised as offensive cyberspace operations (OCO), defensive cyberspace operations (DCO) and department of defense information network (DODIN) missions. The US CO specifically differentiates cyber-operations from information operations (IO), whilst acknowledging their close relationship.

Cyberspace Weaponisation: Modelling Cyber-Effects and their Impacts on Mission Success, Human Factors and Kinetic Outcomes in the Tactical Land Combat Environment. Lieutenant Colonel David Ormrod.

The US DOD defines IO within JP 3-13 as “the integrated employment, during military operations, of information related capabilities in concert with other lines of operation to influence, disrupt, corrupt, or usurp the decision-making of adversaries and potential adversaries while protecting our own” (Department of Defense 2012, p. ix). The US IO perspective views cyber-conflicts as one method, amongst many, to influence the decision- making capabilities of an adversary by targeting their information sources. The integration of cyberspace as a domain within the information environment is not explained within JP 3-13. Cyberspace operations are said to deal with the informational dimension, whilst the broader concept of IO includes physical and cognitive dimensions.

2.2.2 International Partners’ Cyber-Doctrines

2.2.2.1 US doctrine on cyber-attacks, synchronisation and effects

The JP 3-12 (R) US CO defines cyberspace attacks as actions creating various direct denial effects in cyberspace, or manipulation of an adversary’s information, systems or networks (US Department of Defense 2013). In this context, a cyberspace attack is focused on the use of resources for a certain time period or by a certain amount. However, cyberspace is not a domain capable of being measured by time or resources in a traditional manner. The commodities of cyberspace are hardware, information, algorithms and code. From a military perspective, one can also consider SA and behavioural effects across intersystem boundaries as commodities that potentially influence, and are influenced by, cyberspace. In this context, commodities are defined as value-adding domain-specific assets or concepts. Commodities from various domains, when interacting with the cyberspace environment, are subservient to numerous factors. These include the underlying design of the system, the framework of code and algorithms driving the environment, the information which emerges from data, the application of information to SA, and the creation of emergent behavioural changes in the physical and cognitive environments. Methods are needed within doctrine to address the integration of the technical with the human, the increasing distance of data from the decision maker through information fusion and the increasing separation of hardware from software.

The conceptual integration of specific capabilities has been addressed to some extent in US doctrine. Field Manual (FM) 3-38 Cyber-Electro-Magnetic Activities (CEMA) provides the US DOD guidance on the integration and synchronisation of EW, US CO and spectrum management. FM 3-38 CEMA focuses on the optimisation of cyber-operations, with equal weighting to EW and spectrum management capabilities. Its focus is on technological effects,

Cyberspace Weaponisation: Modelling Cyber-Effects and their Impacts on Mission Success, Human Factors and Kinetic Outcomes in the Tactical Land Combat Environment. Lieutenant Colonel David Ormrod.

but the requirement to integrate efforts and support kinetic action on behalf of commanders is evident throughout.

The close relationship between EW and cyber-operations is evident within the broader doctrine. There is an evolving relationship between historically-proven EW battlefield capability and emerging, immature cyber-capability. With the progressive fielding of software defined radio (SDR) and the increasingly diverse ways in which information is transmitted, EW may become a subset of cyber-conflict in the long term. However, the limited capability and understanding of cyber-issues within many militaries means that the EW community is best placed to provide operational and tactical cyber-capability. The EW community is trained, equipped and organised to integrate capabilities in support of combat operations. Indeed, many nations have used their existing EW capabilities to begin developing cyber-warfare capabilities (Lewis & Timlin 2011). A flexible and modern force capable of maintaining a technological edge requires a broad skillset and range of technological capabilities. The array of capabilities required reflects the loose boundaries of cyberspace and the agility required to meet new and emerging threats.

The joint application of firepower manual (JFIRE) is a quick reference guide for the provision of fire support across all US military services. It includes the cyber-effects request form (CERF) for attacking enemy cyber-military infrastructure such as air defence assets, power systems or online intelligence assets. There may be a temptation to view a cyber-effect in a JFIRE environment as a DoS attack against the availability of a system. However, compromising the confidentiality of a service may reveal enemy battle plans or positions. Integrity attacks may change the data in a system to display false information.

The JFIRE doctrine has been observed outside of the US construct. Attacks on Estonia and Georgia have demonstrated the utility of attacking the availability of both civilian and military systems as part of a broader political and military campaign (Shackelford 2010; Shakarian 2011). The compromise of the confidentiality of Unmanned Aerial Vehicle (UAV) camera feeds in Iraq resulted in insurgents watching real time video of UAV overflights (Tipton & Nozaki 2012). Syrian rebel battle plans and positions were obtained through malicious code loaded over Skype (Regalado et al. 2014). Stuxnet changed the information fed to Iranian scientists as centrifuges failed by playing back previously-recorded data on C2 systems (Collins & McCombie 2012). None of these cyber-attacks aligned neatly with the traditional concepts of firepower or OS. The potential for cyber-capabilities to become embedded at the

Cyberspace Weaponisation: Modelling Cyber-Effects and their Impacts on Mission Success, Human Factors and Kinetic Outcomes in the Tactical Land Combat Environment. Lieutenant Colonel David Ormrod.

combined arms team level is a genuine possibility, assuming such capabilities offer a discernible advantage on the battlefield.

2.2.2.2 NATO cyber-doctrine

Publicly available NATO cyber-doctrine is limited. The National Cyber-Security Framework Manual provides an extensive overview for the formulation of cyber-concepts and doctrine at a strategic and national level (Klimburg 2012). NATO efforts to prepare for cyber-conflicts include the establishment of the NATO Cooperative Cyber-Defence Centre of Excellence (CCDCOE) in Tallin, Estonia. The CCDCOE is sponsored and supported by members from across NATO as a research and educational centre. The CCDCOE is responsible for the conduct of cyber-defence exercises, in addition to assisting with the development of concepts, doctrine, education, exercise conduct and the development of legal frameworks pertaining to cyber-conflicts (Szentgali 2013). A series of other organisations provide management, oversight, rapid response and computer emergency response team (CERT) capabilities across NATO and its member states.

2.2.2.3 UK Cyber-Doctrine

The UK Ministry of Defence (MOD) provides a coherent doctrinal response to the issue of cyberspace, although its Army doctrine is not publicly available for review. The MOD Cyber- Primer provides an overview of the concepts of cyberspace for officers and soldiers (Ministry of Defence 2013a) at an unclassified level. However, the conceptual framework at the strategic level suffers from a failure to link definitions and logic. For example, the UK Cyber-Security Strategy (Ministry of Defence 2011) defines ‘cyber’ as a domain in itself. Other publications by the UK MOD defines ‘cyber’ as a part of the ‘information’ domain (Ministry of Defence 2013a). The domain construct, which is used repeatedly across many nations, is not consistently defined and underlines an issue common to international efforts to deal with the challenges of cyberspace. These efforts have been unsuccessful in clearly defining foundational principles and constructs upon which doctrine and national security policy can be built.

2.2.2.4 Canadian Cyber-doctrine

Canada’s Cyber-Security Strategy (Government of Canada 2010) directs the strengthening of the Canadian Forces’ networks, the inter-departmental work required to deal with threats and develop responses, and exchanges of best practice information with allied forces. The Cyber- Security Strategy has been criticised due to the “lack of a sophisticated understanding of the inherently international dimensions of cyberspace security” (Deibert 2012, p. 3). Canadian

Cyberspace Weaponisation: Modelling Cyber-Effects and their Impacts on Mission Success, Human Factors and Kinetic Outcomes in the Tactical Land Combat Environment. Lieutenant Colonel David Ormrod.

Military Doctrine CFJP01 is the capstone doctrine publication of the Canadian Forces (Canadian Defence Force 2009). The domains described in CFJP01 are different to those of the other nations reviewed, and describe six capability domains (Canadian Defence Force 2009). Each capability domain contains specific capabilities enabling the creation of effects. Despite the fact that ‘cyber’ is not mentioned at any point within the capstone doctrine publication, cyber-capabilities are present across a number of the capability domains described (Bernier & Treurniet 2010). The definition of cyberspace proposed by Bernier & Treurniet (2010) contends that the cyber-environment is a domain within the information environment that includes software and information residing on a network.

2.2.2.5 New Zealand Cyber-doctrine

NZ’s Defence White Paper (2010) refers to air, land and maritime domains. Cyber-is referenced within the document in the context of the Whole of Government (WoG) response to the threats of cyber-attack and cyber-intrusion (New Zealand Government 2010). The Defence Assessment 2014 defines cyberspace “as a human construct and comprises both physical (computer and information networks) and intangible elements (information and data)” (New Zealand Ministry of Defence 2014, p. 22). Furthermore, the Defence Assessment identifies the increasing prevalence of offensive cyber-capabilities, making protective and defensive measures necessary.

2.2.3 Australian Cyber-doctrine

The discussion below relates to Australian doctrine available in the public domain. Doctrine not publicly available has not been discussed. The ADF’s doctrine is critically compared to the literature and other national doctrines.

2.2.3.1 Information Activities

Information activities (IA) are “…the integration, synchronisation and coordination of two or more Information-Related Capabilities (IRC) that generate and sustain a targeted information advantage” (Commonwealth of Australia 2013a, pp. 1-3). Computer network operations (CNO) are defined as an IRC, in addition to other examples. IA does not refer to cyberspace within its construct. IO occurs at the operational level, whilst shaping and influencing activities occur at the strategic level, and inform and influence actions occur at the tactical level. The intent of IA is to undermine the adversary’s decision-making processes and thereby impact their will, SA and capability (Commonwealth of Australia 2013a). Despite the differences between the US DOD IO and ADF IA doctrines, they are similar. The approach of IO and IA

Cyberspace Weaponisation: Modelling Cyber-Effects and their Impacts on Mission Success, Human Factors and Kinetic Outcomes in the Tactical Land Combat Environment. Lieutenant Colonel David Ormrod.

doctrine is broader than the technocratic view (where the data and device are the targets). Instead, the human decision maker is the target. IO can continue when technology is disregarded or not trusted. Cyberspace is not needed. However, the evolution of cyberspace increasingly divorces the cognitive capabilities of individual people from decisions. Analytics, information fusion, autonomous systems and cyber-physical connections are driven by algorithms and code rather than cognitive function.

Cyberspace is moving beyond the task of simply displaying information to a human. Therefore, the decision-making process targeted by IO, in this context, is itself a cyber-system. The two concepts converge as technology evolves. The differentiation within Australian Defence Doctrine Publication (ADDP) 3-13 between the information, human and physical domains becomes irrelevant when a machine can make decisions to engage a target based on information feeds from another machine. Even when a human remains the decision maker, there is likely to come a time when their information is presented through, and by, cyber-systems. SA is then shaped by cyberspace and its networks, code and algorithms.

2.2.3.2 Communication and Information Systems

The primary doctrine of the ADF relating to Communication and information systems (CIS), ADDP 6.0, mentions cyber-only once and does not provide any guidance on the topic. It utilises an alternative terminology including communication systems, which “…require a data transmitter and receiver, their connecting network of links, common services and data. This may not involve any human intervention or analysis, which differentiates a communication system from an IS… an IS comprises the personnel, procedures, software and resources organised for the collection, processing, maintenance, transmission and dissemination of information, whether automated or manual. It includes the human and user terminal devices, as data can only be converted into information when it has been put, by a human reader, into the context intended by the originator.” (Commonwealth of Australia 2012b, pp. 1.15-6). The definition of information systems provided in ADDP 6.0 is reminiscent of communication theory (Shannon & Weaver 1948), despite the fact that modern communication systems have changed the communication channel concept from a sender and receiver to a more complicated asynchronous/simultaneous, interpreted/contextual, mass communication system.

A human is not necessarily involved in the conversion of data to information. Robots or connected computers utilising pre-programmed logic and algorithms can provide context to data and process it as information. Communication theory includes the person or system

Cyberspace Weaponisation: Modelling Cyber-Effects and their Impacts on Mission Success, Human Factors and Kinetic Outcomes in the Tactical Land Combat Environment. Lieutenant Colonel David Ormrod.

receiving the message as part of the communication channel (Shannon & Weaver 1948). The information output from the message can result in action, including a behavioural response. The act of communication is ultimately intended to result in changes to systems and their performance. From this viewpoint, the purpose of cyberspace and the transfer of information is to create and trigger emergent behaviours across system boundaries. People, robots or connected computers utilising pre-programmed logic and algorithms can trigger these behavioural responses. Doctrine however, focuses on the human decision maker.

2.2.3.3 Network-Centric Warfare

The NCW Roadmap reinforces the requirement for a robust information architecture, providing availability despite repeated adversary cyber-attack. At the time of writing, no offensive guidance related to NCW is provided in the Unclassified domain within Australian doctrine. “Defence’s current approach to network protection reflects the wider civil and military organisational approach to security, in which systems are protected by both physical means (e.g. restricted access environments) and non-physical measures (e.g. firewalls). Integral to the future protection of the network is the requirement for security architecture as part of Defence-wide enterprise architecture” (Commonwealth of Australia 2009b, p. 46). The information assurance approach can only provide a level of security relative to a specific point in time and against a specific level of threat. New vulnerabilities arise whenever a patch, modification or network change occurs.

Information assurance seeks to provide a degree of security, using historical precedence and retrospective measures to make assurances about the future. The information assurance approach can only secure a system against known attacks. Since cyberspace is a constructed reality, new attacks and zero-day threats constantly emerge. Information assurance represents a sound security principle; however, it is little more than good housekeeping to seek to secure cyber-systems against threats in an evolving environment. “Defending against known vulnerabilities is an insufficient strategy… Additional measures are required, such as consequence management” (United States Department of Defense 2013, p. 6).

2.2.4 Should Cyberspace be Considered a Domain?

The concept of a domain is not expressly defined in ADDP-D, JP 3-12 US CO or JP 1-02 DOD—the Dictionary of Military and Associated Terms (Commonwealth of Australia 2012a; United States Department of Defense 2001; US Air Force 2010). Clearly identifying what a domain is and how domains interact is an important step in developing a conceptual foundation,

Cyberspace Weaponisation: Modelling Cyber-Effects and their Impacts on Mission Success, Human Factors and Kinetic Outcomes in the Tactical Land Combat Environment. Lieutenant Colonel David Ormrod.

given the term is used widely without a clear definition. The term domain refers to “an area under one rule; a realm” (Allen 2004). The status of cyberspace as a domain is reflected across doctrine and academia. Some authors have argued that declaring cyberspace as a fifth military domain (alongside land, air, maritime and space) is critical to success on the modern battlefield (Stallard 2011). From an ADF perspective, cyber-has almost become a domain by stealth. The Defence Issues Paper 2014 (Commonwealth of Australia 2014b) and ‘The Fundamentals of Land Power’ doctrine (Commonwealth of Australia 2013c) refer to cyber as a domain. The Future Land Warfare Report 2014 (Commonwealth of Australia 2014c) refers to both a cyber and an electromagnetic domain, separating the two. However, IA doctrine refers to information, human and physical domains (Commonwealth of Australia 2013a). The Defence White Paper explicitly excludes cyber-when discussing joint domains and instead refers to cyber-as a space (Commonwealth of Australia 2013b). The peak of the doctrine hierarchy, the ADDP-D Foundations of Australian Military Doctrine (Commonwealth of Australia 2012a), differentiates between four physical domains and two non-physical domains.

The non-physical domains are “information (including cyber and the electromagnetic spectrum) and the human domain” (Commonwealth of Australia 2012a, p. 2.8). Thus, ADDP- D differentiates between cyberspace and the electromagnetic spectrum, but views them both as components of an information domain. The description of domains and the disparity between them presented in Australian, US DOD and UK MOD doctrine are depicted in Figure 1. Figure 1 demonstrates a strong similarity between concepts across nations, whilst highlighting the lack of a central conceptual framework. Domains are inconsistent between and within national doctrines. Almost all doctrines reviewed included physical domains. The information domain or environment is also present in almost all doctrines, whereas the cyber-domain is not. Most doctrine separates the information environment or domain from human and cognitive domains, differentiating between the provision of data and information from SA, decision making and collaboration.

Cyberspace Weaponisation: Modelling Cyber-Effects and their Impacts on Mission Success, Human Factors and Kinetic Outcomes in the Tactical Land Combat Environment. Lieutenant Colonel David Ormrod.

Figure 1 - Domain models in Australian, UK and US national publications and doctrine

Cyberspace Weaponisation: Modelling Cyber-Effects and their Impacts on Mission Success, Human Factors and Kinetic Outcomes in the Tactical Land Combat Environment. Lieutenant Colonel David Ormrod.

2.2.5 Critical Analysis of the Military Cyber-doctrine Section

This section provides an overview of the military cyber-doctrine concepts and documents key to understanding the status of cyberspace and cyber-warfare. A clear conceptual framework is necessary to ensure a common lexicon, the alignment of doctrine to capabilities, and to provide boundaries of responsibility. This thesis provides a Cyber-Conceptual Framework (CCF) as a contribution to knowledge, to bridge the gap between the various theories and definitions relating to cyberspace. These original concepts are detailed in the following section of this chapter (2.3).

The different national military cyber-doctrines generally agree on concepts, including the links between the physical and cyber-domains and the existence of an information domain. However, the differences between the national doctrines are extensive in terms of descriptions of how the domains interact, and their boundaries. A clear, unambiguous lexicon that links domains and explains how a cyber-attack occurs across those domains and impacts on kinetic outcomes and mission success through causation is needed. Currently, the description of cyberspace and the role of a cyber-attack in modern warfare remains unclear throughout military doctrine. The risks have been identified; however, the nature of these risks and how they can emerge in a complex combat environment or impact on mission success has not been clearly described. This significant gap needs to be dealt with, before a more nuanced analysis can occur with respect to measuring and modelling tactical combat environments.

This section contributes to the following SQs:

SQ2. What are the relationships between tactical land combat kinetic outcomes and cyber- systems? The relationship between tactical land combat kinetic outcomes and cyber-systems has been established in doctrine. However, it is vague and the nature of this relationship is described in different ways both within and between national doctrines.

SQ3. What are the relationships between cyber-effects and tactical land combat mission success? The relationship between cyber-effects and tactical land combat mission success has been established in doctrine, in the same way as the kinetic outcomes relationship has been established. However, this relationship is also vague. Doctrine claims that cyber-effects can influence mission success and combat outcomes. The extent of that relationship and what precursors or conditions must be met to generate an impact are not evident in the literature.

Cyberspace Weaponisation: Modelling Cyber-Effects and their Impacts on Mission Success, Human Factors and Kinetic Outcomes in the Tactical Land Combat Environment. Lieutenant Colonel David Ormrod.

2.3 Proposed Cyber-Conceptual Framework

The proposed Cyber-Conceptual Framework (CCF) provides a single cohesive and comprehensive baseline framework upon which the remainder of the thesis is built. This is a contribution to knowledge based on critical analysis of doctrine and literature, expanding on Chapter 2.2. The CCF establishes a consistent lexicon based on international military doctrine. The CCF could assist in communications on cyber and the creation of integrated doctrine across military services and partner nations. Within this thesis, it provides a single framework for remaining concepts to be built on.

2.3.1 Understanding Cyberspace

The various definitions of cyberspace described in Chapter 2.2, Military Cyber-doctrine, differ as to whether cyberspace is a domain, or an environment bounded to various extents by electronics, the electromagnetic spectrum, information technology networks, software, data, the internet, telecommunications networks, computer systems, embedded processors and controllers. The definitions of cyberspace provide boundaries to the concept of cyberspace. Boundaries are necessary to allow, or restrict, the inclusion of various components of the Army professional community and control their influence on the conduct of cyber-warfare. Boundaries must be carefully considered to ensure the doctrine is relevant and future focused.

The definition of cyberspace needs to incorporate future technologies, including SDR, quantum (Barz et al. 2013) and biological storage (Goldman et al. 2013). Indeed, telecommunications networks can consist of analogue systems, although they are not traditionally considered cyber- systems. The role of analogue and digital communications in cyberspace is not expressly conveyed in the definitions within doctrine. Analogue communications have been expressly excluded from this thesis’ definition of cyberspace, although they are part of the communication domain. The role of software in cyberspace has become increasingly important, as the hardware layer has become increasingly dislocated from the software running on it. Future conflicts are likely to rely heavily on software to obtain an advantage in speed and the capacity to process large quantities of data to lower the detection threshold and identify vulnerabilities in adversaries. Capabilities previously provided through hardware are increasingly obtained through software. SDR is one example of this in the military domain. The versatility, efficiency and effectiveness provided by modern software solutions will lead

Cyberspace Weaponisation: Modelling Cyber-Effects and their Impacts on Mission Success, Human Factors and Kinetic Outcomes in the Tactical Land Combat Environment. Lieutenant Colonel David Ormrod. to increasing complexity in cyberspace. It will also result in a larger capacity to process information without human involvement.

To ensure there are clearly-defined boundaries for cyberspace, whilst encapsulating the multitude of innovations likely to occur there, the author has created the following definition:

Cyberspace is an evolving, loosely bounded and interconnected environment that utilises technologically-mediated, software-enabled methods of communication. This means that any technology that utilises software to provide a method of communication is a component of cyberspace.

Software consists of virtual instructions which direct the operations of a computer or processor. Software can include the kernel, system management mode or other applications. Hardware and even people are also components of cyberspace, provided the information they convey requires software of some form to complete the communication link. For example, two human computer operators, the computers they use and the networks connecting them are all part of cyberspace, so long as they are using technologically-mediated, software-enabled methods to communicate.

Metaphors, and their effect on our understanding of key concepts, are an important aspect of defining cyberspace. There is no shortage of analogy or metaphor when explaining the concept of cyberspace. The global reach of cyberspace has been referred to as a cyber-ecosystem (United States Department of Homeland Security 2011). Cyberspace has been compared to the human immune system, with security efforts seeking a healthy and trusted state across the system. Another model presents cyberspace as analogous to the sea, and the passage of data through the network as ships through the ocean (Caton 2012). Cyberspace is also described as an environment transcending society, economics and geopolitics (Severs 2013). Metaphors are useful when initially creating shared understanding and building knowledge. However, they can be limiting and create false equivalency. The implications of discourse and its effect on organisational behaviour are considered in more detail below.

Clarke defines cyberspace as all of the networks in the world and everything connected to, or controlled by, those networks (Clarke & Knake 2012). The idea of cyberspace as part of a global commons, or shared resource, has been supported by NATO and a number of authors (Hurwitz 2012; Rodziewicz & David 2011; Cooperative Cyber Defence Centre of Excellence 2010). This thesis combines the definitions of cyberspace provided earlier in the review of military cyber-doctrine (Chapter 2.2) with the references above to contend that cyberspace is

Cyberspace Weaponisation: Modelling Cyber-Effects and their Impacts on Mission Success, Human Factors and Kinetic Outcomes in the Tactical Land Combat Environment. Lieutenant Colonel David Ormrod.

an evolving environment, with emerging biological and quantum methods for information storage and movement. Cyberspace extends beyond the machine and radio waves to include humans, their interpretation of communications, and the behavioural responses that result. However, a human may not be involved in the process at all. Information may trigger a response through an algorithm. The effort to separate the human decision maker from an autonomous system may be irrelevant, if all the feeds the decision maker relies upon are provided through cyberspace. The inclusion of software is critical, as the role of hardware becomes increasingly obscured by cloud technologies, and data becomes further abstracted from information through ‘big data’ and analytics.

2.3.2 The Value of Domains

Domains provide a frame of reference and create discourse within doctrine. Discourses produce meaning and a particular way of thinking (Weedon 1996, p. 105). Doctrine within the military provides theory with which to train and indoctrinate soldiers and officers for war. Therefore, the discourse reflected within doctrine has a significant impact on the way the organisation and its members think about the world and the problems they encounter within it. Doctrine guides and is guiding by the presiding thinking within a military culture. A domain creates focus, providing clear boundaries for coordination and organisation. A discussion of contemporary domains depicted in military doctrine is provided in Section 2.2.4.

Declaring cyber-as a domain provides a mandate for the development of force structure and doctrine, but it does this at the cost of simplifying the concepts of cyberspace and reducing its conceptual boundaries (Caton 2012; Glemser 2014). An alternative view seeks an understanding of the malleability of cyberspace and the varying architectures within it (Libicki 2012). The architecture perspective approaches cyber-warfare as an engineering and system design issue, enabled by incorrectly executed system instructions. One perspective of cyberspace is that of a constructed environment defined by its code and architecture, which acts as the regulatory power of the virtual environment. The “…code sets the rules… it regulates behaviour in this space; it determines what’s possible here, and what’s not possible” (Lessig 2002, p. 5). The regulatory approach has limitations because it ignores the human, behavioural, political and cognitive components of cyber-warfare. Incorporating both the human and technical aspects of cyberspace balances the two approaches, recognising the importance of cyberspace to combat operations, force projection and national security, whilst

Cyberspace Weaponisation: Modelling Cyber-Effects and their Impacts on Mission Success, Human Factors and Kinetic Outcomes in the Tactical Land Combat Environment. Lieutenant Colonel David Ormrod.

acknowledging that the issues inherent within cyberspace emerge from design and technical decisions in the virtual domain and the networks these systems communicate through.

This thesis rejects the concept of a cyber-domain and argues that cyberspace is an environment, incorporating elements of a nested domain model. This position aligns with Australian Foundational Doctrine in ADDP-D and the Australian Defence White Paper (2013). The rejection arises because the cyber-domain concept creates boundaries which are not representative of the complexity of cyberspace. The domain view insufficiently describes the interaction between technology, society, people, SA and battlefield effects. For this reason, cyberspace should be referred to as an environment, incorporating elements of both the physical and virtual domains, and their subdomains. From a military perspective, cyberspace is a consideration across all aspects of the battlespace, and is far more than an independent domain with an aspect of joint cooperation. Cyberspace must be considered at all levels of warfare; strategic, operational and tactical. Cyberspace is not an independent domain, rather it is an environment that stores, transports, interprets and mediates information across physical and virtual domains interacting with communication, information, cognitive and social elements.

This thesis proposes a nested domain model. Domains can be nested within each other, meaning that the range of possible items within each subset of domains becomes progressively smaller within the nests. Figure 2 depicts the cyber-conceptual framework (CCF) nested domain model. This domain model has been developed based on the literature and doctrine described in Chapter 2.2.4 and forms a basis for further enhancement of the domain model in Chapter 5.

Cyberspace Weaponisation: Modelling Cyber-Effects and their Impacts on Mission Success, Human Factors and Kinetic Outcomes in the Tactical Land Combat Environment. Lieutenant Colonel David Ormrod.

Figure 2 - The CCF nested domain model

The national security domain contains three subdomains; political, economic and military. The political, economic and military domains are derived from the UK MOD’s Instruments of Power, noting that the diplomatic instrument has been renamed to a political domain to recognise the impact of both domestic and international politics on the national security domain. Within each of the three political, economic and military domains, there exist two subdomains: the physical and the virtual. These subdomains exist independently of the national security domain; however, for depiction, only the military subdomains have been fully expanded, as there is no existing military doctrine which provides guidance on what might exist within the political and economic domains. It is assumed that the same subdomains persist across the intersections of the physical and virtual domains with the political and economic domains. The physical domains consist of air, land, maritime and space domains, which are described in US, UK and ADF doctrine.

The virtual domain consists of four subdomains: the communication, information, cognitive and social. The communication domain provides a means of transmitting symbols, data and data packets between individuals, systems and organisations. Cyberspace is not an appropriate term for this process, because the military continues to depend on other forms of communication, such as pen and paper, visible light and analogue communication systems, in addition to cyber-systems. The information domain refers to the actual content of the

Cyberspace Weaponisation: Modelling Cyber-Effects and their Impacts on Mission Success, Human Factors and Kinetic Outcomes in the Tactical Land Combat Environment. Lieutenant Colonel David Ormrod.

communication, when considered in the context of the other information available. It describes all information, including false, incorrect or deceptive information, which will be available to varying degrees to different individuals, systems or organisations.

The cognitive domain refers to decision making and higher-order SA processes such as forecasting, prediction and command resulting from information communicated to an individual, system or organisation. It is important to recognise that software and AI systems, not just humans, may be responsible for decisions and processes in the cognitive domain. Indeed, the human domain, evident in Australian doctrine, is explicitly excluded from the CCF presented within this thesis. Removing the human from doctrine recognises the increasing pervasiveness of autonomous systems and the capability for decisions and physical actions to be triggered without direct human involvement.

The cognitive domain recognises that a system may employ an AI autonomously, a human with a decision-support system (where the human simply ratifies the recommendation), a human with cyber-enabled information feeds, or a human with an analogue system, to perform cognitive processes. Finally, the social domain refers to the effects of social norms and culture on the military. Where humans are involved, either in the creation of software, decisions on the battlefield, or in the way different people work together, social dynamics at both a local and national level can influence processes and decisions. The social domain influences the accepted ways a military will operate, from the small team level to the organisational level.

The electromagnetic spectrum (EM) is dealt with in this model as a pervasive element, like gravity or sound waves. Different doctrines either deal with EM as distinct from cyberspace or part of it. For example, ADF Army Doctrine LWD 3-0 includes EM as one of only two components of the information domain (Australian Army 2015). The other component is cyberspace. EM is often included within military doctrine as a means of either incorporating (or differentiating) EW doctrine with (or from) cyber-doctrine. The Signals Corps has considered the EM spectrum in doctrine since their advent. Sound is vitally important to communication, yet it does not have its own domain. EM is important for the transfer of data through fibre optic cables and displaying information on screens for human consumption. Therefore, from the perspective of the CCF, the EM spectrum is not considered a domain.

Environments refer to physical and virtual spaces where multiple domains intersect and boundaries between domains are blurred. For example, the littoral environment is the zone between the land and sea. The dependencies between the two domains mean it is difficult to

Cyberspace Weaponisation: Modelling Cyber-Effects and their Impacts on Mission Success, Human Factors and Kinetic Outcomes in the Tactical Land Combat Environment. Lieutenant Colonel David Ormrod.

clearly differentiate objects and interactions between the two domains. In many cases, the domains will have direct and indirect effects upon each other. Cyberspace is another environment, where a physical act such as turning off a computer can have a direct effect on the communication domain, which will subsequently affect the information domain and potentially the cognitive domain. Nested domains incorporating multi-domain environments provide for a flexible and more nuanced conceptual framework.

2.3.3 Cyber-Warfare and Cyber-Conflict

There are many different definitions for cyber-warfare. Boothby refers to cyber-war as the "use of computer[s] to disrupt the activities of an enemy country, especially the deliberate attacking of communication system[s]" (Boothby 2012, p. 380). A Sun Tzu-inspired definition states “cyber-warfare is the art and science of fighting without fighting; of defeating an opponent without spilling their blood” (Carr 2011, p. 2). Commentators have argued over the possibility of a cyber-war, cyber-Pearl Harbour or virtual September 11, and compared cyber-warfare to nuclear and biological war (Stone 2013; Glenny & Kavanagh 2012; Healey 2013). Others have dismissed the concept of a cyber-war in its entirety (Rid 2012; Libicki 2014). The application of international humanitarian law suggests the definition of cyber-warfare is built upon many factors, including the involvement of the armed forces of two nations and an instance of armed attack (Schmitt 2012a).

The Tallin Manual considers the application of the laws of armed conflict to what it calls cyber- warfare (Schmitt 2013). The expert opinion documented within the Tallin Manual includes a variety of considerations when assessing cyber-attacks as a use of force (Schmitt 2013). These considerations generally focus on a direct line of causation between a cyber-attack and a physical reaction. However, the disabling of a critical system without causing damage could be classified as an attack according to the (heavily contested) opinion of the International Committee of the Red Cross (Melzer 2009). It is generally agreed that a physical effect must result from a cyber-attack for the act to be a component of cyber-warfare (Schmitt 2013). Unfortunately, the guidance offered through law is of little assistance to the practitioner in predicting the future of cyber-warfare. There is no international treaty, few norms and little agreement on the legal boundaries of cyber-warfare (Schmitt 2012a, 2012b). It has been argued that cyber-warfare should have its own category of law pertaining to international conflicts (Rabkin & Rabkin 2012).

Cyberspace Weaponisation: Modelling Cyber-Effects and their Impacts on Mission Success, Human Factors and Kinetic Outcomes in the Tactical Land Combat Environment. Lieutenant Colonel David Ormrod.

The Tallin Manual represents the best attempt to provide guidance to combatants; however, it is not law and there are dissenting views to many of its maxims. Ultimately, international behaviour itself will define what is considered legal and each event will require review on a case-by-case basis into the foreseeable future. This has implications for the Rules of Engagement, Laws of Armed Combat and the military’s role in an environment operated through networks developed and owned by civilian organisations. With the above points in mind, the pursuit of a definition of cyber-warfare is not useful. An alternate view is presented below.

2.3.4 Cyber-Warfare

Cyber-warfare is a term which seems more relevant in a newspaper headline than in doctrine, based on its treatment in the literature. Given the diversity of opinions and definitions, the difficulty of attribution, lack of treaty and law, and the political drivers inherent in a declaration of war, this thesis will refer to the general concept of cyber-warfare as cyber-conflict. Referring to a cyber-conflict, rather than cyber-warfare, allows for a conceptual discussion without dealing with the value-laden and inadequately-bounded concept of cyber-warfare, inferring situational political and legal imperatives. This thesis defines a cyber-conflict as: one or more cyber-attacks, exchanged between two parties, with an ideological intention to degrade the:

(1) National will or ability to perform combat operations; or

(2) Government and community’s ability to perform critical civic functions.

The inclusion of cyber-attacks within the cyber-conflict definition requires further explanation.

2.3.5 A Definition of Cyber-Attack

Cyber-attacks can have many objectives, including the disruption of air defence and C4ISR systems (Rosenfield 2009). Acts of espionage, where information of national interest is stolen, and sabotage, where an act of destruction seeks to damage the national interest (Ii & Ketcham 1983), are both instances of cyber-attack. Cyber-attacks may also include counterattack or ‘hack back’ efforts in response to a cyber-attack from an adversary. Active defence measures which extend beyond internal protection and damage the adversary are also cyber-attacks. Third party infrastructure and cyber-systems may also be targeted if they facilitate the adversary’s attacks. This has legal and political implications which will require consideration on a case-by-case basis. The uncertainty surrounding the application of cyber-attacks makes it difficult to predict a third party’s actions in peace and war.

Cyberspace Weaponisation: Modelling Cyber-Effects and their Impacts on Mission Success, Human Factors and Kinetic Outcomes in the Tactical Land Combat Environment. Lieutenant Colonel David Ormrod.

Cyber-conflicts exploit the digital network infrastructure and the information contained within it, or target the benefits provided by networked information systems, as part of an ideological offensive aimed at a nation’s government, people or industries (Szentgali 2013). Attacks interrupting financial trading and services for an extended period, interrupting large-scale public transport systems or cutting power to a large percentage of the population for an extended period could be classified as cyber-conflicts, provided there was malicious intent. Despite the relationship to warfare and national security, cyber-conflict does not necessarily equate to actual, kinetic warfare. On the modern battlefield, cyber-conflicts are likely to parallel, precede or proceed a kinetic attack. However, cyber-conflicts may also be acts of terrorism or civil disobedience. Military involvement is not appropriate in many situations and attribution is critical. A non-state entity may engage in cyber-conflict. For example, a terrorist organisation that launched a cyber-attack intended to cause national impact and required a cyber-attack response would be conducting a cyber-conflict. Efforts to attribute an attack, and a degree of professional discretion, are required to determine whether a multinational botnet is being controlled from another country, or if the developer of the code used in a cyber-attack is the one launching the attack. The planning and origin of the attack are far more important than the location of compromised systems. Attribution is also important, as it allows defenders to coordinate cyber-counterattacks. The involvement of at least two parties is necessary for a cyber-conflict to occur.

This thesis defines a cyber-attack as the targeting of vulnerabilities in cyberspace and the realisation of risks inherent within the design of information systems, to create emergent effects upon interconnected physical, social or behavioural systems. A cyber-attack consists of four components; targets linked through causation, intent, level of harm, and an event. Cyber-attack levels and components are explained below.

Cyberspace Weaponisation: Modelling Cyber-Effects and their Impacts on Mission Success, Human Factors and Kinetic Outcomes in the Tactical Land Combat Environment. Lieutenant Colonel David Ormrod.

2.3.6 Cyber-Attack Causal Chain

Couplings between interdependent systems in the physical and virtual environments affect the various components of those environments. This has flow-on effects upon other systems, which may not be connected in obvious ways. Causal chains work through the couplings within SOSs (Efatmaneshnik & Ryan 2014). Each independent system within the SOS affects the other. Changes in the state of one system have emergent behavioural effects on other systems. Thus, the SOS components are interdependent. For example, a cyber-attack on a power generation system may impact a hospital, which may result in deaths and subsequent criminal proceedings. Another example involving human factors could be a cyber-attack on a missile defence system. Although it may not lead to any kinetic effects, it could reduce the trust that operators have in the system’s security. This could cause a delayed reaction to a missile attack if the alarm was suspected to be a false alert. Cyber-attacks also possess components relating to the intent of the attack: its alignment with strategic objectives could create emergent effects outside of the cyber-environment; the level of harm resulting from the attack; and the occurrence of discrete events that trigger emergent effects in a connected system. The levels and the cascading effects of a CCF cyber-attack are depicted in Figure 3.

Figure 3 - The CCF Cyber-Attack Causal Chain

The five levels of the CCF are:

• Level 1. The virtual object effect. The line of code, or a specific vulnerability, used to compromise a system, component of the network or data not being used as information. A level

Cyberspace Weaponisation: Modelling Cyber-Effects and their Impacts on Mission Success, Human Factors and Kinetic Outcomes in the Tactical Land Combat Environment. Lieutenant Colonel David Ormrod.

1 change in data will not lead to a change in the information available to a user (decision maker). The virtual object effect is confined to the communication domain.

• Level 2. The information effect. Because of the level 1 attack, a change occurs in the information available to either the attacker, defender or a third party using the cyber-system. Information could be altered, deleted or made unavailable. The information effect is confined to the information domain, without a physical manifestation.

• Level 3. The emergent effect. The attacker seeks to change the state of the system target by creating a behavioural response resulting from the information effect at level 2. This could include shutting down a power grid or maliciously changing the information displayed on a C4ISR system. The level 3 response could be automatic, generated by an algorithm, or a human decision. The emergent effect is manifested in the cognitive domain.

• Level 4. The SOS effect. The result of the level 3 behaviour, decision or response leads to a larger effect on a person, organisation, government or society which reduces the effectiveness and efficiency of the overall system, disrupts lifecycles or reduces combat capability. The SOS effect is manifested across the military domain.

• Level 5. The strategic effect. The level 4 effect has a flow-on impact across the SOS. The strategic effect degrades the national will or ability to fight, perform combat operations, provide critical civic functions or compete in the global marketplace. The strategic effect is manifested across the national security domain.

For example, compromised data (level 1) may cause information displayed on a C4ISR system to be incorrect (level 2). A decision maker may decide to act based on this information (level 3), such as sending troops to a position which is an ambush. The capability of the force is degraded because of the ambush casualties (level 4). Trust in the C4ISR system is also reduced (level 4). The media effect of the casualties and the failure of the C4ISR system has a strategic effect (level 5). An impact on all five levels is not necessary for a cyber-attack to be considered successful.

When coordinating a cyber-attack, it is preferred the victim does not realise their systems have been compromised or infiltrated, at least until third-order impacts occur outside of the virtual system (Sanger 2012). However, the act of compromising a cyber-system has a third-order impact on related human systems, such as the trust of decision makers, when such a compromise is known to have occurred. The interaction between levels will vary based on the

Cyberspace Weaponisation: Modelling Cyber-Effects and their Impacts on Mission Success, Human Factors and Kinetic Outcomes in the Tactical Land Combat Environment. Lieutenant Colonel David Ormrod.

way they are coupled. To be classified as a cyber-attack, four components must be identified from a cyber-attack. These components are described in the next section.

2.3.7 Cyber-Attack Components

Cyber-attack components provide a mechanism for the identification of a cyber-attack and a methodology for grading its severity. The four components of a cyber-attack are as follows:

• Component One: Effects linked through causation. There may be more than one effect at any level, and levels may interact. For example, multiple first-level effects may be required to impact the second and third levels. There may also be third-order effects and unforeseen behaviour produced between effects, or across system boundaries.

• Component Two: The intent will align with the strategic objectives of the initiator and seek to produce an emergent effect (level 3). A system or network failure may cause harm but lack malicious intent and alignment to the adversary’s objectives. Differentiating system noise or user error from a malicious attack is not an insignificant issue, but it is technically easier than attribution, which makes the identification of malicious intent difficult to determine. Without knowing who is attacking, the reason for the attack at a strategic level may be conjecture. This is a persistent issue of cyber-conflicts in the contemporary environment. The intent of an attacker and their identity may also differentiate law enforcement and military jurisdiction. Identification of the attacker is critical to the response and any potential counter attack.

• Component Three: The level of harm must occur above level 2 (the information effect) to be considered a cyber-attack. For example, the deletion of data at level 1 (virtual object effect) would not be a cyber-attack, if it did not result in a level 2 (information effect). For example, deleting unused data will not result in information loss, and hence would be a virtual object effect but not an information effect.

For a cyber-attack to be considered part of a cyber-conflict, the cyber-attack must be apparent up to level 4 (SOS effect), with the intent by the attacker to inflict either level 4 (SOS effect) or level 5 damage (strategic effect). The response by the victim (the counterattack) must also lead to an impact at level 4 (SOS effect). Death or destruction on either side, at a physical level, is not necessary. The deletion of data could be a cyber-attack in this model, if that data led to a corresponding impact at the strategic level. For example, the deletion of all plans for the manufacture of a new aircraft or platform prior to its production, setting back a military project

Cyberspace Weaponisation: Modelling Cyber-Effects and their Impacts on Mission Success, Human Factors and Kinetic Outcomes in the Tactical Land Combat Environment. Lieutenant Colonel David Ormrod.

several years, would be considered a cyber-conflict because the emergent target—the nation— is impacted in a significant manner. From a traditional warfare perspective, the deletion of data is not considered an attack under existing IHL (Schmitt 2013).

• Component Four: An event triggers a behavioural change in the connected system. The level 3 emergent effect must occur for an intrusion into a system to be considered a cyber- attack. This differentiates the reconnaissance of a system prior to an attack from an actual cyber-attack. Undetected malicious code which remains latent, or only produces an effect at the virtual level, is not a cyber-attack. DoS attacks which lead to behavioural change across other connected systems would also constitute a cyber-attack within component four.

2.3.8 Critical Analysis of the CCF Section

The CCF provides a single cohesive and comprehensive baseline framework using a consistent lexicon based on international military doctrine. The CCF fills a significant gap in the conceptual framework needed to advance an understanding and describe a comprehensive model of cyber-effects and their impact on mission success, human factors and kinetic outcomes.

This section contributes to the following SQs:

SQ2. What are the relationships between tactical land combat kinetic outcomes and cyber- systems? The relationship between tactical land combat kinetic outcomes is described through the nested domains model, the cyberspace construct and the cyber-attack components within the CCF. Refer to Sections 2.3.2, 2.3.6 and 2.3.7.

SQ3. What are the relationships between cyber-effects and tactical land combat mission success? The CCF describes the causal chain linking cyber-effect to mission success. The CCF causal chain provides a useful conceptual baseline for the remainder of the thesis. Refer to Section 2.3.7.

SQ4. How can the impact of cyber-effects on tactical land combat mission success be described and measured? The description of the impact caused by cyber-effects in a general sense and the measurement of that impact across different levels of the SOS is described in the CCF. Refer to Sections 2.3.6 and 2.3.7.

Cyberspace Weaponisation: Modelling Cyber-Effects and their Impacts on Mission Success, Human Factors and Kinetic Outcomes in the Tactical Land Combat Environment. Lieutenant Colonel David Ormrod.

2.4 Cyber-Attack Impact

The predominant discourse of NCW and military transformation advocates throughout the 1990s and 2000s focused on the benefits of technology, communication and Effects-Based Operations (EBO) (Alberts 2002; Berkowitz 1997; Deller et al. 2009). Alberts (2007) argued that the term C2 is a vestige of a previous era. He concluded that NCW-enabled warfare requires a shift to self-synchronisation and edge organisations, where information is freely distributed, decision rights are peer-to-peer and interaction is unconstrained between combatants on the network (Alberts 2007). However, reliance on sophisticated IS can create overconfidence and hubris (Wilson 2007).

Network-centric warfare depends on a combat environment where the network is secure, uninterrupted and the enemy does not seek to target SA through deception or cyber-attack. Information delays, distorted intelligence and spoofed sensor signals are just a few ways in which SA can be compromised (Harris et al. 2012). McMaster (2008, p. 28) referred to the desire for technology to provide dominant battlespace knowledge as a “…fundamentally flawed and historical understanding of future conflict…”. General Mattis, Commander of the US Joint Forces Command in 2008, rejected the doctrine of EBO due to its focus on technology and precision weapon systems which did not align with his experience of warfare. The EBO sought unachievable predictability, could not anticipate the reactions of complex systems, promoted micromanagement and discounted the human dimensions of war (Mattis 2008b).

Combat is a violent contest where each “…commander wants to impose his will on his opponent, defeat his opponent’s plans, and destroy his opponent’s forces. Combat consists of the interplay between these two opposing commanders, with each commander seeking to accomplish his mission while preventing the other from doing the same” (Department of Defense 2001a, p. 16). Human factors are a critical component in determining combat outcomes (Dupuy 1987; Van Creveld 1985). Socio-Technical Systems (STS) theory recognises that organisations use technical systems in conjunction with the social, as a joint optimisation approach that includes the adaptability and innovation of humans (Cherns et al. 1993). Despite the enormous potential of robotics, big data, cloud and other potentially disruptive technologies, it is humans who continue to enact violence in combat. Users interacting on distributed networks coordinate through shared trust between system operators, software, machines and networks (Dekker 2006). Kinetic action results from decisions by people connected to the network, but also independent of the network. Dislocated forces can achieve tactical victory, despite (or even due to) their lack of connectivity. Linking and integrating the

Cyberspace Weaponisation: Modelling Cyber-Effects and their Impacts on Mission Success, Human Factors and Kinetic Outcomes in the Tactical Land Combat Environment. Lieutenant Colonel David Ormrod.

technological systems designed to aid humans in combat is complex. The environment in which the technology is employed is not predictable. Unintended behaviours and outcomes can emerge as demonstrated in the United States Ship (USS) Vincennes disaster (Rochlin 1997).

The failure to differentiate real from virtual data has had operational effects, even without deliberate deception. The Link 11 track number for Iran Air Flight 655 in 1988 was confused by the USS Vincennes for a military target, resulting in the deaths of 290 civilians (Friedman 1997). In another incident in the Persian Gulf, the USS Stark FFG-31 confused an attacking Iraqi aircraft for a friendly Iranian jet because its radar signature was very similar. Despite feeds from an airborne warning and control system (AWACS) aircraft which was tracking the Iraqi jet, “Stark never fired a weapon nor employed a countermeasure, either in self-defence or in retaliation. Thirty seven members of Stark’s crew died because of the attack” (Department of Defense 1987, p. 3).

During Operation Desert Storm in 2003, a Royal Air Force (RAF) aircraft was destroyed and two personnel killed when a Patriot missile system incorrectly identified the friendly aircraft as a threat. An inquest confirmed the operators of the system were not trained to recognise false alarms. The operators had been “…trained to react quickly, engage early and to trust the Patriot system” (Ministry of Defence 2003, p. 3). The system’s semi-autonomous operation and lack of “…the widest possible picture of the airspace around them to build situational awareness” were seen to contribute to the fratricide (Ministry of Defence 2003, p. 3). The means for confirming false positives, outside of the digital system, was too slow to allow a timely verification.

The preceding examples were unintentional and did not involve cyber-attack. There is precedence for a cyber-attack leading to tactical casualties through a compromised fire control application. Crowdstrike’s claims have not been subjected to peer-review. However, their report about a Ukrainian fire control application (Crowdstrike Global Intelligence Team 2016) provides support to the contention that intentional cyber-attacks can, and have, led to physical casualties on the battlefield. The fire control application in question is designed to reduce D- 30 Howitzer artillery response times. Malware was released to infect devices employing the application and compromise data including the location of the artillery batteries. Compromised data, in conjunction with integrated intelligence, surveillance and reconnaissance (ISR) assets, is likely to have contributed to the Ukrainian military suffering the loss of over 80% of their D-30 Howitzer pieces over the two-year period to 2016 (Crowdstrike Global Intelligence Team 2016). The correlation of specific malware to a single weapon system, and that weapon system

Cyberspace Weaponisation: Modelling Cyber-Effects and their Impacts on Mission Success, Human Factors and Kinetic Outcomes in the Tactical Land Combat Environment. Lieutenant Colonel David Ormrod.

having the highest loss rate of any artillery piece in the Ukrainian military, does not prove causation. However, the correlation highlights the unknown tactical effects of successful cyber- attacks on military applications and software systems.

The confidentiality-integrity-availability (CIA) triad provides a means to model cyber-effects at the technical level. The Ukrainian artillery scenario provided earlier is an example of a confidentiality attack intended to reveal the location of fire support bases. It could allow the adversary to conduct precision strikes and raids on these fire support bases, reducing their operational effectiveness. The resulting lack of offensive support could lead to mission failure. The CIA triad is a component of a causal chain whose outcomes are mission and kinetic impacts. Integrity attacks could change grid references of authorised fire missions or alter orders issued over digital C4ISR systems. Consequently, troops may strike the wrong locations. Availability attacks could prevent fire missions from being transmitted, or isolate a unit from the C4ISR system. Cyber-effects could be enabled through different toolsets, such as logic bombs, zero days or man-in-the-middle, depending on the vulnerabilities of the C4ISR system used by the victim and the resources available to the attacker.

Military operations require the support of flexible, responsive and resilient cyber-capabilities. Information system security models and information assurance constructs seek to achieve information assurance—a high degree of certainty in the confidentiality, integrity and availability of cyber-systems supporting combat operations. This thesis argues the information assurance approach, whilst a worthy goal, is not reflective of the lessons of history or warfare. Mayfield’s paradox mathematically demonstrates the futility of attempting to make any information or C4ISR system completely assured against every attack (Mayfield 2001). Reliance on algorithms and technology has consistently been proven to be misplaced in the long term (Ratcliff 2006). Historically, nations have assumed their wartime communications systems were secure, whilst their adversaries were reading important diplomatic cables, and strategic and tactical messages (Erskine & Smith 2002; Copeland 2006; Ratcliff 2006). The question of trust on the battlefield concerns not people, but the technology, cryptography, procurement decisions and systems protecting the passage of information.

2.4.1 Existing Cyber-Attack Models

Experiments that have considered cyber-attacks generally reflect a focus on technological battle damage (Martins et al. 2012; Martino 2011), the effect of DoS and outages on operational performance (Argauer & Yang 2008; Hale 2010), or the advantages provided to combat forces

Cyberspace Weaponisation: Modelling Cyber-Effects and their Impacts on Mission Success, Human Factors and Kinetic Outcomes in the Tactical Land Combat Environment. Lieutenant Colonel David Ormrod.

by network-enabled C2 systems (Davis et al. 2000). The technological focus has resulted in broad assumptions about the potential advantages and disadvantages of reliance on cyber- physical systems on the battlefield, with little qualitative or quantitative data available to commentators. The technology perspective of effect does not adequately describe the impact on the larger system, beyond that of the network and information itself. For example, the technical effects of intrusion, destruction or protection do not describe the potential for corrupted information to contribute to an elaborate ruse, resulting in death and physical destruction. It simply reflects the first-order effect. From a military commander’s perspective, the effect on the network is irrelevant. It is the higher-order effect on the larger military operation and its kinetic, rather than virtual result, which interests the military decision maker. From that perspective, few information security models adequately consider the needs of military tactical commanders, who describe kinetic effects in terms of mission-specific verbs such as breach, block, contain and destroy (Hieb & Schade 2007).

The effects of cyber-espionage can often be calculated in lost time, productivity or finances, but the effects of a cyber-attack are far more diverse, less obviously predictable, and potentially more widespread (Kramer & Starr 2009). Cyberspace is mission critical for contemporary military forces (Jabbour & Muccio 2011). However, the rapid digitisation of the military has not been supported with extensive, robust analytical consideration of the risks when systems are compromised (Caton 2013). A broad review of the approaches available to model cyber- defence disciplines in the military context has been provided by (Lange et al. 2017). The US Director, Operational Test & Evaluation report for FY2015 noted a broad array of vulnerabilities across US DOD networks and concluded that military commanders and organisations “should expect cyber-attacks to be present for all critical missions…” (Gilmore 2016, p. 389) and assume all systems are compromised (‘Assume Breach’).

The theory of cyber-attack mechanics requires that an attack imposes a threat upon a vulnerability by a threat agent (Stephenson & Prueitt 2005). A successful attack results in a cyber-incident. Models have been developed to explain the cyber-attack process. The Cyber- Kill Chain™ is a Lockheed Martin seven-step process to “target and engage an adversary to create desired effects” (Hutchins et al. 2011, p. 4). The Cyber-Kill Chain consists of the phases; Reconnaissance, Weaponisation, Delivery, Exploitation, Installation, C2, and Actions on Objectives. This phased process has been used to support course of action development for defenders (Hutchins, Cloppert, & Amin 2011). The Cyber-Kill Chain approach has been criticised outside of the academic space, based on complaints that it reflects perimeter-based

Cyberspace Weaponisation: Modelling Cyber-Effects and their Impacts on Mission Success, Human Factors and Kinetic Outcomes in the Tactical Land Combat Environment. Lieutenant Colonel David Ormrod.

defensive thinking with a focus on intrusion and malware (Cloppert 2009). The kill chain approach also ties back to EBO, which is opposed by factions of the military and is seen in some quarters as a passing fad, with no place in Army doctrine (Mattis 2008a, p. 22).

The Mandiant Attack Lifecycle Model is like the Cyber-Kill Chain; however, it consists of six stages incorporating a more holistic approach by comparison. The Mandiant stages are; Initial Compromise, Establish Foothold, Escalate Privileges, Internal Reconnaissance, Move Laterally and Maintain Presence (Mandiant 2015). The Attack Lifecycle Model is broader than the Cyber-Kill Chain but it lacks any objectives or mission focus. The Australian Signals Directorate (ASD) uses the Cyber-Attack Lifecycle Model, consisting of only three stages; Reconnaissance, Network Propagation and Data Exfiltration (Australian Signals Directorate 2014). Assuming any attack seeks purely to extract data, as the ASD model does, fails to account for the variety of alternatives available to an attacker, such as the malicious changing or destruction of data. The Sandia National Laboratories Information Design Assurance Red Team (IDART) process provides an insight into the Red Team approach to cyber-attacks. However, it fails to progress beyond the ‘Analyse’ and ‘Report’ components of the attack process, meaning the development of measures and modelling of the full attack process is not described, such as pivoting from a compromised network device to another vulnerable node (Sandia 2014).

The broad objectives of an attacker are difficult to insert into a cyber-attack model, due to the variety of motivations and skill levels that may be linked to any single threat group. Attackers can have a variety of skill levels, with different motivations, toolsets and knowledge of the target technology (Endsley & Connors 2014). Idrees et al. (2014) developed an adversary profile taxonomy, consisting of the attacker’s knowledge of the system, equipment, window of opportunity, expertise, location and elapsed time (to conduct the attack). An attacker also has an objective, mode method and consequence. Despite the variety in threats, mental models about cyber-attackers and their methods assist cyber-operators to defend networks when interpreting data or comprehending network information (Endsley & Connors 2014). The Cyber-Resiliency Engineering Framework provides a series of adversary characteristics for moderate to advanced threat levels (Bodeau & Graubart 2011a). Threats can be managed as ‘tracks’ using cyber-alert correlators (Holsopple et al. 2014). The potential methods utilised by an attacker to disrupt or compromise cyber-assets consists of spoofing, tampering, repudiation, information disclosure, DoS and elevation of privilege (STRIDE model) (Henry & Pasley

Cyberspace Weaponisation: Modelling Cyber-Effects and their Impacts on Mission Success, Human Factors and Kinetic Outcomes in the Tactical Land Combat Environment. Lieutenant Colonel David Ormrod.

2014, pp. 30-1). A combination of motivations, tactics, techniques and behaviours can be used to correlate threats to specific activities and incidents.

Contemporary Cyber-Kill Chains and Attack Life Cycle models are useful in developing a conceptual understanding of how an attacker can penetrate and compromise a network or device. However, they generally maintain a high-level view only and lack detail on the mechanics of this process. This thesis will seek to expand upon these models and develop cyber-attack and cyber-defence models to support detailed mission impact modelling and analysis.

2.4.2 Mission Impact Modelling

Contemporary solutions to modelling mission impact are generally proprietary or are not machine readable. “Mission modelling is critical because an estimate of the impact of an attack fundamentally boils down to how it affects the missions the network is trying to execute… However, technology is lacking… There is currently no existing standard for modelling missions…” (Holsopple, Sudit, & Yang 2014, p. 237). The Department of Defence Architecture Framework (DODAF) (Department of Defense 2010) and the Ministry of Defence Architecture Framework (MODAF) (Ministry of Defence 2007) are utilised by the two respective organisations to provide an infrastructure for stakeholders organised as a series of viewpoints.

Business processes describe, through a logical structure, the organisational activities required to transform resources into outcomes (Aguilar-Saven 2004; Ghosh et al. 2013). Business processes explain how ISs integrate practically with human performance. An IS is “used if, and only if, the functions available to the user support (fit) his or her activities” (Trkman 2010, p. 127; Dishaw & Strong 1999, p. 11). The collective understanding of how to perform tasks and behaviours in an organisational construct leads to business processes. Business processes vary between organisations and environments based on competitive drivers and the optimal methods for survival. Business processes can be described graphically using the Business Process Model and Notation (BPMN) standard (Group 2013). Business process modelling supports the conduct of experimentation and simulation (Nidumolu et al. 1998). The susceptibility of different business processes to cyber-attack has been discussed in D'Aubeterre et al. (2009). This infers that a cyber-attack can have a causal link to a business process outcome.

Cyberspace Weaponisation: Modelling Cyber-Effects and their Impacts on Mission Success, Human Factors and Kinetic Outcomes in the Tactical Land Combat Environment. Lieutenant Colonel David Ormrod.

Causal links can be established through causal laws (truth relations) and derived causal laws (truth changed through action). Causal propagation can be established through transitivity (Zhang & Foo 2001). Causation allows for the prediction of consequence with a degree of certainty not possible with correlation (Pearl 2000). Isolating causes from the variety of other contributing variables in a military scenario is challenging (Hiniker 2004). Causation in the cyber-security context refers to the link between a threat, attack mechanism and consequence. Defences mitigate harm caused by a threat, mechanism or consequence (Cohen et al. 1998). However, the SOS view of causation is much broader. For example, risk analysis requires the identification of system connections that may lead to unintended faults (Sierla et al. 2013). Causation can be described using formulas, linking propositions and action descriptions (Zhang & Foo 2001).

Causal modelling by the UK MOD seeks to project the consequence of cyber-kill chain events through three perspectives (Barnett et al. 2014). The business landscape perspective represents mission capabilities and dependencies. Causal relationship perspectives are developed using subject matter expert (SME) feedback and an adaption of the cyber-kill chain. Bayesian approaches and confidence levels are utilised in this model. Cause and effect relationships are central to the model, which has been implemented as software. The Mission-Focused Cyber- Situational Awareness System provides a graphical interface and method for analysis that links cyber-assets to mission effects in a way that appears to be more extensive than many other approaches (Barnett, Smith, & Whittington 2014). However, the model is closed and not open to detailed analysis or repeatability.

Machado et al. (2013) proposed a cyber-defence architectural model for a simulation capable of integrating the kinetic and cyber-environments. They described existing simulation models as ineffective and unrealistic, extending on the work of Jakobson (2011) to infer future cybersecurity scenarios. In these cases, the cyber-impacts modelled were DoSs. Although each model has the potential to describe more extensive cyber-effects, these are not demonstrated within the literature. The underlying models supporting the framework are not openly available and cannot be accessed by the author. The utility of a system and the value of the information it provides are important considerations for simulating and defending cyber-systems. Damage to information assets is defined as “…some functional loss of value within the contextual value constructs caused by an incident. This loss of value is a direct reflection of the asset’s utility caused by some external influence that affects the asset’s confidentiality, integrity, availability or any combination” (Fortson 2007, p. 170). Information utility has a direct relationship to the

Cyberspace Weaponisation: Modelling Cyber-Effects and their Impacts on Mission Success, Human Factors and Kinetic Outcomes in the Tactical Land Combat Environment. Lieutenant Colonel David Ormrod.

criticality of the information. Both the attacker and defender will seek to identify assets of the most value. Generally, this value links to the mission.

Mission assurance engineering (MAE) is an analytical approach that identifies mission critical cyber-assets (crown jewels analysis), identifies threats to those assets (threat susceptibility analysis) and selects mitigation measures (risk remediation analysis) (Musman et al. 2011b). Musman et al. (2010) considered the impact of cyber-attacks on mission objectives, to optimise attack-resistant systems. The Cyber-Mission Impact Assessment (CMIA) assesses the impact of cyber-attack on the kinetic space as a risk management tool. The CMIA model provides a valid and systematic approach to a complex problem. However, the focus on activities appears to capture directed attacks only, without modelling vulnerabilities that could lead to network infection or loss of data integrity. Synergistic effects and interstitial impacts across systems are not apparent (Musman & Grimaila 2013). Human factors, or the conditions influencing a particular decision, are not included in the published processes (Musman et al. 2010).

2.4.3 Resilience

The definition and concept of resilience depends on the context and is influenced by the domain from which it is derived. Cyber-resilience has been defined as “the ability of a nation, organisation, or mission or business process to anticipate, withstand, recover from, and evolve to improve capabilities conditions, stresses, or attacks on the supporting cyber-resources it needs to function” (Bodeau & Graubart 2011a, p. 8). From a mission survivability perspective, resilience allows a mission to be executed successfully despite system failures and attacks. Specific services may be prioritised so that they can absorb failures, isolate threats and recover (Carvalho et al. 2011). Mission resilience requires system adaptation, robust infrastructure and self-organisation (Jakobson 2014). System resilience refers to the capability retained by the system when impacted by one or more specific threats (Burch 2013). Resilience as a risk metric has a narrower definition, “the persistence under uncertainty of a system’s mission-oriented performance in the face of some set of disturbances that are likely to occur given some specified timeframe” (Musman & Agbolosu-Amison 2014).

The Australian Government’s Critical Infrastructure Resilience Strategy seeks to build overall resilience for critical infrastructure, consisting of “those physical facilities, supply chains, information technologies and communication networks which, if destroyed, degraded or rendered unavailable for an extended period, would significantly impact the social or economic wellbeing of the nation or affect Australia’s ability to conduct national defence and ensure

Cyberspace Weaponisation: Modelling Cyber-Effects and their Impacts on Mission Success, Human Factors and Kinetic Outcomes in the Tactical Land Combat Environment. Lieutenant Colonel David Ormrod.

national security” (Commonwealth of Australia 2015, p. 1). According to this Strategy, resilience for critical infrastructure is achieved through four outcomes; business government partnership, risk management, strategic understanding, and applying organisational resilience (Commonwealth of Australia 2015). The Strategy provides a good approach to building resilience at a strategic policy level. However, the Strategy has a strong focus on physical assets and technologies, despite the critical role of data in the provision of many of the services described such as banking and health.

The Cyber-Resiliency Engineering Framework (Bodeau & Graubart 2011a) presents four cyber-resiliency goals: anticipate, withstand, recover and evolve. These goals reflect the multiple components of resilience, from anticipation through planning, to evolution through the changing of missions, business functions and cyber-capabilities. Fight through and restoration are components of cyber-resilience. Resilience and risk metrics as they relate to cyber-are generally limited to a single domain or focused on weak and potentially misleading metrics (Linkov et al. 2013). The discussion paper on cyber-resilience released by Raytheon provides a series of metrics (Marra 2013). However, a more extensive technical cyber- resilience metrics list is provided by the MITRE Corporation (Bodeau et al. 2012). These metrics are generally focused on the availability and survivability of technical systems. However, resilience is more than availability or survivability.

Survivable systems gracefully decrease in functionality and utility, but continue to operate at reduced levels. Resilient systems must be able to remain mission capable, meaning that their benchmark is higher than that of a survivable system (Bishop et al. 2011). Resilience can be binary, based on a minimum standard, or it may have different metrics depending on the context and environment (Musman & Agbolosu-Amison 2014). Resilience extends beyond availability and across the entire CIA triad. Integrity and confidentiality attacks also require resilience, although the methodology to achieve this is not clearly enunciated in the literature (Bishop et al. 2011). A resilient system should be able to achieve mission success despite data manipulation, data compromise, or network infection.

Redundancy is generally seen as the solution to the resilience challenge. Redundancy means that the “failure of any discrete component should not cause systemic failure” (Bishop et al. 2011, p. 102). Redundant systems, business process and resources all provide additional capacity to achieve a mission despite sustained attack. Redundancy even offers a degree of protection against the loss of critical data or the injection of malicious data. However, the

Cyberspace Weaponisation: Modelling Cyber-Effects and their Impacts on Mission Success, Human Factors and Kinetic Outcomes in the Tactical Land Combat Environment. Lieutenant Colonel David Ormrod.

resources required to build redundant systems and their requirement for parallel business processes increases mission resource costs and reduces their ROI.

Resilience may occur at the mission rather than the cyberspace layer. "The time has come to think of cyberspace in a new light; not only must we defend against any attack, we must be able to ‘fight through’ any attack, accomplish our missions and retain the ability to respond–thus giving us mission assurance in the face of future attacks or other disruptions." (Department of Defense 2009b, p. 4). Cyber-resilience refers to the ability for a network to adapt and remain operational (Bodeau & Graubart 2011b; Dwivedi et al. 2010). Mission assurance extends on resilience by looking at the mission rather than just its supporting systems. Mission assurance is a process to “identify and mitigate design, production, test and field support deficiencies that could affect mission success” (National Defense Industrial Association 2008, p. 152).

Degeneracy is the capacity for different elements to perform the same functions. It is different to redundancy, because a function may be carried out by elements that are structurally different. These elements may also have other roles producing other functions. Degeneracy changes with context, whereas redundancy does not (Edelman & Gally 2001). Unlike pure redundancy, degeneracy creates functional diversity and a high level of agility. Agility is critical to modern military operations in complex environments (Alberts 2014). Homogenous systems are susceptible to the same exploits; an attacker with the ability to compromise one system has the ability to attack any redundant systems in the same way (Whitacre & Bender 2010). The capacity to adapt and survive requires a balance between robustness, efficiency and complexity (Whitacre & Bender 2013). Degeneracy provides the ability to absorb shock and catastrophic system attacks.

Parallel degenerate systems, in a cyber-context, can present additional risks of attack. By using multiple disparate systems at the same time, the attack surface available for an attacker is increased. However, used in sequence, the use of multiple, disparate systems allows for robust processes with faster incident response and greater flexibility. If the technology underpinning one process is compromised, upon discovery, an alternative degenerative system can be substituted without compromising the process. Therefore, the risk of attack is increased, but the consequence of compromise is decreased across the system. The guarantee of an impregnable, uncompromised system is reduced as the attack surface grows, reducing information assurance. But mission assurance increases, despite the increased attack surface,

Cyberspace Weaponisation: Modelling Cyber-Effects and their Impacts on Mission Success, Human Factors and Kinetic Outcomes in the Tactical Land Combat Environment. Lieutenant Colonel David Ormrod.

because the functional diversity and agility produced by degenerate systems makes them more resilient.

Degeneracy acknowledges that combat features uncertainty presented by an active and intelligent adversary, and that the stakes could not be higher. Assets can be destroyed, personnel killed and the adversary may acquire a tactical advantage in a specific space and time, even if they lack a broader strategic advantage. Efficient business processes must be integrated into a broader, overlapping resilience model. Waste is reduced when comparing degeneracy and redundancy. However, degeneracy has a higher resource cost than an investment in a single solution. The value proposition of degeneracy is provided through a focus on mission assurance. The ability to switch between overlapping systems and processes, provide contingencies, and validate information across different platforms and sources, is likely to provide a degree of survivability in the cyber-environment that supports mission success, despite a corresponding impact on information assurance and reduced efficiency.

The concept of behavioural defense extends from the current state of the art employment of honeynets, largely used for intelligence collection. Behavioural defense, presented in Ormrod & Turnbull (2016), is designed to thwart accurate adversarial data collection from organisational networks, employs deceptive information such as false employee information, altered documentation and false intellectual property. An attacker who successfully compromises a network which has employed a behavioral defense will not know what information is accurate and what is incorrect. Even operational networks which are being actively used will carry false traffic and deceptive information. Knowledge as to which messages are false and which are correct will be shared offline, in a manner that cannot be determined from information readily available on the network. Behavioural defense requires integrated planning across the organisation to develop deception plans that will mislead and confuse an attacker when organisational networks have been compromised, whilst also ensuring that the correct information is available to users and false information is routinely ignored, based on offline information which cannot be deduced easily from organisational processes or user behavior.

Resilience, degeneracy and behavioural defence are critical to the consideration of cyber- effects, because they explain how they can be mitigated. Each of these approaches has a unique resource cost and particular strengths and weaknesses. These mitigation options address some of the causal interactions between domains and systems that should be considered as part of a broader model.

Cyberspace Weaponisation: Modelling Cyber-Effects and their Impacts on Mission Success, Human Factors and Kinetic Outcomes in the Tactical Land Combat Environment. Lieutenant Colonel David Ormrod.

2.4.4 Human Factors

Human factors refers to the human use of digital C2 systems for tactical combat decision making. Human factors in this context include SA, tactical decision making and trust in digital C2 devices. Tactics is also included within the scope of this analysis. Prior studies have identified combat processes such as manoeuvring a unit in combat, artillery fire, mobility, communications and mission assignment as human factors (Miller & Bonder 1982). These combat processes form part of the analysis within this thesis. Contemporary cyber-security research is dominated by tools that were developed with a “computational and technological perspective” (Mancuso et al. 2014, p. 415). However, the human factors resulting from adversarial combat mean that “…communications and information processing technology merely constitutes one part of the general environment in which command operates…” (Van Creveld 1985, p. 275).

Human factors are non-linear, stochastic, context dependent and often observed as meta- variables of human performance (Ingber & Sworder 1991). Human factors are a part of every combat decision-making level (Rafferty et al. 2012). Human factors are soft, in that they are not well understood or reflected explicitly in analysis. These soft factors include the qualitative fighting capacity, frictional processes (such as manoeuvre and C2) and decision processes fundamental to combat (Davis 1989). The five most cited human factors related to team effectiveness in battle include communication, cooperation, coordination, schemata and SA (Rafferty, Stanton, & Walker 2012). Human factors, as a term, has many other connotations outside of this thesis, including ergonomics and aviation safety. Human factors such as fatigue, morale and fear have not been considered. The exclusion of these factors is representative of other studies where human factors in the tactical land combat environment were applied selectively (Davis 1989; Miller & Bonder 1982). The exclusion of some factors was a design decision to reduce the scope of this research.

The Tactical Decision-Making Under Stress research program provided insights into the role of stress, task fixation and expectancy bias when interpreting data provided by digital systems in combat (Cannon-Bowers & Salas 1998). Enhanced understanding of the factors influencing combat and the risks inherent in contemporary operations offers greater resilience and C2 agility (Alberts 2010, 2014). However, little data is available to examine the relationships between the processing of information in context by human decision makers on C4ISR systems and the resulting tactical action in the land environment (Matthews & Collier 2000; Artelli &

Cyberspace Weaponisation: Modelling Cyber-Effects and their Impacts on Mission Success, Human Factors and Kinetic Outcomes in the Tactical Land Combat Environment. Lieutenant Colonel David Ormrod.

Deckro 2008; Dupuy 1987; Stenbit, Wells, & Alberts 2002). The C2 of military forces manages resources on the battlefield and coordinates the application of combat power. It is central to the conduct of battle, which is the reason that the military has a strong focus on leadership, authority and hierarchy (Moon, Carley, & Kim 2013). Ilachinski (2004) has advocated for a hierarchical command structure to meet this requirement.

Human factors can also influence the way information is passed around the battlefield. Generally, C2 nodes control the flow of information and the release of orders. Rather than perceiving the battlespace as a single chessboard with one overall commander, it is more accurate to consider combat as a series of dynamic mini-battles. Each mini-battle is influenced by local factors, which are networked together through a combination of kinetic action, manoeuvre, communication and leadership (Bathe et al. 1988). Mini-battles are influenced by commanders with different levels of SA, tacit knowledge, personality and combat experience. New models are needed which incorporate the full SOS effects of cyber-attacks on C4ISR systems (Cayirci & Ghergherehchi 2011; Musman et al. 2010). Understanding the views of users and decision makers that rely on systems in land combat operations is critical to the study of cyber-attacks on C4ISR systems.

Human behaviour representation (HBR) uses computer models to reproduce human behaviour and teamwork. HBR is needed to “…more accurately reflect the impact of human behaviour and the decision process of friendly and enemy leaders at multiple levels of command within real-time constraints… it will be necessary to consider information warfare as well. This implies a need for much greater emphasis on realistic modelling of the human element in battle because the human battle participants are the focus of information utilisation” (Mavor & Pew 1998, p. 12). The HBR approach advocated by Mavor & Pew (1998) contained four core areas for battlefield representation: physical movement, detection and identification, decision- making outcomes and communication processes. McCourt et al. (2012) considered HBR within tiered C2 architectures using agent-based simulation software called Agent-Based System for Network Enabled Capabilities (ABSNEC). This was used to examine the relationship between fratricide, stress, fear, SA and training (McCourt, Ng, & Mitchell 2012). Yun, Moon, & Lee (2015) studied C2 decision-making processes at the platoon and company levels, incorporating the hierarchy of the organisation into the decision-making process. The Integrative Combat Identification Entity Relationship (INCIDER) model represents an individual decision maker performing the combat identification process. Parameters describing human factors within the INCIDER model include the observer’s expectations (preconditions), personality, training,

Cyberspace Weaponisation: Modelling Cyber-Effects and their Impacts on Mission Success, Human Factors and Kinetic Outcomes in the Tactical Land Combat Environment. Lieutenant Colonel David Ormrod.

stress and fatigue. These are processed through a Bayesian method and a confidence level is determined, which is then fed into a decision engine that uses stochastic processes and decision thresholds. Personality is described using the Myers-Briggs system (Dean et al. 2006). The ABSNEC and INCIDER models and code are not available for analysis by the author.

Alberts & Hayes (2006) directly linked the quality of command, control, information and performance with mission effectiveness. Expert decision makers use memorised prototypical situations to act quickly based on classifications of known situations (Endsley 2003). Prototypical situations match patterns against known scenarios, allowing a course of action to be developed. Despite the potential ramifications of inaccurate or incomplete SA faced by commanders and personnel in combat, such approaches are necessary to make decisions with limited time and conflicting data (Endsley 1995). Mental models are generally shared within a cohesive military team. Understanding the current situation and the desired future outcome drives the information that a team utilises to create a plan (Hiniker 2008). These mental models provide the prototypical situations that decision makers use to respond to emerging threats and crises.

The NATO NEC C2 Maturity Model (Alberts, Huber, & Moffat 2010) contends that the optimal C2 arrangement is Edge C2, when coupled with an advanced network. However, this approach assumes that the information exchanged in the network is always high quality, and that the decision maker has the time and resources available to sift through the information and identify what they need. Following Exercise Global 2000, the observation was made that “a common operational picture does not in itself enable the parts of a force or staff to regulate themselves” (Watman 2001, p. 87). The relevance of these observations to cyber-effects in the tactical land combat environment is that the quality of the information available to a commander may be reduced by a cyber-attacker. The time constraints imposed at the tactical level reduces the capacity for the commander to confirm information sources. Dekker (2006) argued “that the human dimension of NCW is potentially more important than the technology dimension” (Dekker 2006, p. 2). The intersection between technology and human decision makers is where the impact of cyber-effects can be potentially managed, through the adaptive capacity of humans as interfaces with technology.

Ashby’s Law of Requisite Variety explains the success of the human interface between physical and virtual environments. “The larger the variety of actions available to a control system, the larger the variety of perturbations it is able to compensate” (Ashby 1956, p. 199).

Cyberspace Weaponisation: Modelling Cyber-Effects and their Impacts on Mission Success, Human Factors and Kinetic Outcomes in the Tactical Land Combat Environment. Lieutenant Colonel David Ormrod.

Humans are capable of a wide range of actions and can respond to circumstances that have not been encoded into a virtual system. In a similar fashion, physical systems can be manipulated by people and used in ways that were not originally intended. Systems are, therefore, stabilised by the requisite variety of the human decision maker, allowing them to operate in dynamic environments despite their relatively static nature. The human becomes the interface between the virtual and physical environments, using the flexibility of human cognition to interpret sensor and communication feeds and make decisions, which are fed back into cyberspace and the physical environment through kinetic action.

Personality has been considered in some military simulation models (Rouse & Boff 2005). The C2 style has been represented as aggressive or conservative in one simulation model (Posadas & Paulo 2003). In another model, personality was categorised as balanced, goal-orientated, aggressive, very aggressive, defensive or cowardly. These personalities influence the degree of attraction and repulsion between friendly and enemy forces, and the location of their allocated goal (Yang, Abbass, & Sarker 2005a). The justification for selecting these personalities was not provided. Cain and Belyavin provided a review of human behavioural representation in military M&S (Cain & Belyavin 2015). Cognitive architectures and profile-based approaches are options for modelling some aspects of human behaviour (Rouse & Boff 2005). The researcher should consider models such as the Reasoning, Planning and Goal Seeking Framework (Amstutz et al. 2012) the Belief-Desire-Intention model (Bratman 1987), Adversary Intent Inferencing (Santos & Zhao 2006) and Epstein’s Agent Zero model (Epstein 2014).

Despite the technical nature of cyber-effects, it is the end-state, not technical capabilities, which concerns tactical decision makers (Barber et al. 2015). Despite the existence of some detailed and advanced cyber-mission impact models, most are not accessible for study due to their closed proprietary development (Musman et al. 2010; Jajodia & Noel 2010; Musman & Agbolosu-Amison 2014; Llanso & Klatt 2014). Therefore, the underlying assumptions and treatment of human factors (such as trust) within many closed models are not known to those without privileged access to them. Cyber-attack impact is pertinent to human factors because of the human interface which interprets information feeds and makes decisions. Situational awareness is an important component of the interface between human and C4ISR devices. Automated systems create more cognitive distance between data sources and decision makers (Endsley & Garland 2000). Ultimately, understanding the enemy disposition and their intended actions remains a human endeavour, assisted by C4ISR systems (Perry & Signori 2001, p. 13).

Cyberspace Weaponisation: Modelling Cyber-Effects and their Impacts on Mission Success, Human Factors and Kinetic Outcomes in the Tactical Land Combat Environment. Lieutenant Colonel David Ormrod.

2.4.5 Cyber-Effect Impact Description

Cyber-effect impact assessment techniques are limited by a lack of standardisation across protocols, network and data structure representations, and mission modelling capabilities. The models that do exist are generally vendor-specific (Holsopple, Sudit, & Yang 2014). Attack graphs and Bayesian models form the basis of some impact assessment methods, which can be incorporated into mission trees and dependency graphs (Fenz 2011; Wu, Yin, & Guo 2012; Xie et al. 2010). Fenz & Ekelhart (2009) presented a security ontology using Bayesian threat probabilities which is available for review online, unlike many other tools. The security ontology supports an Automated Risk and Utility Management (ARUM) tool. Despite the strengths of this tool, it appears to be insufficiently robust to allow analysis of the tactical land combat environment. It has a specific focus on asset security and little consideration of the physical environment or the SOS impact of a compromised system.

The failure to link cyber-defence metrics to missions is evident in Sandoval & Hassell (2010). Their cyber-defence metrics do not explain effect as it relates to missions or business processes. The measurement of impact on missions and the development of business processes to analyse cyber-breaches has been considered by Choobineh et al. (2012). Their model was developed because “no process model exists that relates IT security to its potential impact on the entire mission” (Anderson et al. 2010, p. 4). Using Business Process Modelling Notation 2.0 (BPMN 2.0), the probability of an activity being impacted is determined by its dependence on a resource (Choobineh, Anderson, & Grimaila 2012, p. 3313). The models reviewed focus on direct links between resources and business processes. Data and resources that are not directly linked to a process could also be compromised and that relationship does not appear to be explored in the models identified by the author.

The Cyber-Security Research Roadmap (Maughan 2009) identified the composition of cyber- networks as a contemporary risk, lacking predictable confidence. Systems evolve to be relevant to changing environments and user requirements, but this evolution makes the system weaker from a security perspective and less trustworthy. “As a result, today the security of a system of systems may be drastically less than that of most of its components” (Maughan 2009, p. 2). Information security does not occur in a static environment, which creates opportunities for attackers. The implications of cyber-attacks on military systems has been discussed extensively (Arbuthnot 2013; Liff 2012; Carr 2010; Leed 2013). The loss of integrity can lead to deception,

Cyberspace Weaponisation: Modelling Cyber-Effects and their Impacts on Mission Success, Human Factors and Kinetic Outcomes in the Tactical Land Combat Environment. Lieutenant Colonel David Ormrod.

the loss of confidentiality can compromise battle plans, and the loss of availability can lead to DoS and compromised SA (Schramm & Gaver 2013). A cyber-attack by an adversary on the confidentiality of networked C2 systems could provide visibility of dispositions and plans (Nesteruk 2009). Despite these risks, many decision makers are unable to access quantitative data to make informed decisions to optimise system protection or support policy decisions for network defence.

Cyber-impacts are described in many government reports as qualitative outcomes (United States Department of Defense 2013; Amoroso 2012; Frankel 2000). In contrast, cyber-impact literature tends to focus on technical aspects without adequately describing the human aspects of the problem. Increased coupling of systems increases the dependence between systems (Wilson, 2007) and the likelihood of emergent and unintended consequences (Weber & Khademian 2008). The barriers to simulating cyber-impacts have been discussed by Cohen (1999). Cohen proposed variable granularity, using an iterative development process reinforced with validation activities, to compare simulated human factors and cyber-impacts with real- world results. However, Cohen’s model is difficult to reuse with specific network vulnerabilities or network defence strategies, requiring extension to model human factors in a military environment. The Cyber-Incident Mission Impact Assessment (CIMIA) process called for a paradigm shift in methods for mission impact assessment (Grimaila et al. 2009). It argues that decision makers have few means to assess the valuable information on cyber-networks that could aid them. However, CIMIA is not an openly-available solution.

The effect of cyber-operations on kinetic warfare has been considered by extending traditional Lanchester combat models (Yildiz 2014). The Yildiz model treats cyber-operations as epidemics or infections that reduce the targeting effectiveness of the victim (Yildiz 2014). Decision making and human factors are not considered. The fundamental issues with the Yildiz model are the assumption that combat aligns to a Lanchester war of attrition and that cyber- attacks influence the targeting process at the tactical level. Few land combat platforms require any digital systems to engage a target that is within the range of their weapon system.

The Cyber-ARGUS model considers the network and mission separately, before mapping services and nodes to form a mission network graph (Costa et al. 2014). The Cyber-ARGUS approach does not appear to incorporate any human factors. Related research into defensive cyber-damage and mission impact methodologies include Bernier, LeBlanc, & Morton (2012), Fortson (2007) and Argauer (2007). The impact of cyber-attacks on the decision-making process is discussed in Cayirci & Ghergherehchi (2011). Konstantinia & Andrew (2013)

Cyberspace Weaponisation: Modelling Cyber-Effects and their Impacts on Mission Success, Human Factors and Kinetic Outcomes in the Tactical Land Combat Environment. Lieutenant Colonel David Ormrod.

developed an impact assessment model that seeks to incorporate human factors in the consideration of IS risk. Human factors, whilst discussed, are not reflected in detail and are flagged for future work (Charitoudi & Blyth 2014). Bodeau et al. (2013) defined possible tactical effects of cyber-defender activities and described them with evidence of their actions. The Bodeau, Graubart, & Heinbockel (2013) model integrates existing models, such as the cyber-attack lifecycle, and the goals described in the 2006 version of JP3-13 (Department of Defense 2006). The CyMRisk model is an approach for computing mission risk due to cyber- attacks (Llanso & Klatt 2014). It substitutes likelihood with level of effort. In the SOS context, a high level of effort for an attack by a nation state may not align with a low risk likelihood. CyMRisk has a strong technical focus rather than analysing impact at the SOS level or considering human factors extensively. The cyber-impact models reviewed here provide scant detail on the relationships within and between domains. The relationships may exist, but they were unable to be accessed for this thesis.

The cyber-attack and defence process has been discussed by Kotenko (2010) via a discrete- event, multi-agent and packet-level simulation of network protocols. The use of a cyber-attack has been studied by other authors, such as Costantini (2007) and Grimaila & Badiru (2011). These models generally consider the intersystem effects of a successful cyber-attack within a narrow and technical scope. Kundur et al. (2011) modelled the impact of cyber-attacks using directed graphs and cause-effect relations to describe attacks on smart grids. Other studies in the electrical, oil and gas industries that have modelling cyber-attacks include Negrete-Pincetic et al. (2009), Vieira et al. (2014), Boyer (2011) and Amin (2011).

The Future Situation and Impact Awareness (FuSIA) system is designed to model the state of a network; to show hosts, routing and vulnerabilities (Holsopple & Yang 2008). The goal is a security and cyber-SA tool. The primary data model used by FuSIA is an ontology named ‘Virtual Terrain’. The information on Virtual Terrain is brief (Holsopple et al. 2015), but its primary purpose is to model entities, configuration information, vulnerabilities and events. There is, however, no indication of any temporal aspect in FuSIA or Virtual Terrain. Without access to the Virtual Terrain ontology, one cannot analyse how it performs against its original intentions nor can one adapt it to their own use-cases.

The Cyber-Assets to Missions and Users (CAMUS) model seeks to determine the criticality of cyber-assets to projects (D’Amico et al. 2010; Goodall et al. 2009). The main data model used for CAMUS is an ontological data store. CAMUS maps assets, projects, sub-tasks, and people with links. Whist CAMUS is a SA tool for the cyber-realm, the tool is not all-encompassing.

Cyberspace Weaponisation: Modelling Cyber-Effects and their Impacts on Mission Success, Human Factors and Kinetic Outcomes in the Tactical Land Combat Environment. Lieutenant Colonel David Ormrod.

The CAMUS ontology is designed to meet a specific goal and has limited extensibility. It was later expanded (Watters et al. 2009) to include concepts of confidentiality, sensitivity and mission implications if specific nodes (cyber-assets) are impacted (Musman & Agbolosu- Amison 2014; Buchanan et al. 2012). The use-cases for CAMUS are quite simplistic in nature and there are few available for adaptation to different purposes. The lack of public ontology and model development makes its reuse difficult.

The development of a cyber-effects simulation was considered in an undergraduate honours thesis in consultation with the author (O'Sullivan 2015). O'Sullivan (2015) provided linked ontologies and supporting use cases to investigate the potential impact arising from a cyber- attack on a military fire mission. The resulting Cyber-Simulation Terrain and Cyber-Effects Simulation Ontology model the assets and systems across a network. The final product is limited to a series of ontological products that reflect a single scenario and network. However, it provides insights into some aspects of the approach applied in this thesis (O'Sullivan 2015; Ormrod et al. 2015; O'Sullivan & Turnbull 2015).

A cyber-attack taxonomy proposed by Simmons et al. (2009) classifies an attack based on its attack vector, operational impact, defence, information impact and target. The impact focuses on the technological effect of the attack rather than the mission effect. The significant differentiator in the literature is the focus on either the technical or physical effects of a successful cyber-attack. Many taxonomies rely on technical assessments of effects. Such models have been expanded with the development of simulation systems that exclusively focus on cyber-attack and network security (Lee et al. 2005). Most simulations operate at a technical level. They indicate compromise and threat levels from a purely technological perspective, and have no method of inferring or analysing wider impacts (Kuhl et al. 2007). The requirement for a cyber-attack and cyber-defence simulation framework has been recognised. Contemporary efforts to develop models remain in their infancy and have specific uses, such as the cybersecurity of autonomous vehicle systems used by the military (Bergin 2015).

Synergistic degradation phenomena are explored in other environments. Space-induced degradation of the low Earth orbit environment has led to the development of experimental simulation methods that allow for multiple synergistic effects. These produce results that are not predicted by simpler models focusing only on a single type of effect (Allegri et al. 2007). The complexity of biological systems means that drug combinations can also have synergistic effects. Simulation and real-world testing is required to examine and understand potential outcomes (Lehar et al. 2009).

Cyberspace Weaponisation: Modelling Cyber-Effects and their Impacts on Mission Success, Human Factors and Kinetic Outcomes in the Tactical Land Combat Environment. Lieutenant Colonel David Ormrod.

2.4.6 Critical Analysis of the Cyber-Attack Impact Section

This section has summarised cyber-attack impact and mission impact models that have been published in the literature. The mitigation of effect through resilience and degeneracy was discussed. Human factors such as SA, tactics and trust in digital C2 devices were considered. This section contributes to the following SQs:

SQ1. What is the relationship between tactical land combat human factors and cyber-systems? Humans can manage a high degree of variety in comparison to contemporary technological systems. The complexity of the tactical land combat environment rewards human decision making, which can adjust to an uncertain and dynamic adversarial environment. Despite their advantages, human factors are insufficiently described and modelled in this environment. Refer to Section 2.4.4.

SQ3. What are the relationships between cyber-effects and tactical land combat mission success? Existing cyber-attack models describe some of the relationships between cyber- effects and mission success. However, mission impact models reveal that cyber-effects can be mitigated outside of the technical cyber-system. This observation implies that any cyber-effects model seeking to measure mission success must consider the SOS factors influencing cyber- effect impact. Refer to Section 2.4.2.

SQ4. How can the impact of cyber-effects on tactical land combat mission success be described and measured? The description and measurement of cyber-attack impacts on mission success are not described comprehensively and accessibly in the literature. Models that have been developed generally focus on availability attacks, and their underlying structures are not accessible to external researchers. Refer to Section 2.4.5.

SQ5. What broad mitigation strategies are available to reduce the mission impact of a cyber- effect? Resilience and degeneracy offer broad mitigation strategies and approaches relevant to the reduction of cyber-effects on mission success in tactical land combat environments. Mission assurance and behavioural defences can improve SOS resilience, although these incur time and resource costs to implement effectively. Refer to Section 2.4.3.

Cyberspace Weaponisation: Modelling Cyber-Effects and their Impacts on Mission Success, Human Factors and Kinetic Outcomes in the Tactical Land Combat Environment. Lieutenant Colonel David Ormrod.

2.5 Chapter Two Summary

This chapter provided an extensive critical analysis of the current state of research on the kinetic impacts of cyber-attack and the digitisation of land combat (Section 2.1). It also provided an overview of the cyber-related doctrine of several militaries (Section 2.2). Then, current research on the effects of cyber-attack on kinetics was reviewed (Section 2.3). Finally, literature on the relationship between cyber-attack, mission impacts, human factors and resilience was examined, and cyber-attack impacts were described.

This chapter made several contributions to answering the thesis’ research questions. Firstly, it proposed a novel framework that unified the distinct terminologies of five militaries into a common lexicon. This allows international communication based on a common understanding of key terms. This chapter also reviewed inconsistencies in military doctrine, methods of cyber- attack impact modelling, simulation of cyber and kinetic effects, measures of tactical land combat success and effectiveness, and the use of resilience to mitigate the effects of cyber- attack.

Existing cyber-attack models have been built with a narrow technological focus, as described in Sections 2.4.1 and 2.4.2. Tolk et al. (2012, p. 2353) advised a “…move from traditional positivism, as represented by Newtonian physics, towards modernity and post-modernity approaches”. The post-modern approach recognises that context and constructivism, with multiple world-views, is vital to understanding results. This is explained within the next chapter.

This chapter contributes to the following SQs:

SQ1. What are the relationships between tactical land combat human factors and cyber- systems? This chapter provided substantial evidence that combat models can include many factors, and that the balance between internal and external validity is part of the consideration process in determining viable factors (Section 2.2). The inclusion of human factors supports the understanding of cyber-effects at the tactical level by incorporating C2 and human decision processes. These add variability to the system which would not exist if it was purely technological. Humans can adjust to uncertainty in ways that technology, in its current form, cannot (Section 2.4.4). Despite their advantages, human factors related to digital C2 systems are insufficiently described and modelled in research on the tactical land combat environment.

Cyberspace Weaponisation: Modelling Cyber-Effects and their Impacts on Mission Success, Human Factors and Kinetic Outcomes in the Tactical Land Combat Environment. Lieutenant Colonel David Ormrod.

SQ2. What are the relationships between tactical land combat kinetic outcomes and cyber- systems? This chapter showed that cyber-attack models are generally inaccessible, which prevents replicable research. Their detailed underlying conceptual models have not been shared for reuse or analysis. Underlying assumptions are often not described or known except to those with privileged access (Sections 2.1.2 and 2.4.1). The relationship between kinetic outcomes, such as attrition and LER, to NCW and digital C2 systems has been established in literature and doctrine (Sections 2.4.2 and 2.4.5). However, the extent of this relationship and the capacity for cyber-effects to influence kinetic outcomes has not been established and remains unknown. To rectify this, this chapter proposed a new framework: the Cyber-Conceptual Framework (CCF). The CCF is based on a research gap identified in literature (Section 2.3). It uses a nested domains model, cyberspace construct and cyber-attack components to develop a comprehensive lexicon suited to the remainder of this thesis. Additionally, the CCF causal chain provides a useful conceptual baseline for the thesis.

SQ3. What are the relationships between cyber-effects and tactical land combat mission success? As discussed in Section 2.2, unclassified military doctrine, at both international and national levels, lacks a cohesive view of cyberspace, cyberwarfare and cyber-attacks, and how they are integrated into conventional combat operations. This knowledge gap is rectified with the proposed CCF (Section 2.3), which provides a comprehensive lexicon. Although doctrine claims that cyber-effects can influence mission success and combat outcomes, the extent of that relationship, and the precursors or conditions required to generate an impact, are not evident in the literature. The CCF describes the causal chain linking cyber-effects to mission outcomes, which provides a useful conceptual baseline for the remainder of the thesis. The common lexicon provides a small insight into this research question by facilitating cohesive discussion.

SQ4. How can the impact of cyber-effects on tactical land combat mission outcomes be described and measured? Tactical land combat measures and cyber-effect measures are not currently integrated or routinely applied consistently by researchers, outside of attrition metrics. Measures of tactical land combat outcomes are lacking. Section 2.1.3 has shown that although there are several fragmented efforts in this field, there is a strong need for further research.

The lack measures will be addressed in Chapter 4.5. The general impacts of cyber-effects, and their measurement across different levels of SOS, are described in the CCF. These have not

Cyberspace Weaponisation: Modelling Cyber-Effects and their Impacts on Mission Success, Human Factors and Kinetic Outcomes in the Tactical Land Combat Environment. Lieutenant Colonel David Ormrod.

been comprehensively or accessibly described in the literature. Existing models generally focus on availability attacks, and are inaccessible to independent researchers.

SQ5. What broad mitigation strategies are available to reduce the mission impact of a cyber- effect? Mission impact modelling incorporates the broader SOS implications of a cyber-effect and how that impact can be described and modelled. Resilience and degeneracy offer broad mitigation strategies and approaches towards reducing cyber-effect impacts on mission success in the tactical land combat environment. Mission assurance and behavioural defence provide opportunities to improve SOS resilience, although these incur time and resource costs to implement effectively. Section 2.4.3 reviewed the literature on mitigation strategies used in the tactical land combat environment.

This chapter has shown that although land combat is becoming increasingly digitised at all levels, there is a poor understanding of the potential for military systems to be cyber-attack targets, and the potential impacts of such attacks. Cybersecurity is an issue that encompasses many networks and systems, but as shown in this chapter, the kinetic impact of a cyber-attack is potentially very high. This chapter has highlighted the need for more work in this field.

Cyberspace Weaponisation: Modelling Cyber-Effects and their Impacts on Mission Success, Human Factors and Kinetic Outcomes in the Tactical Land Combat Environment. Lieutenant Colonel David Ormrod.

Chapter Three – Epistemology, Ontology and Methodology

Cyberspace Weaponisation: Modelling Cyber-Effects and their Impacts on Mission Success, Human Factors and Kinetic Outcomes in the Tactical Land Combat Environment. Lieutenant Colonel David Ormrod.

3. Chapter Three - Epistemology, Ontology and Methodology

3.0 Chapter Three Introduction

This chapter describes the research paradigm of this thesis; the epistemology, ontology and methodology upon which the research is based. Epistemology addresses ‘what it means to know’ and provides a philosophical basis for legitimate knowledge (Gray 2013, p. 19). Gruber defines ontology as “an explicit specification of a conceptualisation”, the study of what is, and the features and relationships between those things that are (Gruber 1993, p. 1). Methodology describes how research was conducted (Howell 2013). This thesis aligns its epistemology, ontology and methodology with a specific approach (Roots 2007, p. 19). “A point often made by metaphysicians is that most people unfamiliar with philosophy tend not to be consistent in the way they apply philosophical principles across their picture of a domain” (Partridge et al. 2013, p. 40).

As outlined in Chapter 1, this thesis seeks to answer the following research question:

How can cyber-effects in the tactical land combat environment be modelled and measured in terms of mission success, human factors and kinetic outcomes?

Given that the master research question is broad, the development of research sub-questions allows for a more comprehensive investigation. Answering the carefully selected research sub- questions will ultimately answer the master question. These five sub-questions are:

• SQ1. What are the relationships between tactical land combat human factors and cyber-systems? • SQ2. What are the relationships between tactical land combat kinetic outcomes and cyber-systems? • SQ3. What are the relationships between cyber-effects and tactical land combat mission success? • SQ4. How can the impact of cyber-effects on tactical land combat mission success be described and measured? • SQ5. What broad mitigation strategies are available to reduce the mission impact of a cyber-effect?

100

Cyberspace Weaponisation: Modelling Cyber-Effects and their Impacts on Mission Success, Human Factors and Kinetic Outcomes in the Tactical Land Combat Environment. Lieutenant Colonel David Ormrod.

There will be no single answer for each of these sub-questions, so much of this thesis will investigate portions of one or more of them. This chapter will also delineate the philosophical foundations of the thesis research paradigm and describe its influence on the outcomes.

The following peer-reviewed papers written by the author have contributed to this chapter:

Ormrod, D and Turnbull, B 2016. ‘Attrition Rates and Manoeuvre in Agent Based Simulation Model’s. Journal of Defence Modelling and Simulation [Peer-reviewed, published]. http://journals.sagepub.com/doi/pdf/10.1177/1548512917692693

3.1 Epistemology

The epistemology used in this thesis is based on social constructivism, where interaction between people creates knowledge (Bryman 2015). Throughout this research, the author interacted with others and developed models and frameworks based on the literature and theories most accepted by our socially-constructed society. Military doctrine is also subject to social influences and the accepted norms of a nation’s military forces at a given time. Therefore, the worldview of the author and other observers has influenced the research within this thesis and its interpretation (Partridge, Mitchell, & de Cesare 2013, p. 34). Social constructivism provides the epistemological basis for this thesis but it does not explain the relationship between objects and how they are constructed conceptually. This is provided by an ontology.

3.2 Ontology

Ontologies are a means of explicitly representing knowledge about a field through conceptual types, properties, relationships, processes and events. The term ‘ontology’ has multiple interpretations. Ontology, in the philosophical sense, is the investigation of ‘what is being?’ and the features common to all beings. Ontologies can either be conceptual, denoting a semantic structure, or theoretical, expressing knowledge (Giaretta & Guarino 1995). The degree of specification or ontological commitment provided by an ontology instance differs

101

Cyberspace Weaponisation: Modelling Cyber-Effects and their Impacts on Mission Success, Human Factors and Kinetic Outcomes in the Tactical Land Combat Environment. Lieutenant Colonel David Ormrod. depending on its purpose and the user community with whom it is shared (Giaretta & Guarino 1995). Hoffman & Rosenkrantz (2003, p. 46) provided an example of ontological categories, beginning with entity, which is further subdivided into concrete and abstract entities. These entities further subdivide into a variety of categories including place, time, event, property, relation and set.

The concept of concrete and abstract entities relates to an ontological specification problem introduced by Plato. Plato’s Sophist introduces the concept of the Gods and Giants, who differ in their interpretation of metaphysical reality. The Gods claim that all things are objects, including fanciful objects such as unicorns. The Giants, in contrast, equate reality only with those things that they are “able to squeeze in their hands” (Plato 360 BC., p. 62). These competing notions frame the degree of non-physical objects, states and events possible in an ontology. The ontological specification used by Quine excludes abstract objects such as propositions, possible entities and mental entities (such as minds) that are distinct from physical objects. Quine states that there is ‘no entity without identity’ (Quine 1969, p. 23). Physics is used to test truth statements, meaning that microphysical changes are required to determine a change in state (Quine & Van Orman Quine 1981, p. 98). From this viewpoint, mental states are only allowed as they relate to neurological changes that are physically observed. Donaldson extended this view through anomalous monism, which contends that mental events are physical events, because mental events are not governed by laws whilst physical events are (Davidson 1969). However, these views are countered by other perspectives, such as dualism. Dualism argues that the mind and body are different things, mental properties are distinct from physical ones, and that the self is a subject of thought and an agent of actions (Lowe 2010, p. 393). These different views can substantially influence the outcomes of an ontology and are a consideration for ontological development. Developing an ontology without these considerations leaves conceptual gaps in the creation of events, the change of states and the relationship of instances to thoughts, plans and SA. Social constructivism aligns to the ancient form of Stoic metaphysics (LeBar 2008, p. 193). Stoic metaphysics accepts two criteria of reality, depicted in Figure 4.

102

Cyberspace Weaponisation: Modelling Cyber-Effects and their Impacts on Mission Success, Human Factors and Kinetic Outcomes in the Tactical Land Combat Environment. Lieutenant Colonel David Ormrod.

Figure 4 - Stoic Meta-ontology (De Harven, 2012, p89)

All things are something. However, they can be existent or subsistent. The action/passion principle is the capacity to act, or be acted upon. This makes something existent. For example, a corporeal body is a solid three-dimensional extension with resistance, meaning that physical interaction is possible (De Harven 2012, p. 9). The existent has four components: (1) the substrate, a subject or body; (2) the qualified, which is the qualities and arrangements of the body; (3) the disposed, which is the time, place, action, size and colour describing the situation and attributes of the body; and (4) the relatively disposed, which is the relationship between the body and other phenomena (Hildebrand 2007). However, not everything that is something exists. Subsistent entities do not exist in a physical sense but they depend on corporeal bodies to exist. Subsistent objects can be incorporeal or neither corporeal nor incorporeal. The incorporeal are immaterial and yet physical. They incorporate time, place and void. Time is a temporal extension of change in the material world. Place can be defined by what is occupied and what can be occupied in a physical sense. ‘Lekton’ refers to sayings that may be true or false depending on the context of their utterance or writing. Lekton are incorporeal because they are rational impressions that refer to a physical object, physical context or physical event (Baltzly 2014).

Figments are thoughts that are real, in an objective sense, even though they do not exist. Figments possess objective reality through “token thoughts, texts and illustrations that are all themselves products of thought” (De Harven 2012, p. 90). Limits are shapes that exist in thought, as concepts. Whilst not everything that is something exists, not everything counts as something. A proper subject of thought must be objective and equally available to multiple thinkers (De Harven 2011, p. 7). Something includes the things that people talk about, even if they do not exist, providing they are available as a shared, common thought. To be something

103

Cyberspace Weaponisation: Modelling Cyber-Effects and their Impacts on Mission Success, Human Factors and Kinetic Outcomes in the Tactical Land Combat Environment. Lieutenant Colonel David Ormrod. requires an extra-mental reality, objectively available for discussion, with attributes that are inter-subjectively available and shared by a common objective consciousness.

The Stoic meta-ontology provides the basis for the ontological specification used within this thesis. This thesis subscribes to sortal essentialism, but not to the ‘no-coincidence premise’. Sortal essentialism proposes a property which differentiates what an object is. Without that property, the object cannot exist (Burke 1994, pp. 129-31). The no-coincidence premise argues that two objects cannot coincide (Burke 2004, p. 243). Emergent dualism is the term given to the view that the self and its mental properties “depend ontologically upon the existence of bodies and their exemplifications of physical properties, but not in a way that implies the former are identical or irreducible to the latter. Furthermore, this kind of ontological dependency need not exclude the causal powers of selves, as agents of actions and subjects of perception, are also neither identical with nor reducible to the causal powers of bodies or bodily systems of any kind” (Lavazza & Robinson 2014, pp. 393-4). The author believes that a living human being can be distinguished by its ability to think—a non-physical attribute—and that a computer can be distinguished by its ability to process data—also a non-physical attribute. Both acts arise from physical processes and they can be monitored through physical changes in state, but they obtain meaning in a virtual, subsistent realm that exists courtesy of the physical, existent domain. The ontology within this thesis therefore incorporates both physical and non-physical objects, events and states.

Kim’s constituent theory of events means that “one must distinguish between the constituent property of an event, which is had by its subject (or subjects), from properties which the event itself has… [Kim] prefers there to be many events at one place and time and to claim that the proliferation is relatively harmless” (Simons 2005, p. 375). Mereological extensionality views events in a part-whole relationship. Events are identical if, and only if, their parts coincide. In the same way that Simons (2005, p. 378) discussed the possibilities of describing an orchestral performance as a single Kimian event, with the orchestra as a subject and a complex property, the alternative would be to consider each note played by an instrument as a Kimian event and treat the large event as a mereological fusion of the smaller events. From the perspective of cause and effect, both views are relevant. Each note contributes to the performance and each performance may be slightly different if the notes are played differently. From this perspective, events are distinct, countable entities that can be identified based on different properties.

104

Cyberspace Weaponisation: Modelling Cyber-Effects and their Impacts on Mission Success, Human Factors and Kinetic Outcomes in the Tactical Land Combat Environment. Lieutenant Colonel David Ormrod.

Events and causal connections are central to the development of measures of effect across domain and system boundaries. Bennet argues that “Events are not basic items in the universe; they should not be included in any fundamental ontology… all the truths about them are entailed by and explained or made true by truths that do not involve the event concept” (Bennett 1988, p. 12). Davidson discusses events and their identity as individuals in the context of causation. He explains “directness of causal connection may also play a role… the longer it takes for the effect to be registered… the less justification there is for calling the action alone the cause” (Davidson 1969, p. 305). Davidson’s identity of events is based on causal relations. “Events are identical if and only if they have exactly the same causes and effects… Events have a unique position in the framework of causal relations between events in somewhat the way objects have a unique position in the spatial framework of objects” (Davidson 1969, p. 306). Kim proposes an alternate view. The Kimian approach equates events to facts. “The causes and effects of actions and events exhibiting the causal features under discussion are attributable to the events in the causal relation that constitute such an act or event” (Kim 1976, p. 323). Kim’s stronger interpretation implicates all causes and effects with an act, whilst the weaker interpretation implicates all causes and effects with an act, or of an act.

Quine did not believe that an event could exist without identity. In this light, Davidson has classified actions as a subclass of events. However, others view actions as components of agent causality rather than event causality. Goldman (1971, p. 761) attempted to extend upon Kim’s event theory through by-relations, establishing causal relations between events. Where Davidson would hold these events as identical based on their causal links, Goldman and Kim treat them separately. However, this has been criticised by the apparently endless chain of causality and the focus on explanation rather than ontology (Simons 2005, p. 382). According to Simon, the distinction between actions and other events is based on a terminal goal (Simons 2005, p. 380). In some cases, events and actions lead to a change in state. Davidsonian states are verbs such as sit and stand. Kimian states are copular constructions and predicates such as know and own (Maienborn 2008). Kimian states allow events to occur by abstraction, meaning that they can be mental or lack a spatial location (Moltmann 2015). Not all researchers have agreed on how Davidsonian and Kimian states are divided or the potential for other state types to exist (Fábregas & Marín 2012). Maienborn’s states are static and lack a spatial dimension, making them more abstract than entities. Maienborn’s arguments have been contested, based on a post-Davidsonianism view, which extends the work of Davidson (Ramchand 2005). The use of abstract states and events aligns to the Stoic meta-ontology described earlier. The

105

Cyberspace Weaponisation: Modelling Cyber-Effects and their Impacts on Mission Success, Human Factors and Kinetic Outcomes in the Tactical Land Combat Environment. Lieutenant Colonel David Ormrod.

Maienborn/Kimian interpretation of events and states is therefore used throughout this thesis. States are important when considering processes, where actions and state changes can be grouped based on specific terminal goals, events and objects. Event analysis of verbs is used in semantic systems, to recognise concepts and infer across domains and categories (Reckman & Cremers 2006). This thesis subscribes to mereological extensionality with the additional stipulation that the Stoic view of time is representative of changes in state, which are tied to, but not necessarily encapsulated within, a physical object. Davidson placed events in a spatio- temporal context, meaning that they occupy a particular space and time (Maienborn 2011). Nominalists reject abstract entities and reject senses, numbers and universals (Margolis & Laurence 2007, p. 579). However, the idea that mental representations shape our beliefs, desires and intent is a default position across much of cognitive science (Margolis & Laurence 2007, p. 562). Frege argues that mental representations are too subjective whilst senses occur outside of the mind (Margolis & Laurence 2007, p. 563).

The ontology provides a conceptual framework for the remainder of this thesis.

3.3 Methodology

Methodology is the way research is conducted. This thesis utilises a mixed-methods methodology. Mixed methods utilise both qualitative and quantitative research methods to optimise the breadth and depth of the research outcomes (Johnson et al. 2007). Quantitative methods collect and interpret numerical information, whilst qualitative methods collect and interpret narrative information (Teddlie & Tashakkori 2009). Qualitative research has been described as an interpretive approach grounded in a constructivist world view in comparison to the positivist and objective focus of quantitative research (Bryman 2015). Combining these two approaches allows both methods to be applied in a single study. Creswell & Plano Clark (2011) advocated for mixed-methods research when the combination of qualitative and quantitative data can give better results than a singular approach. In the military environment, such an approach is referred to as an experimentation (or analytical) campaign.

3.3.1 Experimentation Campaigns (Mixed Methods)

Experimentation campaigns consist of a series of related experiments that explore and progressively develop knowledge about a problem or identified area. Experimentation campaigns have also been referred to as analytical campaigns. Different approaches are

106

Cyberspace Weaponisation: Modelling Cyber-Effects and their Impacts on Mission Success, Human Factors and Kinetic Outcomes in the Tactical Land Combat Environment. Lieutenant Colonel David Ormrod.

combined across the experiments to test and develop understanding in a progressive manner. The conceptual model underlying the experimentation campaign includes the careful selection of scenarios, variables, systems, couplings and behaviours to be studied (Stenbit, Wells, & Alberts 2002). “The importance of anchoring a campaign of experimentation with a conceptual model cannot be over-emphasized because a conceptual model provides suggestions as to where to look, what to look for, and how to measure or characterise what is observed” (Alberts & Hayes 2005, p. 44). Different types of experiments can be employed, including discovery experiments (which generate hypotheses), hypothesis-testing experiments and demonstration experiments (Kass 2006). This thesis is a discovery experiment, which seeks to generate data on unknown and previously unexplored concepts. Experiments must be capable of reproduction, meaning that the conceptual model should be exposed for analysis. Without this detail, the results cannot be analysed and are not replicable (Tolk, Heath, et al. 2013). Experimentation campaigns have been related to the conduct of analytical campaigns (Bowden & Williams 2013). This thesis employs data, theory, methodological and environmental triangulation techniques.

3.3.2 Research Methodologies in this Thesis

Three research methodologies have been applied within this thesis: primarily Design Science Research (DSR), and also grounded theory and Q methodology. The author has used a combination of factors from across literature to develop the Battlespace Integrated Cyber- Kinetic Effects (BICKE) research method. The BICKE research method combines DSR methodology with the experimentation campaign approach. Grounded theory and Q methodology are utilised for gathering specific data sets from semi-structured interviews with combat decision makers. These research methodologies are described in further detail below. Grounded theory and Q methodology are embedded within DSR, as it is applied within the BICKE research method.

3.3.2.1 Information Systems Design Science Research

Simon (1996) observes that “everyone designs who devises courses of action aimed at changing existing situations into preferred ones” (Simon 1996, p. 130). The most widely accepted approach is that of Hevner et al. (2004), who contends that “the design-science paradigm seeks to extend the boundaries of human and organisational capabilities by creating new and innovative artefacts” (Hevner et al. 2004, p. 75). Design science problems involve the

107

Design science is the study of an artefact based on two activities; the design of the artefact and the study of the artefact in context (Wieringa 2014). Wieringa (2014) presented a framework that situates design science within a social and knowledge context. Hevner (2007) argued that three cycles must be present and clearly distinguishable within DSR. These cycles are relevance, rigor and design. The relevance cycle describes the context of the research, addressing both the requirements and acceptance criteria. The rigor cycle integrates past knowledge and literature into the research. Finally, the design cycle assesses alternatives until an artefact is created that meets the defined requirements (Hevner 2007).

The contribution of the research paradigm to solving practical problems and the knowledge of the scientific community is the key differentiation between normal design and DSR (Goldkuhl 2012, p. 48). For others, DSR provides general solutions, produces new knowledge and resolves a ‘type’ of problems rather than solving a single case or problem. The differentiation between routine design and design science is thereby determined through the generalisable nature of the research (Alturki et al. 2012). The research contribution is also critical to differentiate between professional design and DSR through “…the clear identification of a contribution to the archival knowledge base of foundations and methodologies and the communication of the contribution to the stakeholder communities” (Hevner & Chatterjee 2010a).

3.3.2.2 Grounded Theory

Grounded theory is a “systematic, inductive and comparative approach for conducting inquiry for the purpose of constructing theory” (Bryant 2013, p. xxxiv). The focus of grounded theory is the inductive generation of novel theories from data instead of testing pre-developed theory (Gibbs 2002). The research methodology employed within this thesis has sought to capture the subjective thoughts and opinions of C4ISR system users. The data, collected through interviews, explores the phenomenological ‘lived experience’ and perception of Army personnel as C4ISR system users.

The data corpus consists of all the data collected throughout the research project. Datasets exist throughout the data corpus. Data extracts are particular parts or chunks of data from within an interview or data item (Braun & Clarke 2006). Thematic analysis is used to code, or break down, datasets to reconceptualise the data through the abstraction of concepts and their

108

Cyberspace Weaponisation: Modelling Cyber-Effects and their Impacts on Mission Success, Human Factors and Kinetic Outcomes in the Tactical Land Combat Environment. Lieutenant Colonel David Ormrod.

categorisation (Flick 2014, p. 307). Charmaz advocates coding line by line. “Codes emerge as you scrutinise your data and define meanings within it. Through this active coding, you interact with your data again and again and ask many different questions…” (Charmaz 2006, p. 46). Themes capture data relating to the research question, identifying patterns of meaning within the dataset (Braun & Clarke 2006).

Sampling within grounded theory ceases when saturation occurs. “Once the researcher is convinced that they understand what they can see, can identify it in many forms, and it appears culturally consistent, then the category may be considered saturated and sampling may cease” (Bryant 2013, pp. 212-3). Grounded theory does not apply a statistical value to saturation. Cresswell (1998, p. 64) indicated that 20 to 30 interviews are sufficient to obtain saturation. However, the formalities of gaining permission to conduct workplace interviews and ethical approval in the military workplace overrode the author’s ability to cease interviews when saturation occurred. The ethical process required a commitment to a certain number of interviews, based on the number of volunteers, before they took place. The author undertook all 52 scheduled interviews and sought to discern whether saturation had occurred as part of the analysis process. The author contends that saturation did occur, within the restrictions of the interview questions and topics. The participant responses were broad but consistent, and although a diversity of opinions and perspectives were collected, there was a strong series of themes across the interviews.

The goal of grounded theory analysis is to create a “…theory of the phenomena that is grounded in the data” (Braun & Clarke 2006, p. 8). The author undertook semi-structured interviews and used questions developed from literature, pre-approved by the ADHREC. Subsequent analysis was undertaken using an inductive approach, without seeking to fit data into a pre-determined coding frame or preconceptions. The data is structured based on the direction and focus of the interview and its questions, but the purpose of the research is exploratory and therefore the codes are developed from the data. Ultimately, the research led to theory development. Constructivist grounded theory accepts data as subjective from the point of view of the participants and that the interviewer unconsciously shapes data collection based on an inherent bias (Williamson 2013).

The perceptions and interaction between the interviewer, interview participants and the resulting data all influence the outcome (Charmaz 2014). The author subscribes to the argument that the researcher has an active role in the identification and reporting of themes (Braun & Clarke 2006). There are a variety of threats to the quality of data analysis (Gibbs 2002). The

109

Cyberspace Weaponisation: Modelling Cyber-Effects and their Impacts on Mission Success, Human Factors and Kinetic Outcomes in the Tactical Land Combat Environment. Lieutenant Colonel David Ormrod.

author has sought to prevent each of the threats from being realised. Transcription was undertaken by the author for ethical reasons and to prevent a third party influencing the results. The argument that the transcription represents a reconstruction of the interview instead of being a direct copy is recognised, particularly since interviews are contrived conversations (Cianchi 2015). However, the transcriptions provided a word-for-word artefact suited for analysis. Context was retained through handwritten notes about the interview, made by the author. Keyword searches were not utilised, as the terminology differed between participants due to the different roles, ranks and locations of the interviews. Positive and negative cases were treated equally, as the author did not seek to produce a ‘correct’ answer or ‘prove’ a hypothesis. Rather, the author sought to determine what themes exist within the data, and then use those themes to produce theory.

The participation of the author throughout the data collection process means that both the conduct and analysis of the interviews was unconsciously influenced by the author. The author is an Army Officer with twenty years’ experience in the Australian Defence Force. The collection of data was supported by the author’s training and experience, because he was embedded in the environment in a way that extends beyond linguistics and supports analysis of tacit knowledge (Johnston et al. 2005). The author’s background created the inherent bias of viewing the problem through the lens of his own personal and professional experience. The coding approach adopted by the author sought to compensate for this issue. This included an independent thematic analysis by the author’s academic supervisor, who does not serve in the military, to ensure the coding and themes selected by the author were appropriate and correct. Where the academic supervisor did not agree on a theme or coding result following their independent analysis, they came to a mutual agreement and modified their individual result until a single, agreed thematic analysis was achieved. Interview codification was conducted in Qualitative Research Solutions (QSR, a reversed acronym) International Non-numerical Unstructured Data, Indexing, Searching, and Theorizing VIVO (NVIVO) version 11 for Windows (QSR International 2015). The advantages of using NVIVO for coding were the transparency provided to the thesis supervisor when reviewing data, and the emerging themes for consistency and removal of bias (Bringer et al. 2004).

Tactical scenarios are demonstrated in John F. Schmitt (2003) and Carter & Ross (1989). Standardised scenarios were sought by the author in accordance with the advice provided by the NATO Code of Best Practice for C2 Assessment (Stenbit, Wells, & Alberts 2002). However, a general lack of scenarios suited to the problem, available for public release and

110

Cyberspace Weaponisation: Modelling Cyber-Effects and their Impacts on Mission Success, Human Factors and Kinetic Outcomes in the Tactical Land Combat Environment. Lieutenant Colonel David Ormrod. aligned to the context led to the development of scenarios specifically for this thesis. Scenarios were developed by the author to be ambiguous and create uncertainty about the threat, without any right or wrong outcome at the end (Hutchins & Kowalski 1993). There are three critical areas of knowledge when making combat decisions; own forces, the enemy and terrain (Holmes 2012). The use of images and a brief description of the scenario supported the author to convey the aspects of the scenario to the participants.

111

Cyberspace Weaponisation: Modelling Cyber-Effects and their Impacts on Mission Success, Human Factors and Kinetic Outcomes in the Tactical Land Combat Environment. Lieutenant Colonel David Ormrod.

3.3.2.3 Q Methodology

Q methodology studies human subjectivity through the identification of viewpoints (Brown 1980). The Q sample is a series of statements that reflect the opinions and beliefs of the various known perspectives about an issue. The Q sample is also known as the Q set. The Q sample was generated by the author through the analysis of the concourse—a series of domain- relevant, self-referent statements used in the context of the topic undergoing research (Brown 1980). Statements reflecting the various opinions of land combat decision makers were generated based on an extensive literature review and the conduct of six initial interviews. These six interviews (whose participants did not engage in the conduct of the subsequent study), and the literature, revealed differing opinions and perspectives between individuals. The author applied Fisher's variance equation and multi-causal design principles to create topics and classify statements (Stephenson 1993). Five topics were identified; requirements, risks, capability, performance and benefits. A central component of the analysis was a comparison of the processes utilised in traditional analogue land combat and the newer, emerging digital processes experienced as C4ISR systems become more prevalent.

The personal perspectives of research participants are communicated and self-referenced, meaning that they do not necessarily reflect objective reality or particular scientific truths. Instead, the opinions, beliefs and experiences of specific individuals are captured (McKeown & Thomas 2013). Q methodology allows the study participants to share their own views on a topic before the author seeks to analyse and explain the various viewpoints reflected in the data (Watts & Stenner 2012).

Q methodology differs from traditional surveys and other quantitative toolsets in its execution and analysis (Brown & Good 2010). There have been a variety of criticisms of the use of Q methodology in research (Kampen & Tamás 2014). The greatest is the haphazard way it is applied in some studies (Tamás & Kampen 2015). However, this thesis subscribes to the counter-arguments presented by Brown et al. (2015), who argue that Q methodology embraces the subjective nature of opinion, rather than seeking empirical fact. There is no correct answer in this construct, nor is there a ‘sample’ representative of the overall population as would be applied in standard statistical methods. Rather, Q methodology obtains data that relates to the people who undertake the card sort, and it creates viewpoints that align with those participants. The card sort is a particular Q methodology approach that creates a series of cards for participants to sort according to their opinion on the contents of the cards. Q methodology does not make claims about the proportion of people holding a viewpoint across a broader

112

Cyberspace Weaponisation: Modelling Cyber-Effects and their Impacts on Mission Success, Human Factors and Kinetic Outcomes in the Tactical Land Combat Environment. Lieutenant Colonel David Ormrod.

population (Brown, Danielson, & van Exel 2015). This approach aligns to the social constructivist epistemology of this thesis. The author has sought to ensure the lessons learnt from the examples cited by Kampen & Tamás (2014) are applied and the research is thorough and accurate.

The use of Q methodology to identify factors and then associate themes with those factors has the disadvantage of removing a large proportion of the interview population from consideration. A number of interviews that were not associated with factors was evident from the high levels of significance and low levels of correlation between the factors which the author selected as baselines. Poorly-defined significance and correlation levels have led to questionable Q methodology analyses in the literature.

However, the ability to generate clearly differentiated factors with associated themes leads to a significant advantage. The author can create agent personalities which correspond to the broad themes identified for each factor. Personality refers to differences in patterns of thinking, feeling and behaving between individuals (Weiner & Kazdin 2000). Personality in the context of this thesis refers to individual differences across cognitive characteristics, specifically analysing the way that different people with different lived military experiences perceive digital C2 systems, trust in technological devices, process information from different types of networks and respond to different tactical scenarios.

3.3.3 The BICKE Method

Acknowledging that this research is of an exploratory nature and that further research into the BICKE phenomena is necessary, the author developed a method for experimentation specifically designed to address the research question. How can cyber-effects in the tactical land combat environment be modelled and measured in terms of mission success, human factors and kinetic outcomes? The BICKE method is a semantically rigorous, mixed methods, iterative design research approach. The BICKE method described in this chapter is a contribution to knowledge and forms the basis of both the structure and approach of this thesis. Figure 5 illustrates the process of the BICKE method. It is cyclic, which represents the iterative development and learning process that are fundamental to the overall experimental methodology. This thesis undertakes one cycle of the BICKE method, from Stage One (environmental elicitation) to Stage Six (data analysis). The resulting simulation artefact seeks to refine and improve the environmental understanding of the organisation through its development and analysis of the results. These are then ready for another cycle, which

113

Cyberspace Weaponisation: Modelling Cyber-Effects and their Impacts on Mission Success, Human Factors and Kinetic Outcomes in the Tactical Land Combat Environment. Lieutenant Colonel David Ormrod. represents future work. The BICKE method extends on other existing theoretical models, which are described in this chapter.

Figure 5 - BICKE Method Process Overview

3.3.3.1 The Environmental Elicitation Stage

The first stage of the BICKE method is environmental elicitation. The aim of the environmental elicitation stage is to develop a detailed understanding of the field as it pertains to the aim and research question. Environmental elicitation consists of both intrinsic and extrinsic knowledge acquisition. Environmental elicitation develops artefacts that represent the array of different organisations, assets and resources, concepts and domains relevant to the problem.

Intrinsic Knowledge Acquisition

Intrinsic knowledge acquisition involves the development of artefacts of knowledge from human sources. It seeks to engage with the people who utilise digital command and control systems in the tactical land combat environment and elicit their opinions and lived experience.

114

Cyberspace Weaponisation: Modelling Cyber-Effects and their Impacts on Mission Success, Human Factors and Kinetic Outcomes in the Tactical Land Combat Environment. Lieutenant Colonel David Ormrod.

Extrinsic Knowledge Acquisition

Extrinsic knowledge acquisition collects information from the environment pertaining to the problem space and transforms these into artefacts suitable for analysis. Use cases are developed to identify the key actors, processes, events and outcomes. Epics and user stories are developed to describe the desired outcomes of each user (Cohn 2004).

3.3.3.2 The Semantic Model Stage

The second stage of the BICKE method is semantic model development. The semantic model is a robust ontology written with a semantic language. There are a variety of ontologies in use and under development to deal with military combat, SA and cyberspace. The following section reviews some semantic model (ontology) instances and how they have been constructed.

The development of a model in a defined format allows for independent analysis, community input and for the author to define and highlight their original intent. “Capturing the assertions using ontological means allows (us) to reason over them” (Tolk, Bair, et al. 2013, p. 150). One consideration, especially relevant when considering the cyber-physical, is the federation between different domains. Information may originate from multiple fields, and the integration of these is not a simple task. There are areas where one or more discourses overlap. The integration of discourses can be handled within the ontology.

The span of ontologies relevant to this thesis extends from computer games and the objects represented within them (Hochhalter et al. 2005), the presentation of battlefield data in decision support systems with geospatial information (Chmielewski 2009), to entity SA in a military context for route finding and manoeuvre (Nagle et al. 2008). The use of ontologies to deal with military SA has been proposed previously, including the requirement for objects, goals, attributes, properties and events which occur in relation to time (Matheus et al. 2003). The military SA ontology results in a simple combat scenario. However, there is little evidence that the ontology considered the depiction of the different mental states and SA between entity instances, or how these are represented in an ontology which is built based on a single ‘ground truth’. For example, the situation class uses the abstract concept of a goal. Mental states and perception do not appear at all (Matheus, Kokar, & Baclawski 2003). The military SA ontology does not seek to integrate physical, mental and virtual states.

Baumgartner & Retschitzegger (2006) have reviewed SA upper ontology concepts; object, attribute, relation, event and situation. Space and time, thematic roles, situation types and situation objects are also described. These concepts allow relationships and causation to be

115

Cyberspace Weaponisation: Modelling Cyber-Effects and their Impacts on Mission Success, Human Factors and Kinetic Outcomes in the Tactical Land Combat Environment. Lieutenant Colonel David Ormrod.

described between objects. However, the SA upper ontology does not allow for mental states, nor does it accept non-physical objects that exist outside of space and time, except for situations. The ontology seeks to apply a post-Davidsonian approach, whilst using Kimian causation and states. The authors do not explain how the accepted models of SA, such as Endsley (1995), which rely heavily on mental states and mental models, can be incorporated into such a restricted ontological philosophy. Kokar et al. (2009) presented the situation theory ontology, which is heavily based on the original premise of Barwise & Perry (1980) and was subsequently expanded by Devlin (2006).

Situation theory is utilised within some SA ontologies. The original situation theory dealt with meaning as it pertains to natural language. The relationship between objects are situations, including events (situations in time), change (sequences of situations) and facts (situations and language). Ontological objects in this model include individuals, relations, spatial locations, temporal locations, situations, types and parameters. Entities then have a scheme of individuation, which corresponds the ontological objects with cognition (Devlin 2006). Constraints link to situation types and provide cognitive relationships between agents and corresponding situations. In the Stoic sense, situations are figments and constraints are limits.

Situation theory seeks to reduce the cognitive process to a series of relationships and properties. Laskey & da Costa (2012) provided an overview on how uncertainty in a combat environment can be described using Bayesian inference and logic. However, cognitive processes require anticipation of an adversary’s actions, or an agent may seek to deceive another. These complex cognitive processes involve a degree of thought that extends beyond the current model of situation theory, because it involves an agent predicting the thought processes of other agents and the creation of shared SA in command teams. These are not necessarily objects that situation theory and first-order logic can describe. An alternative ontological construct has entities forming multiple mental models or viewpoints for reasoning, including their own decision problem and one or more of their opponents (Pelosse 2011). Truth-values can be assigned by an agent to the future mental states of other agents, their ‘determined truth’, as part of a reasoning process to determine the optimal course of action. The decision maker determines the truth of a proposition from their own viewpoint and rationality, utilising introspection and self-belief (Pelosse 2011). The differentiation between belief, feelings and mental states, and how those concepts are characterised, remains in question according to some theorists (Hacker 2004).

116

Cyberspace Weaponisation: Modelling Cyber-Effects and their Impacts on Mission Success, Human Factors and Kinetic Outcomes in the Tactical Land Combat Environment. Lieutenant Colonel David Ormrod.

Ontologies integrated with Multi-Entity Bayesian Networks (MEBN) seek to provide predictive SA through collections of graphical model fragments (MFrags) and logic. MFrag classes describe probabilistic relationships and create instances of Bayesian network fragments. An MTheory is a collection of consistent MFrags. For example, a vehicle identification MTheory could include MFrags such as speed, vehicle object, weather and region (Park et al. 2013b). This approach has even been used to model the fictional threat of a Klingon Bird of Prey to the Starship Enterprise in the TV series Star Trek (Laskey & da Costa 2012; Costa 2005). The maritime environment was also used in the development of Probabilistic OWL. Probabilistic OWL is an ontology which combines OWL and MEBN (Laskey et al. 2011). The use of an ontology for the representation of data pertaining to land combat SA and terrain analysis was considered in Nagle et al. (2008). Matheus, Kokar, & Baclawski (2003) presented an ontology for military SA, using event notices to manage discrete time intervals and certainty values to represent the degree of uncertainty related to the values of an attribute. Probabilistic OntoloGies for Net-centric Operation Systems (PROGNOS) is a system that seeks to provide situational analysis, predictive analysis and fusion of information through ontologies and Bayesian reasoning (Carvalho et al. 2010; Costa et al. 2010).

The Unified Battlespace Ontology Model consists of the Joint C3 Information Exchange Data Model (JC3IEDM) and a C2 decision model (Chmielewski 2008, 2009). However, there is no open-source evidence of this except for the detail provided in Pierzchała et al. (2012). The Multilateral Interoperability Programme features an ontology which is not publicly available. However, the JC3IEDM Metamodel specification consists of entities, locations, attributes, relationships and domains (Multilateral Interoperability Programme 2016). This closed model was not available for further analysis. Centre of gravity analysis and determination may also be possible with ontologies (Bowman et al. 2001). Time and uncertainty create challenges in ontological design (Matheus 2005). However, time and uncertainty are central concepts in a tactical land combat ontology that incorporates cyber-effects and the potential for deception. The lack of a sufficiently robust existing ontology, which aligns with the Stoic meta-ontology, has led the author to determine that a new ontology design is required. Considerations for developing an ontology include its language, business processes, instances, use cases, visualisation, queries and reasoners.

117

Cyberspace Weaponisation: Modelling Cyber-Effects and their Impacts on Mission Success, Human Factors and Kinetic Outcomes in the Tactical Land Combat Environment. Lieutenant Colonel David Ormrod.

Ontology Language

The extensible markup langauge (XML) is suitable for ontology development. For example, structured XML format has been used in OrgSim, a tool for teaching organisational dynamics (Chandrasekaran et al. 2002; Rouse & Boff 2005). The advantages of this approach are twofold; strong community support and programming language support. However, XML is not a solution in its own right. The primary purpose of XML is serialisation— to store and transmit information, rather than organise it (Decker et al. 2000). By contrast, the resource description framework (RDF), RDF schema (RDFS) (Klyne & Carroll 2006) and web ontology language (OWL, a reversed acronym) (Antoniou & Van Harmelen 2009) are programming languages designed for informational content. They have known standards for expressing concepts (Antoniou & Van Harmelen 2009), are mature (Allemang & Hendler 2011), and are implemented in multiple tools compatible with multiple programming languages (Broekstra et al. 2002). The RDF/RDFS code can be represented in multiple forms including, but not limited to, XML (Cambridge University 2016). The RDF/RDFS and OWL codes also provide inference and reasoning abilities (Wang et al. 2004). It is for these reasons that RDF/RDFS and OWL are suitable for building a conceptual model suited to simulation. OWL reasoners parse and operate over RDF/RDFS.

Domains The different domain models within military doctrine were described in Chapter 2.2. The semantic model within this thesis will contain clearly described domains and the linkages between them.

Business Process Development (BPD)

Business processes are not generally included within semantic models. The integration of the BPMN specification into an ontology has been described (Rospocher et al. 2014). However, this description has not been provided in sufficient detail for use in this thesis. Therefore, the BPMN-ontology specification has been implemented in a limited form within the ontology created by the author for this thesis. BPMN have been created as instances, whilst a business process file contains the semantic model for creating each of those instances. The documentation of business processes using BPMN 2.0 in the military context and for assessing cyber-breaches has been considered in the literature for development of a decision support system (Choobineh, Anderson, & Grimaila 2012). However, there is limited evidence that this was developed beyond some initial papers. BPMN 2.0 is a documented standard (von Rosing

118

Cyberspace Weaponisation: Modelling Cyber-Effects and their Impacts on Mission Success, Human Factors and Kinetic Outcomes in the Tactical Land Combat Environment. Lieutenant Colonel David Ormrod.

et al. 2013). BPMN has been used in at least one NCW mission model (Jain & Pridemore 2008) as well as the ‘SugarScape’ ABM (Onggo 2012).

Instance Development The development of instances is an important component of ontology development, although it is not evident in Veerasamy et al. (2012), van Heerden et al. (2012), or Kaderka (2010). Instances mean that the various classes and properties within the Ontology act as object constructors. These are used in use cases to test the ontology, as well as build the future capability to create simulation objects at runtime.

Use Case Development Use cases within the ontology allow the conduct of tests to confirm the links between domains. Planned future development includes use case scenario generation, which will link the ontology to the simulation and generate simulation scenarios for experimentation.

Queries and Reasoners The problems related to ontology-based queries have been discussed as they relate to the Semantic Web Rule language (SWRL) (Matheus 2005). Reasoners can have problems with aspects of the OWL language (Laskey et al. 2011). However, reasoners offer strong advantages and opportunities for SA and information fusion models (Kokar, Matheus, & Baclawski 2009). There are a variety of reasoners in use, including Protégé, StarDog, AllegroGraph and Perl. Different reasoners offer advantages in some areas and languages in comparison to others (Baumgartner et al. 2010).

3.3.3.3 The Requirements Stage

The purpose of the requirements stage is to define the requirements for the experimental and simulation tools needed to solve the research question. Specifically, this stage seeks to transform the preceding components and artefacts into requirements. The outputs of this stage are required for tool analysis and selection. This stage’s outputs are the requirements specification and the selection of experimental factors.

119

Cyberspace Weaponisation: Modelling Cyber-Effects and their Impacts on Mission Success, Human Factors and Kinetic Outcomes in the Tactical Land Combat Environment. Lieutenant Colonel David Ormrod.

Requirements Specification

The requirements stage of the BICKE method identifies the critical requirements for the experimental model to support the selection of a tool for the conduct of the experiment.

3.3.3.4 Tool Analysis Stage

The tool analysis stage determines the appropriate simulation tool to use. The simulation may be an existing tool or a new one. The tool analysis stage selects a tool or makes the decision to create a new tool.

Quantitative Comparison of Tools Comprehensive assessment of military forces and combat skill is a difficult and unsolved proposition. Representative samples of combat engagements describe a limited number of variables and conditions in the battle space. For example, the number of troops in combat on each side, and their attrition, are common quantitative metrics for combat engagement analysis. Databases allow analysis of historical battles for study; however, the data requires extensive qualitative assessment to differentiate the various factors influencing combat outcomes. Simulation is one means of reducing the number of influencing factors and providing a controlled environment to test assumptions and hypotheses. Many militaries use simulation models to prepare forces for deployment. They can increase tactical decision-making skills by developing shared mental models of potential scenarios that are practiced, using feedback from simulations (Fletcher 1999). However, these simulations often rely on combat and engagement models that have various assumptions and rule sets that are not explicitly described. Proprietary systems present challenges to understanding the detailed adjudication of combat results because of their closed nature. Proprietary models are not replicable, and their underlying models are unavailable for analysis. The selection of a tool should be reinforced by quantitative measures obtained through small experiments. Tools developed for a different purpose can generate results that are inappropriate or inaccurate. If a tool cannot be accessed internally to understand its design, and underlying models and assumptions, a comparative experiment using several tools may be able to reveal these differences. Triangulation between stochastic and deterministic outputs may also demonstrate different views on the problem space and the measurements applied to their respective domains.

120

Cyberspace Weaponisation: Modelling Cyber-Effects and their Impacts on Mission Success, Human Factors and Kinetic Outcomes in the Tactical Land Combat Environment. Lieutenant Colonel David Ormrod.

Qualitative Comparison of Tools Qualitative comparisons of ABMs have been conducted previously and used to inform the considerations developed within this thesis (Horne & Seichter 2014). A qualitative assessment comparing available tools to determine their respective utility should incorporate the following considerations:

• Modelling Tool Availability

Access to the modelling tool will determine if it can be used. A number of tools in the literature are not available for open-source experimentation and are not replicable.

• Ability to Model C2 / Communications / Networking

The consideration of C2 and how it is represented in a simulation is crucial to the assessment of cyber-attack impacts. For example, a unit which relies on strict control and is heavily influenced by the orders issued by its commander through a strong, autocratic, hierarchical command structure, is likely to be heavily affected by a DoS attack which cuts communications. Conversely, a unit which employs mission command and is less likely to receive explicit orders for every decision will be less affected by a DoS attack, as the junior commanders have been trained and are practiced in acting without orders. Trust in systems, and perception of the integrity and confidentiality of data, are also considerations (Chan 2014).

• Human Factor Simulations

Human factors are a component of the simulation and its underlying models. Personality factors reinforce the uncertainty of command, control, individual will and combat on a battlefield. These individual traits influence the response of agents to changing situations.

• Replicable Results

The results from a simulation should be replicable by another person, using the same variables. Simulation tools are often non-replicable due to their closed nature. This issue has been addressed by Park (2004) and addressed outside of the peer-reviewed environment by Marmick (2015). Buckheit and Donoho contended that “an article about computational science in a scientific publication is not the scholarship itself, it is merely advertising of the scholarship. The actual scholarship is the complete software development environment and the complete set of instructions…” (Buckheit & Donoho 1995, p. 5). Dalle (2012) identified that few simulation papers allow for reproduction, leading to issues of credibility within simulation as a modelling practice. The fact that so many papers have been published without readily

121

Cyberspace Weaponisation: Modelling Cyber-Effects and their Impacts on Mission Success, Human Factors and Kinetic Outcomes in the Tactical Land Combat Environment. Lieutenant Colonel David Ormrod.

accessible code or a means of clearly replicating the experiments hampers research that seeks to advance the state-of-the-art. Finally, traceability should be established, allowing the dependencies of results and publications to be addressed when a bug is discovered in simulation software (Dalle 2012).

• Physical Environment Mapping and Capability

The physical environment is important for modelling kinetic effects, because they occur in the physical environment. For example, limitations on the size of the terrain in a model could influence results by preventing appropriate levels of manoeuvre. Agent models that represent kinetic weapon effects on a unit’s flank or rear differently to that of their frontal armour may allow more flexibility in assessing the effects of tactics, where a flanking action would inflict greater damage. Sensor and detection ranges and angles can also influence simulation results. A group of agents that is attacked from the rear may never react if the agents have limited sensor angles and are all facing the same direction because they are not allowed to respond to nearby engagements. Weapon ranges are also a consideration.

Representations of suppression and mobility are just as important in combat models as are the attrition and destruction of enemy forces. Land combat forces plan and train using the terms Observation and fields of fire, Avenues of approach, Key and decisive terrain, Obstacles, and Cover and concealment (OAKOC). The OAKOC approach is used to analyse effects of the environment and terrain on manoeuvre (Department of Defense 2008). Line of sight, weapon ranges, approaches to objectives and the identification of key points in the terrain should all be represented in the physical combat environment to reflect how military decision makers plan and conduct combat operations.

• Data Farming Ability

The number of experimental simulation runs used requires careful consideration. Some simulations require a minimum number of runs to achieve statistical significance (Lauren & Stephen (2002b). The traditional approach of using hundreds of simulation runs to generate statistically valid results has evolved with the development of ‘big data’ and data mining. Data mining has subsequently been extended to data farming. Data farming involves the growth of data from models, as farmers cultivate crops. Whilst big data advocates a focus on correlation, data farming applies the big data approach whilst retaining control of the experiment (Sanchez 2014). The generation of large volumes of data directly from a model allows for causal analysis to be conducted on simulated results. Causal analysis leads to increased understanding within

122

Cyberspace Weaponisation: Modelling Cyber-Effects and their Impacts on Mission Success, Human Factors and Kinetic Outcomes in the Tactical Land Combat Environment. Lieutenant Colonel David Ormrod.

the restrictions of the model used. The model can then be compared to the real-world and causal links investigated. Latin hypercube sampling is a data farming technique that can handle a large number of factors (experimental parameters), has relatively low data requirements, and prevents the confounding of the parameters (Sanchez 2007). Guidance on the number of runs and variables required for Latin hypercubes is available through the Naval Postgraduate School (Hernandez et al. 2012; MacCalman 2013). Data farming is suited to the BICKE method because it is a question-based iterative process (Horne & Seichter 2014).

• Simulation Model Metrics

The output from a simulation model is represented through metrics. Metrics allow the comparison of simulation results. Metrics should extend beyond casualty numbers and include relative force effectiveness, breakpoints and mission success.

• Source Code Availability

The code used by the tool, and its accessibility to researchers, can limit the accessibility of the underlying model and its extensibility. The availability of code is critical to replicability and peer review (Zeigler & Sarjoughian 2013).

• Accreditation

Accreditation confirms that a model is sufficiently representative of the real world. Model accreditation is limited to specific circumstances such as a defined environmental setting or experimental factors. The accreditation of simulations and models for US DOD use is managed under VV&A. It generally occurs in the support of procurement or decision-making activities within the DOD (Department of Defense 2009a).

• Data Collection Capability

The data collection capability refers to the access the user has, the data repository, and the potential outputs of the simulation. Causal analysis is dependent on an understanding of the links between datasets. Where data cannot be easily accessed or reviewed, opportunity for causal analysis is reduced.

123

Cyberspace Weaponisation: Modelling Cyber-Effects and their Impacts on Mission Success, Human Factors and Kinetic Outcomes in the Tactical Land Combat Environment. Lieutenant Colonel David Ormrod.

3.3.3.5 The Simulation and Experimental Design Stage

The purpose of the simulation and experimental design stage is to design the simulation, design the experiment and design the conduct of the experiment.

Design of the simulation The simulation design considers the philosophy, designs, limitations and advantages of the simulation.

Selection of Experimental Parameters

Experimental parameters are referred to as factors in the data farming literature. This thesis refers to factors as experimental parameters, to reduce confusion with Q methodology factors. Experimental parameters are values that may be qualitative or quantitative (Horne & Seichter 2014). The combination of experimental parameters distinguishes an experimental scenario, where the change in one of those parameters leads to a change in the underlying conditions differentiating between experiments. Experimental parameters are used to change the conditions underlying simulation runs. For example, two experiments may be the same but the number of combatants could be changed, or the terrain modified. Each of these changes would represent a change in the experimental parameters. The number of experimental parameters selected informs the tools and approaches for research. The sensitivity of parameters can also influence the experimental results. Although tuning factors are often required within simulation models, they must be explicitly defined and tested to determine their impact on the model (Washburn & Kress 2009). Values need to be bounded. However, aberrations in system behaviour could be insights into potential real-life effects, inadequately-tuned parameters, or an error in the underlying representation of relationships within the simulation model. Measurement error must be considered throughout the design of parameters (Viswanathan 2005).

Design of the Experiment The design of the experiment considers the philosophy, designs, limitations and advantages of the experiment.

Conduct of the experiment and raw simulation outputs

The conduct of the experiment and raw simulation outputs provide the data required for analysis.

124

Cyberspace Weaponisation: Modelling Cyber-Effects and their Impacts on Mission Success, Human Factors and Kinetic Outcomes in the Tactical Land Combat Environment. Lieutenant Colonel David Ormrod.

3.3.3.6 The Data Analysis and Experiment Refactoring Stage

Data analysis and experiment refactoring analyse the raw outputs of the simulation. Analysed results support refinement and remodelling of the experiment design, creating new requirements for the next iteration of the BICKE method. However, a second iteration of the BICKE method will not be made, so refactoring will not occur.

Data Analysis The interpreted data analysis section transforms the raw data into a series of results that are contextualised and considered in light of the research question. The simulation is a theory, which means that the results do not translate directly to the real world. Therefore, data analysis uses the simulation results to infer practical real-world implications.

Refactoring

Experiment refactoring revisits the simulation’s assumptions in light of the data collected, and provides an opportunity to modify the artefacts developed. Refactoring feeds back into the BICKE method, informing future iterations and experiments. Potential changes are based on analyses of the data against research aims, and may include changes to the experimental metrics and measures, alterations to the semantic model, re-evaluation of the simulation tool requirements, or changes to experimental design. Refactoring will not be performed; however, future work will be identified that could use further iterations of the BICKE method.

3.4 Chapter Three Summary

This chapter presented constructivism and Stoic meta-ontology as central components of the philosophical and epistemological basis of this thesis. The BICKE method guides the construction of a solution to the master research question: How can cyber-effects in the tactical land combat environment be modelled and measured in terms of mission success, human factors and kinetic outcomes?

This chapter contributes to answering the research questions by establishing a robust and systematic research method, supported by a considered and integrated epistemology, meta- ontology and methodology. The epistemology used is social constructivism. The Stoic meta- ontology accepts two criteria of reality: existent or subsistent. The epistemology and meta- ontology are important for establishing a coherent worldview that allows for the development of relationships across domains in the problem space. The different domains require an

125

Cyberspace Weaponisation: Modelling Cyber-Effects and their Impacts on Mission Success, Human Factors and Kinetic Outcomes in the Tactical Land Combat Environment. Lieutenant Colonel David Ormrod. experimentation (analytical) campaign that supports the triangulation of data and methods. The thesis’ methodology employs mixed methods. Three research methodologies are utilised and integrated: DSR is the primary one, while qualitative data is collected through grounded theory and Q methodology. The BICKE method is a contribution to knowledge which combines leading practices of the ontological, experimental and simulation domains. The first step of the BICKE method—environmental elicitation—begins in the next chapter.

126

Cyberspace Weaponisation: Modelling Cyber-Effects and their Impacts on Mission Success, Human Factors and Kinetic Outcomes in the Tactical Land Combat Environment. Lieutenant Colonel David Ormrod.

Chapter Four – Environmental Elicitation

127

Cyberspace Weaponisation: Modelling Cyber-Effects and their Impacts on Mission Success, Human Factors and Kinetic Outcomes in the Tactical Land Combat Environment. Lieutenant Colonel David Ormrod.

4. Chapter Four - Environmental Elicitation

4.0 Chapter Four Introduction

This chapter provides a detailed account of the intrinsic and extrinsic knowledge acquisition processes and resulting artefacts. The environmental elicitation stage within BICKE is highlighted in Figure 6. The purpose of this chapter is to collect and analyse data pertaining to the problem space and the tactical land combat environment. This chapter informs the semantic model creation, the development of requirements, and the selection or creation of a tool later on in the BICKE process.

Environmental elicitation develops artefacts that represent the array of different organisations, assets and resources, concepts and domains within the problem space. The principle aim of environmental elicitation is to develop a comprehensive understanding of the environment represented within the experiment. Environmental elicitation is an iterative process that occurs through engagement with people in the problem space environment, such as Subject Matter Experts (SMEs), as well as policy and doctrine.

Figure 6 - Environmental elicitation stage of the BICKE process

128

Cyberspace Weaponisation: Modelling Cyber-Effects and their Impacts on Mission Success, Human Factors and Kinetic Outcomes in the Tactical Land Combat Environment. Lieutenant Colonel David Ormrod.

4.1 Interviews - Intrinsic Knowledge Acquisition

Intrinsic knowledge acquisition collects data from SMEs and uses this data to develop a model for further analysis. The present study collected intrinsic knowledge through interviews with serving ADF Army tactical combat decision makers.

4.1.1 Interview Conduct

Interviews were conducted at three Australian locations with Army personnel from three organisations. Each location was represented by one organisation. However, these organisations included of a variety of skill sets, ranks and experience levels. The diversity of participants depended on the volunteer respondents. Interviews were conducted in vacant rooms provided by each hosting organisation. The interview durations ranged from 26 minutes to 1 hour and 18 minutes. Information likely to lead to the identification of a respondent was removed and comments were sanitised by the author to ensure they did not breach security classification rules. Anonymity was assured throughout the interview, data collection and analysis processes in accordance with ADHREC requirements. Interviews were coded using NVIVO 11, which was explained in Section 3.3.2.

Interviews consisted of four parts. Part One consisted of an ethics brief and the collection of broad demographic data. Part Two was a series of questions developed from literature. The third part analysed responses to a card set utilising Q methodology, which allowed participants to be grouped depending on their subjective assessments. The card set is a series of statements that participants sort and rank based on their opinions. The first six interviews were used to develop the card set. Therefore, the first six participants did not participate in the card sort and of the 52 interviews, 46 were presented with Part Three of the interview. The card set was analysed utilising Q methodology, as described later. The fourth part of the interview involved the consideration of four military combat scenarios.

4.1.2 Demographic Data about Participants

Actively-serving military officers, non-commissioned officers and soldiers from a variety of units were interviewed at three locations. Ethics required participants to be volunteers. Identifying details, such as rank, age and unit were not recorded, for anonymity. Participants were asked to provide their opinions on the requirements, risks, capability, performance and

129

Cyberspace Weaponisation: Modelling Cyber-Effects and their Impacts on Mission Success, Human Factors and Kinetic Outcomes in the Tactical Land Combat Environment. Lieutenant Colonel David Ormrod.

benefits of C4ISR systems. These opinions reflected their training, experiences and beliefs as military professionals.

Theoretical sampling was used to allow categories and themes to emerge from the data, noting that there were two critical constraints. The first constraint was the ethical restrictions impacting upon the sample. The author sought to obtain a broad cross-section of serving Army personnel by requesting a mix of experience and Corps backgrounds from multiple unit locations around Australia. The actual sample was determined by the units elected to participate and the volunteers from those units. The second constraint was the focused questioning and topics generated prior to the interview. Although the approach applied was grounded theory, it is not accurate to say the themes ‘emerge’ naturally from the interviews. That claim must be tempered with the acknowledgement that semi-structured interviews are driven by the questions and the interaction between the interviewer and participant. The questions asked, and the words used to construct them, shaped the responses. Given the interviewer was of a higher rank than the participants, it is possible that some responded with what they thought was the ‘right’ answer (in the interviewer’s mind) rather than their true opinion. To address this issue, every participant was explicitly told that:

• the interview was anonymous; • the questions did not have a correct answer; and • the questions were not a test.

Participants were simply asked to be honest. All participants were informed they could end the interview at any time. The responses provided by the participants were generally balanced, and often included a mix of support and criticism about digital C2 system use in the Australian Army. Thematic saturation resulting from qualitative data was achieved as discussed in Section 3.3.2.

Interviews began with a brief about the purpose of the interview, the role of the participant and the ADHREC ethical process. Participants were asked to complete a form giving ethical consent to the interviews, in accordance with ADHREC requirements. Another form collected demographic data. This supported the sorting of data, the identification of trends across social groups, and decisions on theoretical saturation (Guest et al. 2011).

A total of 52 volunteers participated in interviews. All 52 participants were thematically analysed. Of these, 46 volunteers participated in the Q methodology component of this study. The other 6 volunteers provided data for the development of the Q methodology themes and

130

Cyberspace Weaponisation: Modelling Cyber-Effects and their Impacts on Mission Success, Human Factors and Kinetic Outcomes in the Tactical Land Combat Environment. Lieutenant Colonel David Ormrod. statements. Participants were volunteers and were currently-serving Army personnel. The Q methodology process was one part of a four-part interview process with interview participants. The participants consisted of sub-groups, as depicted in Table 1. The broad distribution provided an opportunity to capture different perspectives and ensure theoretical saturation.

Participant Category Number of Participants

Rank Captain-Lieutenant (CAPT-LT) 14

Warrant Officer Class One – Sergeant (WO1-SGT) 15

Corporal-Private (CPL-PTE) 17

Corps Arms Corps (ARMS) 26 Categorisation Combat Support Corps (CSP) 15

Combat Service Support Corps (CSS) 5

Time in 0-4 Years (0-4YRS) 2 Service 5-9 Years (5-9YRS) 22

10 Years and up (10YRSUP) 22

Operational Yes (Y) 40 Experience No (N) 6

Nature of Full-time/Regular (FT) 45 Employment Part-time/Reservist (PT) 1

Table 1 - Volunteer Participant Categorisation

The rank category consisted of three groups, CAPT-LT, WO1-SGT and CPL-PTE.

• The CAPT-LT group consisted of the ranks Captain and Lieutenant (junior officers). These were well-trained junior officers who were leaders with varying degrees of experience. Some participants in the CAPT-LT group had less than 4 years of service.

131

Cyberspace Weaponisation: Modelling Cyber-Effects and their Impacts on Mission Success, Human Factors and Kinetic Outcomes in the Tactical Land Combat Environment. Lieutenant Colonel David Ormrod.

However, each had received extensive training and, as commissioned officers, they are often responsible for making combat decisions on operations which affect the lives of the personnel in their units. • WO1-SGT are experienced senior non-commissioned officers who are specialists in specific areas of combat, leaders of CPL-PTEs, and advisors to the CAPT-LT group. WO1-SGT included the ranks Warrant Officer Class One, Warrant Officer Class Two and Sergeant. The WO1-SGT personnel were generally the longest serving soldiers to be interviewed. • The CPL-PTE category are trained soldiers who are more junior in terms of time and experience than the WO1-SGT category. The CPL-PTE category consists of the ranks Corporal, Lance Corporal and Private.

The specific use of C2 devices depends on the nature of the device (such as a laptop or handheld device), the network it connects to, the equipment it is installed inside of (such as a tank or truck) and the type of unit using the device (such as dismounted infantry or artillery). In some cases, such as in a vehicle, CPL-PTE soldiers may operate a C2 device, either independently or whilst receiving direction from CAPT-LT or WO1-SGT soldiers. In other circumstances, such as in a higher-level command post, the CAPT-LT or WO1-SGT may operate a C2 device either independently or whilst receiving direction from a more senior officer.

The corps categorisation refers to three broad groups within the Army:

1. The ARMS Corps category consists of personnel specifically trained to engage an adversary in combat, using a variety of equipment and weapon systems. 2. The CSP Corps category refers to several corps groups who provide specialist support to the ARMS Corps, such as Engineers or Signallers. 3. The CSS Corps category provides the support and services necessary to sustain a military force logistically. These three corps categories operate in concert as a combined arms team in combat, but each has a specific set of skills, uses specialised equipment, and is trained in different ways (Department of Defense 2001b).

Operational experience is likely to increase the confidence and capacity of combat decision makers to rapidly determine a viable course of action in a combat situation or scenario (Reilly 1997). The high number of participants with operational experience is thought to have contributed to the successful collection of viable data. The heavy weighting towards

132

Cyberspace Weaponisation: Modelling Cyber-Effects and their Impacts on Mission Success, Human Factors and Kinetic Outcomes in the Tactical Land Combat Environment. Lieutenant Colonel David Ormrod.

operationally-experienced participants is considered an advantage, given that the scope of the problem relates to military operations.

4.1.3 Part One - Semi-Structured Interview Questions

Semi-structured interviews allow for a degree of flexibility, depending on the experience and perspectives of the interviewee. Face-to-face discussion and exploration of open questions relating to themes was intended to provide a rich dataset reflecting the broad experience and views of interview participants (Teddie & Tasjakkari 2009, p. 230). Semi-structured interviews were used extensively in the collection of human factors data (Stanton & Walker 2013).

Questions were asked based on broad themes identified in the literature that were pertinent to the research question. The questions are depicted in Table 2.

Theme Interview Questions

Experience What experience do you have in the use of digital command and control – Training systems? and What is your experience in terms of the performance of command and Operations control systems?

How would you rate your aptitude with computers?

Benefits and What benefits do you think command and control systems offer over Risk traditional radio and map?

Have you experienced those benefits?

What risks do you think command and control and digital systems carry?

Trust and Which do you trust more – a digital command and control system or map Certainty and radio?

What would you prefer to use – a digital command and control system or map and radio?

How certain are you in the information displayed on command and control systems? Why?

133

Cyberspace Weaponisation: Modelling Cyber-Effects and their Impacts on Mission Success, Human Factors and Kinetic Outcomes in the Tactical Land Combat Environment. Lieutenant Colonel David Ormrod.

Theme Interview Questions

How certain are you in a piece of information transmitted by radio?

Deception Have you ever employed deception as part of a tactical activity?

What do you believe to be important considerations when developing a deception plan?

How would you utilise Electronic Warefare capability against an OPFOR C4ISR system such as a Blue Force Tracker?

What would you think if your Blue Force Tracking system had been compromised and the enemy had the ability to both monitor it and manipulate data? They also continue to attempt to disrupt radio transmissions.

Table 2 - Interview Questions for Thematic Analysis

4.1.4 Part Two - Card Sort

The sorting of a card set by interview participants, which ranks statements written on cards, was conducted as part of the interview in accordance with Q methodology. The card set (Q sample) reflected the diversity of opinion about a topic. In this study, 22 statements were employed across 46 interview participants. Statements were printed on large cards which were all the same size, shape and colour. Their order was randomised before each interview and their ID numbers were concealed to avoid influencing the participants. Each statement was prefixed with the same comment ‘I think digital command and control systems…’. The interpretation of the card statements was left to the participant. The author discussed the order of the cards and the meaning imbued by the participant upon each statement as part of the post-sort interview, described in Stage Three. An example of the card sort is included below in Table 3.

Card Statement – “I think digital command and control systems…”

Require extensive training in order for me to use them

Need to provide me with trustworthy information

134

Cyberspace Weaponisation: Modelling Cyber-Effects and their Impacts on Mission Success, Human Factors and Kinetic Outcomes in the Tactical Land Combat Environment. Lieutenant Colonel David Ormrod.

Card Statement – “I think digital command and control systems…”

Need to provide me with timely information

Are superior to maps and analogue radio

Require constant use to maintain my skills

Are easy for me to use and require little training

Allow data to be incorrectly modified by a user

Are used to their full effect in my unit

Would be able to survive a cyber attack, by a technologically advanced adversary

Are best suited for use in the unit command post

Are best suited for use on the move (in a vehicle, on foot)

Provide me with faster information than a map and analogue radio

Are less trustworthy when used by multi-national forces

Could be manipulated to deceive my situational awareness

Prevent me from being involved in fratricide (Blue on Blue) incidents

Overload me with large amounts of information

Lead me to depend on technology

Support me to make quick decisions in time critical situations

Help me to visualise the battlefield

Assist me to manage multiple information sources simultaneously

Are rarely used for information exchange and are just used to track friendly callsigns

135

Cyberspace Weaponisation: Modelling Cyber-Effects and their Impacts on Mission Success, Human Factors and Kinetic Outcomes in the Tactical Land Combat Environment. Lieutenant Colonel David Ormrod.

Card Statement – “I think digital command and control systems…”

Provide me with trustworthy information

Table 3 - Q Sample Statements for the Card Sort

The decision to employ 22, rather than the 50 or 60 cards described in literature, was based on three factors: (1) the time available during interviews for participants to sort the cards; (2) the focus on employing Q methodology as part of a broader approach, giving it a secondary and supporting role (the Q methodology formed just one part of the interview for each participant); and (3) the requirement to justify the size of the Q sample to an ethical committee, in addition to a series of interview questions and scenarios. The 22 statements provided good coverage of the domain. The small size of the Q sample was considered during factor analysis, to ensure it did not distort the validity of the statistical analysis or research observations. On every occasion, participants were offered the opportunity to discuss any other statements they felt should be incorporated or discussed in the Q sample. On no occasion was an alternative statement offered or an issue raised which was not included in the Q sample.

Small Q samples produce higher correlation scores and eigenvalues. Equally, large Q samples are liable to create uncertainty and confusion amongst some participants as the scale of the task becomes bigger than they expected. The participants of this study seemed comfortable sorting the 22 statements. The Q sample was smaller than many traditionally employed by Q methodology researchers. A Q sample often consists of 40-60 statements. The Q sample sizes discussed in Watts & Stenner (2012) were too large for practical use with soldiers, particularly when an application was required to obtain ethics clearance and justify the time for interviews within a military workplace. Brown used a Q sort of 33 statements in the Lipset example (Brown 1980) and whilst discussing the number and the content of the statements used for Q methodology, concluded that “…whatever an investigator may define a statement to mean theoretically in no way necessarily enters into the subject’s understanding… In Q methodology, the meaning and significance of items is determined by the subject, so that the observer acquires knowledge of their meaning a posteriori, i.e., after the subject has sorted them” (Brown 1980, p. 191). The author adopted this spirit of enquiry, capturing an inclusive but succinct concourse, with extensive post-sort interviews utilised to ensure all the issues and opinions expressed by participants were captured. This was then used to elucidate issues for

136

Cyberspace Weaponisation: Modelling Cyber-Effects and their Impacts on Mission Success, Human Factors and Kinetic Outcomes in the Tactical Land Combat Environment. Lieutenant Colonel David Ormrod.

discussion in subsequent semi-structured interviews and scenarios with each participant. To confirm that the Q sort was representative of the concourse (the breadth of opinions on the issue) six pilot interviews were conducted to identify key themes and statements. These were then developed into the Q sort.

Common terms used within the statements that all participants understood from their military training included command post, command on the move, and fratricide. The command post refers to a static focal point of communication and command infrastructure, usually in a tent, dugout or building, which provides commanders with the ability to direct and influence their forces in combat. Command on the move, in contrast, refers to command of a manoeuvre element, either from vehicles, potentially whilst moving and engaging targets, or on foot, when the unit must carry the communication device as well as ancillary equipment, batteries, weapons, ammunition and mission-specific equipment. Often, the command post and command on the move are employed at the same time across a unit by different layers of the command chain, depending on the organisational structure, environment, threat and mission. Fratricide refers to the accidental damage or destruction of other friendly elements, usually due to confusion in identification and mistakes in targeting.

4.1.5 Part Three - Tactical Scenarios

Part Three of the interview process involved the presentation of four scenarios to each participant. The scenarios were developed from the literature, and reflected the use of scenario- based training within the military to develop tactical awareness (Carter & Ross 1989). Scenarios generate discussion, relate models to the real world and answer questions (Horne & Seichter 2014). The scenarios described typical problems faced by commissioned and non- commissioned officers of the Army. The responses to the scenarios were subject to thematic analysis that was both theory driven and inductive. BLUFOR refers to the Blue Force (friendly) and OPFOR refers to the Red Opposing Force (enemy/adversary). The BLUFOR is represented with blue icons and the OPFOR with red icons.

4.1.5.1 Tactical Scenarios Presented to Participants The scenarios below are intended to examine the interpretation of C4ISR displays, the consideration by combat tactical decision makers of the information presented to them and the potential for information deception to affect combat outcomes.

137

Cyberspace Weaponisation: Modelling Cyber-Effects and their Impacts on Mission Success, Human Factors and Kinetic Outcomes in the Tactical Land Combat Environment. Lieutenant Colonel David Ormrod.

All scenarios below illustrate a BLUFOR Battle Group advancing to the southwest into an urban area. The BLUFOR Battle Group and OPFOR Squadron are mechanised.

Scenario 1: Please discuss your immediate thoughts about the tactical situation, [based on Figure 7] provided from a command and control system.

Legend

Blue Force Mounted Blue Force Armoured Red Force Mounted Red Force Armoured Infantry Troop Troop Infantry Troop Troop

Figure 7 - Scenario One Depiction

138

Cyberspace Weaponisation: Modelling Cyber-Effects and their Impacts on Mission Success, Human Factors and Kinetic Outcomes in the Tactical Land Combat Environment. Lieutenant Colonel David Ormrod.

Scenario 2: Please discuss your immediate thoughts about the tactical situation [based on Figure 8] provided from a command and control system.

Legend

Blue Force Mounted Blue Force Armoured Red Force Mounted Red Force Armoured Infantry Troop Troop Infantry Troop Troop

Figure 8 - Scenario Two Depiction

Scenario 3: Blue Force Tracker shows civilians in buildings, from which effective fire is being directed at friendly troops. The platoon commander of the element engaged, who is in position to suppress the attackers, is observing the situation and believes that the information about civilians in the buildings is false. He requests permission to engage and destroy the buildings occupants. Outline your assessment of the situation, risks and the tactical information.

Scenario 4: You have lost radio communications due to jamming. However, the Blue Force Tracker continues to work. The Blue Force Tracker shows a large enemy element approaching your position and significant friendly casualties. A message has been sent from the Battalion HQ, indicating that you are to withdraw immediately. Outline your assessment of the situation, risks and the tactical information.

139

Cyberspace Weaponisation: Modelling Cyber-Effects and their Impacts on Mission Success, Human Factors and Kinetic Outcomes in the Tactical Land Combat Environment. Lieutenant Colonel David Ormrod.

4.1.6 Results

The results from the interviews were analysed in a different order to their conduct. Part Two of the interviews, the card sort, informed the Q methodology results. Parts One and Three of the interviews were subjected to thematic analysis. Q methodology is presented first, because it allows the differentiation of viewpoints across the participants and analysis of shared opinions. These will be used to support the subsequent thematic analysis.

4.1.6.1 Q Methodology Results

Research participant volunteers formed the “P set”. Q methodology requires that the P set reflects the broad array of different potential attitudes on a topic. Sample population requirements (as found in R methodologies and many statistical approaches) do not apply to Q methodology. The differences between traditional statistical data collection and Q methodology is discussed extensively in Brown (1980). The P set in Q methodology represents the variables relevant to the study. Therefore, the larger the P set, the greater the number of variables. The P set comprised 46 participants.

Q Sort Ranking

The Q sample was rank ordered subjectively by participants, creating a Q sort. A forced choice standardised distribution was utilised, allowing participants to rank the Q sort against the items they ‘most agreed with’ (+4) and the items they ‘most disagreed with’ (-4). A relatively flat distribution was utilised as the participants were familiar with the subject matter. This allowed them to clearly differentiate between the topics that they had strong opinions about and those they did not. The small Q sample allowed interview participants to be engaged with the topic without becoming bored or rushed, which may have happened if 50 or 60 cards had been used. The Q sort led into a post-sort interview, which consisted of a discussion between the author and the participant about the reasons for their selection of statements and sequence of cards. The post-sort interview occurred during Part Two of the interview process, allowing the author to develop an understanding of the perspective of each participant, the reasoning for the Q sort sequence, and any other pertinent information the participant wanted to communicate. Table 4 depicts the Q sorting frequency distribution used for this study.

140

Cyberspace Weaponisation: Modelling Cyber-Effects and their Impacts on Mission Success, Human Factors and Kinetic Outcomes in the Tactical Land Combat Environment. Lieutenant Colonel David Ormrod.

Forced-choice Frequency Distribution Ranking value -4 -3 -2 -1 0 1 2 3 4 Number of items 1 2 3 3 4 3 3 2 1

10 4 7 11 14 17 Items 2 5 8 12 15 18 20 1 3 6 9 13 16 19 21 22 Value -4 -3 -2 -1 0 1 2 3 4

Table 4 - Q Sorting Frequency Distribution

The Q sorts were correlated and factor analysed using the software PQMethod version 2.35. A centroid analysis led to a varimax rotation. These processes are described in Brown (1980) and Watts & Stenner (2012). Seven factors were considered, but only five factors emerged from the 46 Q sorts which were considered worthy of detailed analysis. These are depicted in Table 5. Eigenvalues were disregarded from further analysis, because they tend to inflate when a Q sample is small (Brown 1980). Instead, significant factors and Humphrey’s rule were applied. The five factors identified as Factors A to E met both the significant factor loading for the study (0.55) and Humphrey’s rule, using a twice standard error (after rounding) of 0.44. Ten sorts were identified as non-significant, using the significant factor loading of 0.55. The significance factor and Humphrey’s rule were strictly applied to ensure that the small Q sample and large P set did not lead to the generation of factors which were invalid or insufficiently significant. The strongest correlation was between Factors D and E, R2 = 0.53. The weakest correlation was between Factors A and B at R2 = 0.21. The high level of correlation is accounted for by the small Q sample of 22 cards. Factor E was subsequently removed from analysis prior to factor interpretation, due to its high correlation value and small number of significant loadings. Some 58% of the variance of the study was captured across the remaining four factors, A to D. The statistically significant loadings used for individual factor loadings are high, to avoid the legitimate criticism of recent Q methodology literature that small loadings assign individuals to groups that they do not necessarily belong to (Kampen & Tamás 2014). Whilst this results in a higher number of non-significant results, it ensures that the assignment of individuals to a factor is accurate.

141

Cyberspace Weaponisation: Modelling Cyber-Effects and their Impacts on Mission Success, Human Factors and Kinetic Outcomes in the Tactical Land Combat Environment. Lieutenant Colonel David Ormrod.

Rank Categorisation Time in Operational Nature of Factor A Factor B Factor C Factor D Factor E Non Service Experience Employment Significant WO1-SGT CSS 10yrsup Y FT 0.4499 0.0285 0.5797 0.3478 -0.2969 CPL-PTE CSS 10yrsup Y FT 0.5473 0.1204 0.4799 0.4632 -0.0328 Y CPL-PTE ARM 5-9yrs Y FT 0.6086 -0.0642 0.1328 0.4587 0.2982 WO1-SGT ARM 10yrsup Y FT 0.0197 0.7915 0.3142 0.1382 0.2091 CAPT-LT CSP 5-9yrs Y FT 0.2905 0.0954 -0.0776 0.5906 0.1695 CPL-PTE ARM 10yrsup Y FT 0.1497 -0.2718 0.023 0.2775 0.7659 CAPT-LT CSP 0-4yrs Y FT 0.23 0.6048 -0.0136 0.348 -0.2909 WO1-SGT CSP 10yrsup Y FT 0.4351 0.2199 -0.2455 -0.0018 -0.2998 Y CPL-PTE CSP 5-9yrs Y FT -0.0009 0.1837 0.7481 -0.0496 -0.18 CPL-PTE ARM 5-9yrs Y FT 0.1653 0.0374 0.7792 0.2019 0.2203 CPL-PTE CSP 5-9yrs Y FT 0.7449 0.1073 0.1736 0.2134 -0.1232 CPL-PTE CSP 5-9yrs Y FT 0.8147 0.1184 0.1124 -0.1147 0.0855 CPL-PTE CSP 5-9yrs Y FT 0.6286 0.3531 0.0464 -0.0164 0.2309 CAPT-LT ARM 5-9yrs Y FT 0.5295 0.1006 -0.0698 0.5993 0.2529 CAPT-LT ARM 5-9yrs N FT 0.3303 0.4981 0.4015 0.1518 0.4913 Y WO1-SGT CSP 10yrsup Y FT 0.1262 0.8267 0.0301 -0.0862 0.068 CPL-PTE ARM 5-9yrs Y FT 0.5546 0.3275 -0.0559 0.0443 0.4843 WO1-SGT ARM 10yrsup Y FT 0.1565 0.3792 0.6435 0.2142 0.2048 CPL-PTE ARM 5-9yrs Y FT 0.5213 -0.2604 -0.2493 0.4834 0.1886 Y CPL-PTE ARM 5-9yrs Y FT 0.5325 -0.1199 0.0784 0.1948 0.4138 Y CPL-PTE ARM 5-9yrs Y FT 0.0215 0.3177 0.2727 0.1142 0.5015 Y CPL-PTE ARM 10yrsup Y FT 0.595 0.1053 -0.2727 0.4199 0.3752 WO1-SGT ARM 10yrsup Y FT 0.8288 -0.2095 0.1455 0.2337 0.1406 CPL-PTE ARM 5-9yrs Y FT 0.4565 0.027 0.1783 0.2865 0.3566 Y CPL-PTE ARM 5-9yrs Y FT 0.6102 0.4664 0.1547 0.0385 -0.0855 CAPT-LT ARM 5-9yrs Y FT 0.1913 0.4267 0.2046 0.0845 0.6621 CAPT-LT ARM 10yrsup Y FT 0.1046 0.4891 0.1759 0.6478 0.3383 WO1-SGT CSS 10yrsup Y FT 0.1721 0.7111 0.2003 0.3372 -0.1282 WO1-SGT CSS 10yrsup Y FT 0.1256 0.0799 0.1769 0.4454 -0.0709 Y WO1-SGT CSS 10yrsup Y FT 0.4551 0.052 0.3187 0.5658 0.0049 CAPT-LT CSP 0-4yrs N FT 0.3426 0.1234 0.2477 0.4076 0.6227 CAPT-LT CSP 5-9yrs N FT 0.1266 0.73 0.3219 0.1809 0.1223 WO1-SGT CSP 10yrsup Y FT -0.0966 0.0665 0.2752 0.7546 0.1597 WO1-SGT CSP 10yrsup Y FT -0.0566 -0.0047 0.743 0.2694 0.2452 WO1-SGT CSP 10yrsup Y FT -0.0966 0.0665 0.2752 0.7546 0.1597 WO1-SGT CSP 10yrsup Y FT 0.0486 0.0361 0.8114 0.1635 0.3301 CAPT-LT ARM 5-9yrs Y PT 0.4481 -0.1434 0.3505 0.4067 0.3677 Y CAPT-LT ARM 5-9yrs N FT 0.6478 0.2746 0.0627 0.2277 0.0652 WO1-SGT ARM 10yrsup Y FT 0.1696 -0.7686 0.3097 0.114 -0.0488 WO1-SGT ARM 10yrsup Y FT 0.5129 0.1441 -0.0951 0.5143 0.3538 Y WO1-SGT ARM 5-9yrs Y FT 0.5734 -0.1299 0.1124 0.3086 0.1804 WO1-SGT ARM 10yrsup Y FT 0.3006 0.2926 0.0453 0.7616 0.1515 CAPT-LT ARM 5-9yrs N FT 0.2689 0.1805 0.136 0.7641 0.1038 CAPT-LT ARM 5-9yrs N FT 0.0963 -0.4163 0.0989 0.6951 0.0118 CAPT-LT CSP 10yrsup Y FT 0.5584 0.3901 -0.0789 0.4182 0.062 CAPT-LT ARM 10yrsup Y FT 0.3727 0.0749 0.3051 0.7462 0.1893 Eigenvalues 16.0559 4.9509 4.1614 2.7228 2.6335 % expl.Var. 18 12 11 17 9 Significant factor 11 6 6 10 3 loadings Humphreys 0.67522336 0.561078 0.63224288 0.58193856 0.50710239 Rule

Table 5 - Factor Analysis Results

Factor Interpretation

Factor interpretation is intended to provide a holistic view of the opinions expressed by the study participants. Factor interpretation derives the central meaning and values that emerge from the composite factor arrays. Factor loadings refer to the association or identification of individuals with a factor group. Participants load to a factor through a significant correlated score. Table 6 depicts the final composite Q sorts that emerged from all the participants and the sorting of the significant responses into an array comparison. Table 6 shows the score from +4 to -4 for each statement. For example, Statement One, ‘I think digital command and control

142

Cyberspace Weaponisation: Modelling Cyber-Effects and their Impacts on Mission Success, Human Factors and Kinetic Outcomes in the Tactical Land Combat Environment. Lieutenant Colonel David Ormrod.

systems require extensive training in order for me to use them’ was scored a 2 by Factor A, meaning that it was agreed with, but not as strongly as the statements that Factor A assigned a score of 3 or 4. Factor B scored Statement One as -4, meaning that it was disagreed with more than any other statement.

NO STATEMENT FACTOR “I think digital command and control systems…” A B C D 1 require extensive training in order for me to use them 2 -4 3 0 2 need to provide me with trustworthy information 4 3 0 1 3 need to provide me with timely information 3 4 1 2 4 are superior to maps and analogue radio -3 -1 2 -2 5 require constant use to maintain my skills 0 3 0 3 6 are easy for me to use and require little training -3 0 -3 -4 7 allow data to be incorrectly modified by user error 0 0 -1 0 8 are used to their full effect in my unit -4 0 -4 -2 9 would be able to survive a cyber attack, by a technologically advanced country -2 -2 -3 -3 10 are best suited for use in the unit command post 2 -3 -1 3 11 are best suited for use on the move (vehicles, foot) -1 1 -1 -1 12 provide me with faster information than a map and analogue radio -2 0 4 2 13 are less trustworthy when used by multi-national forces 1 -1 0 -3 14 could be manipulated to deceive my situational awareness -1 -1 -2 2 15 prevent me from being involved in fratricide (blue on blue) incidents -1 2 0 1 16 overload me with large amounts of information -2 -3 -2 1 17 lead me to depend on technology 0 -2 1 0 18 support me to make quick decisions in time critical situations 0 1 3 -1 19 help me to visualise the battlefield 3 2 2 4 20 assist me to manage multiple information sources simultaneously 1 2 2 0 21 are rarely used for information exchange and are just used to track friendly call signs 1 -2 -2 -2 22 provide me with trustworthy information 2 1 1 -1

Table 6 - Factor A to D Composite Factor Array Comparison of Q Sort Ranking Values

The Q methodology results provide an intriguing insight into the practical implications of C4ISR devices deployed across an Army in the land combat environment. The purpose of conducting the Q methodology study was to explore the opinions and beliefs of Australian Army land combat decision makers. Five factors were identified as significant from the study, of which four (A-D) were analysed in detail. Factors A and D had the highest ARM Corps participants. The CSP Corps participants were evenly spread across all factors. The CSS participants did not feature in Factor A; however, only three of the five scored significantly enough to load to any factor. Factor A had a high proportion of the study’s CPL-PTE participants (seven) loaded against it, in addition to two WO1-SGTs and two CAPT-LTs. Factor B, in contrast, consisted of WO1-SGT and CAPT-LT rank categories without any CPL- PTEs. Factor C consisted of only CPL-PTE or WO1-SGT ranks. None of the CAPT-LT ranks featured in this factor, nor did any CSS Corps-categorised participants. Factor D consisted of only the CAPT-LT and WO1-SGT ranks. None of the CPL-PTE ranks identified with this factor. Time in service did not appear to relate strongly to a factor, although some correlation

143

Cyberspace Weaponisation: Modelling Cyber-Effects and their Impacts on Mission Success, Human Factors and Kinetic Outcomes in the Tactical Land Combat Environment. Lieutenant Colonel David Ormrod.

was evident due to its relationship to rank. Personnel lacking operational service did not load to Factor C. The only part-time participant did not score significantly to any factors.

Factor A

Eleven significant factor loadings related to Factor A. Ten of the eleven Factor A loadings had operational experience. Eight of the eleven Factor A loadings had served for 5—9 years. Seven of the ten CPL-PTE participants who achieved significant Q factor scores associated with Factor A. None of the CSS Corps participants with significant Q factor scores identified with Factor A. Table 7 depicts the Q sample derived for Factor A after it had been correlated using Z-scores as described in Brown (1980).

Factor Scores - For Factor A No. Statement Z-SCORES 2 need to provide me with trustworthy information 1.912 19 help me to visualise the battlefield 1.503 3 need to provide me with timely information 1.138 10 are best suited for use in the unit command post 0.957 1 require extensive training in order for me to use them 0.812 22 provide me with trustworthy information 0.752 21 are rarely used for information exchange and are just used t 0.671 20 assist me to manage multiple information sources simultaneou 0.55 13 are less trustworthy when used by multi-national forces 0.298 7 allow data to be incorrectly modified by user error 0.108 18 support me to make quick decisions in time critical situatio 0.052 17 lead me to depend on technology 0.051 5 require constant use to maintain my skills 0.048 11 are best suited for use on the move (vehicles, foot) -0.32 14 could be manipulated to deceive my situational awareness -0.415 15 prevent me from being involved in fratricide (blue on blue) -0.461 16 overload me with large amounts of information -0.904 9 would be able to survive a cyber attack, by a technologicall -0.949 12 provide me with faster information than a map and analogue r -1.202 6 are easy for me to use and require little training -1.343 4 are superior to maps and analogue radio -1.503 8 are used to their full effect in my unit -1.755

Table 7 - Factor A Statements and Z-Scores

Factor A participants identified strongly with the requirements for trustworthy and timely information. Factor A strongly agreed that visualisation of the battlefield is a benefit provided by digital C2 systems. Factor A scored digital C2 devices as best employed in static command posts, rather than used on the move (vehicle or foot). These observations were explained in subsequent post-sort interviews as being due to the weight, bulk and significant battery consumption associated with the systems. Many participants discussed reconnaissance and infantry operations, and the lack of value provided by the systems in comparison to their weight, electromagnetic emissions, and constant requirement for battery resupply causing problems for extended patrols.

144

Cyberspace Weaponisation: Modelling Cyber-Effects and their Impacts on Mission Success, Human Factors and Kinetic Outcomes in the Tactical Land Combat Environment. Lieutenant Colonel David Ormrod.

The extensive training required for the systems was reinforced by the negative scores associated with ease of use. Factor A felt units were not employing digital C2 systems to their full capability. However, this was matched with the overall impression that ‘old school’ maps and analogue radio were faster, easier to use and more reliable than digital C2 systems. Because the systems were not being employed to their full effect, many participants did not believe that the systems would prevent battlefield fratricide. Lag and latency in communications was a consistent issue for participants in Factor A. Despite these comments, Factor A placed the trustworthiness of information slightly above the timeliness of the information, explaining that they would prefer to receive accurate information the first time, rather than fast but incomplete or inaccurate information which would then lead to more questions and potential confusion. Many participants spoke of their awareness of potential EW and cyber-attack threats, indicating that the survivability of the systems was doubtful. However, the information on the systems was trustworthy and it was thought unlikely that the systems could be manipulated to deceive SA. The C2 systems were observed to help with the management of multiple information sources and helped prevent information overload because of the capacity for digital networks to distribute and display large volumes of information efficiently.

Factor B

Six significant factor loadings related to Factor B. All six factor loadings consisted of WO1- SGT or CAPT-LT rank categories, four of whom had served over ten years. None of the CPL- PTE participants related to Factor B. Factor B consisted of a mix of ARM, CSP and CSS Corps. Five of the six participants with Factor B loadings had operational experience. Table 8 depicts the Q sample derived for Factor B after correlation.

145

Cyberspace Weaponisation: Modelling Cyber-Effects and their Impacts on Mission Success, Human Factors and Kinetic Outcomes in the Tactical Land Combat Environment. Lieutenant Colonel David Ormrod.

Factor Scores - For Factor B No. Statement Z-SCORES 3 need to provide me with timely information 1.708 2 need to provide me with trustworthy information 1.387 5 require constant use to maintain my skills 1.362 15 prevent me from being involved in fratricide (blue on blue) 1.247 19 help me to visualise the battlefield 0.891 20 assist me to manage multiple information sources simultaneou 0.664 11 are best suited for use on the move (vehicles, foot) 0.524 22 provide me with trustworthy information 0.408 18 support me to make quick decisions in time critical situatio 0.278 6 are easy for me to use and require little training 0.246 7 allow data to be incorrectly modified by user error 0.065 12 provide me with faster information than a map and analogue r -0.069 8 are used to their full effect in my unit -0.076 14 could be manipulated to deceive my situational awareness -0.077 4 are superior to maps and analogue radio -0.362 13 are less trustworthy when used by multi-national forces -0.639 9 would be able to survive a cyber attack, by a technologicall -0.753 17 lead me to depend on technology -0.865 21 are rarely used for information exchange and are just used t -1.106 16 overload me with large amounts of information -1.442 10 are best suited for use in the unit command post -1.646 1 require extensive training in order for me to use them -1.746

Table 8 - Factor B Statements and Z-Scores

Factor B rated the use of C2 systems in the command post as strongly negative, unlike Factor A. Factor B demonstrated a greater belief that C2 systems could provide value when manoeuvring, enhancing SA, assisting with information management and reducing the risk of fratricide. These comments aligned with the feedback about fratricide and SA in an earlier US study on the FBCB2 system and BFT (Conaster & Grizio 2005). They were the only factor to positively score the use of C2 devices as best suited for use on the move. Many Factor B participants argued that C2 systems in a command post reduced mission command and increased the visibility of a unit’s activities by higher headquarters, which they did not rate as positive. Factor B did not have an opinion about their unit’s effective use of the systems. They were the only group not to score it with a strongly negative statement.

Factor B, like Factor A, indicated that the need for trustworthy and timely information are the requirements they most identify with. However, Factor B scored the timeliness of the information higher than trustworthiness. The explanation was that some incorrect information in time for decision making is better than accurate information that comes too late. Factor A and B differed on the maintenance of skills. Many participants stressed that training on the systems was too extensive and required significant time away from the unit and other tasks. Actual use of the system within units was irregular, causing rapid skill fade. Most Factor B participants indicated that they would prefer shorter training courses followed by more extensive use, even to the point of using the systems daily as a replacement to their normal work terminals and email. These users appeared to be comfortable with modern technology,

146

Cyberspace Weaponisation: Modelling Cyber-Effects and their Impacts on Mission Success, Human Factors and Kinetic Outcomes in the Tactical Land Combat Environment. Lieutenant Colonel David Ormrod.

placing familiarity with the tools over formal training courses. Factor B expressed less importance on the visualisation of the battlefield than Factors A and D. Factor B was the only factor to indicate quite strongly that they were not dependent on technology, whilst the other factors generally had no opinion on that statement.

Factor C

Six significant factor loadings related to Factor C. All participants were CPL-PTEs or WO1- SGTs. None of the CAPT-LT participants identified with Factor C. Five of the six participants with Factor C loadings had operational experience. Factor C consisted only of ARMS and CSP Corps participants. None of the CSS participants associated with Factor C. Table 9 depicts the Q sample derived for Factor C after correlation.

Factor Scores - For Factor C No. Statement Z-SCORES 12 provide me with faster information than a map and analogue r 1.901 18 support me to make quick decisions in time critical situatio 1.403 1 require extensive training in order for me to use them 1.162 4 are superior to maps and analogue radio 0.836 19 help me to visualise the battlefield 0.814 20 assist me to manage multiple information sources simultaneou 0.699 17 lead me to depend on technology 0.535 22 provide me with trustworthy information 0.528 3 need to provide me with timely information 0.476 15 prevent me from being involved in fratricide (blue on blue) 0.46 5 require constant use to maintain my skills 0.36 13 are less trustworthy when used by multi-national forces -0.014 2 need to provide me with trustworthy information -0.048 11 are best suited for use on the move (vehicles, foot) -0.276 7 allow data to be incorrectly modified by user error -0.422 10 are best suited for use in the unit command post -0.636 14 could be manipulated to deceive my situational awareness -0.955 21 are rarely used for information exchange and are just used t -1.125 16 overload me with large amounts of information -1.187 9 would be able to survive a cyber attack, by a technologicall -1.403 6 are easy for me to use and require little training -1.425 8 are used to their full effect in my unit -1.684

Table 9 - Factor C Statements and Z-Scores

Factor C demonstrates a more positive outlook on the system’s benefits, ranking both the speed and overall nature of digital C2 systems superior to analogue/traditional methods. Factor C gave the highest positive score of all factors to the support that digital C2 systems provide for making quick decisions in time-critical situations. Factor C also scored the relative speed of digital C2 systems compared to analogue systems the most favourably of all factors—as +4.

Visualisation of the battlefield and the management of multiple information sources were all advantages that Factor C participants focused upon. However, the statement that the C2 systems were used to full effect in the participants’ unit was scored -4, most negatively, as it

147

Cyberspace Weaponisation: Modelling Cyber-Effects and their Impacts on Mission Success, Human Factors and Kinetic Outcomes in the Tactical Land Combat Environment. Lieutenant Colonel David Ormrod. was in Factor A. The extensive training necessary to operate the systems was an issue for this factor more than any other. The ease of use of the systems was negatively scored. However, the statement that constant use was required to maintain skills did not elicit an opinion, unlike Factors B and D.

Factor C demonstrated a greater concern with the overloading of information and the risk of cyber-attack than Factors A and B, although all three scored these negatively. In post-sorting interviews, Factor C participants generally stated that they believed digital C2 systems provided excellent administrative capabilities and were useful as secondary or alternative communication devices, when primary methods were unavailable or long messages needed to be sent without clogging radio networks. The requirements for timeliness and trustworthy information were scored much lower than Factors A and B. The Factor C participants were generally more focused on the benefits already offered by the digital C2 systems than of their requirements.

Factor D

Ten significant factor loadings related to Factor D. All participants loaded to Factor D were CAPT-LTs or WO1-SGTs, with 5—9 years or 10+ years of service experience, respectively. Eight out of ten of the Factor D participants had operational experience. Table 10 depicts the Q sample derived for Factor D after correlation.

Factor Scores - For Factor D No. Statement Z-SCORES 19 help me to visualise the battlefield 1.673 5 require constant use to maintain my skills 1.363 10 are best suited for use in the unit command post 1.23 3 need to provide me with timely information 0.894 12 provide me with faster information than a map and analogue r 0.862 14 could be manipulated to deceive my situational awareness 0.69 2 need to provide me with trustworthy information 0.687 15 prevent me from being involved in fratricide (blue on blue) 0.504 16 overload me with large amounts of information 0.42 17 lead me to depend on technology 0.394 20 assist me to manage multiple information sources simultaneou 0.315 1 require extensive training in order for me to use them 0.135 7 allow data to be incorrectly modified by user error 0.051 18 support me to make quick decisions in time critical situatio 0.014 11 are best suited for use on the move (vehicles, foot) -0.683 22 provide me with trustworthy information -0.805 4 are superior to maps and analogue radio -0.873 8 are used to their full effect in my unit -1.029 21 are rarely used for information exchange and are just used t -1.24 13 are less trustworthy when used by multi-national forces -1.365 9 would be able to survive a cyber attack, by a technologicall -1.435 6 are easy for me to use and require little training -1.8

Table 10 - Factor D Statements and Z-Scores

148

Cyberspace Weaponisation: Modelling Cyber-Effects and their Impacts on Mission Success, Human Factors and Kinetic Outcomes in the Tactical Land Combat Environment. Lieutenant Colonel David Ormrod.

Factor D demonstrated the strongest positive opinions about the benefits of visualising the battlefield with digital C2 systems of any factor (+4). Factor D also had the most positive score of any factor on the statement that the systems were best suited for use in the command post. Factor D felt that digital systems were faster than analogue systems, although they also stated that digital systems did not support quick, time-critical decision making, and that C2 systems were not superior to map and analogue radio. During post-sorting interviews, this apparent disparity was revealed to be linked to the lack of context provided by a digital C2 system in comparison to a voice-radio feed. The C2 system provides excellent visualisation of the battlefield and speed of communication, but without voice, participants felt that context was lost and trust could not be placed in the message. Therefore, the Factor D participants believed that digital C2 systems were best utilised higher up in the command hierarchy, where context was less important. However, on the move and at the lower tactical elements, the systems had high training costs for limited benefit.

Factor D was the only loading to score the trustworthiness of digital C2 information as negative. Factor D also placed the overload of information and the capacity for manipulation of SA as positive scores, higher than Factors A, B and C who all scored these statements negatively. Survivability of cyber-attack was scored equally negatively as Factor C. Factor D scored the trustworthiness of C2 devices in use with multinational forces highly, compared to all the other factors. Post-sorting interviews revealed that this was due to the increased confidence Factor D participants had when they employed C2 devices with multi-national forces. This allowed them to track convoys or send messages to other units that they could not previously communicate with except by physically approaching them. Factor D participants were generally positive about their experiences with C2 devices on operations with coalition forces.

Factor D scored the ease of use of C2 systems the most negatively (-4) of all factors. Factor D aligned closely to Factor B on the requirement for constant use to maintain skills in C2 systems, but whereas Factor B preferred less training, Factor D did not express any strong opinions on training requirements. Factor D did not register any strong opinions on the requirements for trustworthy or timely information. Participants negatively scored the use of digital C2 devices to their full effect in the unit, but not as negatively as Factors A and C had.

149

Cyberspace Weaponisation: Modelling Cyber-Effects and their Impacts on Mission Success, Human Factors and Kinetic Outcomes in the Tactical Land Combat Environment. Lieutenant Colonel David Ormrod.

4.1.6.2 Thematic Analysis Results

The use of thematic analysis as part of the grounded theory methodology of this thesis was introduced in Chapter 3. Thematic analysis captures the complexity of meaning in qualitative data by identifying and describing themes within the data, which are then coded and analysed based on their frequency, and their relationships with other codes (Guest, MacQueen, & Namey 2011). The method for conducting thematic analysis is described by Braun & Clarke (2006) and Guest, MacQueen, & Namey (2011). Thematic analysis resulted in the definition and naming of themes across the data corpus. The themes resulting from coding are depicted in Figure 9.

Figure 9 - Coded Themes

Broadly, the themes were grouped under five headings: users, digital systems, hypotheticals, thoughts about and observations. ‘Users’ encapsulates the digital C2 system training and experience, and general computer aptitude of interview participants. The ‘users’ heading also incorporates their preferred system configuration, the trust they have in digital C2 compared to analogue systems, and a series of comments the participants made regarding training and its implications for trust and system preferences, from a user’s perspective.

‘Digital Systems’ as a heading contains a series of sub-topics: benefits, issues and trust. ‘Benefits’ refers to the advantages and utility provided by digital C2 systems compared to older analogue methods. ‘Issues’ incorporates the risks, obstacles and costs associated with digital C2 systems from the participants’ perspectives. ‘Trust’ refers to the trust placed in different

150

Cyberspace Weaponisation: Modelling Cyber-Effects and their Impacts on Mission Success, Human Factors and Kinetic Outcomes in the Tactical Land Combat Environment. Lieutenant Colonel David Ormrod.

technological solutions and the opinions of the participants about the trust they place in digital command and control systems relative to the alternatives.

The ‘hypotheticals’ heading addresses the two hypothetical cases participants were asked to provide a response to. The first hypothetical dealt with a situation where the enemy’s digital C2 system had been compromised. It sought to understand what the participant would seek to achieve with that capability. The second hypothetical reversed this situation and asked what the participant would do if it was known that their own digital C2 system had been compromised by the enemy.

‘Thoughts about’ includes different themes and comments shared by participants and the use of digital C2 systems within the Australian Defence Force. These comments have been broken into four sub-headings; effectiveness, efficiency, resilience and use of the system.

The ‘observations’ heading contains sub-topics explicitly related to participant responses to the interview questions about two hypothetical cases: the employment of deception, and the four scenarios. The ‘deception’ sub-heading deals with the participants’ experiences of employing deception and their considerations when discussing deception generally. The remaining two sub-headings dealt with the responses to the four scenarios. The first two scenario responses were allocated to the ‘tactics’ sub-heading. These were tactical problems that sought to understand the decision-making considerations applied by participants to deal with a problem. The ‘scenario responses’ sub-heading addressed the third and fourth scenario responses. These scenarios were also about the response of the participant, but were less tactically orientated. Scenarios Three and Four dealt with the situation where the digital C2 system and other information feeds may contradict each other, or where a cyber-attack could alter SA. The themes within these sub-headings are discussed and described in more detail throughout this thesis.

Participant Digital C2 System Experience, System Training and General Computer Aptitude

Each participants’ experience, training and aptitude were identified based on their responses to semi-structured questions. Factors B and D featured the greatest overall digital C2 systems experience and digital C2 systems training. Factors C and D had the highest general computer aptitude. Factor D had the greatest overall experience, training and aptitude of all factors. The sub-components are described below.

151

Cyberspace Weaponisation: Modelling Cyber-Effects and their Impacts on Mission Success, Human Factors and Kinetic Outcomes in the Tactical Land Combat Environment. Lieutenant Colonel David Ormrod.

• Digital C2 Experience

Experience refers to the participants’ experience with digital C2 systems, rather than a broader statement about their combat or military experience. This was rated as ‘no experience’, ‘limited experience’ or ‘extensive experience’ depending on the response of each participant. Figure 10 depicts the respective results for Factors A to D. Factor E, and those participants not considered as significant Q factors, were not included in the analysis. Factors A and C had the broadest digital C2 experience factor ratings. Factor B demonstrated a high proportion of extensive digital C2 experience, with only one participant in that factor having ‘no experience’. Factor D also demonstrated a high proportion of ‘extensive experience’. Therefore, Factors B and D had the greatest experience of the four factors.

Figure 10 - Coded Theme - Digital C2 Systems Experience

152

Cyberspace Weaponisation: Modelling Cyber-Effects and their Impacts on Mission Success, Human Factors and Kinetic Outcomes in the Tactical Land Combat Environment. Lieutenant Colonel David Ormrod.

• Digital C2 Training

Training refers to the participants’ training with digital C2 systems. This was rated as ‘no training’, ‘limited training’ or ‘extensive training’, depending on the response of each participant. Figure 11 depicts the respective results for Factors A to D. Factor E and those participants not considered significant as a Q factor were not included in the analysis. Factor D featured the highest incidence of training. Factor B featured the second-highest incidence. Factor C was broadly distributed across all training levels. Factor A featured the least training.

Figure 11 - Coded Theme - Digital C2 Systems Training

153

Cyberspace Weaponisation: Modelling Cyber-Effects and their Impacts on Mission Success, Human Factors and Kinetic Outcomes in the Tactical Land Combat Environment. Lieutenant Colonel David Ormrod.

• General Computer Aptitude

Aptitude refers to participants’ aptitude with digital systems generally. It was not restricted to the military environment. This was rated as ‘low aptitude’, ‘medium aptitude’ or ‘high aptitude’, depending on the response of each participant. Figure 12 depicts the results for Factors A to D. Factor E and those participants not considered significant as a Q Factor were not included in the analysis. Factors C and D had the highest self-reported aptitude with computers. Factor B featured an average-to-high aptitude. Factor A had the lowest aptitude, as a proportion of the responses.

Figure 12 - Coded Theme - Computer Aptitude

154

Cyberspace Weaponisation: Modelling Cyber-Effects and their Impacts on Mission Success, Human Factors and Kinetic Outcomes in the Tactical Land Combat Environment. Lieutenant Colonel David Ormrod.

Preferred Digital C2 System

The preferred system was predominantly analogue, with a variety of proposed roles for digital systems as a secondary or administrative network. The most popular configuration was a primary analogue system with a secondary digital system. The majority of Factor A participants selected analogue systems alone. A few participants elected that they would prefer a digital system, with either an analogue backup, or analogue for close combat. Figure 13 depicts the themes according to factor.

Figure 13 - Coded Themes - Preferred Digital C2 System by Factor

155

Cyberspace Weaponisation: Modelling Cyber-Effects and their Impacts on Mission Success, Human Factors and Kinetic Outcomes in the Tactical Land Combat Environment. Lieutenant Colonel David Ormrod.

Digital C2 System Benefits

The digital C2 system benefits identified by each factor are summarised in Figure 14. Benefits include: SA, efficiency and effectiveness topics.

Figure 14 - Coded Themes - Digital C2 Systems Benefits

156

Cyberspace Weaponisation: Modelling Cyber-Effects and their Impacts on Mission Success, Human Factors and Kinetic Outcomes in the Tactical Land Combat Environment. Lieutenant Colonel David Ormrod.

• Situational Awareness

Situational awareness consisted of three themes.

‘COP and tracking of callsigns’ refers to the knowledge provided by digital systems of a COP and the near-real-time display of other friendly elements. Digital C2 systems are intended to enhance SA, thereby improving force effectiveness (Fellows et al. 2010).

‘Transfer of photos and graphics’ describes the sharing of media across a digital network.

‘Visualisation and representation of the battlespace’ refers to both the depiction of three- dimensional terrain and the visual display of nearby friendly and enemy forces. One participant described this benefit as “Situational awareness – you can see where all the blue dots are. Easily when you are moving around you can see left and right and neighbouring call-signs. I think one of the big points is being able to organise very hasty coordination measures between neighbouring call-signs such as control measures, cut off, firing points”.

• Efficiency

Efficiency consisted of five themes.

‘Transcription of messages is unnecessary’ accounts for the speed of communication and the fact that human error is avoided when messages between callsigns (i.e. friendly units) go through a third party. Whereas a radio message must be transcribed and retransmitted as it travels between radio networks and through the military hierarchy. Transcription and retransmission creates the opportunity for human error to change the content of the message.

‘Digital overlays more efficient’ refers to the speed of communication and ability to save templates for digital map overlays, which would need to be hand drawn on each occasion with the alternative, manual processes. It also removes the necessity for subordinate commanders to manually copy the traces drawn by their commander. This saves time, ensures consistency and reduces the opportunity for human error. One participant explained “So instead of going to a command post having one guy roughly copy down the trace and that being distributed out through the unit, we can have it pop up on the screen and we can see exactly what we are supposed to do, and our boundaries and so forth”.

‘Greater level of detail more efficiently’ refers to detailed orders being sent to digital C2 systems without requiring long periods to transcribe messages and rebroadcast them. Orders provide a coordination function across the unit that is vital to the safe and effective implementation of the plan. Whereas an error or delay in a single message could be lethal,

157

Cyberspace Weaponisation: Modelling Cyber-Effects and their Impacts on Mission Success, Human Factors and Kinetic Outcomes in the Tactical Land Combat Environment. Lieutenant Colonel David Ormrod.

depending on the scenario, the likelihood that this will result in combat casualties is more pronounced because of the integrated nature of manoeuvre warfare. If different elements of a unit have different orders, the chance that an attacking or defensive operation will fail is increased.

‘Doesn’t clog the radio with administration’ is a similar notion, although it more explicitly refers to the administrative reports and returns that units must send to their higher headquarters, which require long periods of time on the radio. One participant stated “We still have a lot of admin that needs to be sent, and rather than clogging up the net for 5-10 mins sending reports in, you can just type them up and send the form”.

‘Sending orders quickly and without errors’ means that a commander can send orders to all units at once, without needing to contact them all on the radio, broadcast the orders, then wait for confirmation of receipt. A participant explained “That way, the person who issued an order can get that order to the end destination quickly and without mistakes. It’s just a good way of issuing orders”.

• Effectiveness

Effectiveness consists of four themes.

‘Collaborative planning’ refers to the ability to quickly orientate everyone to a plan by sending the plan to everyone on a network, then using messages to make quick changes to the graphical products that are shared by all. This is like the dissemination of orders, but allows for changes and the incorporation of multinational or supporting units to understand a plan, even if they themselves are not directly involved in it.

‘Communication with foreign forces’ explains the ability to resolve communication issues, such as different languages and radio restrictions, by tracking each other on the digital C2 system and visual displays.

‘Reduction in human error’ refers to an overall reduction in radio errors, where voice messages can be misheard or transcribed incorrectly.

‘Text message functionality’ refers to the ability of some systems to allow quick and informal messages to be sent between units, rather than transmitting to all units on the network.

Figure 15 depicts the incidence of beneficial themes coded across Factors A to D. SA and the tracking of other units was identified by most participants as the most beneficial aspect of digital C2 systems. Factor B had the broadest identification of benefits across the factors

158

Cyberspace Weaponisation: Modelling Cyber-Effects and their Impacts on Mission Success, Human Factors and Kinetic Outcomes in the Tactical Land Combat Environment. Lieutenant Colonel David Ormrod.

depicted below. However, Factors A, C and D generally agreed on most themes. The benefits identified by the participants reflected those in literature. SA and the tracking of other units was identified as a key benefit by Conaster & Grizio (2005). The ‘sending of orders’ theme reflects the observation in literature that FBCB2/BFT was the primary method for passing fragmentary orders during Operation Iraqi Freedom’s offensive operations (Mawby et al. 2005).

159

Cyberspace Weaponisation: Modelling Cyber-Effects and their Impacts on Mission Success, Human Factors and Kinetic Outcomes in the Tactical Land Combat Environment. Lieutenant Colonel David Ormrod.

Figure 15 - Coded Themes - Digital C2 Systems Benefits by Factor

160

Cyberspace Weaponisation: Modelling Cyber-Effects and their Impacts on Mission Success, Human Factors and Kinetic Outcomes in the Tactical Land Combat Environment. Lieutenant Colonel David Ormrod.

Digital C2 System Issues

The digital C2 system issues themes were broken into four topics: effectiveness, efficiency, human and security. These are depicted in Figure 16 and described below by topic.

Figure 16- Coded Themes - Digital C2 Systems Issues

Effectiveness

‘Lags and delays’ was the most common issue referred to by participants, which many argued cancelled out the perceived benefits of the systems. One participant remarked “I would be more

161

Cyberspace Weaponisation: Modelling Cyber-Effects and their Impacts on Mission Success, Human Factors and Kinetic Outcomes in the Tactical Land Combat Environment. Lieutenant Colonel David Ormrod. than happy to use the system if we knew it was instantaneous and we knew that the message was going to get through”. Another said “The systems are pretty slow - people talk about real- time information but its normally pretty old”.

‘Bugs in the system’ referred to instances of incorrect data being represented on the system.

‘Data loss’ occurred where messages would not get transmitted through to the intended destination. This created doubt about a message arriving at the destination.

‘Distance between nodes impacts system effectiveness’ referred to the increasing degradation of network effectiveness, increasing lag, and data loss between nodes as the distance between nodes increased. This observation did not apply to all systems, as it depends on the nature of the network and the way that data is managed between nodes.

‘Insufficient bandwidth’ was caused as the network became more congested or large files were sent. The relationship between bandwidth, latency and data loss was recognised by participants but not firmly established. Therefore, the three themes were treated separately.

‘Light emissions from screens at night’ refers to the complaint by participants, primarily ARMS Corps, that the use of digital C2 systems at night destroyed their night vision and posed a security risk due to the light emissions of their screens, something that isn’t an issue with radios.

‘Poor system serviceability’ referred to the ease with which system components were damaged in the field and the problems of getting them fixed rapidly, particularly when they were fitted to a vehicle.

‘Foreign terminology in the system’ was an issue focused on the confusion caused by the purchase and introduction of systems from overseas that had not been changed to meet Australian terminology or ways of operating.

‘Speed of combat is too fast to use a digital system’ contended that a digital system was suited to a static command post but not to a mobile fighting vehicle, due to a combination of system latency and the need to focus away from screens. One participant stated “In contact, I guarantee people will not be looking at a digital map, there’s just too much stuff going on and that’s where you need to use your head. There are things we need to embrace to make things better but there are others that will just create more friction than reduce it”.

162

Cyberspace Weaponisation: Modelling Cyber-Effects and their Impacts on Mission Success, Human Factors and Kinetic Outcomes in the Tactical Land Combat Environment. Lieutenant Colonel David Ormrod.

Efficiency

‘Digital systems consume lots of batteries’ was a common issue, with participants stating that with the growing use of digital systems, the need to stay on the network and the reliance on batteries was actually degrading their ability to conduct extended patrols below the detection threshold. As early as 2002, the provision of batteries in significant quantities was an issue even for the US military industrial base to support Operation Iraqi Freedom (Solis 2005). This reflects the growing requirement for portable electric power.

‘Equipment is too heavy’ was a complaint made by some participants who referred to the infantry having to carry the equipment as well as a large number of batteries. Numerous participants suggested that the digital C2 systems would need to offer significant advantages to be worth carrying, given their weight. Most of these participants also indicated that a device of an electronic tablet’s size and weight would be optimal, without the additional attachments and equipment required.

‘Equipment size is too large and bulky’ had a broader connotation, meaning that the equipment was not only difficult to carry personally, but also took up large amounts of space in vehicles. This theme included the space required for the large number of batteries needed for extended patrols, meaning the consideration extended beyond the device itself.

‘Repair and support is difficult’ referred to both the repair of damaged equipment and the ability for operators to diagnose and fix software and networking issues whilst on patrol. Some participants said that the devices and equipment often were unusable after getting damaged in the field, meaning that they were off the network.

‘System and network setup takes too long’ referred to a perception that sudden changes in mission configuration were not possible, or were difficult to achieve, due to the technical configuration of the system.

Human

‘Loss of basic skills’ refers to the perception that with the increasing use of digital C2 systems, the basic skill sets taught to soldiers decay.

‘Reach down and micro-management’ is the loss of empowerment associated with the increased ability for commanders to monitor, control and direct their subordinates through increased SA of them. This reflects the observation by Bousquet (2008) that

163

‘Reliance on the system’ relates to an increased dependence on the system, potentially decreasing the robustness of system response to a system failure. This has also identified as a potential issue, where dependence on networked IS could create a vulnerability targeted by adversaries (Bousquet 2008).

‘Risk of focusing on the screen’ refers to participants losing an awareness of their environment due to focusing attention on a screen.

‘Systems are too complicated’ reflects the negative user experience that some participants recounted.

‘Specific trade for cyber-warriors’ was a topic that some participants identified as necessary, due to the dependence on the digital systems and the perceived likelihood that an adversary would target it.

Security

‘Cyber-attack’ was a common topic mentioned in the context of digital C2 systems. Media reporting was one aspect of this, with a few participants saying that they were aware of the risk through high profile hacks reported in the media. The author sought to avoid focusing on cyber- attacks or cyberwarfare throughout the interviews, but it is likely that some participants were influenced by the research topic.

‘We need an organic response capability to cyber-attack’ linked to the human requirement identified by a few participants for cyber-warriors. Participants were concerned about the ability for Army to provide a technical, localised response to a cyber-attack at the tactical level.

‘We are not keeping up with the threat and other nations’ represented the belief expressed by a number of participants that the digital C2 systems in use are designed for combat against nations that are not technologically advanced, and that if that dynamic was to change, the systems would be a significant weakness rather than a strength.

‘Digital systems do not appear to be resilient to cyber-attack’ expressed concerns about the potential for the systems to survive a cyber-attack based on their inherent design and installed applications.

164

Cyberspace Weaponisation: Modelling Cyber-Effects and their Impacts on Mission Success, Human Factors and Kinetic Outcomes in the Tactical Land Combat Environment. Lieutenant Colonel David Ormrod.

‘Digital systems do not appear to be reliable’ reflected concerns about the reliability of systems based on their current design, even without an active cyber-threat. This reliability issue has a broader affect on participants’ trust that systems can provide services under sustained attack.

‘A digital system compromised provides more information than radio’ related to some participants who were concerned about two different issues; (1) the forensic risk posed by the capture of digital C2 systems compared to a radio and (2) the amount of information about the entire network that could be revealed when a digital system is compromised in comparison to a single radio transmission.

The issues identified by participants allocated to Factor A to D are depicted in Figure 17, below. All of the factors had a broad range of topics. The consumption of batteries was an important issue for Factors A and D. A number of Factor A participants also indicated a reliance on the system as an issue, although to a smaller degree than the other factors. One participant stated “Standard Operating Procedures (SOPs) need to be adapted whilst we still have the ability to roll-back. The more we use these systems, and the better they get, the more reliant we are going to be on them”.

165

Cyberspace Weaponisation: Modelling Cyber-Effects and their Impacts on Mission Success, Human Factors and Kinetic Outcomes in the Tactical Land Combat Environment. Lieutenant Colonel David Ormrod.

Figure 17 - Coded Themes - Digital C2 Systems Issues by Factor

166

Cyberspace Weaponisation: Modelling Cyber-Effects and their Impacts on Mission Success, Human Factors and Kinetic Outcomes in the Tactical Land Combat Environment. Lieutenant Colonel David Ormrod.

Trust in Digital C2 and Analogue Systems

Participants were asked which they would trust more: a digital C2 system or a map and radio (analogue system). These are depicted in Figure 18.

Figure 18 - Coded Themes - Digital C2 Systems Trust

Five of the participants elected to trust both systems. Few of the participants selected the digital C2 system as the one they would trust, in comparison to an analogue map and radio system. One participant stated “I have trust in the other voice on the end of the radio and also the physical map in my hand”. Prior studies have identified a reduction in confidence of experienced military personnel in digital C2 systems compared to map and radio (Mawby, McDougall, & Boehmer 2005).

The strong preference for analogue over digital C2 systems can be explained in four ways: (1) the strong foundation of training and experience, and therefore confidence, all participants expressed in their radio and map; (2) the perception that digital C2 systems are not robust, are overly complicated, are not user friendly and are a burden to carry and power compared to the capability they provide; (3) the context provided through voice and the mutual understanding shared by personnel in combat over the radio cannot be replicated in a digital system; (4) the perception that the digital C2 systems had not been fielded as part of a comprehensive plan that took into account how Australian forces fight, particularly given the distances between forward units conducting reconnaissance activities.

One participant remarked “If the systems were implemented properly, the training was practical and reinforced regularly, and the data was good, I’d trust the digital systems”.

167

Cyberspace Weaponisation: Modelling Cyber-Effects and their Impacts on Mission Success, Human Factors and Kinetic Outcomes in the Tactical Land Combat Environment. Lieutenant Colonel David Ormrod.

Another stated “What we train to do is stay hidden and we try and keep our tactics and information on the radio short and sharp so that we are not traceable. Technology is changing so quickly, I would not be surprised that the way we bounce information off of every vehicle the enemy will have technology and they would just swarm and have all of our positions marked on the ground. I don’t think that there has been a lot of thought about this. I think people are only thinking about the fight in Iraq and Afghanistan where they don’t have that technology. We need to be switching our focus to a conventional war, plan worst case scenario and work from there. That’s why we do conventional operations because it’s so flexible that you can go either way”. A number of respondents admitted that analogue radio can be jammed and maps can be misread, but most participants expressed a belief that they had a better understanding of the risks and ways of responding to those risks than compared to the digital alternative.

Figure 19 - Coded Themes - Digital C2 Systems Trust by Factor

168

Cyberspace Weaponisation: Modelling Cyber-Effects and their Impacts on Mission Success, Human Factors and Kinetic Outcomes in the Tactical Land Combat Environment. Lieutenant Colonel David Ormrod.

Hypotheticals

• Hypothetical - Compromised Opposing Force C4ISR System

A number of hypothetical questions were asked of the participants. The response to a compromised OPFOR C4ISR system elicited two types of responses: physical or digital. The themes are depicted in Figure 20.

Figure 20 - Coded Themes - Compromised Opposing Force C4ISR System

The physical response included identifying and subsequently attacking enemy vulnerabilities evident from the intelligence obtained from the C4ISR system. ‘Attack enemy vulnerabilities’ was the response of some participants in describing the targeting of key assets and vulnerable positions through the information obtained from a digital C2 system. Once the adversary’s dispositions are known, precision attacks by massed forces and offensive fire are possible. Engagement areas could be bypassed.

‘Confirming the data obtained to ensure it is not a ruse’ refers to the concern expressed by some participants that the enemy could seek to deceive through a compromised system. This would be the equivalent of a honeynet containing false data. One participant explained “It's an opportunity but once it is an unsecure network and if the enemy is aware that it is unsecure then I would still be cautious to rely on that information as being correct. I would be looking to identify, through whatever assets I have available, to find another source to confirm that 169

Cyberspace Weaponisation: Modelling Cyber-Effects and their Impacts on Mission Success, Human Factors and Kinetic Outcomes in the Tactical Land Combat Environment. Lieutenant Colonel David Ormrod.

information. The info available shouldn’t be ignored but it shouldn’t be relied upon as ‘correct’ either”.

‘Integration of cyber and kinetic effects’ refers to the responses of some participants who said that data could be manipulated in the enemy’s digital system, giving them misleading orders and degrading their SA while integrating the deception with kinetic action, leading to an ambush. For example, strongly defended areas could be made to appear weak and vice versa. One participant stated “if I had an absolute free hand I would be using it at a decisive point in time. I would not want to disrupt them because you want the enemy nice and relaxed with their systems and use that to our advantage. When they are over-reliant, you can jam their system at a decisive moment during a deliberate attack, knock off all their systems at once, deny their ability to react. Redirect their artillery fire.” The use of an integrated DoS attack with a kinetic attack was not the only approach presented during the interviews. Another participant said “The ability to send them false message and have them potentially reorientate is too valuable to give up, when you don’t have to take significant risks. You might create some noise and have some sort of demonstration to reinforce the C4ISR deception. Although I’d look to enhance the deception, the benefit of hacking is that you don't need to commit many resources to the deception plan”.

The digital response included DoS, preventing network service. This was often referred to in the context of timing the attack on the network to degrade it at a critical time. A few participants stated that causing a DoS too early would simply enable the adversary to switch to alternative communication means.

‘Disrupt and interfere’ involved manipulation of data and disrupting the trust the enemy had in their systems. This approach sought to attack data in the system and compromise SA.

‘Understanding the enemy’s capabilities’ and ‘watching and gathering information’ themes required silent monitoring and the extraction of information and intelligence from the enemy’s networks. One participant said “You would want to keep the source open for as long as possible without detection. Get as much info as you can”. Another stated “I think five days of silently observing is an enormous advantage. I would pick that unless they knew that you knew and were feeding you incorrect data. I would have to consider that this present could be poisoned that you would seek to verify some of the information they had given you and seek to confirm it”. Figure 21 depicts the responses by factor to the compromised OPFOR C4ISR system themes.

170

Cyberspace Weaponisation: Modelling Cyber-Effects and their Impacts on Mission Success, Human Factors and Kinetic Outcomes in the Tactical Land Combat Environment. Lieutenant Colonel David Ormrod.

Figure 21 - Compromised OPFOR C4ISR System By Factor

171

Cyberspace Weaponisation: Modelling Cyber-Effects and their Impacts on Mission Success, Human Factors and Kinetic Outcomes in the Tactical Land Combat Environment. Lieutenant Colonel David Ormrod.

• Hypothetical – Compromised Blue Force Tracker

A number of hypothetical questions were asked of the participants. The response to a compromised Blue Force Tracker elicited two types of responses: physical or digital. These are depicted in Figure 22.

Figure 22 - Coded Themes - Compromised Blue Force Tracker

The physical response consisted of three themes.

‘Adapt secondary course of action’ is the response some participants elected to adopt when the system was compromised. This meant that they would manoeuvre in a different way to the plan that had been compromised. In each case, the system had been switched off.

‘Move to a defendable position’ was the most common physical action when the system was compromised and then switched off. The defendable position provides security to the unit, forcing the attacker to assault them on ground of their own choosing, whilst runners or alternative communication are used to re-establish SA. One participant simply responded “Shut it down and move to a defensive position”. A number of other participants stated similar positions.

172

Cyberspace Weaponisation: Modelling Cyber-Effects and their Impacts on Mission Success, Human Factors and Kinetic Outcomes in the Tactical Land Combat Environment. Lieutenant Colonel David Ormrod.

‘Trick and ambush the enemy’ was less common, but reflected an alternative approach which left the system on, broadcast deceptive information and led the enemy into an ambush.

The digital response consisted of three themes.

‘Forensics to understand compromised information’ refers to the participants’ desire to understand what information had been compromised by the enemy before determining their response. One participant, when asked what they would do if they knew their digital C2 system had been compromised and their plans had been intercepted, said “I guess you would want to try and do the opposite of that [the plan] and catch them off guard. They might be expecting something, just let them think they have the correct information. Try and reverse it”.

‘Shutdown the system’ was a common response, with a number of participants saying they would disconnect the network and stop all emissions as soon as they were aware the system had been compromised.

‘Using alternative digital services’ refers to the desire to switch to another system that was assured against compromise, to maintain basic but vital communications, even if it had less functionality.

The responses by factor to the compromised Blue Force Tracker themes are depicted in Figure 23.

Figure 23 - Compromised Blue Force Tracker Themes by Factor

173

Cyberspace Weaponisation: Modelling Cyber-Effects and their Impacts on Mission Success, Human Factors and Kinetic Outcomes in the Tactical Land Combat Environment. Lieutenant Colonel David Ormrod.

Thoughts About

The participants made a number of comments, which were recorded as ‘thoughts about’, ‘effectiveness’, ‘efficiency’, ‘resilience’ and ‘use of the system’. These are depicted in Figure 24.

Figure 24 - Coded Themes - Thoughts about Digital C2 Systems

174

Cyberspace Weaponisation: Modelling Cyber-Effects and their Impacts on Mission Success, Human Factors and Kinetic Outcomes in the Tactical Land Combat Environment. Lieutenant Colonel David Ormrod.

Some themes identified within these observations are negative, such as those that perceive digital systems as a hindrance. Others are positive, such as those that see digital systems as the future. These two opposing views were reflected in other themes, such as the contention that information accuracy is more important than its speed, versus the opposing view. A number of participants spoke of the additional SA they derived from the sound and speech received over the radio from the message’s originator. This factor becomes less relevant the further a message is sent beyond the originator, but near the source, the expressiveness of voice adds additional context that is not necessarily evident in a typed digital C2 message. This thesis does not extrapolate all of the thoughts about the system expressed by all of the participants. The analysis and theory development sections refer to those points that are relevant for conceptualisation of a model. The ‘thoughts about’ sub-section was helpful because it allowed a number of participants’ perspectives to be identified which, in many cases, contradicted each other.

Figure 25 depicts the responses by factor to the ‘thoughts about’ digital C2 systems. A clear message, particularly from Factor A, is the difference in context provided by a voice message on a radio in comparison to a text message on a digital C2 system.

175

Cyberspace Weaponisation: Modelling Cyber-Effects and their Impacts on Mission Success, Human Factors and Kinetic Outcomes in the Tactical Land Combat Environment. Lieutenant Colonel David Ormrod.

Figure 25 - Coded Themes - Thoughts about the Use of Digital C2 Systems

Observations

Observations consisted of three sub-headings: training, deception and scenario responses.

• Training

Training comments are depicted in Figure 26. ‘training is important for all users’ was the most common comment relating to training. Several participants had never been trained in the system or had received training after they had needed it. Others noted that the training was too

176

Cyberspace Weaponisation: Modelling Cyber-Effects and their Impacts on Mission Success, Human Factors and Kinetic Outcomes in the Tactical Land Combat Environment. Lieutenant Colonel David Ormrod. extensive and technical, leading to the observation that training is important for all users and a lower level of proficiency, across all corps and ranks, is more useful than a small number of well trained personnel. This was often supported with the theme that ‘continual exposure is needed on the systems’. Many participants indicated that extensive training, when it was conducted, was not supported with regular and consistent use of the systems. Therefore, the integration of the system into units and their regular use in exercises needs to parallel training.

Figure 26 - Coded Themes - Training Comments

Figure 27 depicts the training themes by factor. Factor D had a greater focus on training than Factor A. The development of Standard Operating Procedures (SOPs) was often discussed in the context of training. This related to the observation by many participants (particularly Factor D) that training comprises far more than just attendance at a course, even when the training is extensive. Several participants criticised contractor-delivered training, because it focuses on

177

Cyberspace Weaponisation: Modelling Cyber-Effects and their Impacts on Mission Success, Human Factors and Kinetic Outcomes in the Tactical Land Combat Environment. Lieutenant Colonel David Ormrod.

the application rather than the applied process in a unit. Many requested military training by experienced operators with a focus on real-world utility rather than the software application. Post-training exposure on a regular basis was also a common theme, to the extent that some participants thought that digital C2 systems should be used for intra-unit communication within bases, instead of the standard fixed networks. These individuals asked why the Army would use a different system on base to that used in the field. It was suggested this would reduce the training liability, increase competence and support the maintenance and management of the network.

178

Cyberspace Weaponisation: Modelling Cyber-Effects and their Impacts on Mission Success, Human Factors and Kinetic Outcomes in the Tactical Land Combat Environment. Lieutenant Colonel David Ormrod.

Figure 27 - Coded Themes - Training Comments by Factor

179

Cyberspace Weaponisation: Modelling Cyber-Effects and their Impacts on Mission Success, Human Factors and Kinetic Outcomes in the Tactical Land Combat Environment. Lieutenant Colonel David Ormrod.

• Deception

Deception employment is assessed under three criteria depicted in Figure 28.

‘Have employed deception successfully’ referred to those that indicated they had used deception on exercise or deployment, with a successful result.

‘Have employed deception unsuccessfully’ indicated a participant that had indicated they had used deception on exercise or deployment, without a successful result.

‘Have not employed deception before’ referred to those participants that had not attempted to employ deception on exercise or deployment.

Figure 28 - Coded Themes - Deception Employment and Considerations

Deception considerations were assessed using seven themes.

‘Speed’ refers to the tempo with which a deception plan is employed, with the inference that a fast plan is important to achieve surprise. Rapid tempo can prevent an adversary from being able to respond quickly enough to counter the plan (Department of Defense 2008).

‘Security’ refers to the degree of secrecy employed to keep a deception plan from being unwittingly revealed to the enemy.

180

Cyberspace Weaponisation: Modelling Cyber-Effects and their Impacts on Mission Success, Human Factors and Kinetic Outcomes in the Tactical Land Combat Environment. Lieutenant Colonel David Ormrod.

‘Planning’ is the degree of preparation and coordination employed to the deception plan.

‘Don’t over-commit resources’ is the consideration that a commander has limited resources with which to fight and the allocation of assets to a deception plan is a decision that requires analysis.

‘Reducing emissions’ refers to the use of radio silence and reduced electronic emissions to support the deception plan. Military communication system transmissions can be analysed by an adversary for their signal strength and direction, meaning that forces can be located, identified and potentially even have their communications intercepted when broadcasting (Lee 2008). This is not possible when radio silence is employed.

‘Thinking like the enemy’ refers to the consideration of how the opposing force perceive your actions and the way that a deception plan looks to them. This reflects the advice that one must know the enemy in a way that allows an understanding of what they expect and how they react in different situations (Tzu et al. 1971).

‘Believable’ is the likelihood that the deception plan is real, from the perspective of the adversary, based on your normal behaviour and the expectations the enemy have about how you act. Developing a believable deception plan involves thinking like the enemy. The two concepts are linked.

Figure 29 depicts the responses by participants when asked what they considered when planning a deception activity. Factor A participants considered security and believability to be the most relevant considerations. Factor B focused on planning and believability. Factors C and D did not appear to have an overriding response theme.

181

Cyberspace Weaponisation: Modelling Cyber-Effects and their Impacts on Mission Success, Human Factors and Kinetic Outcomes in the Tactical Land Combat Environment. Lieutenant Colonel David Ormrod.

Figure 29 - Deception Consideration Responses by Factor

• Scenario Responses

Scenario responses are depicted in Figure 30. When faced with a scenario where the digital system and a soldier on the ground disagree, most participants aligned to Factor A would choose to believe the soldier. A much smaller contingent would believe the system. Many participants also sought to confirm the situation either by sending troops forward to visually confirm information (‘eyes on’) or by authenticating information offline, such as over the radio or by runners. Many Factor D participants sought SOPs for when the system was compromised.

182

Cyberspace Weaponisation: Modelling Cyber-Effects and their Impacts on Mission Success, Human Factors and Kinetic Outcomes in the Tactical Land Combat Environment. Lieutenant Colonel David Ormrod.

Figure 30 - Coded Themes - Responses to Scenarios by Factor

Scenarios Three and Four generated the responses depicted in Figure 31.

Figure 31 - Coded Themes - Scenario Responses

‘Withdraw to an alternative defensive position’ refers to the action, upon learning that the digital system could be compromised, of moving back to an agreed position from which the force can defend itself whilst an alternative plan is developed. The withdrawal can take the

183

Cyberspace Weaponisation: Modelling Cyber-Effects and their Impacts on Mission Success, Human Factors and Kinetic Outcomes in the Tactical Land Combat Environment. Lieutenant Colonel David Ormrod.

“…punch out of the attack, placing intervening terrain between the attacker’s support by fire positions(s) and the assault element” (Millen 2008).

‘SOPs for actions on compromise’ is the theme that, prior to using digital systems in combat, detailed SOPs need to be developed which provide guidance and a common approach to deal with the scenarios presented in the interview.

‘Need eyes on’ was a common response to the problem of uncertainty in the authenticity of a message on the digital system. ‘Eyes on’ means that a scout or member of the organisation would be sent within visual range of the reported issue to confirm it. A participant stated “Overseas my reliance on that wasn’t huge, if I didn’t see it or it wasn’t from a first-hand source I wouldn’t trust it. Again, it’s like Google Earth, or realestate.com photos that look amazing but until you see it yourself you don’t know”.

‘Authenticate offline’ referred to an alternative system, such as a voice message or runner, used to confirm the authenticity of the digital message without relying on a virtual connection.

‘Depends on the situation’ was a theme used by those who didn’t want to commit to a course of action.

‘Depends on the rules of engagement’ dealt with the difficult situation of an apparent civilian presence in an area that was directing fire onto friendly troops. One participant explained “So much depends on the rules of engagement”.

‘Believe the system’ referred to the theme where participants would elect to use the information presented by the digital system instead of conflicting data from other sources. One participant stated “There is always the risk that the information you are receiving is not correct, it is a deception but I would have to take it at face value”.

‘Believe the guy on the ground’ referred to a scenario with a commander under fire from a building who contradicted the information on the digital C2 system. Trusting the person in the situation who was contradicting the digital C2 system was a common response. One response was “If somebody on the ground was standing there and said I can’t see anybody then that would be good enough for me. I wouldn’t second guess myself and I don’t think a computer screen would make me think otherwise”.

184

Cyberspace Weaponisation: Modelling Cyber-Effects and their Impacts on Mission Success, Human Factors and Kinetic Outcomes in the Tactical Land Combat Environment. Lieutenant Colonel David Ormrod.

4.1.7 Comparison of Results and Literature

This section relates the themes identified in the interviews of this study to those of the literature. It then develops theory from the identified themes. The theory is developed to allow the development of simulation agents that are capable of reflecting specific components of the interview themes.

The results of this study are consistent with the mixed views expressed in a survey of Marine Corps officers in 2010. That study explored the experiences of combat veterans who had used C2 systems on operations (Dreier & Birgl 2010). The different viewpoints, encapsulated by divergent ‘camps’, were formed from the experiences of the study’s participants. For example, poor message completion rates for digital traffic can mean that there is little discernible difference in the combat outcomes of digital- or analogue-equipped units, despite an increase in the SA of the digital-equipped units (Conaster & Grizio 2005). Thus, sustained technical issues can influence the impact that C2 systems have on broader tactical outcomes. Technical issues may influence stakeholders’ opinions of the effectiveness of C2 systems. Even where the systems are generally seen as effective and positive, efforts to flatten hierarchies or fundamentally change the way units operate is generally not supported by users (Dreier & Birgl 2010). This observation is relevant, given the contention by some authors that “…decentralised and individual troops will be freed to act on their own initiative, leading to self- synchronisation, a clear nod to the chaoplexic notion of self-organisation” (Bousquet 2008, p. 927).

Digital C2 systems are advantageous and helpful but at the time of writing, they have not fundamentally transformed the chain of command, decision-making processes or the outcomes of combat. They are helpful tools that assist battlefield visualisation, communication and the transfer of large data sets for administrative purposes. This has implications not only in terms of how these systems are developed and used, but also for how they are protected from attack, and for the outcomes of successful cyber-attacks during combat operations. The Command Team Effectiveness Model has identified a number of components for military teams, including the roles of the team, team member, leader, organisation, task and mission framework, task- and team-focused behaviours, and task and team outcomes (Essens et al. 2005). C2 requires structure, hierarchy and coordination to an extent that is not commonly recognised within the NCW literature. Units do not, in the normal state of things, swarm targets from many directions or move without strict controls in place, because of the likelihood of fratricide and the

185

Cyberspace Weaponisation: Modelling Cyber-Effects and their Impacts on Mission Success, Human Factors and Kinetic Outcomes in the Tactical Land Combat Environment. Lieutenant Colonel David Ormrod.

complexity of the combat environment. This fact is evident upon detailed reading of the command structures and task networks depicted in the scenarios developed by Rafferty, Stanton, & Walker (2012) to understand the incidence of fratricide in the modern battlespace. The structure and hierarchy of military units manages the competencies, training, tasks, missions and capabilities of individuals, teams, units and forces (Best et al. 2013).

Alberts (1996) assessment of vulnerabilities in digital C2 systems, made twenty years ago, identified many vulnerabilities and potential controls. Captured equipment would require authentication procedures, security codes, doctrine and training on system compromise to maintain system security. Procurement risks would require analysis of source code and hardware. Increasing connectivity would result in more risk of network compromise and larger amounts of data being subject to compromise when a system was breached. Finally, the vulnerability of systems to undetected compromise could “…greatly inhibit decisive and effective decision-making. New types of defensive decision aids will be needed to detect, assess, and counter such attacks” (Alberts 1996, p. 16). These observations were generally confirmed in the interviews conducted by the author. Authentication procedures, training, technical responses to system compromise, concerns about vulnerable software and concerns about the volume of information that could be compromised were all identified by users as areas of concern. The impact on trust in the network, the volume of information on the system and the impact on SA and combat outcomes were all identified as concerns during interviews (Bowman & Thomas 2009).

The findings of this thesis align to a number of observations made by Gonzales (2005). The study of the US Stryker Brigade’s digitisation noted that soldiers and commanders may resort to familiar analogue methods because of a lack of training (Gonzales 2005). This reinforces the importance of soft factors when considering digital C2 system interactions. If the systems do not add value in combat, they are worked around. The other implication of this observation is the resilience underlying the military C2 system. In the contemporary combat environment, analogue and traditional training systems provide redundancy. But they also mean that the value proposition of digital C2 systems are reduced if they do not provide the benefits expected, be that due to a lack of training, insufficient exposure in the field, or through failures in technical capability or functionality. The ability to work around the system provides more resilience, but from a system implementation perspective it reinforces the existence of shadow processes that reduce the value proposition of the digital systems. Several interview participants expressed a belief that with generational change, the ability to resort to alternative

186

Cyberspace Weaponisation: Modelling Cyber-Effects and their Impacts on Mission Success, Human Factors and Kinetic Outcomes in the Tactical Land Combat Environment. Lieutenant Colonel David Ormrod.

systems decays, due to different skill sets and expectations. Specific technologies and lifestyles experienced during the formative years of individuals are thought to influence their expectations and development. However, this does not mean that it is possible to presume that all the members of a particular generation have the same level of expertise or desire to use a technology (Best et al. 2013).

System implementation and user experiences are inextricably linked to the way the systems are used. The interviews demonstrated that despite a wide number of potential benefits, most participants identified with system issues and deficiencies. Therefore, the overall desire was to keep traditional methods as the primary means of communication. The “…very rapid pace of future battles, as well as the imperatives of turning inside adversary decision loops, will punish procrastination and inaction severely” (Alberts 1996, p. 39). Digital C2 systems are intended to provide ‘information dominance’ in a manner that increases the tempo of combat and decision making. However, environmental factors or issues with the implementation of digital C2 systems have limited these benefits for many interview participants. System latency, data loss and reduced trust by users of digital systems all threaten the delivery of the benefits identified by participants in this thesis. The relationships between network performance, reliability, information quality, combat synchronisation and physical outcomes have also been considered in (Bonds et al. 2012) with similar outcomes.

Lag and latency was of concern for many participants. The time taken to transmit radio messages and transcribe them through the hierarchy was seen by many participants as less significant than the time required to type a message and send it through a digital network. This undermines the near-real-time nature of digital C2 systems that some participants identified as a potential benefit. The disparity in time taken to communicate with digital C2 systems compared with analogue radio systems was reflected in many interviews. Some participants indicated that they didn’t have the time to type, or that typing was difficult in a moving vehicle. Several participants self-rated their computer aptitude as low, reinforcing the difficulty they might have interacting with a computer and typing in the dark, the rain, or in a cramped vehicle. Some participants indicated that at night they would set the screen to the lowest possible brightness setting to preserve their night vision and prevent being observed by the adversary.

The impact of latency and lag on both the trust of the decision maker and the effectiveness of the system in providing SA was demonstrated in a study of combat identification judgements using a digital C2 system (Bryant & Smith 2013). In the study, a real-time digital C2 system resulted in dramatic enhancements in combat identification performance. This suggests that

187

Cyberspace Weaponisation: Modelling Cyber-Effects and their Impacts on Mission Success, Human Factors and Kinetic Outcomes in the Tactical Land Combat Environment. Lieutenant Colonel David Ormrod.

SA was greatly increased. However, a latency of only ten seconds caused large increases in fratricide rates and reductions in SA. Bryant & Smith (2013) noted that the negative impact of lag could be offset by other communication devices and control measures. However, the decision maker “…may show less trust in a BFT that does not present real-time data… careful attention must be paid to the way users of BFT are trained and to the design of interfaces that can convey error and uncertainty” (Bryant & Smith 2013, p. 87). The study did not involve trained soldiers, but the results correlate strongly with the themes expressed by interview participants in this thesis. Lag affects SA, which influences trust and performance.

The utility and value of information differs based on the level at which it is considered. At the strategic level, its potential value is high. However, at the tactical and operational levels, it is actionable value which is of most concern. This is because of the shorter duration of tactical action and the greater influence that location and specific capabilities have in a resource- constrained tactical environment (Fortson 2007, p. 170). This has an implication for cyber- attack and cyber-defence planning, because information utility has a direct relationship to the criticality of the information. Correspondingly, critical information may have no actual utility, because it is incorrect or deceptive, despite its apparent utility. The degree of trust a decision maker has in information and the network providing that information may also influence the utility of the network and the way it is used.

Trust has different connotations and meanings. Trust is a psychological construct, an attitude, a spectrum, an expectation of social relations or performance, an acceptance of exposure to vulnerability or risk, a collective attribute through relations or a rational expectation. Trust can exist between individuals and teams. For example, swift trust can occur within hasty networks where a framework of trust is established through reputation, disposition, rules, organisational factors and specialist roles (UK Ministry of Defence 2011). However, in the digital environment the object of trust is often technology and the organisation that has deployed that technology (Beldad et al. 2010). For example, trust in technology can be influenced by factors such as experience, the quality of transactions, satisfaction with the results of prior transactions, and the functionality and the reliability of the digital system. Inappropriate levels of trust in technology can lead to automation-induced complacency, where an individual trusts the device to the extent that they fail to give sufficient attention to its performance (Browne & Cook 2011). However, the participants interviewed by the author did not appear to suffer from this issue. Rather, the degree of trust expressed in the digital systems was low. It is possible that this arises from the operators’ workloads and frustration with the systems (Hirshfield et al. 2011). The

188

Cyberspace Weaponisation: Modelling Cyber-Effects and their Impacts on Mission Success, Human Factors and Kinetic Outcomes in the Tactical Land Combat Environment. Lieutenant Colonel David Ormrod.

glare from screens, crashing of systems in the field, failures to send or receive messages, unserviceable displays, and inability to see the screen at night with night vision equipment were all noted as issues in a previous study by the US Army (Bowman & Thomas 2009).

A study of two platoons in the US Army subjected to limited OCO on an exercise revealed “…that the more difficult-to-detect network attack was the intermittent denial of service attack… A more easily detected attack occurred when the… team attempted to insert deceptive information into the network in the form of annotated images, bogus spot reports or misleading instructions... Normally the suspicion of an attack was discussed via voice between the two “victims” and confirmed that there was indeed an intruder on the net. Once a tool was compromised the Soldiers stopped using it” (Bowman & Thomas 2009, p. 17). These observations were consistent with the comments of some of this study’s participants, including the desire to cause difficult-to-detect interruptions in the enemy network if OCO was possible, the desire to use the radio network to confirm suspicion of an attack, and the response to shut the system down if it was detected that the network had been compromised.

The responses by participants to the first two of the four scenarios presented in the interviews were predominately descriptions of tactical action. The speed with which most participants could assess each scenario, using only a graphical depiction, demonstrated their ability to make rapid decisions in uncertain situations using the information available. Most assessed the tactical situation in less than two minutes. Despite the advantages available through digital C2 systems, the “…commander must still make good tactical decisions that exploit the capabilities of subordinate units and take advantage of the terrain, enemy capabilities and limitations, and any other environmental aspects of the area of operations” (Gonzales 2005, p. 36). Every participant who responded employed manoeuvre tactics to deal with the threat. The application of manoeuvre in combat is intended to create opportunities that would not be available if two forces simply charged into each other.

4.1.8 Summary of Interviews Section

The integration of grounded theory and Q methodology allowed the identification of different opinions and perspectives amongst the interview participants. A card sort system and hypothetical scenarios were used to generate responses, as was a series of questions pertaining to the use of digital C2 systems. The use of Q methodology and thematic analysis does not claim to represent a specific percentage of military decision makers, although it is thought that theoretical saturation occurred within the sample. The thematic analysis coding approach

189

Cyberspace Weaponisation: Modelling Cyber-Effects and their Impacts on Mission Success, Human Factors and Kinetic Outcomes in the Tactical Land Combat Environment. Lieutenant Colonel David Ormrod.

adopted sought to account for any inherent bias through an independent thematic analysis by the author’s academic supervisor, as described in Section 3.2.2.

The coded themes will now be utilised in the next section to create a human factors model suited to implementation in a simulation. This section contributes to the following SQs:

SQ1. What are the relationships between tactical land combat human factors and cyber- systems? The interviews revealed relationships between human factors and cyber-systems, including experience, aptitude, trust and uncertainty. These relationships led to different attitudes to digital systems and differing responses to potential cyber-attack.

SQ2. What are the relationships between tactical land combat kinetic outcomes and cyber- systems? Kinetic outcomes are influenced by cyber-systems through the passage of information and the shared SA available to decision makers across the battlefield. The relationship between kinetic outcomes and cyber-systems is indirect. However, the interviews revealed that this indirect relationship is strong for some participants. The strength of the relationship varied between participants based on their experience, aptitude and trust in the digital systems they used.

SQ3. What are the relationships between cyber-effects and tactical land combat mission success? Cyber-effects and mission success are related according to the quality of the information available to the decision maker and the degree of trust they have in it. Cyber-effects capable of compromising the integrity, confidentiality or availability of data subsequently utilised in decision making can have an impact on mission success. However, a cyber-effect can also reduce the information available to a decision maker by creating uncertainty in the trustworthiness of the network or the data it is displaying.

SQ4. How can the impact of cyber-effects on tactical land combat mission success be described and measured? The impact of cyber-effects can be described in terms of information quality and certainty for the decision maker, and the ability of digital C2 systems to contribute to the tactical combat process and mission success. The relationship is indirect and heavily dependent on the environmental context, and the relationship between the decision maker and the technology they are using. A cyber-attack on a system which is not being used may not have any impact on mission success. In a different scenario, an important data packet that is prevented from transmission could impact the outcome of a battle.

190

Cyberspace Weaponisation: Modelling Cyber-Effects and their Impacts on Mission Success, Human Factors and Kinetic Outcomes in the Tactical Land Combat Environment. Lieutenant Colonel David Ormrod.

SQ5. What broad mitigation strategies are available to reduce the mission impact of a cyber- effect? Broad mitigation strategies were identified by the interview participants. Responses included decisions on when to switch off systems, when to seek additional information and when to try to deceive the adversary using compromised systems. These strategies are not comprehensive but they offer a number of doctrinal, digital and physical responses that could be employed following an analysis of their effectiveness.

4.2 Digital C2 Human Factors Combat Model – Extrinsic Knowledge

The grounded theory exploratory analysis of interview data has led to the development of the Digital C2 Human Factors Combat Model (DC2HFC model), depicted in Figure 32. The model does not describe the detailed processes by which human factors are generated. The DC2HFC model seeks to generalise the results of the interviews and their participants for the express purpose of simulating combat using digital C2 devices. The model is suited for implementation in an ABM, with the intention that each personality described within the model is reflected by an agent. The DC2HFC model consists of five sub-models: compromised enemy digital C2 system, digital systems C2 trust, tactical decision making, agent personality and deception.

Figure 32 - Digital C2 Human Factors Combat Model (DC2HFC Model)

191

Cyberspace Weaponisation: Modelling Cyber-Effects and their Impacts on Mission Success, Human Factors and Kinetic Outcomes in the Tactical Land Combat Environment. Lieutenant Colonel David Ormrod.

4.2.1 Compromised Enemy Digital C2 System

The ‘compromised enemy digital C2 system’ sub-model (Figure 33) describes the action taken by an agent, depending on its personality settings (described in agent personality), when the opposing force’s digital C2 system is compromised by a friendly cyber-attack. There is a digital and physical response by each agent. This model is decomposed into ‘if…then…’ statements that will be developed into code.

Figure 33 - Compromised Enemy Digital C2 System Sub-model

192

Cyberspace Weaponisation: Modelling Cyber-Effects and their Impacts on Mission Success, Human Factors and Kinetic Outcomes in the Tactical Land Combat Environment. Lieutenant Colonel David Ormrod.

4.2.2 Compromised Friendly Digital C2 System

The ‘compromised friendly digital C2 system’ sub-model (Figure 34) describes the action taken by an agent, depending on its personality settings, when the digital C2 system used by the agent, or the network the agent is connected to, is suspected of compromise by an adversary’s cyber-attack. There is a digital and physical response by each agent. This model is decomposed into ‘if…then…’ statements for development into code.

Figure 34 - Compromised Friendly Digital C2 System Sub-model

193

Cyberspace Weaponisation: Modelling Cyber-Effects and their Impacts on Mission Success, Human Factors and Kinetic Outcomes in the Tactical Land Combat Environment. Lieutenant Colonel David Ormrod.

4.2.3 Digital Systems C2 Trust

The ‘digital systems C2 trust’ sub-model (Figure 35) provides the action taken by an agent, depending on its personality settings, when their trust setting changes because of human error, cyber-attack or a difference in information feeds. Each agent has one of three states: trusted, uncertain or not trusted. An agent may change states depending on the decisions made within the model. This model is decomposed into ‘if…then…’ statements for development into code.

Figure 35 - Digital C2 System Trust Sub-model

194

Cyberspace Weaponisation: Modelling Cyber-Effects and their Impacts on Mission Success, Human Factors and Kinetic Outcomes in the Tactical Land Combat Environment. Lieutenant Colonel David Ormrod.

4.2.4 Agent Personality

The ‘agent personality’ sub-model consists of four personalities, represented by Factors A to D (Figure 36). The personality model sets the conditions that are allowable for a specific personality. For example, a personality may have a low or average computer aptitude. Some parts of the model are set in the start state of a simulation run. Where more than one option exists for these start state conditions, they are selected by a random number. Other parts of the models are factors that may change during the simulation run. Changeable factors will begin in one state and move to another, based on conditions set within the model described within this thesis.

Figure 36- Agent Personality Sub-model

The analysis conducted by the author led to four factors being identified. These are correlated against different personality profiles by the author. The analysis of personality is not attempted in this thesis, on the basis that only particular individual characteristics are considered. However, personality traits are grouped under a personality type based on the themes and factors emerging from the research data collected during the interviews. The difficulty associated with developing a robust and repeatable methodology for considering personalities across the broad range of combat scenarios that are possible has restricted research in this area. However, Dupuy (1987) considered the impact of leadership and personality on combat outcomes. The personality traits of historical commanders were studied in an effort to understand what is most effective in achieving combat outcomes (S. M. Ritchie 2003; McCormack & Mellor 2002; Bartone 2006). The United States Air Force has studied the personality factors affecting the combat performance of pilots (Siem & Murray 1997). Red teaming also incorporates personality factors (University of Foreign Military and Cultural

195

Cyberspace Weaponisation: Modelling Cyber-Effects and their Impacts on Mission Success, Human Factors and Kinetic Outcomes in the Tactical Land Combat Environment. Lieutenant Colonel David Ormrod.

Studies 2012). The influence of soft factors on combat decisions through virtual attrition and suppression has been described as the pucker factor, an important observation which contradicts some Lanchester attrition models of combat (Davis 1989).

The personalities described in the model have been developed so that each can be implemented in a simulation as an agent type. Therefore, four agent types are intended for simulation, with a series of ‘if…then…’ rules describing the behaviour of the agent based on its SA. Agents have a set of beliefs about the world, a set of events they respond to, a set of goals they seek to achieve and a set of plans describing behavioural responses to goals or events that may arise (Gorton 2006). Similar agents, such as JACK Agents, have been utilised for military simulations, serious games, and simulation federations such as Virtual Battle Space (VBS) 3 (Evertsz et al. 2015). Beliefs represent a state of the environment, which may be imperfect. This is the informative component of the system state (Rao & Georgeff 1995). Desires are end states or goals that allow for replanning when a dynamic situation changes (Georgeff et al. 1998). Desires are the motivational system state (Rao & Georgeff 1995). Intentions are elements of partial plans of action. These allow for dynamic adjustments by the agent to environmental and system changes, providing a deliberative component of the system (Rao & Georgeff 1995). The BDI planning process also requires a means-end coherence, which implies that resources are assigned to sub-plans to ensure plans are achievable in comparison to the beliefs of the agent (Bratman 1987). Therefore, a resourcing component is required as part of the belief and desires process. Commitment strategies also allow for options to be constrained based on the problem-space (Georgeff et al. 1998). Different BDI agents can be developed depending on their termination conditions (Rao & Georgeff 1995).

Epstein (2014) advocated a different behavioural agent, called Agent Zero. Agent Zero has three components: affective/emotional, cognitive and social. Agent Zero’s behaviour is always binary, in that an action is either performed by an agent or it is not. Weights between agents influence their disposition relative to other agents in their network. Epstein’s approach to synthesising cognitive and social sciences has been criticised because of his failure to validate the model, presenting the theory as an idealisation rather than reality (Epstein 2014).

196

Cyberspace Weaponisation: Modelling Cyber-Effects and their Impacts on Mission Success, Human Factors and Kinetic Outcomes in the Tactical Land Combat Environment. Lieutenant Colonel David Ormrod.

4.2.4.1 Personality A

Personality A has an average to low computer aptitude, limited experience using digital C2 systems and no training on those systems. The preferred system for personality A is analogue, and the system they trust is map and radio. Personality A has experienced success in the employment of deception in the past, identifying the main considerations as security and believability. In the event personality A’s digital C2 system is compromised, the physical response is to move to a defendable position and the digital response is to shut the system down. In the event that personality A has access to a compromised OPFOR C4ISR system, the physical response is to attack enemy vulnerabilities and the digital response is to watch and gather information to understand the enemy’s capabilities. When uncertain about the trust in digital C2 systems, the response by personality A will be one of: believe the guy on the ground, need eyes on and authenticate offline. Personality A’s rank is CPL-PTE and their corps is ARMS or CSP. Agent A is depicted in Figure 37.

Agent A Rank Corps Digital C2 Experience Digital C2 Training •CPL- PTE •ARMS; or •Limited •Nil  •CSP

Computer Aptitude Default System Trust Deception Consideration •Average; or •Map and radio •Security; or •Low •Believable

Responses Uncertainty Compromised OPFOR C4ISR Compromised BFT •Believe the guy on Physical Digital Physical Digital the ground; or •Attack enemy •Watch and •Move to a •Shut down •Need eyes on; or vulnerabilities gather defendable •Authenticate offline information; or position •Understand the enemy’s capabilities

Figure 37 - Agent A Personality

197

Cyberspace Weaponisation: Modelling Cyber-Effects and their Impacts on Mission Success, Human Factors and Kinetic Outcomes in the Tactical Land Combat Environment. Lieutenant Colonel David Ormrod.

4.2.4.2 Personality B

Personality B has an average computer aptitude, extensive experience using digital C2 systems and either extensive, limited or nil training on those systems. The preferred system for personality B is either analogue or digital, and the system they trust is uncertain. Deception employment experience is successful and the main considerations are planning and believability. In the event that personality B’s digital C2 system is compromised, the physical response is to move to adopt a secondary course of action and the digital response is to shut the system down. In the event personality B has access to a compromised OPFOR C4ISR system, the physical response is to integrate cyber and kinetic effects and the digital response is to watch and gather information, or conduct DoS. When uncertain about the trust in digital C2 systems, the response by personality B will be to either authenticate offline or believe the guy on the ground. Personality B’s rank is CAPT-LT or WO1-SGT and their corps is ARMS, CSP or CSS. Agent B is depicted in Figure 38.

Agent B Rank Corps Digital C2 Experience Digital C2 Training •CAPT-LT; or •ARMS; or •Extensive •Extensive; or  •WO1-SGT •CSP; or •Limited; or •CSS •Nil

Computer Aptitude Default System Trust Deception Consideration •Average •Uncertain •Planning; or •Believable

Responses Uncertainty Compromised OPFOR C4ISR Compromised BFT •Authenticate offline; Physical Digital Physical Digital or •Integrate cyber •Watch and •Adopt secondary •Shut down •Believe the guy on and kinetic gather course of action the ground; or effects information; or •Depends on the •Denial of service situation

Figure 38 - Agent B Personality

198

Cyberspace Weaponisation: Modelling Cyber-Effects and their Impacts on Mission Success, Human Factors and Kinetic Outcomes in the Tactical Land Combat Environment. Lieutenant Colonel David Ormrod.

4.2.4.3 Personality C

Personality C has a high computer aptitude, limited experience using digital C2 systems and nil, limited or extensive training on those systems. The system they trust is map and radio. Deception employment experience is nil and the main considerations are think like the enemy and don’t over-commit resources. If the personality C digital C2 system is compromised, the physical response is to adopt a secondary course of action and move to a defensive position. The digital response is to shut down and perform forensics to understand compromised information. If the personality C has access to a compromised OPFOR C4ISR system, the physical response is to integrate cyber and kinetic effects. The digital response is to understand the enemy’s capabilities, watch and gather information or disrupt and interfere. When uncertain about the trust in digital C2 systems, the response by personality C will be to believe the guy on the ground, believe the system or need eyes on. Personality C rank is CAPT-LT or WO1-SGT. Their corps is ARMS, CSP or CSS, and described in Figure 39.

Agent C Rank Corps Digital C2 Experience Digital C2 Training •WO1-SGT; or •ARMS; or •Limited •Extensive; or  •CPL- PTE •CSP •Limited; or •Nil Computer Aptitude Default System Trust Deception Consideration •High •Map and radio •Think like the enemy; or •Don’t over commit resources

Responses Uncertainty Compromised OPFOR C4ISR Compromised BFT •Believe the guy on Physical Digital Physical Digital the ground; or •Integrate cyber •Understand the •Adopt secondary •Shut down; or •Believe the system; and kinetic enemy’s course of action; •Forensics to or effects capabilities; or or understand •Need eyes on •Watch and •Move to a compromised gather defendable information information ; or position •Disrupt and interfere

Figure 39 - Agent C Personality

199

Cyberspace Weaponisation: Modelling Cyber-Effects and their Impacts on Mission Success, Human Factors and Kinetic Outcomes in the Tactical Land Combat Environment. Lieutenant Colonel David Ormrod.

4.2.4.4 Personality D

Personality D has an average or high computer aptitude, extensive experience using digital C2 systems and extensive training on those systems. The system they trust is map and radio. Deception employment experience is nil or successful and the main considerations are think like the enemy and don’t over-commit resources. If personality D’s digital C2 system is compromised, the physical response is to move to a defendable position and the digital response is to shut down or use alternative digital system. If personality D has access to a compromised OPFOR C4ISR system, the physical response is to integrate cyber and kinetic effects and the digital response is to watch and gather information or understand the enemy’s capabilities. When uncertain about the trust in digital C2 systems the response by personality D will be to believe the guy on the ground or need eyes on. Personality D rank is CAPT-LT or WO1-SGT and their corps is ARMS, CSP or CSS, refer to Figure 40.

Agent D Rank Corps Digital C2 Experience Digital C2 Training •CAPT-LT; or •ARMS; or •Extensive •Extensive  •WO1-SGT •CSP; or •CSS Computer Aptitude Default System Trust Deception Consideration •High; or •Map and radio •Think like the enemy; or •Average •Don’t over commit resources

Responses Uncertainty Compromised OPFOR C4ISR Compromised BFT •SOPs for actions on Physical Digital Physical Digital compromised system; •Integrate cyber •Watch and •Move to a •Shut down; or or and kinetic gather defendable •Use alternative •Believe the guy on effects information; or position digital system the ground; or •Understand the •Need eyes on enemy’s capabilities

Figure 40 - Agent D Personality

200

Cyberspace Weaponisation: Modelling Cyber-Effects and their Impacts on Mission Success, Human Factors and Kinetic Outcomes in the Tactical Land Combat Environment. Lieutenant Colonel David Ormrod.

4.2.5 Deception

The network-centric environment offers opportunities for new forms of deception in combat. Deception has been identified as a force multiplier when successful (Nisbett 2005). Deception requires the planner to establish goals, determine the desired perception, create a story and develop a plan (Hicinbothom et al. 1990). Deception seeks to undermine the quality of the information available to a commander and thereby degrade their SA. Deception is the “…deliberate misrepresentation of reality done to gain a competitive advantage” (Daniel & Herbig 1982, p. 1). The objective of deception is to deliberately mislead the adversary, exploiting their state of mind to create misperception through a systematic and consistent process by penetrating the inner mind of the enemy and inducing them to do something contrary to their interests (Gooch & Perlmutter 1982; Vego 2002). Successful deception creates an impact on the target’s thinking. The likelihood of success increases when a deceiver understands the way that the target thinks (Daniel & Herbig 2013). The responses from participants revealed a general understanding of the principles of deception. However, the level of experience and the broad or narrow nature of that experience influenced the considerations selected by participants.

Efforts to deceive an adversary are challenging. The human element in the interpretation of information and making of decisions means that simply presenting corrupt data through an OCO does not guarantee specific outcomes or behaviour from the adversary. The success of the deception plan depends on a variety of factors including the culture, personality, training and life experiences of the individuals involved. Therefore, deception planning that is integrated with an OCO requires extensive training, experience, planning and execution. This includes understanding the adversary’s culture, doctrine and, where possible, information on the specific individuals being targeted, as well as familiarity with their battlefield technologies. Technology, integrated with OCO for a tactical effect, is only one component of a deception plan. The theatrical production of deception requires a script and actors, and plans and decision makers, all choreographed to achieve specific, physical, battlefield outcomes. The model depicted in Figure 41 described the agent-based model applied to personalities A to D. If an opportunity for deception is detected by the agent, the agent will plan deception options according to their personality. Agent experience in deception was not considered in the model.

201

Cyberspace Weaponisation: Modelling Cyber-Effects and their Impacts on Mission Success, Human Factors and Kinetic Outcomes in the Tactical Land Combat Environment. Lieutenant Colonel David Ormrod.

Figure 41 - Deception Model

202

Cyberspace Weaponisation: Modelling Cyber-Effects and their Impacts on Mission Success, Human Factors and Kinetic Outcomes in the Tactical Land Combat Environment. Lieutenant Colonel David Ormrod.

4.2.6 Summary of the DC2HFC Model

The DC2HFC model seeks to generalise the results of the interviews for the express purpose of simulating combat using digital C2 devices. The model is suited for implementation in an ABM, with the intention that each personality described within the model is reflected by an agent. The next section considers the representation of business processes in the land combat environment, to support the generation of behaviours and their depiction in a model. This section contributes to the following SQs:

SQ1. What are the relationships between tactical land combat human factors and cyber- systems? The DC2HFC model establishes four agent personalities with different attributes and responses to compromised digital C2 systems. These four personalities encapsulate a number of relationships critical to answering this research question. Rank, corps, experience, training, computer aptitude, trust in the system, environmental responses to uncertainty, a compromised BFT and a compromised OPFOR C4ISR system all describe the relationship between tactical land combat human factors and cyber-systems.

SQ2. What are the relationships between tactical land combat kinetic outcomes and cyber- systems? Data, decision making agents, their SA and the cyber-systems that provide communication networks are objects that exist in a physical and non-physical sense. The data that cyber-systems provide agents, the agent’s response when their cyber-system is compromised, and the agent’s trust in the cyber-system are examples of relationships between objects and the properties of those objects. The human factor of trust, if lost, impacts the SA of that agent depending on their reaction. For example, an agent who switches the system off when it becomes untrusted will have less access to information. However, this could also reduce the success of a confidentiality attack, because that agent can no longer be tracked using their own BFT. The interviews made apparent the indirect relationship between kinetic outcomes, SA and tactical decisions. The decision to engage an enemy force and create kinetic outcomes was made by a decision maker using their SA and the available information. Therefore, between the kinetic outcome and the cyber-system there is a human interface, which applies SA, knowledge and experience to regulate the broader SOS.

SQ3. What are the relationships between cyber-effects and tactical land combat mission success? Frequently, scenario participants decided to avoid battles of attrition despite superior odds because they were not immediately related to mission success (i.e. achieve a mission objective). This trend reinforced the literature on manoeuvre and the training that the decision

203

Cyberspace Weaponisation: Modelling Cyber-Effects and their Impacts on Mission Success, Human Factors and Kinetic Outcomes in the Tactical Land Combat Environment. Lieutenant Colonel David Ormrod.

makers had received. They avoided battles of attrition in favour of achieving mission objectives. Participants utilised environmental information, knowledge of enemy intent and tactics, and information feeds from their troops to make decisions that aimed to achieve the mission as efficiently and effectively as possible.

SQ4. How can the impact of cyber-effects on tactical land combat mission success be described and measured? Cyber-effect impact on mission success was broadly described by participants in terms of mission outcomes, the utility of the digital network they were using and the value of the information used in their decision making. The measures used by the interview participants were mission success, and their awareness of friendly and enemy dispositions to support successful decisions.

SQ5. What broad mitigation strategies are available to reduce the mission impact of a cyber- effect? Mitigation strategies available to reduce the impacts of cyber-effects are limited to the agent responses included in the DC2HFC model. Agent responses consist of physical or digital actions, such as turning the system off, sending an authentication message, or seeking another agent to confirm the information. These specific mitigation actions inform a broader series of mitigation strategies including SOPs, training and red-teaming.

4.3 Business Process Representation – Extrinsic Knowledge

4.3.1 End-To-End Use Cases

End-to-end (E2E) use cases incorporate domains and actors as components within business processes. An example is the interaction of artillery fire across domains. The basic use case for an artillery fire mission in a land combat environment is depicted in Figure 42. A Fire Mission (FM) occurs when a JFT requests artillery support. In this simplified example, a JFT actor sends a Call For Fire (CFF) message. A JFCC subsequently conducts safety checks, confirms the priority of the mission and approves the request. The JFCC also manages a fire mission queue of approved requests ranked by priority. An OS battery actor is then assigned a fire mission from the queue by the JFCC. The battery fires a salvo to complete the fire mission.

A fire mission commences after a JFT entity has detected a member of the opposing force that is a suitable OS target. The implications across ontological domains for this process are described in more detail within Ormrod, Turnbull, & O'Sullivan (2015) and the ontology

204

Cyberspace Weaponisation: Modelling Cyber-Effects and their Impacts on Mission Success, Human Factors and Kinetic Outcomes in the Tactical Land Combat Environment. Lieutenant Colonel David Ormrod.

described within this thesis. Kinetic action and cognitive processes are supported by communication networks and doctrine to produce a result and impact the adversary.

Figure 42 - E2E Use Case for OS Fire Mission

4.3.2 Business Process Descriptions

End-to-end use cases provide context about the interaction and relationship between domains. However, they are not as robust for developing simulation code and identifying the links between business processes. Therefore, business process descriptions (BPD) were developed using BPMN 2.0 (von Rosing et al. 2013). A BPD example of the OS Fire Mission is provided in Figure 43.

205

Cyberspace Weaponisation: Modelling Cyber-Effects and their Impacts on Mission Success, Human Factors and Kinetic Outcomes in the Tactical Land Combat Environment. Lieutenant Colonel David Ormrod.

Figure 43 - BPD 19 Fire Mission

206

Cyberspace Weaponisation: Modelling Cyber-Effects and their Impacts on Mission Success, Human Factors and Kinetic Outcomes in the Tactical Land Combat Environment. Lieutenant Colonel David Ormrod.

Business process descriptions are important representations of how resources and capabilities produce outcomes aligned with the mission. Business processes form the core of how organisations compete. Military activities, such as tactical land combat operations, are no different. Techniques and procedures used by the military “are established patterns that can be applied repeatedly with little or no judgment in a variety of circumstances” (Department of Defense 2001a). Techniques and procedures are business processes, and the author contends that BPMN 2.0 is a suitable technique for modelling them. A total of 146 BPDs were developed to support this thesis and are listed in Table 11.

207

Cyberspace Weaponisation: Modelling Cyber-Effects and their Impacts on Mission Success, Human Factors and Kinetic Outcomes in the Tactical Land Combat Environment. Lieutenant Colonel David Ormrod.

Table 11 - BPDs Created as Thesis Artefacts

The interaction between the high level business processes is depicted in Figure 44. A detailed schematic of the underlying interaction between BPDs is provided in Figure 45. Technological systems, data and physical interaction underpin these BPDs.

208

Cyberspace Weaponisation: Modelling Cyber-Effects and their Impacts on Mission Success, Human Factors and Kinetic Outcomes in the Tactical Land Combat Environment. Lieutenant Colonel David Ormrod.

Figure 44 - Business Process Interactions - High Level View

209

Cyberspace Weaponisation: Modelling Cyber-Effects and their Impacts on Mission Success, Human Factors and Kinetic Outcomes in the Tactical Land Combat Environment. Lieutenant Colonel David Ormrod.

Figure 45 - Business Process Interactions - Detailed Schematic

210 Cyberspace Weaponisation: Modelling Cyber-Effects and their Impacts on Mission Success, Human Factors and Kinetic Outcomes in the Tactical Land Combat Environment. Lieutenant Colonel David Ormrod.

This page is intentionally blank.

211 Cyberspace Weaponisation: Modelling Cyber-Effects and their Impacts on Mission Success, Human Factors and Kinetic Outcomes in the Tactical Land Combat Environment. Lieutenant Colonel David Ormrod.

4.3.3 Summary of Business Process Representation

Business process representation has been achieved through BPDs utilising the BPMN 2.0 standard. These BPDs emerged from E2E process descriptions which link domains to processes. This section contributes to the following SQs:

SQ1. What are the relationships between tactical land combat human factors and cyber- systems? Business process representation establishes the links between decisions and the data used to inform them. Through BPDs, this thesis has documented the data provided by cyber- systems and the way it is provided to a decision maker.

SQ2. What are the relationships between tactical land combat kinetic outcomes and cyber- systems? The cyber-systems and their relationships to kinetic outcomes are not directly represented in the BPDs. However, the links between those BPDs which produce kinetic outcomes and those which are supported by cyber-systems establishes an indirect relationship. The relationship between BPDs demonstrates the data sources that inform kinetic outcomes.

SQ3. What are the relationships between cyber-effects and tactical land combat mission success? Cyber-effects influence mission success through the BPDs that convert digital C2 data into decisions. Where a cyber-attack business process stage can compromise data or influence the utility of a network node used in a decision-making gate of a BPD, mission success can be altered. The extent of this relationship and the degree of impact cannot be established with BPDs. However, the relationship can be identified.

SQ5. What broad mitigation strategies are available to reduce the mission impact of a cyber- effect? The BPDs in this thesis include analogue and business continuity measures, establishing ways that the SOS can adapt when cyber-systems are unreliable. The BPDs have also been developed to represent the cyber-defence business process, which is described in the next section.

4.4 Cyber-Attack and Defence Representation – Extrinsic Knowledge

The cyber-attack and cyber-defence BPDs and sub-processes are described in detail, as they constitute a significant advancement on existing processes, such as the cyber-kill chain and attack lifecycles reviewed in Section 2.2. These BPDs are supported by a detailed semantic model, presented in Chapter 5. The ontology describes cross-domain links between BPDs. For

212

Cyberspace Weaponisation: Modelling Cyber-Effects and their Impacts on Mission Success, Human Factors and Kinetic Outcomes in the Tactical Land Combat Environment. Lieutenant Colonel David Ormrod.

example, within BPD 27E (Cyber-Defence Maintain Process), a single stage describes the maintenance of privilege and access control. This stage includes cross domain links to ASD strategies, CISSP methods, information assurance controls and cyber-operator behaviours. The stage also links to Red Team BPD stages, which they are intended to prevent. More detail is provided in Section 5.3.

4.4.1 Cyber-Attack: Weaponisation of the Cyber-Kill Chain

The Cyber-Attack BPD depicted in Figure 46 extends on the Lockheed Martin Cyber-Kill Chain (Hutchins, Cloppert, & Amin 2011) and Mandiant Attack Lifecycle Model (Mandiant 2015), to create a comprehensive business process that can be linked to specific objects across the nested domains. Initially, a cyber-attack capability needs to exist. This represents a non- specific ability to perform some sort of cyber-attack mission. If the cyber-attack capability exists, it then needs to be assigned a cyber-attack mission from BPD 02 (Operational Mission Planning).

Figure 46 - BPD 26 Cyber-Attack

The first sub-process involves the identification of resources from across the domains that are necessary to perform a cyber-attack mission. Figure 47 describes this process. If additional resources are required, BPD 01 (Campaign Planning) should be activated. Otherwise, mission prosecution commences and BPD 26B (Cyber-Attack Establish Foothold) is activated.

213

Cyberspace Weaponisation: Modelling Cyber-Effects and their Impacts on Mission Success, Human Factors and Kinetic Outcomes in the Tactical Land Combat Environment. Lieutenant Colonel David Ormrod.

Figure 47 - BPD 26A Cyber-Attack Identify Resources

The ‘Establish Foothold’ BPD consists of a series of sub-processes (Figure 48). These processes occur in sequence, until a foothold is established or a mission failure occurs. Sub- processes are described below.

214

Cyberspace Weaponisation: Modelling Cyber-Effects and their Impacts on Mission Success, Human Factors and Kinetic Outcomes in the Tactical Land Combat Environment. Lieutenant Colonel David Ormrod.

Figure 48 - BPD 26B Cyber-Attack Establish Foothold

The reconnaissance sub-process in Figure 49 involves a series of activities and decision points, until the mission target is located and a path to that target is established, or the mission is deemed a failure. It is important to note that the ‘Cyber-Attack Recon’ BPD mission may be a sub-set of the broader mission. The initial target identified may not be the final mission target, but a subordinate task that is part of the critical path to the final operational mission. Missions can be at an operational, tactical or task level. A task is a sub-component of a tactical mission.

215

Cyberspace Weaponisation: Modelling Cyber-Effects and their Impacts on Mission Success, Human Factors and Kinetic Outcomes in the Tactical Land Combat Environment. Lieutenant Colonel David Ormrod.

Figure 49 - BPD 26C Cyber-Attack Recon

216

Cyberspace Weaponisation: Modelling Cyber-Effects and their Impacts on Mission Success, Human Factors and Kinetic Outcomes in the Tactical Land Combat Environment. Lieutenant Colonel David Ormrod.

Cyber-attack weaponisation involves an escalation of user privilege (Figure 50). Vulnerabilities, exploits and attack vectors can lead to the development of a payload to achieve sufficient privileges, or the privileges may exist from previous cyber-attack missions.

Figure 50 - BPD 26D Cyber-Attack Weaponisation

217

Cyberspace Weaponisation: Modelling Cyber-Effects and their Impacts on Mission Success, Human Factors and Kinetic Outcomes in the Tactical Land Combat Environment. Lieutenant Colonel David Ormrod.

Cyber-attack delivery depends on a payload being available. If the payload deploys successfully, exploitation is possible. This is described in Figure 51.

Figure 51 - BPD 26E Cyber-Attack Delivery

Cyber-attack exploitation is depicted in Figure 52. Exploitation involves the execution of the payload. If this executes successfully, a malicious service is established.

Figure 52 - BPD 26F Cyber-Attack Exploitation

218

Cyberspace Weaponisation: Modelling Cyber-Effects and their Impacts on Mission Success, Human Factors and Kinetic Outcomes in the Tactical Land Combat Environment. Lieutenant Colonel David Ormrod.

Cyber-attack control requires a C2 node connection. If the connection is persistent it will then lead to cyber-attack execution. A connection which is not persistent will need to be monitored, leading back to the weaponisation process. Cyber-attack control is depicted in Figure 53.

Figure 53 - BPD 26G Cyber-Attack Control

Cyber-attack execute is depicted in Figure 54. Escalation of privileges and cleanup (removing traces on logs) leads to the cyber-attack objective analysis process.

Figure 54 - BPD 26H Cyber-Attack Execute

Cyber-attack mission failure analysis is described in Figure 55. Cyber-attack mission failure involves a reassessment that may occur based on the cost-benefit analysis of the mission and if the selected payload has been compromised. A compromised payload may still be applied as part of the cyber-attack reconnaissance process if a patch has not been applied to the target system.

219

Cyberspace Weaponisation: Modelling Cyber-Effects and their Impacts on Mission Success, Human Factors and Kinetic Outcomes in the Tactical Land Combat Environment. Lieutenant Colonel David Ormrod.

Figure 55 - BPD 26I Cyber-Attack Mission Failure Analysis

Cyber-attack objective analysis is depicted in Figure 56. This process includes the development of attacker infrastructure to gain a foothold on the mission artefacts and achieve the mission. Achieving the mission links back to the campaign planning process, to integrate the mission objective in the virtual environment to kinetic effect. If the mission artefacts are not located, a foothold is established and the cyber-attack expand control process commences.

220

Cyberspace Weaponisation: Modelling Cyber-Effects and their Impacts on Mission Success, Human Factors and Kinetic Outcomes in the Tactical Land Combat Environment. Lieutenant Colonel David Ormrod.

Figure 56 - BPD 26J Cyber-Attack Objective Analysis

Cyber-attack expand control is depicted in Figure 57. This process involves pivoting through the network to identify resources and information that can create a path to the mission objective. Where a path cannot be located, reconnaissance begins again to expand the available options. When a path is available, the cyber-attack delivery process commences.

221

Cyberspace Weaponisation: Modelling Cyber-Effects and their Impacts on Mission Success, Human Factors and Kinetic Outcomes in the Tactical Land Combat Environment. Lieutenant Colonel David Ormrod.

Figure 57 - BPD 26K Cyber-Attack Expand Control

4.4.2 Cyber-Defence Business Process: Derailing the Kill Chain

The cyber-defence business process begins when a cyber-defence capability exists. The cyber- mission is assigned from the strategic process. The cyber-defence process incorporates sub- processes shown in Figure 58.

222

Cyberspace Weaponisation: Modelling Cyber-Effects and their Impacts on Mission Success, Human Factors and Kinetic Outcomes in the Tactical Land Combat Environment. Lieutenant Colonel David Ormrod.

Figure 58 - BPD 27 Cyber-Defence

The ‘Cyber-Defence Identify Resources’ BPD has similarities to the cyber-attack process of the same name (BPD 26A). However, at the ontological level, the processes are different in that they require different skill sets, resources and potentially different infrastructure (such as botnets instead of firewalls). The two processes may run in parallel using the same resources, particularly in the case of a malicious actor who must secure their own networks whilst launching attacks on others. Cyber-defence is intended to prevent attack. Therefore, the ontology links cyber-defence steps to cyber-attack. The ‘Cyber-defence Identify Resources’ business process is depicted in Figure 59.

223

Cyberspace Weaponisation: Modelling Cyber-Effects and their Impacts on Mission Success, Human Factors and Kinetic Outcomes in the Tactical Land Combat Environment. Lieutenant Colonel David Ormrod.

Figure 59 - BPD 27A Cyber-Defence Identify Resources

The ‘Cyber-Defence Prevent Foothold’ process is depicted in Figure 60. This process involves the sub-processes of obscure, maintain and detect. When an attacker obtains a foothold, and is detected, BPD 27C (Cyber-Defence Restrict Control) commences. Otherwise, the ‘Prevent Foothold’ process cycles back, as part of ongoing network maintenance and protection.

Figure 60 - BPD 27B Cyber-Defence Prevent Foothold

If an attacker is detected and a foothold has been obtained by an adversary, ‘Cyber-Defence Restrict Control’ seeks to reduce the security breach, remediate the immediate issue and

224

Cyberspace Weaponisation: Modelling Cyber-Effects and their Impacts on Mission Success, Human Factors and Kinetic Outcomes in the Tactical Land Combat Environment. Lieutenant Colonel David Ormrod.

prevent further damage. This process links to BPD 27J (Cyber-defence Restore). Figure 61 depicts the ‘Cyber-defence Restrict Control’ business process.

Figure 61 - BPD 27C Cyber-Defence Restrict Control

The ‘Cyber-defence Obscure process’ is depicted in Figure 62. This forms a sub-process in preventing the adversary from establishing a foothold on the system by masking infrastructure and services, thereby preventing the attacker from identifying vulnerabilities and opportunities.

Figure 62 - BPD 27D Cyber-Defence Obscure

The ‘Cyber-defence Maintain’ business process is depicted in Figure 63. This sub-process also prevents an adversary from gaining a foothold in the system by undertaking housekeeping activities such as privilege control, patching and increasing risks and costs for the attacker.

225

Cyberspace Weaponisation: Modelling Cyber-Effects and their Impacts on Mission Success, Human Factors and Kinetic Outcomes in the Tactical Land Combat Environment. Lieutenant Colonel David Ormrod.

Figure 63 - BPD 27E Cyber-Defence Maintain

The ‘Cyber-defence Detect’ process is depicted in Figure 64. This process uses both knowledge- and behaviour-based detection measures to monitor for alerts.

Figure 64 - BPD 27F Cyber-Defence Detect

Figure 65 depicts the ‘Cyber-defence Remediate’ process. This process follows an alert. Passive and active response measures are implemented. Where an alert is genuine, the ‘Cyber-

226

Cyberspace Weaponisation: Modelling Cyber-Effects and their Impacts on Mission Success, Human Factors and Kinetic Outcomes in the Tactical Land Combat Environment. Lieutenant Colonel David Ormrod.

Defence Prevent’ process is activated to respond to the alert in a broad sense. If the alert is a false positive, the detection method is reviewed and the system reverts to a detection state.

Figure 65 - BPD 27G Cyber-Defence Remediate

Figure 66 depicts the ‘Cyber-defence Prevent’ process. A risk assessment may initiate a business continuity response, but an alert specific incident analysis of logs and potential payloads occurs in either case. This process initiates BPD 27I (Cyber-defence Restrict).

227

Cyberspace Weaponisation: Modelling Cyber-Effects and their Impacts on Mission Success, Human Factors and Kinetic Outcomes in the Tactical Land Combat Environment. Lieutenant Colonel David Ormrod.

Figure 66 - BPD 27H Cyber-Defence Prevent

The ‘Cyber-defence Restrict’ process is depicted in Figure 67. This process limits the extent of any damage done by an attacker, on the assumption that the alert signifies a broader attack. Whereas the earlier ‘Prevent’ process sought to deal with the immediate payload and vulnerability, this process is a broader identification of vulnerabilities that are linked to the initial payload. This could include searching for malware implanted because of the initial payload, or identifying other nodes and systems that may have been compromised when a pivot occurred within the network. Any malicious services are hunted down and removed.

228

Cyberspace Weaponisation: Modelling Cyber-Effects and their Impacts on Mission Success, Human Factors and Kinetic Outcomes in the Tactical Land Combat Environment. Lieutenant Colonel David Ormrod.

Figure 67 - BPD 27I Cyber-Defence Restrict Damage

The ‘Cyber-Defence Restore Control’ process seeks to remediate any identified issues across the business that were highlighted from an attack. The ‘Restore Control’ process ends with complete restoration of all services, as well as the strengthening of the system to remove vulnerabilities that have been identified post-attack. Attribution efforts are undertaken to identify the ways, means and ends of the attacker. A threat actor profile is developed based on available information, to inform future defence efforts and identify trends. The ‘Cyber-defence Restore Control’ process is depicted in Figure 68.

229

Cyberspace Weaponisation: Modelling Cyber-Effects and their Impacts on Mission Success, Human Factors and Kinetic Outcomes in the Tactical Land Combat Environment. Lieutenant Colonel David Ormrod.

Figure 68 - BPD 27J Cyber-Defence Restore Control

4.4.3 Summary of the Cyber-Attack and Cyber-Defence Business Process Representation

The cyber-attack and cyber-defence BPDs are a contribution to knowledge. The cyber-kill chain and attack lifecycles in Section 2.4 have been extended and enhanced. The cyber-attack and cyber-defence BPDs have been integrated into a detailed semantic model, with cross- domain links between BPDs and supporting domains. The next chapter presents the semantic model and the relationship between cyber-attack and cyber-defence BPDs as a component of the larger SOS. This section contributes to the following SQs:

SQ3. What are the relationships between cyber-effects and tactical land combat mission success? The BPDs demonstrate strong relationships between cyber-effects and mission success. Information of value (crown jewels/ mission critical cyber-assets) can also be targeted by an attack, based on its heightened utility to support mission impacts. Obtaining an adversary’s attack plans could allow defences to be optimised and so achieve the mission.

230

Cyberspace Weaponisation: Modelling Cyber-Effects and their Impacts on Mission Success, Human Factors and Kinetic Outcomes in the Tactical Land Combat Environment. Lieutenant Colonel David Ormrod.

Success would be less likely without this information. In effect, the adversary’s SA and plans can be unintentionally shared with a cyber-attacker. For example, during a cyber-attack when a foothold occurs on an information target related to a mission objective, the compromised information target becomes a new resource that can be utilised in the campaign and mission planning BPDs.

SQ4. How can the impact of cyber-effects on tactical land combat mission success be described and measured? Cyber-effect impact on mission success can be described by the indirect relationships between the ‘Cyber-Attack’ BPD and those business processes that support mission success. For example, the dissemination of orders from a commander to subordinates using a digital C2 system can support mission success. A cyber-attack changing the content and intent of the orders could reduce mission success. The links between BPDs and supporting domains supports the description of these relationships. However, the measurement of these relationships is not significantly enhanced through the BPD model unless use cases are employed in context.

SQ5. What broad mitigation strategies are available to reduce the mission impact of a cyber- effect? Cyber-effect mission impact can be mitigated, to an extent, through the ‘Cyber- Defence’ BPD. Each stage of it seeks to thwart a corresponding stage of the ‘Cyber-Attack’ BPD. The process of masking resources, detecting intrusions and restoration are all intended to support the delivery of services that support the organisation in achieving its mission and supporting business processes. Therefore, the ‘Cyber-Defence’ BPD is, in itself, a form of mitigation of cyber-effects on mission impact.

4.5 Measures of Combat Effect Model – Extrinsic Knowledge

The author proposes a measures of combat effect model (MCEM), which extends on the existing literature to present a comprehensive series of measures suited to assessing tactical land combat success. Combat effect is measured through force effectiveness, effectiveness and performance. These are depicted in Figure 69.

231

Cyberspace Weaponisation: Modelling Cyber-Effects and their Impacts on Mission Success, Human Factors and Kinetic Outcomes in the Tactical Land Combat Environment. Lieutenant Colonel David Ormrod.

Measures of Combat Effect

Measure of Force Measures of Effectiveness Measures of Performance Effectiveness

Quality of Quality of Detection Efficacy Personnel Casualties Reconnaissance

Time to Mission Loss Exchange Ratio Quality of Manoeuvre Quality of Direct Fire Success Ability to Conduct Quality of Offensive Quality of Common Resources Consumed Subsequent Operations Support Operational Picture Quality of Situational Quality of Command Awareness and Control

Quality of Quality of Cyber Communication Defence

Quality of Cyber Attack

Figure 69 - Measures of Combat Effect Model (MCEM)

4.5.1 MOFE Matrix

Mission statements describe the who, what, where, when and why of an operation. The mission statement is definitive and should describe an effect that is measurable (Department of Defense 2001a). The mission statement should stand alone, without requiring reference to any other source except for a map (US Army 2004). The primary combat effect to be measured is mission success. Mission success in this model is binary. The mission is either achieved by each side or it is not. Both sides can achieve their missions if they are not directly in opposition. Hayward defined three criteria of mission success: the territory to be gained or held, the latest time by which the objective must be gained or held, and the maximum allowable cost of achieving the objective (which is rarely described in practice) (Hayward 1968, p. 318)

Measure of force effectiveness (MOFE) equates to mission success and the combat effectiveness of a force in the tactical land combat environment. A MOFE matrix was developed based on two metrics. The first is mission success, which has a binary value based on the truth of a mission statement. A complete mission, which is true, scores 100. A mission that is incomplete or false scores zero. The second value is the combat power of the remaining force as a percentage of the original CP value. This value is not calculated using personnel numbers, but uses relative weapon values developed for comparison (Dupuy 1987). The MOFE value for each force is a combination of the mission success score (0-100) and the CP of the remaining force as a percentage of the original CP value (0-100). The two forces are plotted on

232

Cyberspace Weaponisation: Modelling Cyber-Effects and their Impacts on Mission Success, Human Factors and Kinetic Outcomes in the Tactical Land Combat Environment. Lieutenant Colonel David Ormrod. the axis of the MOFE matrix, depicted in Figure 70, displays the relative mission success and remaining CP for both forces visually in a single point.

Number 1 on the MOFE Matrix depicts a successful blue mission which has sustained 20% casualties as measured against the blue force’s original CP value and an unsuccessful red mission which has sustained 90% casualties as measured against the red force’s original CP value. In contrast, Number 2 on the MOFE Matrix depicts an unsuccessful red and an unsuccessful blue mission, where blue has suffered 80% casualties and red has suffered 90% casualties as measured against their original CP value.

Figure 70 - MOFE Matrix

The MOFE matrix aligns to the literature, where the mission is the primary objective. History is replete with examples where commanders have bypassed enemy forces, that they were capable of destroying, to achieve their mission. There are also many historical examples where neither side has achieved their objective. The MOFE Matrix permits these outcomes. The MOFE matrix provides a more complex and realistic tactical land combat measure of success for experimentation. The MOFE Matrix will be used to compare outcomes in the simulation proof-of-concept.

233

Cyberspace Weaponisation: Modelling Cyber-Effects and their Impacts on Mission Success, Human Factors and Kinetic Outcomes in the Tactical Land Combat Environment. Lieutenant Colonel David Ormrod.

4.5.2 MOE

Measures of Effectiveness (MOE) represent the total output of the SOS used to prosecute the mission. These measures will not be utilised in the simulation proof-of-concept. However, they are intended for use in future work. MOE are defined below.

4.5.2.1 Efficacy Efficacy is the relative combat power ratios of both sides at initiation of the simulation and at its conclusion, combined into a single measure.

Efficacy = (final combat power Blue/initial combat power Blue) / (final combat power Red/initial combat power Red).

4.5.2.2 Personnel Casualties Personnel casualties will generally be kept to a minimum.

4.5.2.3 LER The Loss-Exchange Ratio (LER) is based on relative personnel casualties.

4.5.2.4 Time to Mission Success Each mission has a time limit associated with it. However, missions that are achieved faster are considered more effective in terms of time.

4.5.2.5 Resources Consumed Fuel, ammunition or the bandwidth utilised can be applied to create a measure for the resources consumed in support of a mission. The value used to measure resources could be an aggregated weight for consumables such as fuel and ammunition (ie. a single 155mm artillery round (43.2kg) = 815 rounds of 5.45mm ball link (53 grams)).

4.5.2.6 Ability to Conduct Subsequent Operations The final state of the force is calculated based on its residual combat capability relative to its initial combat capability. This could be assessed based on metrics including relative casualties, resources consumed and remaining weapon platforms compared to the mission start state.

Ability to conduct subsequent operations = (final combat power – combat power of ineffective organisations) / initial combat power.

234

Cyberspace Weaponisation: Modelling Cyber-Effects and their Impacts on Mission Success, Human Factors and Kinetic Outcomes in the Tactical Land Combat Environment. Lieutenant Colonel David Ormrod.

4.5.3 MOP

Measures of Performance (MOP) represent the output of individual components, capabilities and systems. These may not directly affect mission success. However, these measures mean that individual factor sensitivity can be traced against the SOS outputs and mission success. These measures will not be utilised in the simulation proof-of-concept. However, they are intended for use in future work. Based on the literature reviewed earlier, the following measures have been devised:

4.5.3.1 Quality of Detection • The number of correct detections across all sensor systems. • The number of false or incorrectly identified detections across all sensor systems. • The number of detections by capability type.

4.5.3.2 Quality of Reconnaissance • Number of detections of enemy forces by recon assets. • Number of recon missions.

4.5.3.3 Quality of Manoeuvre • Distance travelled total. • Number of suppression events (where an enemy organisation was suppressed). • Number of tactical actions (e.g. flanking) at the local level. • Number of tactical actions based on received orders.

4.5.3.4 Quality of Direct Fire • Number of Direct Fire (DF) rounds fired (total). • Average kills per platform type. • Kills per capability type.

4.5.3.5 Quality of Offensive Support • Number of fire missions fired. • Number of casualties averaged per fire mission. • Percentage of surviving JFT. • Percentage of surviving OS guns.

235

Cyberspace Weaponisation: Modelling Cyber-Effects and their Impacts on Mission Success, Human Factors and Kinetic Outcomes in the Tactical Land Combat Environment. Lieutenant Colonel David Ormrod.

4.5.3.6 Quality of the COP • Degree of shared situational awareness. • Shared situational awareness by capability as a function of time. • Degree of COP alignment to physical reality.

4.5.3.7 Quality of SA • Degree of individual SA alignment to physical reality across all decision makers. • Degree of individual SA alignment to COP across all decision makers.

4.5.3.8 Quality of Communication • Number of messages sent between nodes on the network (total including retransmission). • Network size. • Network density. • Minimum network connectivity (number of connections for the lowest connected node). • Maximum network connectivity (number of connections for the highest connected node). • Number of reports and returns sent across network (by unique message content).

4.5.3.9 Quality of C2 • Number of decisions made. • Number of orders issued. • Number of reports and returns received by the battle group commander.

4.5.3.10 Quality of Cyber-Defence • Number of nodes. • Number of nodes with known vulnerabilities. • Number of user accounts. • Number of legitimate accounts with admin rights. • Number of compromised nodes. • Number of compromised accounts. • Highest access level of compromised user accounts. • Number of intrusions detected by CERT. • Number of compromised accounts detected by CERT.

236

Cyberspace Weaponisation: Modelling Cyber-Effects and their Impacts on Mission Success, Human Factors and Kinetic Outcomes in the Tactical Land Combat Environment. Lieutenant Colonel David Ormrod.

4.5.3.11 Quality of Cyber-Attack Cyber-attack metrics have been presented by Sandoval & Hassell (2010). Those metrics have been modified and expanded for this thesis.

• Number of attempted attacks. • Percentage of successful attacks. • Percentage of partially-successful attacks. • Mean number of attack disruptions. • Time spent per phase. • Duration of successful attack. • Utilisation and attack noise.

4.5.4 Summary of the Measures of Combat Effect Model

The MCEM extends on the literature by combining existing models that assess combat effectiveness, CP, attrition, mission success and NCW metrics into a single model. The MCEM consists of three categories. The MOFE matrix compares two sides against mission success and remaining CP as a percentage of the original CP. The MOE compares six measures of the SOS total output to prosecute the mission. The MOP relate to individual measures at the capability and system level.

The MCEM forms an aggregated schema depicted in Figure 71. Each of the measures discussed within this Chapter links to the aggregated schema. For example, the quality of C2 is reliant on the quality of situational awareness, quality of communication and the quality of the COP. Another example is the quality of offensive support, which relies on the quality of communications, to create enemy casualties. The quality of communications links to the quality detection. Indirectly, offensive support also contributes to combat power which influences the manoeuvre capabilities of the force relative to its opposing force.

237

Cyberspace Weaponisation: Modelling Cyber-Effects and their Impacts on Mission Success, Human Factors and Kinetic Outcomes in the Tactical Land Combat Environment. Lieutenant Colonel David Ormrod.

Figure 71 - MCEM Aggregated Schema

238

Cyberspace Weaponisation: Modelling Cyber-Effects and their Impacts on Mission Success, Human Factors and Kinetic Outcomes in the Tactical Land Combat Environment. Lieutenant Colonel David Ormrod.

The MCEM aggregated schema depicts the role of cyber-attacks to disrupt the adversary’s situational awareness, communications and common operating. This is intended to indirectly reduce the command and control of the opponent, with a downstream impact on manoeuvre and ultimately mission success. However, human factors can influence the success of the cyber- attack through tactics and command and control. Relative CP can also influence the result, unless the cyber-attack can redirect this combat power in a manner that reduces its effectiveness. The relationships depicted within the schema describe the interactions between schema components. For example, reconnaissance, detection and situational awareness enable each other through their interactions.

The MCEM aggregated schema has not been fully implemented in the simulation proof-of- concept, although components are operational. Full implementation has been identified for future work.

This section contributes to the following SQs:

SQ4. How can the impact of cyber-effects on tactical land combat mission success be described and measured? The MCEM provides a single model that describes and measures cyber-effects in terms of their impact on mission success. The MCEM Aggregated Schema links cyber-effects, kinetic outcomes and mission success through the relationship between the different MOP for tactical land combat capabilities and systems. The relationship between these measures and their underlying systems and processes will be dealt with in more detail within the next chapter (Chapter 5 - Semantic Model).

4.6 Chapter Four Summary

This chapter presented the results of the environmental elicitation undertaken for this thesis. A broad array of artefacts were produced relating to the problem space, generated through mixed methods research and analysis of literature. Semi-structured interviews were conducted to support intrinsic knowledge acquisition, which led to a description of the human factors considered within this thesis and the development of the DC2HFC model. The extrinsic knowledge acquisition process led to the definition of capabilities, the development of measures for analysis and a series of linked business processes which will be described within the semantic model (Chapter 5).

239

Cyberspace Weaponisation: Modelling Cyber-Effects and their Impacts on Mission Success, Human Factors and Kinetic Outcomes in the Tactical Land Combat Environment. Lieutenant Colonel David Ormrod.

The integration of grounded theory and Q methodology allowed the identification of different opinions and perspectives amongst the interview participants. The use of Q methodology and thematic analysis does not necessarily represent a specific percentage of military decision makers, although theoretical saturation is believed to have occurred within the sample studied. The thematic analysis coding approach adopted sought to account for any inherent bias through an independent thematic analysis by the author’s academic supervisor, as described in Section 3.2.2. The coded themes were used to develop the DC2HFC model.

The DC2HFC model is a contribution to knowledge which generalises the results of the interviews to facilitate the simulation of digitalised tactical land combat. The model is suited for implementation in an ABM, with the intention that each personality described within the model is reflected by an agent.

The ‘Cyber-Attack’ and ‘Cyber-Defence’ BPDs are a contribution to knowledge. The cyber- kill chain and attack lifecycles from Section 2.4 were extended and enhanced. The next chapter presents the semantic model and the relationship between ‘Cyber-Attack’ and ‘Cyber-Defence’ BPDs as a component of the larger SOS.

The MCEM is a contribution to knowledge, as it combines existing models that assess combat effectiveness, CP, attrition, mission success and NCW metrics into a single model. The MCEM consists of three categories. The MOFE matrix compares two sides against mission success and remaining CP. The MOE compares six measures of the SOS total output to prosecute the mission. The MOP relate to individual measures at the capability and system levels. The MCEM Aggregated Schema unites the MOP by connecting related systems. The aggregation of MOP in a two-sided combat view allows for a more detailed understanding of the interaction between measures and the impact a change in MOP may have across the SOS.

In summary, an extensive review of the environment pertaining to the problem space was conducted. Interviews of SMEs led to the development of a model of human factors. Linked business processes were developed, including cyber-attack and cyber-defence processes. Measures of success were developed. These distinct models provide a solid foundation for the thesis. Chapter 5 - Semantic Model, brings these different models together through a semantically-rich ontology. The ontology establishes the relationships between the domains, business processes and the models described throughout this thesis.

240

Cyberspace Weaponisation: Modelling Cyber-Effects and their Impacts on Mission Success, Human Factors and Kinetic Outcomes in the Tactical Land Combat Environment. Lieutenant Colonel David Ormrod.

Chapter Five – Semantic Model

241

Cyberspace Weaponisation: Modelling Cyber-Effects and their Impacts on Mission Success, Human Factors and Kinetic Outcomes in the Tactical Land Combat Environment. Lieutenant Colonel David Ormrod.

5. Chapter Five - Semantic Model

5.0 Chapter Five Introduction

The semantic model is a robust ontology written with a semantic language. Ontologies can be both conceptual representations of a system and a conceptual specification for a simulation. Ontologies are descriptive models that can be used as a reference for software engineering (Hofmann 2013, p. 68). This chapter contributes to answering the research question by describing the conceptual structure and relationships underlying the thesis and the problem space. The battlespace cyber-effects ontology (BCEO) presented within this chapter is a contribution to knowledge. The BCEO is a consistent, unified model for examining the relationships between the different domains influencing cyber-effects with semantic reasoning. The BCEO is depicted in Figure 72. The BCEO presented within this Chapter is accessible in full from the following online repository: https://hacks.im/ontology

Figure 72 - Semantic Model

The following peer-reviewed paper, written by the author, contributed to this chapter:

Ormrod, D; O’Sullivan, K and Turnbull, B 2015. ‘System of Systems Cyber-Effects Simulation Ontology’ in Macal, C et al (eds), Proceedings of the Winter Simulation Conference (WSC) 06-09 Dec 2015. Huntington Beach, California. [Peer-reviewed, published]. http://ieeexplore.ieee.org/document/7408358/

242

Cyberspace Weaponisation: Modelling Cyber-Effects and their Impacts on Mission Success, Human Factors and Kinetic Outcomes in the Tactical Land Combat Environment. Lieutenant Colonel David Ormrod.

5.1 Ontology Language

Terse RDF Triple Language (Turtle) is a language popular with developers that is easier to read than RDF/XML (Yu 2014). Turtle was used to develop the ontology for this thesis. The OWL language was not used, despite its extensive capabilities, due to RDF/RDFS’ capacity for inclusion in directed graphs without OWL. The ontology has been configured to allow it to be loaded to Directed Graph software. Therefore, OWL has been excluded from use with the ontologies, due to the limitations of many Directed Graph reasoners to manage the complexities of OWL. Some software, such as AllegroGraph, offers limited OWL functionality. Until a final visualisation tool has been selected, the limitation of not using OWL will persist. The WebVOWL software package has known restrictions in processing some OWL classes. However, WebVOWL offers the best ontological visualisation for this thesis, which contains over 11,000 objects. The BCEO can be converted into a Neo4j-compatible file using .json, converted to .csv, then loaded using a custom-written cypher file.

5.2 The Domains Depicted in the Semantic Model

The CCF nested domain model described in Section 4.2 has been expanded into a Stoic- inspired nested domain model underpinning the BCEO (Figure 73).

Figure 73 - Stoic-Inspired Ontology Nested Domain Model

243

Cyberspace Weaponisation: Modelling Cyber-Effects and their Impacts on Mission Success, Human Factors and Kinetic Outcomes in the Tactical Land Combat Environment. Lieutenant Colonel David Ormrod.

The nested domain model within the BCEO dispenses with the national security domain and the underlying political, economic and military domains. Instead, the highest level has the prefix something:Something. The prefix something:Something is the equivalent of owl:Thing in the OWL ontology, which is normally a super-class to user-defined classes. Each subordinate domain has its own prefix, creating a hierarchical collection of interacting ontologies. This ontological ecosystem models the disparate domains of knowledge required to understand cyber-attacks and cyber-defences, and to observe their impact on organisational or military endeavours.

The BCEO consists of nested domains as well as objects that sit outside of these domains. All things are something. However, some objects exist outside of domains, consisting of multiple domain classes and properties combined. Objects outside of domains are described through instances (including BPD instances, use case instances, cyber-instances, RedTeam and BlueTeam instances), core (including core and event) and meta-ontology. Relationships between domains are described through these intermediate objects and through relationships between classes and properties described within the domains. The existent incorporates those things normally described within the physical domain in doctrine. Existent objects possess the action/passion principle (the capacity to act, or be acted upon). Subsistent objects do not exist in a physical sense. The subsistent depends on the existent to exist, yet the objects are not the same. Subsistent objects have relationships with existent objects, but they are not necessarily direct and may not be described in three-dimensional space. For example, shared SA is a subsistent object that is shared between physical entities. Although the shared SA is bounded by the space-time dimensions related to those physical entities, the shared SA does not itself have a physical location.

Interstitials is a term that has been used to describe the spaces between systems (Garrett et al. 2011). These spaces create unintended effects through the interaction and influence of the different systems within the larger SOS. Relationships between domains describe the links across the interstitial spaces. For example, a computer crosses multiple domains. In the subsistent domain, the purpose of a computer object is to depict the data it holds, software, interactions across networks and configuration options. In the existent domain, computer is a subclass of asset, and has properties related to asset numbers, physical location and custodian. In the conceptual sub-domain, the computer belongs to a specified architecture and an organisation. In the event domain, the same computer object is modelled through its various changes in state. A computer may be on or off, logged in through a user profile, or

244

Cyberspace Weaponisation: Modelling Cyber-Effects and their Impacts on Mission Success, Human Factors and Kinetic Outcomes in the Tactical Land Combat Environment. Lieutenant Colonel David Ormrod.

compromised. The same object has several views. Modelling the effects of cyber-security breaches on missions and processes requires interrelated ontologies.

5.2.1 The Core Domain

The core domain represents common concepts used across all areas of the ontology. Core provides identification properties for instances and justification properties for classes.

5.2.2 The Event Domain

The event domain is where the ‘activity’ occurs, based on Kimian events. Importantly, this domain enables the intra- and inter-domain interactions between the existent and subsistent domains—the vital element for modelling how the impact of an event in one domain propagates across the others. The event domain will log the changes in state of existent and subsistent objects. Generic event information occurs in this domain, and specific event information is represented in the existent and subsistent domains. Time, place and content are all properties of events, but they are not essential according to Meixner (2000). For the purpose of this thesis, an event must have a temporal property—it must start and end at some point. However, an event does not need to have a location. An event must also have some content property, which identifies the event with respect to other events. The number of events possible is limited by the number of properties used to describe events. The additional complexity inherent in this approach compared to Davidson’s is acknowledged; however, it adds a correspondingly richer degree of detail for causal analysis (Siebelt 1994). Finally, events have relationships with other events, states and/or objects. Changes in states are events; however, states themselves are treated through instances.

5.2.3 The Meta-Ontology Domain

The meta-ontology domain sits outside of the domain model but within something. Meta- ontology consists of figments and limits outside of the domains in the model, which are used to track causation and model effects. Meta-ontology consists of states (organisational and network), effects, measures, experimental design, FIC, cyber-resilience metrics (Bodeau et al. 2012) and ontological design criteria (Gruber 1993).

245

Cyberspace Weaponisation: Modelling Cyber-Effects and their Impacts on Mission Success, Human Factors and Kinetic Outcomes in the Tactical Land Combat Environment. Lieutenant Colonel David Ormrod.

5.2.4 The Instance Domain

The instance domain consists of physical instances, cyber-instances, use cases and business processes. Physical instances are existent, except that organisational hierarchy is described in conjunction with the physical instances. This relationship is justified by the influence organisation has on the relative actions and locations between entities. Cyber-instances are subsistent. Use cases are used to load scenarios and events into the ontology for testing and analysis. The instance domain is vital to building scenarios, because the classes themselves in the domains do not have the capacity to create individuals. Instances access their own properties, class-inherited properties and other instances. Instances may have different states. An example of a physical instance is provided below, which describes a JFT vehicle and the ammunition, fire control laptop and crew member it carries. The instances provided have been written using Turtle. instance:blue_cs_jv01 rdf:type vehicle:Prp4 ; core:name "Joint Fire Team vehicle"^^xsd:string ; entity:entityHasCallSign "blue_cs_jv01"^^xsd:string ; entity:carriesAmmo instance:blue_ammo_carried_Ball_7-62mm_Belt_cs_jv01 ; entity:mobilityOn true ; entity:sensorOn true ; entity:deviceOn true ; entity:weaponReady true ; vehicle:undamagedVehicle true ; relationship:sideAssigned instance:blueSide ; capability:OffensiveSupportCapability instance:jft ; organisation:assignedTroop instance:blue_cs_os142 . instance:blue_cs_crew_jv01_1 rdf:type person:VehicleCrewmanPerson ; core:name "Crewman associated with a mechanised vehicle"^^xsd:string ; entity:entityHasCallSign "blue_cs_crew_jv01_1"^^xsd:string ; relationship:sideAssigned instance:blueSide ; situationalAwareness:rememberedUsername "username_blue_cs_crew_jv01_1" ; situationalAwareness:rememberedPassword "password_blue_cs_crew_jv01_1" ; entity:mobilityOn true ; entity:sensorOn true ; entity:deviceOn true ; entity:weaponReady true ; person:healthy true ; person:rank 1 ; organisation:assignedVehicleToCrew instance:blue_cs_jv01 ;

246

Cyberspace Weaponisation: Modelling Cyber-Effects and their Impacts on Mission Success, Human Factors and Kinetic Outcomes in the Tactical Land Combat Environment. Lieutenant Colonel David Ormrod.

organisation:assignedPlatoon instance:blue_cs_mp111 . instance:blue_ammo_carried_Ball_7-62mm_Belt_cs_jv01 rdf:type armament:Carried_Ball_7-62mm_Belt ; armament:amountOfAmmoRemaining 1000 . instance:blue_FireControlLaptop_001_jft01 rdf:type device:Laptop ; core:name "Laptop used for Offensive Support activities"^^xsd:string ; vehicle:hasDeviceFitted instance:blue_cs_jv01 ; person:ableToUseDeviceWithinRange person:Person ; device:runsVirtualInstantiationOf virtual:Computer .

Business processes are instances that describe process stages and their links. Business process instances use templated components of business processes, as described in BPMN 2.0. The template for a business process instance comes from the subsistent domain. The example provided below is a single decision gateway in a larger BPD. instance:JFTDetermineIsOSPriorityTargetTypeDecision rdf:type process:ProcessExclusiveDecisionGateway ; rdfs:comment "Is the target an OS priority type?"^^xsd:string ; rdfs:label "Determine if target is an OS priority target type"^^xsd:string ; process:actorType command:Jft ; process:themeType entity:EntityType ; process:artefactReadType capability:OSTargetPriorities ; process:linkToDomainPropertyOrClass command:OffensiveSupportDecision ; process:employInformation situationalAwareness:identifiedOSTargetPriority ; process:employBehaviours behaviour:OffensiveSupportEmployment ; process:decisionType xsd:boolean ; core:justification "Starner, S. 1979. A Two-Sided Field Artillery Stochastic Simulation" ; process:gatewayEncapsulatedWithinProcess instance:BPD_19A_CallForFireProcess .

This business process decision gateway is a boolean value used by an entity that is a command:Jft. The command:jft property creates a relationship to an entity object, making the entity capable of performing the command role of a JFT. The boolean value (decision) relates to a themeType, the EntityType, which is checked against the OSTargetPriorities artefact. This process links to a capability, behaviour or situational awareness, and is justified with a reference. The decision rests within the BPD 19A ‘Call For Fire Process’. The example above is one instance of a single gateway across a large quantity of BPDs. Additional detail can be obtained by viewing the BCEO in the online repository.

247

Cyberspace Weaponisation: Modelling Cyber-Effects and their Impacts on Mission Success, Human Factors and Kinetic Outcomes in the Tactical Land Combat Environment. Lieutenant Colonel David Ormrod.

5.2.5 The Existent Domain

The existent domain encompasses all of the ‘tangibles’ of the model including the relational descriptions between objects. Physical assets have different configurations depending on their purpose and how they have been ordered or created. For example, a physical asset could be an infantry soldier, a tank, a computer work station or the cables physically connecting computers together. These classes are used as constructors of instances. The example below is a mechanised infantry gunner class in the Existent > Entity > Person Domain:

person:GunnerMechPerson rdf:type rdfs:Class ; rdfs:comment "A combatant person armed with a machinegun weapon system operating out of a mechanised vehicle"^^xsd:string ; rdfs:label "Mechanised Gunner"^^xsd:string ; entity:armedWithArmament armament:762mm_pkm_bipod ; entity:hasWeapon armament:Pkm_7-62mm ; entity:hasMount armament:Bipod ; entity:hasSensor sensor:NakedEye ; entity:hasSensor sensor:Ear ; entity:maxSpeed 8 ; capability:combatPowerOfAWeaponSystem 0.3 ; rdfs:subClassOf person:PersonType .

The GunnerMechPerson class links to an armament class.

5.2.5.1 The Existent - Armament Domain The armament domain describes weapons, mounts and ammunition classes. Weapons and mounts combine to form an armament class, meaning that weapon accuracy and specific properties can change depending on this combination. Probability of hit and probability of kill are variables used to describe the chance of each fired round damaging a target. Ammunition is classified by calibre. Ammunition becomes an individual instance by collection, which is carried by an instance level entity. Verbs such as engagesTarget, aims, shootsAt are used for event parameters. When a round hits a target, its effect on health is denoted by the entity hit parameter.

armament:Pkm_7-62mm rdf:type rdfs:Class ; rdfs:comment "PKM 7.62mm"^^xsd:string ; rdfs:label "PKM 7.62mm"^^xsd:string ; armament:weaponCalibre armament:Calibre_7-62mm ; armament:IndirectFireWeapon false ; armament:DirectFireWeapon true ; 248

Cyberspace Weaponisation: Modelling Cyber-Effects and their Impacts on Mission Success, Human Factors and Kinetic Outcomes in the Tactical Land Combat Environment. Lieutenant Colonel David Ormrod.

rdfs:subClassOf armament:Weapon . armament:Bipod rdf:type rdfs:Class ; rdfs:comment "Bipod"^^xsd:string ; rdfs:label "Bipod"^^xsd:string ; rdfs:subClassOf armament:Mount . armament:762mm_pkm_bipod rdfs:comment ""^^xsd:string ; rdfs:label ""^^xsd:string ; armament:weapon armament:Pkm_7-62mm ; armament:weaponMountsOn armament:Bipod ; armament:armamentRangeMin 0 ; armament:armamentRangeMax 1000 ; armament:roundsPerBurstNormal 5 ; armament:roundsPerBurstSuppression 10 ; armament:reloadTime 15 ; armament:timeToAcquire 3 ; armament:firesAmmo armament:Ball_7-62mm_Belt ; rdfs:subClassOf armament:Armament .

Ammunition is fired by a weapon. Projectiles fired by these weapons allow entities to reach out and touch other entities, conferring damage. armament:Calibre_7-62mm rdf:type rdfs:Class ; rdfs:comment "7.62mm projectile"^^xsd:string ; rdfs:label "7.62mm projectile"^^xsd:string ; armament:ammoFiredBy armament:Pkm_7-62mm ; armament:ammoFiredBy armament:Pkt_7-62mm ; armament:ammoFiredBy armament:Mg3a1_7-62mm ; rdfs:subClassOf armament:Ammunition . armament:Ball_7-62mm_Belt rdf:type rdfs:Class ; rdfs:comment "7.62mm ball belt projectile"^^xsd:string ; rdfs:label "7.62mm ball belt"^^xsd:string ; armament:armamentRangeMin 0 ; armament:armamentRangeMax 500 ; armament:suppressiveWeight 2 ; armament:killZone 0 ; armament:damageZone 0 ; armament:isExplosive false ; armament:artilleryAmmunition false ;

249

Cyberspace Weaponisation: Modelling Cyber-Effects and their Impacts on Mission Success, Human Factors and Kinetic Outcomes in the Tactical Land Combat Environment. Lieutenant Colonel David Ormrod.

armament:aircraftAmmunition false ; rdfs:subClassOf armament:Calibre_7-62mm . armament:Carried_Ball_7-62mm_Belt rdf:type rdfs:Class ; rdfs:comment "Quantity of carried 7.62mm ball belt projectiles"^^xsd:string ; rdfs:label "Quantity of carried 7.62mm ball belt projectiles"^^xsd:string ; rdfs:subClassOf armament:Ball_7-62mm_Belt ; rdfs:subClassOf entity:Entity .

5.2.5.2 The Existent - Entity Domain Entities have type and state classes. States include health, mobility and functional sub-states. Entity classes also possess properties such as locations and orientation. The example below is the speed property used by an entity. entity:speed rdf:type rdf:Property ; rdfs:comment "Speed in kms per hr"^^xsd:string ; rdfs:label "Speed in kms per hr"^^xsd:string ; rdfs:domain entity:MobilityState ; rdfs:range xsd:integer .

5.2.5.3 The Existent - Sensor Domain The Sensor Domain allows for confusion and detection chance. An example of a sensor class, the naked eye, is below: sensor:NakedEye rdf:type rdfs:Class ; rdfs:comment "Naked eye"^^xsd:string ; rdfs:label "Naked eye"^^xsd:string ; sensor:sensorMinRange 0 ; sensor:sensorMaxRange 800 ; sensor:sensingArc 120 ; sensor:sensorHeight 1.0 ; sensor:sensorWorksDuringNight false ; sensor:sensorWorksDuringDay true ; rdfs:subClassOf sensor:OpticalSensor ; rdfs:subClassOf sensor:SensorInstanceType .

250

Cyberspace Weaponisation: Modelling Cyber-Effects and their Impacts on Mission Success, Human Factors and Kinetic Outcomes in the Tactical Land Combat Environment. Lieutenant Colonel David Ormrod.

5.2.5.4 The Existent - Device Domain The device domain is the physical class related to physical communication objects such as laptops, routers and radios. Devices run the virtual manifestation of a node, meaning that they have both an existent and a subsistent presence. The device describes the existent form, whilst the node describes the subsistent form. Device states can be on or off. Devices can be switched off because of a loss of power or through damage. The device class is given below:

device:Device rdf:type rdfs:Class ; rdfs:comment "A physical communication device. Has a virtual manifestation, which is a node, in the Subsistent Domain"^^xsd:string ; rdfs:label "Device"^^xsd:string ; relationship:runsVirtualManifestationOf virtual:Node ; rdfs:subClassOf existent:ExistentDomain .

5.2.5.5 The Existent - Spectrum Domain The spectrum domain describes the electromagnetic spectrum (EMS). This allows for waveforms to be simulated.

spectrum:hertz rdf:type rdf:Property ; rdfs:comment "The number of oscillations per second of an electromagnetic wave measured in Hertz"^^xsd:string ; rdfs:label "Frequency in Hertz"^^xsd:string ; core:justification "Telecommunications Essentials: The Complete Global Source for Communications Fundamentals, Data Networking and the Internet, and Next-Generation Networks" ; rdfs:subClassOf spectrum:ElectroMagneticSpectrum .

5.2.5.6 The Existent - Power Domain The power domain simulates batteries, fuel and other power sources.

power:fuelAvailable rdf:type rdf:Property ; rdfs:comment "An entity has fuel available of a type it uses for propulsion"^^xsd:string ; rdfs:label "Entity fuel status - available or not available"^^xsd:string ; rdfs:domain vehicle:Vehicle ; rdfs:range xsd:boolean .

5.2.5.7 The Existent - Terrain Domain The terrain domain provides the three-dimensional space that entities exist within, described by x, y and z coordinates. Distance, terrain types and vegetation density are contained within the terrain domain.

251

Cyberspace Weaponisation: Modelling Cyber-Effects and their Impacts on Mission Success, Human Factors and Kinetic Outcomes in the Tactical Land Combat Environment. Lieutenant Colonel David Ormrod.

terrain:xCoordinate rdf:type rdf:Property ; rdfs:comment "X Coordinate"^^xsd:string ; rdfs:label "X Coordinate"^^xsd:string ; rdfs:domain terrain:Location ; rdfs:range xsd:integer .

5.2.6 The Subsistent Domain

The subsistent domain includes the non-physical components of cyberspace. It is a combination of the ‘logical’ and ‘cyber-persona’ layers in the US Joint Cyber-Operations Doctrine (US Department of Defense 2013). The BCEO combines these layers. The subsistent domain contains ‘virtual assets’ that are each separately defined by their configuration. Examples of ‘virtual assets’ include a user account, firewall, installed operating system, email message or software vulnerability. The cyber-persona also exists within the virtual domain, as a representation of a user. Ontologies have been developed that support human factors and behaviours. For example, behaviour and agent mindsets are used by Parkin et al. (2009).

5.2.6.1 The Subsistent - Virtual Domain

The virtual domain includes software and non-physical aspects of computer networks, such as nodes (the virtual equivalent of a physical device), networks and routes (the virtual equivalent of physical connections between nodes) and computers (the data and software that operates on a device). The virtual domain also includes users as virtual manifestations of physical persons. Vulnerabilities that have been identified by the defender may be represented in the form of Common Vulnerabilities and Exposures (CVE), the Common Vulnerability Scoring System (CVSS) and Common Weakness Enumeration (CWE). Exploits can be utilised from toolkits, depending on the skill of the cyber-attacker or threat. Intrusion Detection Systems (IDS) can utilise rules to detect exploitation attempts using these vulnerabilities and exploits. Software provides a service to other objects, both subsistent and existent, in the virtual domain. The service provided by software, through the processing of data, separates the virtual from others in the subsistent domain. Software may possess vulnerabilities. Exploits may utilise software to capitalise upon vulnerabilities and compromise systems.

virtual:domainUserAccount rdf:type rdf:Property ; rdfs:comment "User account on a given domain"^^xsd:string ; rdfs:label "Domain User"^^xsd:string ;

252

Cyberspace Weaponisation: Modelling Cyber-Effects and their Impacts on Mission Success, Human Factors and Kinetic Outcomes in the Tactical Land Combat Environment. Lieutenant Colonel David Ormrod.

core:justification "O'Sullivan, K. 2015. Development of a Cyber-Effects Ontology for use in Military Simulation. Australian Centre for Cyber-Security. Thesis."^^xsd:string ; rdfs:domain virtual:Domain ; rdfs:range virtual:userID ; rdfs:subPropertyOf virtual:DomainUser . subsistent:hasInstalledSoftware rdf:type rdf:Property ; rdfs:subPropertyOf subsistent:hasSoftware ; rdfs:comment "has installed software. Not currently running - use hasRunningSoftware if running "^^xsd:string ; rdfs:label "has installed software" ; rdfs:domain virtual:Node ; rdfs:range virtual:Software .

5.2.6.2 The Subsistent - Cognitive Domain Linkov et al. (2013) defined the cognitive domain as “use of the information and physical domains to make decisions”. The cognitive domain used in this thesis includes: behaviour, capability, mission, personality, strategy, Blue Team and Red Team sub-domains.

Behaviour includes tactics, techniques, procedures and models that are used by entities and organisations. This includes a variety of classes, including the physical tactics of flanking an adversary, the defend state of all round defence, and virtual models such as the cyber-attack lifecycle model, and the MITRE Corporation adversarial tactics, techniques and common knowledge matrix. Physical tactics are included in this domain because they are figments and limits within the mind, are described in doctrine and shared between soldiers through training.

Capability Capability “…is the capacity or ability to achieve an operational effect... A capability is provided by one or more systems, and is made up of the combined effect of multiple inputs” (Commonwealth of Australia 2014a). The capability sub-domain describes organisational abilities in a cognitive structure that confer size and types to support decision making in the combat environment. For example, a recon capability means that a commander can commit forces to conduct reconnaissance knowing they are appropriately trained and equipped. The size of that capability will infer the combat force and range the capability can project. Additional capabilities included within the capability domain utilise the Certified Information Systems Security Professional Common Body of Knowledge (CISSPCBK) (Stephenson 2014).

capability:Reconnaissance rdf:type rdfs:Class ; rdfs:comment "Reconnaissance"^^xsd:string ;

253

Cyberspace Weaponisation: Modelling Cyber-Effects and their Impacts on Mission Success, Human Factors and Kinetic Outcomes in the Tactical Land Combat Environment. Lieutenant Colonel David Ormrod.

rdfs:label "Reconnaissance"^^xsd:string ; rdfs:subClassOf capability:Capability .

5.2.6.3 Mission Missions can be of multiple types, including kinetic, cyber, operational and tactical. Missions include the terms who, where, when, why and what. The kinetic ‘what’ is described by mission task verbs such as attack and defend (North Atlantic Treaty Organisation 2006). The cyber- ‘what’ is described by terms such as degrade and interrupt (Musman et al. 2011a). Missions also have desired effects, which are the intended outcomes and links to operational and strategic objectives (Bodeau, Graubart, & Heinbockel 2013; US Department of Defense 2013; Department of Defense 2012).

The personality sub-domain has four properties: Factors A to D. This reflects the personality properties identified in Chapter Four. Trust is also described as a Boolean property. Strategy includes ways-ends-means, parameters, intelligence and uncertainty classes. The strategy sub- domain links to the ‘Campaign Planning Process’ BPD instance. The Blue Team subdomain deals with cyber-defence, and includes the following classes: CERT, controls, governance, threat rating, vulnerability analysis, vulnerability management, configuration management, resilience and business continuity planning. The Red Team subdomain describes the cyber- attacker. This includes adversary threats targeting cyber-systems and vulnerability testing. Red Team classes include the red teaming process, threat actors, courses of action, attack types and attack models.

mission:what rdf:type rdf:Property ; rdfs:comment "What"^^xsd:string ; rdfs:label "What"^^xsd:string ; core:justification "STANAG 2287 LO (EDITION 1) – TASK VERBS FOR USE IN PLANNING AND THE DISSEMINATION OF ORDERS"^^xsd:string ; rdfs:domain mission:Mission ; rdfs:range mission:MissionTaskVerbs ; relationship:relatedToClass metaOntology:Effect .

5.2.6.4 The Subsistent - Social Domain Linkov et al. (2013) defined the social domain as “organisation structure and communication for making cognitive decisions”. The social domain within this thesis contains three subdomains: command, organisation and relationship.

254

Cyberspace Weaponisation: Modelling Cyber-Effects and their Impacts on Mission Success, Human Factors and Kinetic Outcomes in the Tactical Land Combat Environment. Lieutenant Colonel David Ormrod.

The command sub-domain includes the roles that have designated decision rights or command capabilities. The C2 approach is part of the command sub-domain, and the SA and relationship domains (Alberts et al. 2013). Entities may have the commander property, which situates them in different hierarchical positions and provide the ability to issue orders. Organisations are relational groupings of entities which provide command status to specific organisational types such as command posts. Command posts can utilise the properties of the commanding entity and inherit the commander’s decision rights. Organisations can also have lead or support roles, which allow commanders to determine who has the lead in a task. Orders generate messages that are used to disseminate command instructions, tasks or missions to recipients.

The organisation sub-domain consists of organisations and their relationships. Specific orders of battle are created through instances. Properties such as callsigns and assignments between organisations are included within this domain.

The relationship sub-domain includes ontological, physical, social, cognitive and virtual relationships between classes and properties. The relationship domain describes the relative links between classes and properties.

5.2.6.5 The Subsistent - Information Domain The information domain consists of three sub-domains: information value, message and SA.

Information value contains a small number of classes that equate to the crown jewels/critical cyber-assets described by Musman et al. (2011b). This includes the grid reference of OS targets, contact message reports and orders to attack or defend. These classes were identified as relevant to the experiment based on data collected in the development of this thesis. Additional classes include protected health information, personally identifiable information, proprietary data and protected national security information (Stewart et al. 2015). informationValue:GridReferenceOSTarget rdf:type rdfs:Class ; rdfs:comment "Grid Reference of an Offensive Support Target"^^xsd:string ; rdfs:label "Grid Reference of an Offensive Support Target"^^xsd:string ; rdfs:subClassOf message:CallForFire ; rdfs:subClassOf message:targetLocation ; rdfs:subClassOf informationValue:InformationValue .

The message sub-domain contains the information contained in transmissions on the virtual network, from node to node. A message is created by an entity and transcribed into the virtual

255

Cyberspace Weaponisation: Modelling Cyber-Effects and their Impacts on Mission Success, Human Factors and Kinetic Outcomes in the Tactical Land Combat Environment. Lieutenant Colonel David Ormrod.

system. Messages have two subclasses: orders, and report and returns. Messages are used to pass information across the C2 hierarchy.

message:targetLocation rdf:type rdf:Property ; rdfs:comment "Target location"^^xsd:string ; rdfs:label "Target location"^^xsd:string ; rdfs:domain message:FireMission ; rdfs:range message:reportedLocation .

The SA sub-domain consists of information provided by messages. This includes the location of friendly forces and inferred information, such as the enemy’s capability, strength and location. When a command vehicle used by the adversary is detected, a trained military commander will infer that the element that vehicle commands is nearby. Equally, tanks and antitank weapons deploy in pairs; the detection of one infers that another is nearby. Both sides will maintain killboards for both their own and the adversary’s forces, to track losses and enemy capability. SA also includes entities remembering their username, password and authentication codes. SA is modelled based on Endsley’s SA model (Endsley 2011; Lampton et al. 2005; Endsley et al. 2000).

situationalAwareness:sameSquad relationship:inferredOrganisationalProperty organisation:assignedSquad ; rdfs:domain entity:Entity ; rdfs:range organisation:Squad .

5.2.6.6 The Subsistent - Business Process Domain The business process domain provides the template for BPMN 2.0 models to be developed within the instance domain. The business process domain includes process classes and properties. An example of a stage within a business process is provided below. These processes form part of BPD 27E ‘Cyber-defence Maintain Process’ and describe the steps to maintain privilege and access control, and to prevent vulnerabilities. The two steps have links to other domains and business processes.

instance:MaintainPrivilegeAndAccessControlStage rdf:type process:ProcessStageEvent ; rdfs:comment "Maintain Privilege And Access Control"^^xsd:string ; rdfs:label "Maintain Privilege And Access Control"^^xsd:string ; process:blueTeamLink blueTeam:EnforceAStrongPassphrasePolicyStrategy25 ; process:blueTeamLink blueTeam:DisableLocalAdministratorAccountsStrategy9 ; process:blueTeamLink blueTeam:UserApplicationConfigurationHardeningStrategy5 ;

256

Cyberspace Weaponisation: Modelling Cyber-Effects and their Impacts on Mission Success, Human Factors and Kinetic Outcomes in the Tactical Land Combat Environment. Lieutenant Colonel David Ormrod.

process:blueTeamLink blueTeam:RestrictingAdministrativePrivilegesStrategy4 ; relationship:toPrevent instance:CyberOperatorPrivilegeCheckStage ; process:blueTeamLink blueTeam:Identification ; process:blueTeamLink blueTeam:Authentication ; process:blueTeamLink blueTeam:Authorisation ; process:blueTeamLink blueTeam:TechnicalControls ; process:blueTeamLink blueTeam:AdministrativeControls ; process:employBehaviours behaviour:Countermeasure ; process:stageEncapsulatedWithinProcess instance:BPD_27E_CyberDefenceMaintainProcess . instance:EndBlockServiceProcessComplete rdf:type process:ProcessCompleteStage ; rdfs:comment "Block Service"^^xsd:string ; rdfs:label "Block Service"^^xsd:string ; relationship:toPrevent instance:CyberOperatorConnectionToC2NodeDecision ; process:blueTeamLink blueTeam:TechnicalControls ; process:blueTeamLink blueTeam:AdministrativeControls ; process:employBehaviours behaviour:Countermeasure ; process:stageEncapsulatedWithinProcess instance:BPD_27G_CyberDefenceRemediateProcess . instance:CyberOperatorEstablishedMaliciousServiceStage rdf:type process:ProcessStageEvent ; rdfs:comment "Established malicious service"^^xsd:string ; rdfs:label "Established malicious service"^^xsd:string ; process:employBehaviours behaviour:Breach ; process:employBehaviours behaviour:NetworkPropagationStagesTwoCyberIntrusion ; process:eventType metaOntology:Level01VirtualObjectEffect ; process:stageEncapsulatedWithinProcess instance:BPD_26F_CyberAttackExploitationProcess .

5.3 Tools, Queries and Visualisation

The BCEO consists of 31,115 triple objects. This creates a requirement for visualisation. Visualisation is achieved through WebVOWL, following conversion to a .json file in OWL2VOWL. WebVOWL is suitable for the visualisation of classes, properties and their relationships. An example of a depiction of the BCEO through WebVOWL is provided in Figure 74.

257

Cyberspace Weaponisation: Modelling Cyber-Effects and their Impacts on Mission Success, Human Factors and Kinetic Outcomes in the Tactical Land Combat Environment. Lieutenant Colonel David Ormrod.

Figure 74 - BCEO Visualisation in WebVOWL

258

Cyberspace Weaponisation: Modelling Cyber-Effects and their Impacts on Mission Success, Human Factors and Kinetic Outcomes in the Tactical Land Combat Environment. Lieutenant Colonel David Ormrod.

The visualisation of instances is not possible in WebVOWL. However, visualisation of classes, properties and relationships is possible, such as the screenshot in Figure 75.

Figure 75 - Screenshot of Entity Class in Webvowl

259

Cyberspace Weaponisation: Modelling Cyber-Effects and their Impacts on Mission Success, Human Factors and Kinetic Outcomes in the Tactical Land Combat Environment. Lieutenant Colonel David Ormrod.

The BCEO has also been displayed in Protégé, as depicted in Figure 76.

Figure 76 - Protege BCEO Class View

260

Cyberspace Weaponisation: Modelling Cyber-Effects and their Impacts on Mission Success, Human Factors and Kinetic Outcomes in the Tactical Land Combat Environment. Lieutenant Colonel David Ormrod.

261

Cyberspace Weaponisation: Modelling Cyber-Effects and their Impacts on Mission Success, Human Factors and Kinetic Outcomes in the Tactical Land Combat Environment. Lieutenant Colonel David Ormrod.

5.4 Ontological Design Review

The BCEO has been reviewed against Gruber’s design criteria (Gruber 1993). Gruber recommended that ontologies are reviewed against the following criteria:

• clarity; • coherence; • extensibility; • minimal encoding bias; and • minimal ontological commitment. These design criteria have been reviewed individually below.

5.4.1 Clarity

Definitions have been provided extensively throughout the ontology, including justifications and referencing. However, the author contends that many of the definitions utilised are not ‘objective’ as Gruber insists they should be. They depend on the domain from which they arise. For example, a computer in one context is hardware and in another context it is software. It is possible to break the definition down in many ways, but many of them will depend on the domain that is being explored and the view of the observer. Another example is the cyber-attack lifecycle, which has been described in different ways by Lockheed Martin and Mandiant. The ASD, MITRE Corporation and the CISSPBK all use different terms for similar activities. Gruber’s design criteria do not support the social constructivist view of this thesis. This issue is dealt with in the relationship domain, where an ontological relationship class allows for classes and properties to be related to one another. Rather than forcing multiple views to adhere to a single truth, the BCEO permits more than one truth, provided the relationship between terms is explicitly described. Gruber’s requirement for clarity remains, but not through a single truth.

262

Cyberspace Weaponisation: Modelling Cyber-Effects and their Impacts on Mission Success, Human Factors and Kinetic Outcomes in the Tactical Land Combat Environment. Lieutenant Colonel David Ormrod.

5.4.2 Coherence

The coherence and inferences possible within the BCEO have been tested in tools through Sparql queries and visualisation. The BCEO is coherent. The addition of the Stoic meta- ontology and the development of instances, use cases and Sparql queries all support the coherence of the BCEO.

5.4.3 Extensibility

The BCEO is extensible. The extensive domain structure and over 11,000 triple objects (including instances) means that the BCEO is optimised for extensibility. The author argues that the inclusion of subsistent objects, events and the constructivist epistemology means that this ontology has a greater capacity for extensibility than is normal.

5.4.4 Minimal encoding bias

The style of representation is not prescriptive within the BCEO, meaning that it suffers from limited encoding bias. The terms utilised have been justified wherever possible from doctrine, literature or bodies of knowledge such as the CISSPBK. The bias that does exist reflects accepted and known standards in the field of study.

5.4.5 Minimal ontological commitment

The BCEO has more ontological commitment than might otherwise be expected, because of the business processes described. However, the ‘minimum’ commitment is contextual and determined by the purpose of the ontology. Given the specific purpose of the BCEO, to support the establishment of relationships and the analysis of measures in a cross-domain field of study, the author contends that the BCEO has the minimal ontological commitment possible to describe such a complex problem space.

5.5 Chapter Five Summary

This chapter contributes to answering the research question by describing the relationships between tactical land combat, cyber-effects, human factors, mission success and kinetic outcomes. The ontology provides a conceptual structure for simulation and experimentation design. The next chapter builds upon this conceptual structure by identifying the requirements of the experiment and supporting simulation.

263

Cyberspace Weaponisation: Modelling Cyber-Effects and their Impacts on Mission Success, Human Factors and Kinetic Outcomes in the Tactical Land Combat Environment. Lieutenant Colonel David Ormrod.

This chapter contributes to the following SQs:

SQ1. What are the relationships between tactical land combat human factors and cyber- systems? The relationships between human factors and cyber-systems are established through the detailed cross-domain interstitial links throughout the BCEO. Specific models such as Endley’s SA are integrated into the BCEO. The BPD decision gates and the actor type with the decision rights for that gate are encoded within the BCEO. The nodes, networks, data storage and access privileges to digital systems are also described for a specific tactical land combat scenario. This provides a rich and detailed repository of human factors and cyber-system relationships, when combined with queries and use cases.

SQ2. What are the relationships between tactical land combat kinetic outcomes and cyber- systems? The BCEO does not calculate kinetic outcomes directly. However, the events and states associated with kinetic outcomes are represented. Business processes and domain- specific actions are also described. Therefore, the relationships between kinetic outcomes and cyber-systems are fully described.

SQ3. What are the relationships between cyber-effects and tactical land combat mission success? The BCEO describes the conditions for mission success and the development of missions from campaign plans, based upon the available resources and capabilities. Therefore, the relationships between mission success and cyber-systems are fully described.

SQ5. What broad mitigation strategies are available to reduce the mission impact of a cyber- effect? Specific mitigation strategies are described in the Blue Team sub-domain, which contains tactics, techniques and procedures underpinning the cyber-defence BPD. Resilience is established through BPDs catering for business continuity actions and uncertainty in digital system trust.

264

Cyberspace Weaponisation: Modelling Cyber-Effects and their Impacts on Mission Success, Human Factors and Kinetic Outcomes in the Tactical Land Combat Environment. Lieutenant Colonel David Ormrod.

Chapter Six - Requirements

265

Cyberspace Weaponisation: Modelling Cyber-Effects and their Impacts on Mission Success, Human Factors and Kinetic Outcomes in the Tactical Land Combat Environment. Lieutenant Colonel David Ormrod.

6. Chapter Six - Requirements

6.0 Chapter Six Introduction

The purpose of the requirements chapter is to define the requirements for the simulation tools, and to solve the specific research question outlined in the experimental plan. Figure 77 depicts the requirements component. This chapter contributes to answering the research question by specifying aspects of the problem space that should be represented within a simulation and the parameters that should be used to support experimentation.

Figure 77 - Requirements

6.1 Requirements Specification

The requirements specification identifies the critical requirements for the experimental model. As a simulation tool has not yet been selected, these requirements also support the decision on which tool to use for the experiment

6.1.1 Experimental Aim

The aim is to provide a replicable experimental model that incorporates the typical factors of tactical land combat, cyber-effects, mission success, human factors and kinetic outcomes. The experimental model must be suitable for further expansion in an open source development environment. Although it is unlikely to be sufficiently robust or complex to describe all the tactical combat processes relevant to cyber-effects, mission success, human factors and kinetic

266

Cyberspace Weaponisation: Modelling Cyber-Effects and their Impacts on Mission Success, Human Factors and Kinetic Outcomes in the Tactical Land Combat Environment. Lieutenant Colonel David Ormrod. outcomes in land combat, the experimental model is intended to provide insights and support understanding in that domain.

6.1.2 Simulation Goals

The simulation has six interrelated goals. These are described below.

6.1.2.1 Provide a description of the real world The simulation should provide a description of specific tactical combat scenarios. This includes consideration of terrain, environment, decision making and different weapon system properties in sufficient detail for their effects to be evaluated and measured.

6.1.2.2 Open source and replicable The conduct of replicable experiments is central to the scientific approach. There are few freely-available simulations which describe their source codes sufficiently to allow researchers to understand the relationship between simulation results and architecture. The simulation should be open source and available to all researchers.

6.1.2.3 Modular and extensible Modular development allows the simulation to be developed with increasing granularity. The simulation should be designed with the intention that increasing fidelity can be added where appropriate. The option to add different functionalities, and increase model fidelity, is central to the open source paradigm. It also gives the flexibility to build classified models or explore different research questions in the future (Davis 1995).

6.1.2.4 Suited to data farming The simulation should be capable of data farming. The time management function of the simulation must be designed to run faster than real time. A data collection function should be available to capture data for post-simulation analysis. The recording of events allows rapid comparison of simulation outcomes to events and the analysis of trends. The open nature of the simulation will provide future users with access to the underlying data model, which will be useful as new data requirements are identified for logging and measurement.

6.1.2.5 Capable of analysing the complex SOS interactions between tactical combat factors The simulation needs to attain a balance between simplicity and complexity. The simulation should seek to incorporate important tactical land combat environmental factors to identify the

267

Cyberspace Weaponisation: Modelling Cyber-Effects and their Impacts on Mission Success, Human Factors and Kinetic Outcomes in the Tactical Land Combat Environment. Lieutenant Colonel David Ormrod. relationships and interactions between them. Few models incorporate human factors, tactics, manoeuvre or measures across capabilities. However, these factors should be built into the simulation. This should be achieved in the simplest method possible provided it reveals insights into the identified factors.

6.1.2.6 Integrated with the underlying ontology The simulation should leverage the classes, properties and objects within the ontology. In the prototype version used for this thesis, this requirement will be maintained on a basic level. However, the long-term development of the simulation tool should have a tight link between the ontology and simulation. The ontological model describing the various domains should inform the simulation’s implementation.

6.1.3 Simulation objectives

The overall objective of the simulation is to describe tactical land combat with sufficient detail to allow the development of a model and a corresponding experimental simulation that leads to the collection of analysable data and new insights. The simulation has five subordinate aspects it seeks to model, each with their own specific objectives.

6.1.3.1 Tactical combat objective Tactical combat aims to efficiently and effectively degrade an adversary’s combat capabilities and achieve a specific goal as part of a broader operational and strategic objective. Ultimately, the objective is to defeat the adversary’s will to fight. Both suppression and attrition must be adequately represented and tactical action such as flanking should provide an advantage to the manoeuvring force. Direct fire combat simulation approaches include physics-based or Probability Hit and Probability Kill (PHPK) calculations (Army Materiel Systems Analysis Activity 2015).

6.1.3.2 Communication objective Networked architectures employ secure and integrated information services, configured for optimal effectiveness and efficiency.

6.1.3.3 C2 objective Commanders employ C2 cognitive processes to command and control forces in combat and defeat their adversary. The process of giving orders, receiving reports, updating SA and attempting to understand the enemy’s intent is part of the C2 process.

268

Cyberspace Weaponisation: Modelling Cyber-Effects and their Impacts on Mission Success, Human Factors and Kinetic Outcomes in the Tactical Land Combat Environment. Lieutenant Colonel David Ormrod.

6.1.3.4 Cyber-processes objective The cyber-attack process seeks to degrade C4ISR networks and the information carried on them, to reduce the effectiveness of the adversary. The cyber-defence process seeks to prevent the opposing force from compromising network and data objects, whilst retaining a minimum level of C4ISR services. The cyber-attack and cyber-defence processes require resources including skilled personnel and toolkits which may be organised into capabilities such as a CERT.

6.1.3.5 The effect of information deception on combat outcomes objective Information deception disrupts the adversary’s cognitive processes, and degrades their SA and tactical combat capability.

6.1.4 The Simulation Environment

The simulation environment describes specific environmental restrictions, constraints and opportunities that must be considered during the simulation design.

6.1.4.1 Unclassified Doctrine All doctrine used should be available on the internet, through open sources.

6.1.4.2 Time frames The model should represent a fictional snapshot in time. The equipment and doctrine should represent available open source doctrine and, therefore, may include elements of past states, or historical aspects, within its construct. Future and current states may also be represented, noting potential security restrictions.

6.1.4.3 The land combat environment The simulation should represent geography, threats, scenarios and tactics.

Geography The simulation should be designed to allow experimentation in a range of environments and geography. Terrain is critical to manoeuvre warfare and may influence the measures of success applied to communication systems and information dissemination across the combat network. Therefore, the simulation should develop a detailed three-dimensional virtual terrain of sufficient size to enable manoeuvre, whilst seeking to ensure that the terrain does not lead to an overly complicated physical model that impacts repeatability or performance. Weather effects will not be represented.

269

Cyberspace Weaponisation: Modelling Cyber-Effects and their Impacts on Mission Success, Human Factors and Kinetic Outcomes in the Tactical Land Combat Environment. Lieutenant Colonel David Ormrod.

Terrain has an impact on mobility, camouflage, sensor ranges, weapon effects and tactics (Tolk, 2012). For groups, terrain affects the broader tactics and manoeuvre options available to a force. The combination of elevation and vegetation create manoeuvre corridors, dead ground and high ground. A force’s dispersal and concealment within the terrain is an effective countermeasure against long-range precision fire (Davis, Bigelow, & McEver 2000). Terrain has a significant impact on direct fire. Terrain limits mobility. Restrictions to specific routes reduce the dimensionality of the problem, increasing the time required for dispersed forces to transit. Multiple axes of advance reduce force density without sacrificing the time taken to move across terrain (Davis, Bigelow, & McEver 2000).

Threat To ensure that measures of success are not compromised by creating unfairly matched blue and red forces, the organisational structures and entity types (including their properties and weapons) are equivalent for both sides. This approach ensures that any observed differences are not due to the kinetic advantages available to either side. However, additional capabilities are provided to some experimental scenarios to allow the comparison of force ratios and their impact on the identified measures of success.

Scenarios The simulation should be based on a platoon to battalion-level tactical combat scenario which includes OS capabilities. Mission profiles, ORBAT and terrain are three methods of differentiating the scenarios.

Tactics

The simulation should include basic tactical functions, such as commander decisions on force ratios, suppression, fire and movement, and flanking. These tactical functions play a critical role in combat. The simulation should expose “…enemy vulnerabilities to the massed effects of friendly combat power. A commander employs his elements of combat power in symmetrical and asymmetrical ways so as to attain positional advantage over an enemy and be capable of applying those massed effects” (Department of Defense 2001a). Squads, pairs, platoons, troops, companies, squadrons, combat teams, battalions and battlegroups all utilise different tactics depending on their roles, weapon systems and assigned missions. Tactics can be described as BPDs and supported by rule sets which are applied by agents depending on their roles. Example rule sets include force ratios and breakpoints. Properties are utilised to support these rules, such as combat power values.

270

Cyberspace Weaponisation: Modelling Cyber-Effects and their Impacts on Mission Success, Human Factors and Kinetic Outcomes in the Tactical Land Combat Environment. Lieutenant Colonel David Ormrod.

• Force Ratios.

Entities are not concerned with force ratios. However, squad commanders and above will calculate force ratios based on their SA. Force ratios are used to determine if an organisation can perform its mission or if it should perform an alternative action. Force ratios are calculated using combat power values, aggregated by organisation.

• Breakpoints.

There are a number of factors that contribute to a unit becoming ineffective and no longer being able to contribute to the mission. Traditionally, breakpoints are represented by a percentage of casualties. However, “the statement that a unit can be considered no longer combat effective when it has suffered a specific casualty percentage is a gross oversimplification not supported by combat data” (Clark 1954, p. 3). Regardless of the calculation employed, the simulation should incorporate the effectiveness of organisations and their efforts to survive. Ineffective units may still fight but they will withdraw towards a defendable position or the objective (in a defensive mission). Simulations that consistently allow a single soldier to fight against overwhelming odds until they are killed do not generally accord with history or practice.

Messages

• Reports and returns process.

The Reports and Returns process reflects the methodology applied by Army tactical forces to transmit information up the hierarchy in a standard format. Reports and Returns are sent when specific triggers occur. The Reports and Returns process is described in FM101-5-2 (Department of Defense 2007). Reports and Returns have been incorporated into the Coalition Battle Management Language (C-BML) (Simulation Interoperability Standards Organization 2014). The development of reports and returns standards and their requirements have been discussed in Schade & Hieb (2007) and Pullen et al. (2009). Reports and Returns are associated with specific message types, such as Contact Reports.

• Orders process

The Orders process reflects the methodology applied by Army tactical forces to transmit information down the hierarchy in a standard format. The Orders process is described in STANAG 2287 LO (EDITION 1). Orders have been incorporated into the Coalition Battle Management Language (C-BML) (Simulation Interoperability Standards Organization 2014).

271

Cyberspace Weaponisation: Modelling Cyber-Effects and their Impacts on Mission Success, Human Factors and Kinetic Outcomes in the Tactical Land Combat Environment. Lieutenant Colonel David Ormrod.

The development of orders standards and their requirements have been discussed in Carey et al. (2001), Schade & Hieb (2006) and Kleiner et al. (1998).

6.2 Use Case Artefacts

6.2.1 Tactical Land Combat Broad Experimental Scenario/Use Case

The high level concept graphic depicted in Figure 78 provides a broad scenario which acts as a use case for the experiment (Department of Defense 2010). The Blue Force side sends an electronic order to one of its manoeuvre elements, an Armoured Personnel Carrier (APC) platoon, to seize Objective (OBJ) 1. The Blue Force Battalion Headquarters (BHQ) commander has identified OBJ 1 and allocated resources to its capture, based on the predefined mission parameter for this terrain, which specifies that geographic feature as key terrain.

The Blue Force APC platoon orders an APC squad to seize OBJ 1 whilst another APC squad from the platoon provides flanking support. The Blue Force APC squad secures OBJ 1 and sends a report to the Blue Force APC platoon commander notifying of the capture of OBJ 1. The Blue Force platoon commander sends a report on the C4ISR system to the Blue Force BHQ that OBJ 1 has been secured. This message does not send over the network, as a Red Force side CEMO CNO team attempts a DoS attack. The Blue Force side Joint Fire Team (JFT) detects a target which has been previously identified as a HVT suitable for engagement by OS assets. The JFT sends a fire mission request. The fire mission request is received at the Joint Fire Coordination Centre (JFCC) which approves the fire mission and sends a message to the gun battery.

The approved fire mission is received by the gun battery who fire an artillery fire mission. Kinetic damage occurs from the artillery fire and results in damage to the Red Force entities. The Blue Force side JFT performs a Battle Damage Assessment (BDA) and sends a message notifying the Blue Force BHQ of the damage inflicted on Red forces. The Blue Force BHQ attempts to track known Red Force resources and uses this to plan its action.

272

The concept is a simulated land tactical

40 combat environment with objectives, resources, orders and communications using an ontology of domains. 30 6 OBJ Blue Force BHQ orders blue squad to seize 2 1 OBJ 1. 20

2 Blue Force entities report seizure of OBJ 1. 10 1 2 OBJ 1 Message transmission denied by Red Force 1 2 cyber attack. 0 3 3 JFT sends message requesting fire mission. 10

Red Force cyber attack fails to compromise 2

20 JFT node to change fire mission data.

Fire mission request received and approved 4

30 by JFCC. 4 1 5

40 5 Approved fire mission fired by artillery.

6 Artillery fire damages red entities. Blue Force 50km

50km 40 30 20 10 0 10 20 30 40 50km performs BDA.

Legend

Command Command Offensive Support Armoured Personnel Blue Force Event Red Force Event M1A1 Tank Joint FireTeam Blue Force Objective Node Post Self Propelled Gun Carrier

Figure 78 - High Level Concept Graphic

6.2.2 Use Cases

The experimental user is a single use case depicted in Figure 79, which exists in the real world. This use case identifies the parameters that will be referred to as experimental factors, described in Section 8.3.1. These parameters will allow different experiments to investigate the impact of interacting variables in the tactical land combat environment.

273

Cyberspace Weaponisation: Modelling Cyber-Effects and their Impacts on Mission Success, Human Factors and Kinetic Outcomes in the Tactical Land Combat Environment. Lieutenant Colonel David Ormrod.

Figure 79 - Experimental User Use Case

Use cases have been developed for the simulation actors. These are depicted in Figure 80.

274

Cyberspace Weaponisation: Modelling Cyber-Effects and their Impacts on Mission Success, Human Factors and Kinetic Outcomes in the Tactical Land Combat Environment. Lieutenant Colonel David Ormrod.

Figure 80 - Simulation Actor Use Cases

275

Cyberspace Weaponisation: Modelling Cyber-Effects and their Impacts on Mission Success, Human Factors and Kinetic Outcomes in the Tactical Land Combat Environment. Lieutenant Colonel David Ormrod.

6.2.3 User Roles

“A user role is a collection of defining attributes that characterise a population of users and their intended interactions with the system” (Cohn 2004, p. 32). The following section outlines each user role pertinent to the tactical land combat environment.

276

Cyberspace Weaponisation: Modelling Cyber-Effects and their Impacts on Mission Success, Human Factors and Kinetic Outcomes in the Tactical Land Combat Environment. Lieutenant Colonel David Ormrod.

6.2.3.1 Joint Fire Team (JFT) 6.2.3.3 Joint Fire Coordination Centre

PRP4 Vehicle (JFCC)

Tent - JFCC ROLE: Coordinate Offensive Support COMMS: VHF & UHF Radio 6 x Fire Control Laptop FUNCTION: Joint Fire Coordination Centre

Behaviours • Approves fire missions • Unable to move • Manages fire mission queue • Unable to fight • Sends approved fire mission to OS Battery

Characteristics Combat power: 0 Mobility: Nil Occupant capacity assigned by instance

6.2.3.2 Joint Fires Operator 6.2.3.4 OS Battery M109 (Artillery)

Person - Joint Fires Operator SP155 ROLE: Call for Offensive ROLE: Provide Offensive Support Support COMMS: Nil COMMS: VHF & UHF Radio Fire Control FUNCTION: Joint Fire Team Laptop FUNCTION: Fire Support

CREW: 3 PASSENGERS: 0

Behaviours Behaviours • Occupy PRP4 • Creates fire missions • Receives approved fire • Capable of indirect • User of communication missions from the JFCC engagement devices • Engages targets with indirect • Capable of direct fire- • Authorised to call for fire fire support • Capable of movement

Characteristics Characteristics Weapon: 5.45mm AK74 Pers Mobility: Person Weapon: 155mm Gun Turret Mobility: Tracked Ground Ammo: 5.45mm Ball Loose Speed: 8 Ammo1: 20rds 155mm M712 Speed: 60 Combat power: 0.05 Power: False Copperhead Fuel Capacity: 250 Sensor1: Naked Eye Ammo2: 50rds 155mm M107 HE Fuel Consumption: 0.5 Sensor2: Ear Ammo3: 20rds 155mm M110 Fuel Type: Diesel Smoke Power: True Combat power: 4.13 Sensor: Sp155 Commander

277 Cyberspace Weaponisation: Modelling Cyber-Effects and their Impacts on Mission Success, Human Factors and Kinetic Outcomes in the Tactical Land Combat Environment. Lieutenant Colonel David Ormrod.

6.2.3.5 BRDM2 (Recon) 6.2.3.7 M113APC (Carrier)

BRDM2 M113A1APC ROLE: Reconnaissance ROLE: Mobility

COMMS: VHF & UHF Radio COMMS: VHF & UHF Radio C2 Laptop C2 Laptop

FUNCTION: Reconnaissance FUNCTION: Armoured Personnel Carrier CREW: 3 CREW: 3 PASSENGERS: 6 PASSENGERS: 6 Behaviours Behaviours • Avoid decisive engagement • Establish OP • Carries mechanised infantry • Avoid anti-tank and heavy • Conduct reconnaissance • Communicate with BRM3K- troops weapons • Use concealed routes • May seek decisive • Seek high ground engagement

Characteristics Characteristics Weapon: 50cal M2HB Coax Mobility: Wheeled Amphibious Weapon: 50cal M2HB Coax Mobility: Tracked Ground Ammo1: 1000rds 50cal Belt Speed: 60 Ammo1: 1000rds 50cal Belt Speed: 60 Ammo2: 1000rds 50cal Slap Fuel Capacity: 250 Ammo2: 1000rds 50cal Slap Fuel Capacity: 250 Combat power: 2.96 Fuel Consumption: 0.5 Combat power: 2.76 Fuel Consumption: 0.5 Sensor: Recon Turret Fuel Type: Diesel Sensor: Naked Eye Fuel Type: Diesel Power: True Power: True

6.2.3.6 M113A1C (Command) 6.2.3.8 BRM3K (Recon)

M113A1C ROLE: Command

COMMS: VHF & UHF Radio C2 Laptop

FUNCTION: Armoured Command Vehicle CREW: 3 PASSENGERS: 0 Behaviours • Communicate with CP • Command mechanised infantry troops

Characteristics Weapon: 50cal M2HB Coax Mobility: Tracked Ground Ammo1: 1000rds 50cal Belt Speed: 60 Ammo2: 1000rds 50cal Slap Fuel Capacity: 250 Combat power: 2.76 Fuel Consumption: 0.5 Sensor: Naked Eye Fuel Type: Diesel Power: True

278

Cyberspace Weaponisation: Modelling Cyber-Effects and their Impacts on Mission Success, Human Factors and Kinetic Outcomes in the Tactical Land Combat Environment. Lieutenant Colonel David Ormrod.

6.2.3.9 Tank M1A1 (Armour) 6.2.3.11 Commander M1A1 Person - Commander ROLE: Provide shock Commander action ROLE: COMMS: VHF & UHF Radio COMMS: C2 Laptop Nil

FUNCTION: Armour FUNCTION: Commander CREW: 3 PASSENGERS: 0

Behaviours Behaviours • Fast and mobile • Prioritise enemy tanks • Heavy armour • Issues orders to organisational level • Seek decisive engagement • Receive reports and returns (decision rights)- • Makes decisions appropriate • Prioritise anti-tank weapons

Characteristics Characteristics Weapon1: 120mm M256 Turret Mobility: Tracked Ground Mobility: Person Weapon2: 50cal M2HB Coax Speed: 60 Weapon: 5.45mm AK74 Pers Speed: 8 Ammo1: 1000rds 50cal Belt Fuel Capacity: - Ammo: 5.45mm Ball Loose Combat power: 0.05 Power: False Ammo2: 1000rds 50cal Slap Fuel Consumption: - Ammo3: 120mm HEAT Fuel Type: Diesel Sensor1: Naked Eye Combat power: 15 Power: True Sensor2: Ear Sensor: Tank Turret

6.2.3.10 Command Post 6.2.3.12 Vehicle Crewman Tent – Command Post Person – Vehicle Crewman ROLE: Command ROLE: Crewman

COMMS: VHF & UHF Radio 6 x C2 Laptops COMMS: Nil

FUNCTION: Command Tent FUNCTION: Crewman

Behaviours Behaviours • Command all combat forces • Unable to move • Issue orders through the • Unable to fight • Operates vehicle chain of command • Only dismounts when vehicle • Utilise commander decision is ineffective rights

Characteristics Characteristics • Combat power: 0 • Mobility: Nil Weapon: 5.45mm AK74 Pers Mobility: Person • Occupant capacity assigned Ammo: 5.45mm Ball Loose Speed: 8 by instance Combat power: 0.05 Power: False Sensor1: Naked Eye Sensor2: Ear

279

Cyberspace Weaponisation: Modelling Cyber-Effects and their Impacts on Mission Success, Human Factors and Kinetic Outcomes in the Tactical Land Combat Environment. Lieutenant Colonel David Ormrod.

6.2.3.13 Cyber-Operator 6.2.3.15 Rifleman Mechanised

Person – Cyber Operator Person – Rifleman Mechanised ROLE: Cyber Operator ROLE: Infantry

COMMS: Cyber Laptop COMMS: Nil

FUNCTION: Cyber FUNCTION: Rifleman Mechanised

Behaviours Behaviours • Conduct cyber operations • Require toolset to • Seeks decisive engagement • May have cyber attack attack/defend network • Prioritises life forms and/or cyber defence skills • Requires device to access network

Characteristics Characteristics Weapon: 5.45mm AK74 Pers Mobility: Person Weapon: 5.45mm AK74 Pers Mobility: Person Ammo: 5.45mm Ball Loose Speed: 8 Ammo: 5.45mm Ball Loose Speed: 8 Combat power: 0.05 Power: False Combat power: 0.05 Power: False Sensor1: Naked Eye Sensor1: Naked Eye Sensor2: Ear Sensor2: Ear

6.2.3.14 Gunner Mechanised 6.2.3.16 Anti-Tank Mechanised

Person – Gunner Mechanised Person – Anti Tank Mechanised ROLE: Infantry ROLE: Infantry

COMMS: Nil COMMS: Nil

FUNCTION: Rifleman Gunner FUNCTION: Rifleman Mechanised Mechanised Anti Tank

Behaviours Behaviours • Seeks decisive engagement • Seeks decisive engagement • Seeks high ground • Prioritises armoured weapon • Prioritises life forms and soft platforms and vehicles skinned vehicles

Characteristics Characteristics Weapon 7.62mm PKM Bipod Mobility: Person Weapon: 40mm RPG Mobility: Person Ammo: 7.62mm Ball Link Speed: 8 Ammo: 40mm Dual-Warhead Speed: 8 Combat power: 0.05 Power: False 105mm Power: False Sensor1: Naked Eye Combat power: 0.05 Sensor2: Ear Sensor1: Naked Eye Sensor2: Ear

280

Cyberspace Weaponisation: Modelling Cyber-Effects and their Impacts on Mission Success, Human Factors and Kinetic Outcomes in the Tactical Land Combat Environment. Lieutenant Colonel David Ormrod.

6.2.4 Epics

Epics form a high level overview of key functionality and design elements (Cohn 2004). Epics are further decomposed into user stories.

Epics 1. An experimental user can conduct tactical combat cyber simulation experiments. 2. A JFT can call for offensive support on identified targets. 3. A JFCC can approve, prioritise and allocate offensive support missions to gun batteries or aircraft. 4. A gun battery can produce a combat effect through an indirect barrage. 5. A Battalion Commander can update the COP and receive the overall mission. 6. A Global Commander can make decisions on behalf of one or more organisations it commands and issue orders so that combat is coordinated between elements. 7. A Local Commander can make decisions and issue orders to other Local Commanders or entities so that decisions are provided to relevant elements. 8. An entity can sense, engage, move and communicate with other entities. 9. A Red Force can attack confidentiality, integrity or availability. 10. A Blue Force can defend a network and respond to a cyber system alert. Table 12 - Summary of Epics

281 Cyberspace Weaponisation: Modelling Cyber-Effects and their Impacts on Mission Success, Human Factors and Kinetic Outcomes in the Tactical Land Combat Environment. Lieutenant Colonel David Ormrod.

6.2.5 User Stories

User stories describe finite functionality requirements. The following section outlines the individual user stories, which inform design and development decisions.

6.2.5.1 Experimental User User Story – Experimental User 1. An experimental user can allocate an order of battle. 2. An experimental user can load terrain for a specified area including topographic and vegetation information. 3. An experimental user can load a mission and additional data to the terrain, specific to the experiment. 4. An experimental user can conduct experiments using Nearly Orthogonal Latin Hypercubes. 5. An experimental user can analyse and mine experimental data.

Table 13 - User Story - Experimental User

6.2.5.2 JFT User Story – JFT 1. A JFT can identify a target for indirect support so that OS can be directed onto suitable targets. 2. A JFT can input a Call for Fire into a computer so that it is transmitted on the network. 3. A JFT can request indirect support from an artillery battery so that a fire mission occurs. 4. A JFT can request indirect support from close air support so that a close air support mission occurs. Table 14 - User Story - JFT

6.2.5.3 JFCC User Story – JFCC 1. A JFCC can receive a Call for Fire message so that it can manage the request. 2. A JFCC can approve offensive support requests from JFTs so that a fire mission or close air support mission can occur.

282

Cyberspace Weaponisation: Modelling Cyber-Effects and their Impacts on Mission Success, Human Factors and Kinetic Outcomes in the Tactical Land Combat Environment. Lieutenant Colonel David Ormrod.

User Story – JFCC 3. A JFCC can deny OS requests from JFTs so that inappropriate targets are not engaged and finite OS resources are managed. 4. A JFCC can conduct a safety de-confliction so that friendly elements are not incorrectly engaged by indirect fire. 5. A JFCC can allocate OS to a target identified by a JFT so that resources can be assigned. 6. A JFCC can cancel OS and notify both the JFT and the supporting asset of the cancellation so that resources can be reallocated to other tasks. 7. A JFCC can manage a fire mission queue so that targets are prioritised when there are multiple fire support requests. 8. A JFCC can assign and change priorities for fire missions in its queue as additional information becomes available so that approvals are managed and based on SA. Table 15 - User Story – JFCC

6.2.5.4 Gun Battery User Story – Gun Battery 1. A Gun Battery can engage other entities with indirect fire so that an effect on target occurs. 2. A Gun Battery can receive approved fire mission requests so that it aligns to JFCC priorities and approvals. 3. A Gun Battery can perform gun drills so that an indirect salvo can be fired at a target. 4. A Gun Battery can fire a barrage of indirect munitions at an allocated target so that an OS request is completed and leads to a combat outcome. 5. A Gun Battery can consume ammunition and be re-supplied as resources are finite and require management. 6. A Gun Battery has an effect on target so that a combat result occurs. Table 16 - User Story - Gun Battery

283

Cyberspace Weaponisation: Modelling Cyber-Effects and their Impacts on Mission Success, Human Factors and Kinetic Outcomes in the Tactical Land Combat Environment. Lieutenant Colonel David Ormrod.

6.2.5.5 Commander User Story – Commander 1. A Commander applies controls to subordinate organisations and entities. 2. A Battalion Commander can update the COP so that other entities have SA of the battlefield. 3. A Battalion Commander receives the overall mission for the experience and issues commands to subordinate Commanders. 4. A Commander can make decisions on behalf of one or more organisations it commands so that combat is coordinated between elements. 5. A Commander can issue orders to other Commanders and entities so that decisions are provided to relevant elements. 6. A Commander can conduct an appreciation of the environment affecting one or more organisations so that decisions can be made about the tactics to be employed by those organisations collectively. 7. A Commander can make a tactical decision on behalf of organisations it commands so that they have objectives and tasks assigned. 8. A Squad, Fire Team or Pair Commander can use voice locally to coordinate so that it can maintain communications with the entities in the organisation it commands despite cyber-attacks. Table 17 - User Story – Commander

6.2.5.6 Entity User Story – Entity 1. An Entity can detect other entities so that they can interact. 2. An Entity can identify an entity as a target so that it can engage it with an appropriate weapon system. 3. An Entity can check the sides of other entities to determine if they are a threat. 4. An Entity can orientate itself relative to a target so that it can increase its probably of survival if engaged. 5. An Entity can conduct an appreciation of nearby threats to determine the appropriate action so that the entity can react appropriately. 6. An Entity can determine the optimal path based on a location provided as a destination so that it can navigate to an objective.

284

Cyberspace Weaponisation: Modelling Cyber-Effects and their Impacts on Mission Success, Human Factors and Kinetic Outcomes in the Tactical Land Combat Environment. Lieutenant Colonel David Ormrod.

User Story – Entity 7. An Entity can login to a user profile so that it can access system privileges. 8. An Entity can read a message so that it can determine if it needs to action it. 9. An Entity can respond to orders sent from a Commander so that it can respond collectively with other entities. 10. An Entity can engage other entities with direct fire so that an effect on target occurs. 11. An Entity can prioritise competing targets so that the highest threat is engaged first. 12. An Entity can coordinate fire with other entities so that threats are engaged most efficiently. 13. An Entity can report its status so that reports and returns are provided appropriately to other entities. 14. An Entity can communicate with other entities so that messages are passed between them. Table 18 - User Story - Entity

6.2.5.7 Red Force User Story – Red Force 1. A Red Force can conduct a cyber-attack so that confidentiality, integrity or availability is affected. 2. A Red Force can manipulate data to create a kinetic effect or degrade an adversary’s SA. Table 19 - User Story - Red Force

6.2.5.8 Blue Force User Story – Blue Force 1. A Blue Force can respond to a cyber system alert so that confidentiality, integrity or availability is preserved. 2. A Blue Force can maintain networks and systems to reduce the likelihood of a successful attack and/or increase the risk and cost for an attacker. Table 20 - User Story - Blue Force

6.2.6 Organisations

Organisations are described through Orders of Battle (ORBAT). Various organisations will be task organised together to form an ORBAT. Therefore, an ORBAT will generally consist of

285

Cyberspace Weaponisation: Modelling Cyber-Effects and their Impacts on Mission Success, Human Factors and Kinetic Outcomes in the Tactical Land Combat Environment. Lieutenant Colonel David Ormrod. combined arms assets, bringing complementary capabilities together. ORBATs with different capabilities should be compared, to reflect the heterogeneous nature of combat. Relying on a homogenous model does not allow the tactical mix of capabilities to be demonstrated. Specific weapon systems are ideally suited to the destruction of some platforms. Homogenous models lack this feature, which negates much of the tactical manoeuvre necessary to protect specific assets from their corresponding threats.

286

Cyberspace Weaponisation: Modelling Cyber-Effects and their Impacts on Mission Success, Human Factors and Kinetic Outcomes in the Tactical Land Combat Environment. Lieutenant Colonel David Ormrod.

6.2.7 Capabilities

“Capability is the capacity or ability to achieve an operational effect... A capability is provided by one or more systems, and is made up of the combined effect of multiple inputs” (Commonwealth of Australia 2014a, p. 2). The mission capabilities described below and depicted in Figure 81 are heavily modified from the Battlespace Operating Systems (BOS) and warfighting functions in US Army doctrine. The modifications have sought to simplify these functions into capabilities that can be linked to measurable impacts on mission success. In addition, some capabilities and BOS have been considered to be beyond the scope of this thesis.

Mission Capabilities Combat Capabilities Supporting Capabilities

Detection Communication

Command and Reconnaissance Control

Manoeuvre Cyber

Combat Power Out of Scope

Direct Fire Logistics

Offensive Support Engineering

Intelligence

Figure 81 - Mission Capabilities

287

Cyberspace Weaponisation: Modelling Cyber-Effects and their Impacts on Mission Success, Human Factors and Kinetic Outcomes in the Tactical Land Combat Environment. Lieutenant Colonel David Ormrod.

6.2.7.1 Combat Capabilities Combat capabilities have a direct effect on combat outcomes.

Detection Detection refers to the capability to sense, identify, track and target enemy assets, using a variety of sensors.

Reconnaissance The reconnaissance (recon) capability refers to the gathering of information on the battlespace and the adversary. Reconnaissance includes probing, screening and observing identified areas of interest and key terrain. Reconnaissance combines aspects of detection and manoeuvre, to enhance C2 and maximise combat power. Reconnaissance encompasses the ISR capabilities available to a commander. Reconnaissance tasks assist in the collection of information about the battlespace. The location and disposition of enemy forces and the location of specific terrain objects are discoverable through recon. The recon task will result in elements seeking out key terrain and likely enemy positions for observation.

Manoeuvre

Manoeuvre is the capability to combine firepower and mobility to gain an advantage. It maximises the impact of combat power by striking the enemy at a time and place of the commander’s choosing. Each entity has a maximum speed but it will rarely travel at that speed. The squad leader will instead moderate the speed of the entities within the squad by specifying restraints, depending on spacing and the tactical situation (such as the threat assessment and task urgency). Helmbold’s investigation of advance rates has informed the development of the organisational behaviours influencing movement rates. Each entity can move at its maximum speed, minus terrain restrictions. However, the squad commander will moderate this speed based on the requirement for overwatch, spacing and tactical considerations. The average battalion timings on achieving the objective are twice the speed possible for personnel on foot (Helmbold 1995).

288

Cyberspace Weaponisation: Modelling Cyber-Effects and their Impacts on Mission Success, Human Factors and Kinetic Outcomes in the Tactical Land Combat Environment. Lieutenant Colonel David Ormrod.

6.2.7.2 Combat Power Combat power arises from the combined direct fire and OS engagement capabilities of weapon platforms on the battlefield.

Direct Fire

The direct fire (DF) capability refers to the ability to target and engage local enemy assets with DF weapon systems. It includes the identification of an object as a target, the prioritisation of multiple targets based on available ammunition and the engagement of targets with munitions. DF may provide both a destructive (attrition) and suppressive effect on the target. Flanking positions are “…a geographical location on the flank of a force from which effective fires can be placed on that flank. An attacking commander manoeuvres to occupy flanking positions against a defending force to place destructive fires directly against enemy vulnerabilities. A defending commander manoeuvres to occupy flanking positions on the flanks of a hostile route of advance for the same reason” (Department of Defense 2001a, pp. 2-8). Combat requires the coordinated use of combined arms teams employing different combat capabilities such as armour, artillery and mechanised infantry to greater effect than the sum of their constituent parts could. Combined arms team coordination requires command and communication (Talmadge 2013).

Offensive Support

OS is the capability to target and engage enemy assets at distance, using indirect fire and aircraft, coordinated with local airspace. It may provide both a destructive (attrition) and suppressive effect on the target. The OS process describes the engagement of entities through indirect fire weapons and precision air strikes (artillery and air strike) but it does not calculate damage or other effects. OS includes the use cases of: call for fire, fire mission approval, queueing and assigning targets to OS assets. When a salvo is fired or an air strike conducted, the OS process ends and a new process is automatically triggered. The detailed mechanics of firing and damage assessment are dealt with in the IDF engagement process. A detailed simulation model is provided in Starner (1979) which, despite its age, accurately reflects the OS process within a simulation framework. The subsequent digitisation of this process with the Advanced Field Artillery Tactical Data System (AFATDS) test bed is described in James et al. (2000). The OS process is described in detail within a patent for an artillery fire control system (Wright & Bradley 2007).

289

Cyberspace Weaponisation: Modelling Cyber-Effects and their Impacts on Mission Success, Human Factors and Kinetic Outcomes in the Tactical Land Combat Environment. Lieutenant Colonel David Ormrod.

6.2.7.3 Supporting Capabilities Supporting capabilities have an indirect effect on combat outcomes.

Communication Communication capability refers to voice and interconnected C4ISR systems which provide communication between commanders, sensors and C2 hubs. Communication can be represented by networks. However, the network must include an integration with the physical domain, allowing destroyed equipment to subsequently degrade communication efforts.

Command and Control The Command and Control (C2) capability refers to the decision making, SA and leadership processes that provide C2 on the battlefield. Optimally, C2 enables simultaneous tactical actions, utilising manoeuvre and fire to overwhelm an adversary (Flaherty 2007). It requires communication, either through voice, analogue or digital means. Both SA and agent decision making are critical to the C2 process, which will encompass different decision rights throughout the chain of command. Decision rights refers to the hierarchical structure which provides stability, predictability and control to the diverse military capabilities which must fight together in a coordinated fashion. A key component that emerged from the interviews in Section 4.1 was the trained inference applied by experienced decision makers as part of the consideration of enemy intent. Enemy intent reflects the adversarial nature of combat. Military forces do not just apply the most obvious, rapid or lowest-resource option in every scenario. They must deal with the uncertainty and unpredictability created by a human will that seeks to undermine their plans and kill them. This factor has been considered in game and decision theory.

290

Cyberspace Weaponisation: Modelling Cyber-Effects and their Impacts on Mission Success, Human Factors and Kinetic Outcomes in the Tactical Land Combat Environment. Lieutenant Colonel David Ormrod.

Cyber The Cyber-capability refers to the defensive and offensive capabilities to support, degrade and deny supporting C4ISR systems on the battlefield. Examples of cyber-attack risks on other capabilities are depicted in Figure 82.

Figure 82 - Mission Capability and Cyber-Attack Risks

6.3 Chapter Six Summary

The chapter has described the requirements of a simulation tool for describing the tactical land combat environment, mission success, human factors and kinetic outcomes. These are necessary to analyse the relationship and measures associated with cyber-effects. The mission, goal and objective of the simulation tool have been explained as requirements. Use cases, user roles, epics, user stories, organisations and capabilities that should be represented within the tool are all described as use case artefacts. These requirements and artefacts will be used in the next chapter to consider the tools available for use, and to analyse their utility relative to the problem space.

291

Cyberspace Weaponisation: Modelling Cyber-Effects and their Impacts on Mission Success, Human Factors and Kinetic Outcomes in the Tactical Land Combat Environment. Lieutenant Colonel David Ormrod.

Chapter Seven – Tool Analysis and Selection

292

Cyberspace Weaponisation: Modelling Cyber-Effects and their Impacts on Mission Success, Human Factors and Kinetic Outcomes in the Tactical Land Combat Environment. Lieutenant Colonel David Ormrod.

7. Chapter Seven - Tool Analysis and Selection

7.0 Chapter Seven Introduction

This chapter provides an analysis of the available simulation tools and assesses their suitability for modelling the problem space, based on the requirements and artefacts developed so far. This stage of the BICKE method is depicted in Figure 83. This chapter contributes to answering the research question by conducting a quantitative experiment to compare existing simulations and a qualitative comparison of available simulations. Finally, a tool decision is made.

Figure 83 - Tool Analysis and Selection

The following peer-reviewed paper, written by the author, has contributed to this chapter:

Ormrod, D and Turnbull, B 2016. ‘Attrition Rates and Manoeuvre in Agent Based Simulation Model’s. Journal of Defence Modelling and Simulation [Peer-reviewed, published].

http://journals.sagepub.com/doi/pdf/10.1177/1548512917692693

293

Cyberspace Weaponisation: Modelling Cyber-Effects and their Impacts on Mission Success, Human Factors and Kinetic Outcomes in the Tactical Land Combat Environment. Lieutenant Colonel David Ormrod.

7.1 Tools for Consideration

This thesis considers three different classes of combat simulations; constructive simulations, serious games and agent based distillations. There are various simulations within each of these classes. Although the evaluation only considers a limited selection from each type of simulation it provides an insight into the benefits and detriments of them in relation to the simulation criteria of the problem this thesis addresses. The variety of agent-based combat simulation models is extensive. The Enhanced ISAAC Neural Simulation Toolkit (EINSTein) (Christopher & Kai 2008; Klingaman & Carlton 2002), Map Aware Non-Uniform Automata- Vector (MANA-V) (Lauren & Stephen 2002a) and the Conceptual Research Oriented Combat Agent Distillation Implemented in the Littoral Environment (CROCADILE) (Barlow & Easton 2002) represent a Complex Adaptive Systems (CAS) approach to simulating the modern combat environment (Ilachinski 2004; Barlow & Easton 2002; Lauren & Stephen 2002a). Other simulations include JANUS (Berzins 1999) and One Semi-Automated Forces (OneSAF) (Wittman & Surdu 2005). In contrast to constructive military simulations, serious games lack fidelity and substitute visual experience at the expense of the realism of the underlying combat models. Serious games are employed to identify alternative plans and evaluate their consequences (Abt 1987), usually with a more direct interaction between the simulation system and the training audience. How the comparison of realism is achieved, and where the line exists between simulation and serious game, is not readily apparent. For example, the implementation of terrain modelling differs between systems (McKeown et al. 2010). However, serious games have been applied to military training activities in a variety of contexts (Roman & Brown 2007; Bogatinov et al. 2012; van der Hulst 2013). For the purpose of this thesis, serious games will be included as simulations on the basis that they are used for training and experimentation across a variety of national military forces. The first assessment criteria applied to all simulations was their availability. If a copy of the simulation (executable) could not be obtained, it was not assessed further. Of the simulations which were obtained by the author, a qualitative assessment was conducted. Although executable versions of these simulations were available to the author, this did not mean that source code was available. The following simulation tools were considered; OneSAF v5.0 International Unclassified, VBS v3.4, SteelBeasts Professional Personal Edition v2.443 ANZAC, and MANA-V.

294

Cyberspace Weaponisation: Modelling Cyber-Effects and their Impacts on Mission Success, Human Factors and Kinetic Outcomes in the Tactical Land Combat Environment. Lieutenant Colonel David Ormrod.

7.1.1 One Semi-Automated Forces (OneSAF) v5.0 International Unclassified.

OneSAF is an unclassified, internationally-distributed version of the constructive simulation developed by the United States Program Executive Office for Simulation, Training and Instrumentation (PEOSTRI). OneSAF has been under development in differing guises since the 1990s. OneSAF’s architecture and development through modular and agile development spirals led to an international release, which was an unclassified variation of the US domestic system. OneSAF was developed in an effort to reduce duplication and create a simulation suitable for both training and experimentation (Wittman & Harrison 2001). OneSAF is a constructive simulation portraying combat at the brigade level and below, utilising varying levels of fidelity depending on the requirements of the study and available computational resources and models (Parsons et al. 2005).

7.1.2 Virtual Battlespace (VBS3) v3.4.

Virtual Battlespace (VBS3) is a serious game utilised for training and mission rehearsal (Bohemia Interactive 2015). VBS3 is a three-dimensional simulation that provides a high degree of interaction for the training audience with many visual and aural cues. The use of VBS was reported as early as 2007 in the Canadian, British, American and Australian Defence Forces (Roman & Brown 2008). It remains in use across many military forces at the time of writing. VBS3 includes high fidelity visuals but the internal algorithms driving engagements are proprietary.

7.1.3 SteelBeasts Professional Personal Edition v2.443 ANZAC.

SteelBeasts Professional Personal Edition ANZAC Distribution is an armoured vehicle-centric serious game, utilised by a number of military forces including the Australian and Canadian Army (Roman & Brown 2007). Despite the focus of SteelBeasts on armoured vehicle warfare, an infantry model is included in the simulation and has been utilised within this experiment. The internal algorithms driving engagements are proprietary.

7.1.4 MANA-V

MANA is an ABM cellular automata simulation developed by the New Zealand Defence Force and extends the approach of the ISAAC model (Moffat et al. 2006). MANA has been used to examine a number of combat scenarios, including improvised explosive device jamming (Dobias & Bassindale 2007), the role of troop quality on combat effectiveness (Lauren et al.

295

Cyberspace Weaponisation: Modelling Cyber-Effects and their Impacts on Mission Success, Human Factors and Kinetic Outcomes in the Tactical Land Combat Environment. Lieutenant Colonel David Ormrod.

2001), and operations in East Timor (Lauren et al. 2003). However, the simplification inherent within the model has been criticised. “In the case of MANA, significant limitations in sensing, communication, elevation and weapon models made the tool inadequate for its intended use in combat simulation… Also, agents in these simulations needed to conduct careful formation fighting while following… doctrine. Such sophisticated behaviours proved unattainable with MANA” (Straver, Vincent, & Fournier 2006, p. iii). An attrition meta-model was developed and tested utilising Lauren’s attrition equation, which demonstrated a poor fit to the Lanchester equations. This is explained by the inclusion of a spatial dimension to the model. However, the meta-model failed to associate numerical advantage with an improvement in the LER (Lauren 2006). MANA has been used to model the effect of different tactics, including the influence of various tactics on macro-attrition rates (Shine 2005). The lack of spatial dimensions in the Lanchester equations is thought to be one factor contributing to the poor fit between MANA and Lanchester results (Lauren et al. 2005).

7.2 Qualitative Comparison of Simulations

A qualitative comparison of simulations was completed by the author. Simulations were compared using qualitative metrics to identify the best available tool to collect data on the research question, outlined in Table 21. All metrics were scored as +1, 0 or -1.

The criteria for assessment was adopted from Section 3.3.3.4. These criteria include:

• Ability to model C2/communications/networking; • Human factors; • Replicable results; • Physical environment mapping and capability; • Data farming ability; • Simulation model metrics; • Source code availability; • Accreditation; and • Data collection capability.

296

Cyberspace Weaponisation: Modelling Cyber-Effects and their Impacts on Mission Success, Human Factors and Kinetic Outcomes in the Tactical Land Combat Environment. Lieutenant Colonel David Ormrod.

Simulation OneSAF v5.0 International VBS3 SteelBeasts MANA-V Category Strength Weakness Scores Strength Weakness Scores Strength Weakness Scores Strength Weakness Scores Ability to model command Extensive 1 Extensive with 1 Limited -1 Moderate 0 and control / communications free CNR add-on / networking

Human factor simulation Limited human -1 Limited human -1 Limited human -1 Limited human -1 factors factors factors factors Replicable results Only through -3 Limited repeatable -3 Limited repeatable -3 Extensive 3 commercial research options research options repeatable arrangement with research options select agencies and extensive code modification Reproducible (access to Code sharing is -3 Code is not -3 Code is not -3 Code sharing is -3 underlying models and code) heavily restricted available to share available to share heavily restricted

Physical environment Extensive 1 Extensive 1 Extensive 1 Limited -1 mapping and capability Data farming ability Unable to perform -1 Data farming -1 Unable to perform -1 Able to perform 1 data farming possible but not in data farming data farming the desired method Simulation model metrics Limited inbuilt -1 Limited inbuilt -1 Limited inbuilt -1 Good metrics 1 metrics metrics metrics capability Source code availability Code available on 3 Code unavailable -3 Code unavailable -3 Code available on 3 request request Accreditation Accredited in 1 Accredited in 1 Accredited in some 1 Not accredited -1 some training some training training settings settings settings Data collection capability No data collection -1 No data collection -1 No data collection -1 Data Collection 1 inbuilt inbuilt inbuilt Inbuilt TOTAL -4 -10 -12 3

Table 21 - Simulation Comparison

297 Cyberspace Weaponisation: Modelling Cyber-Effects and their Impacts on Mission Success, Human Factors and Kinetic Outcomes in the Tactical Land Combat Environment. Lieutenant Colonel David Ormrod.

7.3 Quantitative Comparison of Simulations

A quantitative comparison between the available simulations has been conducted. However, the findings are not directly relevant to the outcomes described within this thesis. Further information is available in the published peer-reviewed journal article:

Ormrod, D and Turnbull, B 2016. ‘Attrition Rates and Manoeuvre in Agent Based Simulation Model’s. Journal of Defence Modelling and Simulation [Peer-reviewed, published].

http://journals.sagepub.com/doi/pdf/10.1177/1548512917692693

7.4 Simulation Tool Selection

MANA-V scored the best of the simulations reviewed in the qualitative comparison. However, MANA-V is restricted by the licencing agreement distributed with its code, which is only available on request from the licence owner. MANA-V also requires the use of a proprietary software development environment to extend the code base, which carries an additional cost of ownership. OneSAF is limited by its code distribution, which prevents reproducible research outside of a small defence research community. Nor is OneSAF configured for data farming or repeatable research (in the version available to the author). The remaining two simulations assessed, VBS3 and SteelBeasts, do not have publicly-available code as they are proprietary simulations. VBS3 and SteelBeasts are also, therefore, not reproducible.

The qualitative analysis conducted to select a tool demonstrated that there was no single tool that was best placed to meet the identified requirements.

7.5 Chapter Seven Summary

This chapter has discussed available simulation systems and compared them, both qualitatively and quantitatively. The result was a determination that there is no simulation available to the researcher that is suitable for the conduct of experimentation relevant to the master research question and which would meet the established design principles. Therefore, a simulation needs to be developed that is specifically designed to meet the requirements identified in the previous chapters.

298 Cyberspace Weaponisation: Modelling Cyber-Effects and their Impacts on Mission Success, Human Factors and Kinetic Outcomes in the Tactical Land Combat Environment. Lieutenant Colonel David Ormrod.

Chapter Eight – Simulation and Experimental Design

299

Cyberspace Weaponisation: Modelling Cyber-Effects and their Impacts on Mission Success, Human Factors and Kinetic Outcomes in the Tactical Land Combat Environment. Lieutenant Colonel David Ormrod.

8. Chapter Eight - Simulation and Experimental Design

8.0 Chapter Eight Introduction

The Simulation and Experimental Design chapter considers the design and raw outputs of the simulation and the experiment. This stage of the BIKCE framework is depicted in Figure 84. This chapter contributes to answering the research question by designing a Simulation Proof- of-Concept (SPOC), running it as part of an experiment, then describing the raw outputs of the experiment.

Figure 84 - Simulation and Experimental Design

A simulation capable of meeting the requirements identified earlier in this thesis was not available. Therefore, a SPOC that could meet them was developed. The prototype’s utility is limited to specific use cases, noting that it has been designed to be open, extensible and capable of expansion to meet other use cases. The long-term goal of the experiment is to link the ontology and the simulation application together (Guarino 1998).

8.1 Design Philosophy

The SPOC was designed to facilitate experimental tactical C4ISR land combat scenario simulation. The philosophy was that it should:

• Provide a simplified description of a specific instance of the real world; • Be open source and modular;

300

Cyberspace Weaponisation: Modelling Cyber-Effects and their Impacts on Mission Success, Human Factors and Kinetic Outcomes in the Tactical Land Combat Environment. Lieutenant Colonel David Ormrod.

• Be extensible and repeatable; • Be suited to data farming; and • Be capable of analysing complex SOS interactions between tactical combat factors.

These goals are based on an open source philosophy, seeking to design and build a model suited for experimentation through simulation. The design is intended to be modular, suited to the development of conjectures and induction. It is also extensible and repeatable. The simulation provides an open source unclassified model suited for the experimentation of combat effects, including the influence of cyber-effects at the tactical level, which is extensible and repeatable. Access to the simulation code allows for the reproduction of experimental results and explanation of the specifics of simulation outcomes. The simulation is based on unclassified tactical doctrine.

A stand-alone simulation was built rather than a federation simulation, due to the desire to run it faster than real-time without the associated difficulties of assuring the integrity of the event sequence across the federation. The author accepts that the use of unclassified data sources reduces the fidelity of the system and potentially reduces the credibility of the simulation results. Therefore, the simulation is an ongoing development effort—a prototype—rather than a completed solution. The SPOC development is a method of learning and understanding rather than arriving at a final, complete solution.

8.2 Simulation Design

The SPOC is called the Cyber-Effects Land Tactical Simulation (CELTS), and was designed to meet this thesis’ requirements. Design decisions for the development of CELTS will be discussed throughout this chapter.

8.2.1.1 Code Selection CELTS was written in Python v3.5 language. Python was selected because it is accessible to the general scientific community, has a large community of users and includes data analysis tools within several libraries. Python code is clean and readable for those who are not professional software designers. Alternative languages such as C++ provide higher performance; however, the code is generally less accessible to non-professionals. Python performance can be enhanced through libraries such as Cython when necessary. CELTS has not been designed to be high performance, due to its status as a SPOC.

301

Cyberspace Weaponisation: Modelling Cyber-Effects and their Impacts on Mission Success, Human Factors and Kinetic Outcomes in the Tactical Land Combat Environment. Lieutenant Colonel David Ormrod.

8.2.1.2 Code Examples Two examples of the code utilised in CELTS are provided. The first example is the code utilised in message_generator.py to send an order from a commander to their subordinate entities. The second example is the code used in network_builder.py to build the network for the simulation, from the nodes.csv file. Both of these examples have a number of dependencies and other Classes that they reference or are referenced by, which are not described here. The code will be available as an open source project described in future work.

Send Order The send order message is activated by specific behaviours, such as the receipt of a contact report. The commander entity using this function will look for a local device, login and send an order. The message is added to the message queue on the device node. def send_order(self, me, destination = None, task_verb = None): if not destination: destination = me.mission_secondary.destination task_verb = me.mission_secondary.task_verb entity_types_in_scenario = [] for exercise in self.scenario.exercises: if exercise.name == self.scenario.current_scenario_name: entity_types_in_scenario.append(me.entity_type for entity in exercise.opord.organisation.subordinate_entities) for device in me.devices: for entity in entity_types_in_scenario: if is_lifeform(me.entity_type) and len(me.logins) > 0: if device.is_local(me): if self.login_to_device(me, device): organisation = exercise.opord.organisation new_message = Order(me.callsign, organisation.callsign, me.position, destination, task_verb) device.node.network_node.addNewMessage(new_message) for org in organisation.subordinate_organisations: new_message = Order(me.callsign, organisation.callsign, me.position, destination, task_verb) device.node.network_node.addNewMessage(new_message) else: device.logout(entity)

302

Cyberspace Weaponisation: Modelling Cyber-Effects and their Impacts on Mission Success, Human Factors and Kinetic Outcomes in the Tactical Land Combat Environment. Lieutenant Colonel David Ormrod.

Build network The build_network and createNetworkNode functions are used on initalisation to create the nodes and network nodes needed for the network to link devices during runtime. def build_network(self, nodes):

for node in nodes.values(): if node.name not in self.network_nodes.keys(): network_node = self.createNetworkNode(node.name) network_node.node = node node.attach_to_network(network_node) self.network_nodes[node.name] = network_node else: self.network_nodes[node.name].node = node network_node = self.network_nodes[node.name] node.attach_to_network(network_node) for forward_node in node.forward_nodes: if forward_node not in self.network_nodes.keys(): self.network_nodes[forward_node] = self.createNetworkNode(forward_node) network_node.attachNetworkNode(self.network_nodes[forward_node])

def createNetworkNode(self, nodename): network_node = NetworkNode(nodename) messageQueue = MessageQueues(network_node, self.debug) network_node.messageQueues = messageQueue return network_node

8.2.1.3 Data Management CELTS design separates the underlying combat data from the code. This decision was made to support usability, testing and future SME validation. An example of this process is the prioritisation of targets by entities in combat, depicted in Table 22. The highest numbered target entity that matches an available munition is selected by a firing entity to engage first, as the most appropriate target, depending on range. A user can change target priorities prior to running the simulation, through this table, without needing to access the code. The table is loaded to memory at runtime to increase performance. This is an example of the individual agent reasoning built into CELTS.

303

Cyberspace Weaponisation: Modelling Cyber-Effects and their Impacts on Mission Success, Human Factors and Kinetic Outcomes in the Tactical Land Combat Environment. Lieutenant Colonel David Ormrod. 78 39 65 26 92 52 13 318 278 238 198 158 118 305 265 225 185 145 105 292 252 212 172 132 Tent 77 38 64 25 91 51 12 317 277 237 197 157 117 304 264 224 184 144 104 291 251 211 171 131 Artillery-Self- Propelled 75 36 62 23 89 49 10 315 275 235 195 155 115 302 262 222 182 142 102 289 249 209 169 129 Tracked-Tank 8 73 34 60 21 87 47 313 273 233 193 153 113 300 260 220 180 140 100 287 247 207 167 127 Tracked-APC 7 99 72 33 59 20 86 46 312 272 232 192 152 112 299 259 219 179 139 286 246 206 166 126 Wheeled- Armoured Recon 4 96 69 30 56 17 83 43 309 269 229 189 149 109 296 256 216 176 136 283 243 203 163 123 Rifleman AT Rifleman 3 95 68 29 55 16 82 42 308 268 228 188 148 108 295 255 215 175 135 282 242 202 162 122 Rifleman Rifleman Gunner 2 94 67 28 54 15 81 41 307 267 227 187 147 107 294 254 214 174 134 281 241 201 161 121 Crewman 1 93 66 27 53 14 80 40 306 266 226 186 146 106 293 253 213 173 133 280 240 200 160 120 Rifleman 500 300 250 500 200 500 500 100 300 100 300 200 500 500 500 1000 2000 1000 1250 4000 3500 1000 2000 1000 upper_range 0 0 5 0 0 5 5 0 0 5 0 0 5 5 0 0 5 0 0 5 5 10 10 10 damage_zon e 0 0 2 0 0 2 2 5 0 0 2 0 0 2 2 5 0 0 2 0 0 2 5 2 kill_zone 1 2 3 2 2 3 3 4 1 2 3 2 2 3 3 4 1 2 3 2 2 3 4 3 suppressive_ weight 0 0 0 0 0 0 0 15 250 500 200 500 500 100 300 100 300 200 500 500 500 1000 2000 1000 Target_Priorities lower_range 5.45mm Ball 7.62mm Ball (Belt) 105mm HEAT PG7VR Dual 12.7mm Ball 12.7mm Ball (Belt) 30mm APDS 30mm HE 120mm HEAT 5.45mm Ball 7.62mm Ball (Belt) 105mm HEAT PG7VR Dual 12.7mm Ball 12.7mm Ball (Belt) 30mm APDS 30mm HE 120mm HEAT 5.45mm Ball 7.62mm Ball (Belt) 105mm HEAT PG7VR Dual 12.7mm Ball 12.7mm Ball (Belt) 30mm APDS Database name 120mm HEAT 30mm HE

Table 22 - Simulation Prototype Target Prioritisation Table

304

Cyberspace Weaponisation: Modelling Cyber-Effects and their Impacts on Mission Success, Human Factors and Kinetic Outcomes in the Tactical Land Combat Environment. Lieutenant Colonel David Ormrod.

8.2.1.4 Direct Fire Combat Probability hit and probability kill (PHPK) tables have been utilised for combat simulation between entities using DF weapons. A random number is generated for a target when it is engaged and when it is hit. These values are compared to tables which vary the PHPK depending on the firing armament, the range, the combat state of both the firer and the target entity, and the type of target. The angle of hit and type of ammunition is also considered when an entity is hit and probability kill (PK) is determined. Damage is managed through a finite state machine for each entity. Successful hits and changes of state due to PK calculations are recorded as events. Data on the firer and target are recorded for analysis.

8.2.1.5 Offensive Support OS is modelled through the physical response by artillery gun agents to fire missions passed over the communications network. An approved fire mission processed by a JFCC agent, sent from a JFT to a gun agent, results in an explosive barrage in the vicinity of the location requested through the fire mission. Damage is then modelled on entities near the fire mission, using a probability of damage calculation.

8.2.1.6 Tactics Collections of entities as organisations can perform tactical behaviours. Tactics either correspond to business processes described in the ontology, or lower-level processes that support steps within the business processes. For example, the concept of flanking operates as depicted in Figure 85. An indirect approach may be used to attack a position, or provide fire support, when two organisations are manoeuvring together. A platoon moving from Point A to Point B may send a squad to flank, taking the indirect approach. The remainder of the platoon would wait at Point A until the flanking squad was in range of Point B, before assaulting along the direct approach. Flanking results in an attack on any enemy at Point B from two directions, which is more likely to result in the suppression of the enemy and their destruction.

305

Cyberspace Weaponisation: Modelling Cyber-Effects and their Impacts on Mission Success, Human Factors and Kinetic Outcomes in the Tactical Land Combat Environment. Lieutenant Colonel David Ormrod.

Figure 85 - Flanking Behaviour

Terrain also plays a part in behaviour, as depicted in Figure 86. When moving from Point A to Point B, an entity may select the low ground approach if it is looking for the quickest and most efficient path. Alternatively, it may elect to move on the high ground, using the most elevated path between the two points (within a specified range).

Figure 86 - Terrain Manoeuvre Behaviour

8.2.1.7 Combat Power The CP values identified in Raymond (1991) that are relevant to this thesis are tabulated in Figure 87. The light infantry platoon value was further modified by the author to support the inference engine and to better account for casualties during simulation runs. For the rolling terrain type, a standard rifleman was assigned a value of 0.15; a machine-gunner 0.3; and an anti-tank soldier carrying a rocket propelled grenade (RPG) launcher (RPG-7) a value of 0.3. Combatants whose core skills are not close combat, such as a cyber-operators or crewmen of a vehicle, were assigned a value of 0.1. Vehicle combat power values were therefore adjusted to account for crewman values. This meant that the only value to differ from that described below is for a light infantry platoon, which was changed to 4.85 instead of 4.54 (assuming three squads of eight and a three-person platoon headquarters). The advantage of breaking CP

306

Cyberspace Weaponisation: Modelling Cyber-Effects and their Impacts on Mission Success, Human Factors and Kinetic Outcomes in the Tactical Land Combat Environment. Lieutenant Colonel David Ormrod. down to an entity level is that it can be inferred and calculated on the fly, greatly increasing its utility as a metric.

CP Values Weapon Value Terrain Type Rolling Desert Mountain Urban Forest M1A1 1.5 15 12.3 6.3 6 7.94 BMP 1.1 2.76 1.95 4.96 3.87 4.99 BRDM2 1 2.96 2.3 3.68 2.52 3.29 Light Inf Platoon 0.8 4.54 2.9 11.33 10.97 11.08 M113 1 2.76 1.95 4.96 3.87 4.99 155mm SP 1 4.13 3.14 9.58 6.22 8.37 BRM3K (BMP) 1.1 3.26 2.53 4.05 2.77 3.62 PRP4 (BMP) 1.1 3.26 2.53 4.05 2.77 3.62 Figure 87 - Combat Power Values (Raymond 1991, pp. 63-68)

8.2.1.8 Communication Sending a message between two entities across the digital data network is depicted in Figure 88.

1 1 Login check Virtual Login check 1 1 Callsign Entity 1 Login 1 1 Entity 2 Callsign Logons Login 2 1 n 1 n n 1 1 n n Login Login Organisation Organisation n n Domain

Logged In Logged In 1 1

Create Connected Connected Read Message Message 1 1 n 1 1 n

1 1 1 1 Device 1 Node 1 Node 2 Device 2

n 1 1 n Carrying Carrying 1 1

Entity 10 n 1 1 Entity 20 n 1 1 n 1 Network Network n n Message Callsign Message Callsign Node 1 Node 2 Received Sent n n Sent Received / Relayed Legend Message Physical Virtual Organisation Virtual Proximity Message Callsign Object Object Object Object Authentication Check

Figure 88 - Cross-domain view of the message sending process

A physical entity instance will login to a domain through a node, using their username and password. Authentication is managed by a virtual logons object, through the domain. The

307

Cyberspace Weaponisation: Modelling Cyber-Effects and their Impacts on Mission Success, Human Factors and Kinetic Outcomes in the Tactical Land Combat Environment. Lieutenant Colonel David Ormrod. physical entity instance must be co-located with a device associated with the node in order for the user to connect. Another entity may be carrying the device (which is often the case for a vehicle crew using a mounted BFT). The message is sent through a network node that is created when the node is logged into the domain. Connected network nodes will transfer messages. The address for messages is the callsign, meaning that any entity associated with a callsign can receive and read messages sent to that callsign.

An entity that is within 10 m of a device can seek to access that device. Each entity and device is a separate instance. Devices are not necessarily carried by the entity accessing them. For example, a device is often fitted to a vehicle but used by the crew of the vehicle. The entity and device have virtual objects that they are associated with. An entity has a user ID and login, which is used to access a domain. Accessing the domain also requires that the device has a virtual node with domain access. In the event that both the user, login and node are recognised by the domain, a session is established. The session creates a network node capable of sending and receiving messages, which are created by an entity when it has access to an active session in a domain. The virtual logons object checks that the domain login information is correct.

8.2.2 Simulation Structure

The CELTS was developed in the Eclipse MARS.1 development environment. CELTS consists of the following modules:

• Blackboard – manages the simulation events, • Behavioural – manages entity behaviours, • Combat model – manages engagements, damage, and sensing, • Communication model – manages networks, messages, logins and domain access, • Configuration – manages CELTS settings, • Control – runs simulation scenarios, • Environment – provides terrain and environmental settings, • Graphical User Interface (GUI) – displays the simulation for a user, • Lookup Tables – accesses data tables in csv format, • Math Utilities – utilities used by CELTS for calculations, • Navigation Mesh – calculates paths in the terrain, and • Visualisation – packages CELTS for display in the GUI.

308

Cyberspace Weaponisation: Modelling Cyber-Effects and their Impacts on Mission Success, Human Factors and Kinetic Outcomes in the Tactical Land Combat Environment. Lieutenant Colonel David Ormrod.

Figure 89 depicts CELTS running with an active GUI. During simulation runs, the GUI was not active.

Figure 89 - CELTS GUI Display

8.3 Experiment Design

8.3.1 Experimental Parameters

Experimental parameters define the variables which will be used during data farming to modify experiments and differentiate between them. They are also referred to in the data farming literature as factors. The experimental parameters have been developed from Chapter 4, Requirements. Use cases associated with the experimental user provide the basis for experimental factors, also a host of other variables could also be identified depending on the research question. Parameters can be continuous, discrete or categorical. Continuous factors range from high to low values. Discrete levels are numeric. Categorical levels are qualitative categories (MacCalman 2013). The experimental user use case depicted in Figure 79 (Chapter 4) identified the following variables for each experiment:

• Task Verb; • Order of Battle (ORBAT); • Time; • Terrain;

309

Cyberspace Weaponisation: Modelling Cyber-Effects and their Impacts on Mission Success, Human Factors and Kinetic Outcomes in the Tactical Land Combat Environment. Lieutenant Colonel David Ormrod.

• Network topology; • Cyber-attack capability; • Information target; • Cyber-defence capability; and • Agent digital C2 personality.

8.3.1.1 Task Verb There are four mission task verbs: clear, capture, defend and delay. Mission task verbs can be combined between the two sides, creating 12 possible combinations between the four missions. Not every mission is compatible with an adversary mission. Task verbs are a qualitative continuous factor between 1 and 12 in increments of 1 (12 total). Mission task verb descriptions within the simulation are defined as: • Mission One – Clear. No effective enemy entities within 5000 m of the objective’s boundaries. Compatible with adversary clear, capture, defend or delay missions. • Mission Two – Capture. Friendly entities at the objective’s location at mission conclusion, and no enemies within their weapon range and LOS. Compatible with adversary clear, capture, defend or delay missions. • Mission Three – Defend. Friendly enemy entities at the objective location at mission conclusion. No enemy entities within 300 m of the objective’s location. Compatible with adversary clear or capture missions. • Mission Four – Delay. No effective enemy entities reach within 100 m of the objective’s location prior to mission conclusion. Compatible with adversary clear or capture missions.

8.3.1.2 Order of Battle (ORBAT) CELTS has been designed to allow for multiple sides. The scenarios employed in this Thesis are limited to two sides. The convention applied throughout is Red Force and Blue Force. The Blue Force and the Red Force are two sides, constructed of the same entity types. Each side has four different ORBAT configurations. The four ORBAT configurations are utilised to compare the different combat ratios and capabilities in combat, as variables that can influence combat outcomes. The ORBAT tasked with a mission will determine the different capabilities and weapon packages on the battlefield. Every ORBAT used in this thesis is heterogeneous, with increasing diversity by capability between ORBATs 1 to 4. ORBATs are replicated for both sides to ensure that differences in experimental outcomes relate to factors other than

310

Cyberspace Weaponisation: Modelling Cyber-Effects and their Impacts on Mission Success, Human Factors and Kinetic Outcomes in the Tactical Land Combat Environment. Lieutenant Colonel David Ormrod. differences in the Red Force and Blue Force weapon systems, except where two different ORBATs are engaged in combat. Different ORBATs allow for different capability mixes and force ratios to be used in the experiment. Building significantly different ORBATs between Red Force and Blue Force is more realistic; however, it increases the potential for disparities that influence experimental outcomes. Therefore, each side has access to the same weapon systems and available ORBATs. Different combat ratios between the different ORBATs are likely to have an impact on mission success. The ORBATs described are entirely fictional and are not representative of real-life ORBATs, to mitigate security classification issues.

The four ORBATs of each of the two sides results in 16 possible ORBAT combinations. The ORBATs are qualitative categorical factors (4). The sides are qualitative categorical factors (2). ORBATS are built in the SPOC through a GUI and stored in Pickle (python data storage), as part of a scenario file. A depiction of the GUI builder is provided in Figure 90.

Figure 90 - CELTS Organisation Creator

311

Cyberspace Weaponisation: Modelling Cyber-Effects and their Impacts on Mission Success, Human Factors and Kinetic Outcomes in the Tactical Land Combat Environment. Lieutenant Colonel David Ormrod.

ORBAT One

ORBAT One consists of a battalion headquarters (BHQ) and one mechanised infantry company, illustrated in Figure 91.

Figure 91 - ORBAT One

312

Cyberspace Weaponisation: Modelling Cyber-Effects and their Impacts on Mission Success, Human Factors and Kinetic Outcomes in the Tactical Land Combat Environment. Lieutenant Colonel David Ormrod.

ORBAT Two

ORBAT Two consists of a BHQ, a mechanised infantry company and a reconnaissance troop, depicted in Figure 92.

Figure 92 - ORBAT Two

313

Cyberspace Weaponisation: Modelling Cyber-Effects and their Impacts on Mission Success, Human Factors and Kinetic Outcomes in the Tactical Land Combat Environment. Lieutenant Colonel David Ormrod.

ORBAT Three

ORBAT Three consists of a BHQ, mechanised infantry company, reconnaissance troop and a tank troop, described in Figure 93.

Figure 93 - ORBAT Three

314

Cyberspace Weaponisation: Modelling Cyber-Effects and their Impacts on Mission Success, Human Factors and Kinetic Outcomes in the Tactical Land Combat Environment. Lieutenant Colonel David Ormrod.

ORBAT Four

ORBAT Four, refer Figure 94, consists of a BHQ, mechanised infantry company, reconnaissance troop, tank troop and a complete OS capability. The OS capability consists of a self-propelled (SP) OS (artillery) battery, JFTs and a JFCC.

Figure 94 - ORBAT Four

315

Cyberspace Weaponisation: Modelling Cyber-Effects and their Impacts on Mission Success, Human Factors and Kinetic Outcomes in the Tactical Land Combat Environment. Lieutenant Colonel David Ormrod.

8.3.1.3 Time Time is a quantitative factor measuring between 200 and 600 in increments of 200. Each time step, or tick, represents a moment in the simulation for each agent to perform a series of actions. The breadth of timelines allows analysis of the effect of mission duration on mission success. For example, a short mission may increase the likelihood of a successful defence. Longer mission durations may reduce the trust in the digital C2 systems due to a higher probability of an incident. Because the outcomes are unknown, a broad array of time steps will support later analysis.

8.3.1.4 Terrain Five terrains have been identified for analysis. Terrain One (Figure 95) is featureless and offers no terrain advantage to either side. A battle of attrition is likely to occur with a focus on the centre area of the terrain, where the forces meet.

Terrains are a qualitative continuous factor between 1 and 5 in increments of 1 (5).

Figure 95 - Terrain One

Terrain Two features a single hill, which provides a combat advantage to whichever side is able to control it (Figure 96). The feature extends visibility and is difficult to assault when defended. The feature also allows elements to manoeuvre behind a screen on the hill and move to either flank. However, the feature is an obvious OS target. The single feature is likely to lead to battles of attrition focused around the vertical feature.

316

Cyberspace Weaponisation: Modelling Cyber-Effects and their Impacts on Mission Success, Human Factors and Kinetic Outcomes in the Tactical Land Combat Environment. Lieutenant Colonel David Ormrod.

Figure 96 - Terrain Two

Terrain Three has three vertical features, presenting a ‘ridgeline’ from the top right to bottom left (Figure 97). This creates dead ground from multiple vantage points and permits manoeuvre without being observed. There are numerous potential Forming Up Positions (FUPs) possible between features depending on the disposition of the two sides. Combat is likely to occur around the central feature as elements manoeuvre around either flank and seek an advantage.

Figure 97 - Terrain Three

Terrain Four also features three vertical features but the configuration has changed (Figure 98). The side to the north has a distinct advantage, with two features dominating the river compared with only one on the southern side. The bridge is a single crossing point. Only entities capable of crossing deep water can cross at other points on the river. The single bridge is likely to focus the attention of tanks and artillery whilst the recon and infantry elements seek to use the flanks. Whichever force seizes the bridge first will have a significant advantage. The northern side will maintain a combat advantage unless the southern side can quickly seize a feature across the river.

317

Cyberspace Weaponisation: Modelling Cyber-Effects and their Impacts on Mission Success, Human Factors and Kinetic Outcomes in the Tactical Land Combat Environment. Lieutenant Colonel David Ormrod.

Figure 98 - Terrain Four

8.3.1.5 Network Topology Three digital network topologies have been identified for analysis.

Network topologies are a qualitative continuous factor between 1 and 3 in increments of 1 (3). Network topologies are implemented within the simulation through a csv. An extract from the network topology file is provided in Table 23.

Table 23 - Network Topology Configuration file

Extensive connectivity consists of a network where every node is connected. This remains consistent with the organisational C2 hierarchy. Extensive connectivity is depicted in Figure 99.

Figure 99 - Extensive Connectivity Network

318

Cyberspace Weaponisation: Modelling Cyber-Effects and their Impacts on Mission Success, Human Factors and Kinetic Outcomes in the Tactical Land Combat Environment. Lieutenant Colonel David Ormrod.

Hub and spoke connectivity consists of a hub and spoke network through to the central C2 node in the command post. This network is not as susceptible to a DoS on a spoke. However, a DoS attack on the hub is likely to be disruptive to all nodes. Hub and spoke connectivity is depicted in Figure 100.

Figure 100 - Hub and Spoke Network

Complete connectivity provides the greatest degree of network connectivity to all nodes and is more resilient in that it does not depend on a central hub, nor is it reliant on the C2 hierarchy. However, this topology is more likely to allow an epidemic-style infection in the event that a node is compromised with malware or an APT and the attacker can pivot within the network. Complete connectivity is depicted in Figure 101.

Figure 101 - Complete Connectivity

319

Cyberspace Weaponisation: Modelling Cyber-Effects and their Impacts on Mission Success, Human Factors and Kinetic Outcomes in the Tactical Land Combat Environment. Lieutenant Colonel David Ormrod.

8.3.1.6 Cyber-Operations

Cyber-Attack Capability The cyber-attack capability will target vulnerable network nodes when they are detected. When a node is compromised, the attacker will seek to locate and alter the information target. A cyber-attack capability either exists or it does not, hence cyber-attack is a binary factor.

Cyber-Defence Capability The cyber-defence capability consists of a CERT who will seek to detect and deny cyber- attacks. A cyber-defence capability either exists or it does not, hence cyber-defence is a binary factor.

Information Target The information target may either be an order location or a fire mission. A compromised order location will change the location for an order to a random location which is different to the original order. A compromised fire mission will change the fire mission location to target an entity friendly to the firing side or to fire into a random location. Information target is a qualitative continuous factor between 1 and 2 in increments of 1 (2).

8.3.1.7 Agent Digital C2 Personality Agent personalities of the side under cyber-attack can be one of five settings: A, B, C, D or random. Personality is a qualitative continuous factor between 1 and 5 in increments of 1 (5).

8.3.2 Data Farming Design Points

The combination of all the experimental parameters demonstrates the requirement to conduct data farming. With just nine experimental parameters, in many cases across two sides, the total number of individual scenarios is 829,440. Each scenario is termed a design point. If these design points were each to be run 100 times, the total would be 82,944,000 simulation runs. This exceeds the feasible number of simulation runs possible, even in a multi-threaded environment. The data output for analysis would also be large. The experimental parameter calculations are depicted in Table 24.

320

Cyberspace Weaponisation: Modelling Cyber-Effects and their Impacts on Mission Success, Human Factors and Kinetic Outcomes in the Tactical Land Combat Environment. Lieutenant Colonel David Ormrod.

ORBAT Time Terrain Task verbs Network Topology Cyber Attack Information Target Cyber Defence Capability Agent Digital C2 Personality Side 1 Side 2 Side 1 Side 2 Side 1 Side 2 1 1 300 1 clear clear Extensive Extensive Y Order Location Y A Connectivity Connectivity 1 2 600 2 clear capture Extensive Hub and N Fire Mission N B Connectivity Spoke Connectivity 1 3 900 3 clear defend Extensive Complete C Connectivity Connectivity 1 4 4 clear delay Hub and Extensive D Spoke Connectivity Connectivity 2 1 capture clear Hub and Hub and Random Spoke Spoke Connectivity Connectivity 2 2 capture capture Hub and Complete Spoke Connectivity Connectivity 2 3 capture defend Complete Extensive Connectivity Connectivity 2 4 capture delay Complete Hub and Connectivity Spoke Connectivity 3 1 defend clear Complete Complete Connectivity Connectivity 3 2 defend capture 3 3 delay clear 3 4 delay capture 4 1 4 2 4 3 4 4 Total 16 3 4 12 9 2 2 2 5 Subtotal 16 48 192 2,304 20,736 41,472 82,944 165,888 829,440

Table 24 - Experimental Parameters Combined

The development of parameters for a combat environment was demonstrated in Opcin (2016). The naval DEVS in that example was a nearly balanced orthogonal design. Nearly Orthogonal Latin Hypercubes (NOLH) have also been developed to reduce the number of simulation runs required to generate results across a large number of factors. The Design Creator produced by MacCalman (2013) supports the design of an experiment with reduced design points, in accordance with his thesis. The use of the Design Creator has been advocated by the US Naval Postgraduate School Simulation Experiments and Efficient Designs (SEED) Center for Data Farming (Sanchez 2014; Sanchez et al. 2014).

The NOLH utilised for this thesis was calculated using the material provided by Sanchez (2011) and MacCalman (2013). The NOLH calculations using the SEED NOLH Designs Version 6 toolset (Sanchez 2011) produced the supporting data for 33 simulation scenarios. These are depicted in Table 25.

321

Cyberspace Weaponisation: Modelling Cyber-Effects and their Impacts on Mission Success, Human Factors and Kinetic Outcomes in the Tactical Land Combat Environment. Lieutenant Colonel David Ormrod.

Low level 1 1 1 1 1 1 1 1 1 High level 16 3 4 12 9 2 2 2 5 Factor name ORBAT Time Terrain Task Verbs Topology Cyber Attack Info Target Cyber Defence Personality Scenario 16 1 2 3 8 2 2 1 5 1 15 3 1 5 5 1 2 1 5 2 14 2 4 3 1 2 2 1 2 3 9 3 4 5 9 1 2 1 3 4 15 1 2 3 7 2 1 2 1 5 16 3 2 4 5 1 1 2 1 6 11 2 4 4 1 2 1 2 5 7 9 2 4 5 8 1 1 2 3 8 11 2 2 7 7 1 1 1 3 9 12 2 2 9 3 2 1 1 4 10 12 1 3 12 4 1 1 1 3 11 13 2 3 11 7 2 1 1 2 12 10 1 2 7 6 1 2 2 2 13 14 2 2 11 2 2 2 2 2 14 10 1 4 11 4 1 2 2 4 15 13 2 3 12 8 2 2 2 4 16 9 2 3 7 5 2 2 2 3 17 1 3 3 10 2 1 1 2 1 18 2 1 4 8 5 2 1 2 1 19 3 2 1 10 9 1 1 2 4 20 8 1 1 8 2 2 1 2 3 21 2 3 3 10 4 1 2 1 5 22 1 1 3 9 6 2 2 1 5 23 6 2 1 9 9 1 2 1 2 24 8 2 1 8 2 2 2 1 3 25 6 3 3 6 3 2 2 2 3 26 5 2 3 4 7 1 2 2 2 27 5 3 2 1 6 2 2 2 4 28 4 2 2 2 3 1 2 2 4 29 7 3 3 6 4 2 1 1 4 30 3 2 3 2 8 1 1 1 4 31 7 3 1 2 6 2 1 1 2 32 4 2 2 1 3 1 1 1 2 33

Table 25- SEED NOLH Designs v6 Output for 9 Factors (Sanchez, 2011)

8.4 Experiment Conduct

The simulation was run on a standalone system from the command line, in headless mode. The simulation was run 100 times for each scenario. Each simulation run generated a detailed log file which included the events and changes in state across both the physical and virtual domains of the simulation. Due to limited space, this thesis will focus on the high level MCEM success metrics only (Section 4.5). More detailed analysis of MCEM metrics has been classified as future work, noting that the software is a SPOC.

The 33 scenarios used for the simulation runs were selected using the SEED NOLH design. Table 26 depicts the scenario parameters as they apply to the NOLH design.

322

Cyberspace Weaponisation: Modelling Cyber-Effects and their Impacts on Mission Success, Human Factors and Kinetic Outcomes in the Tactical Land Combat Environment. Lieutenant Colonel David Ormrod.

Table 26 - Exercise scenario parameters

The parameters for the exercise have been described in Section 8.3.1.

8.5 Raw Simulation Outputs

The raw simulation outputs for the SPOC consist of individual data outputs from each simulation run and the consolidated output for each experiment scenario.

8.5.1 Individual SPOC Run Outputs

The SPOC outputs consists of Message Log, Message Status Log, Network Logs and Kinetic Outcomes Logs.

8.5.1.1 Message State Log The first output from CELTS is a message state log. This file contains all of the messages handled by a communication node. Table 27 is an example of the message log.

323

Cyberspace Weaponisation: Modelling Cyber-Effects and their Impacts on Mission Success, Human Factors and Kinetic Outcomes in the Tactical Land Combat Environment. Lieutenant Colonel David Ormrod.

Table 27 - Example CELTS message state log

Messages transition between ten states. A message is created by an entity on a device, then sent from that node. A node connected to another node in the network will receive the message. A node which is not the recipient will relay the message to the nodes it is connected to. A message is delivered when it arrives at the intended recipient. A message is read by any agent that shares the organisational callsign of the recipient. This acts in a similar manner to a group email, in the event that a specific agent has been killed or cut off from the network. A message can also be altered or compromised. When a message is altered or compromised, it is cloned to retain an audit trail of the message. Actioned messages occur when a message is read and a subsequent decision or order is made or issued by the recipient. A message is rejected when a node determines that it is not able to provide the intended recipient with the message (ie. an entity is not logged into a connected device).

8.5.1.2 Message Status Log The message log registers each message in the network and retains an audit trail of the message originator node, the intended recipient node, the location of the message originator when the message was sent and the state of the message. An example of the message log is provided in Table 28.

Table 28 - Example CELTS Message Status Log

8.5.1.3 Network Log The network log tracks the time, node and event across the network. This could include the compromise of a particular node by malware or the processing of messages across all nodes in the network. An example of the network log is provided in Table 29.

Table 29 - Example CELTS network log

324

Cyberspace Weaponisation: Modelling Cyber-Effects and their Impacts on Mission Success, Human Factors and Kinetic Outcomes in the Tactical Land Combat Environment. Lieutenant Colonel David Ormrod.

8.5.1.4 Kinetic Outcomes Log The kinetic outcomes log records the kinetic events within CELTS. Table 30 provides an example of the kinetic outcomes log.

Table 30 - Example CELTS kinetic outcomes log

The simulation run outputs were aggregated across the 33 scenarios. Aggregated raw simulation outputs are depicted in Table 31. Analysis of these results will be conducted in the next chapter.

325

Cyberspace Weaponisation: Modelling Cyber-Effects and their Impacts on Mission Success, Human Factors and Kinetic Outcomes in the Tactical Land Combat Environment. Lieutenant Colonel David Ormrod.

8.5.2 Consolidated SPOC Output

The simulation runs varied experimental parameters detailed within Section 8.3.1 to create 33 different scenarios for analysis, based on the NOLH method.

Table 31 - Data output for all scenarios (across 100 runs)

326 Cyberspace Weaponisation: Modelling Cyber-Effects and their Impacts on Mission Success, Human Factors and Kinetic Outcomes in the Tactical Land Combat Environment. Lieutenant Colonel David Ormrod.

8.6 Chapter Eight Summary

This chapter explained the design philosophy of the SPOC, and provided the simulation and experiment design used to develop the CELTS. The conduct of the experiment and the raw simulation outputs have been provided. This chapter contributed to answering the research question by establishing the critical design features of the CELTS simulation.

327 Cyberspace Weaponisation: Modelling Cyber-Effects and their Impacts on Mission Success, Human Factors and Kinetic Outcomes in the Tactical Land Combat Environment. Lieutenant Colonel David Ormrod.

Chapter Nine – Data Analysis

328

Cyberspace Weaponisation: Modelling Cyber-Effects and their Impacts on Mission Success, Human Factors and Kinetic Outcomes in the Tactical Land Combat Environment. Lieutenant Colonel David Ormrod.

9. Chapter Nine - Data Analysis

9.0 Chapter Nine Introduction

The data analysis and experiment refactoring stage interprets the data collected in the previous chapter. Changes to the experiment, simulation and semantic model are described. This stage of the BICKE process is depicted in Figure 102. This chapter contributes to answering the research question by interpreting and analysing the data collected in the experiments so that conclusions can be made.

Figure 102 - Data Analysis and Experiment Refactoring

The social constructivist theme contends that data analysis “is not about comparing the real world and the simulation output; it is comparing what you observe as the real world with what you observe as the output. Both are constructions of an observer and his views concerning relevant agents and their attributes. Constructing reality and constructing simulation are just two ways of an observer seeing the world” (Ahrweiler & Gilbert 2015, p. 40; Partridge, Mitchell, & de Cesare 2013). This author recognises his role in the findings identified within this Chapter. These findings form a preliminary view, based on the SPOC, which will inform future research and development of the CELTS.

329

Cyberspace Weaponisation: Modelling Cyber-Effects and their Impacts on Mission Success, Human Factors and Kinetic Outcomes in the Tactical Land Combat Environment. Lieutenant Colonel David Ormrod.

9.1 Simulation Data Analysis

The results of the proof-of-concept in Figure 103 demonstrate the utility of the MOFE metric, for comparing two-sided combat outcomes in the land combat environment. For example, the MOFE demonstrates (in the bottom left corner of the graph) in scenario 26 two equally sized combat forces seeking to capture the same location, leading to both forces failing to meet the conditions for success for a capture mission, whilst also suffering significant casualties and no longer being an effective fighting force.

Figure 103 - MOFE result by side and simulation

The most significant results, measured using the MOFE scores across all 33 scenarios, resulted in 14 scenarios of interest, from the original 33. These are depicted in Figure 104 and described below.

330

Cyberspace Weaponisation: Modelling Cyber-Effects and their Impacts on Mission Success, Human Factors and Kinetic Outcomes in the Tactical Land Combat Environment. Lieutenant Colonel David Ormrod.

Figure 104 - Scenarios of interest by MOFE result

There are a variety of techniques available to analyse data farming results and identify trends or areas of interest (Sanchez & Lucas 2002). The scenarios of interest were selected based on their status as outliers in the data. The 13 scenarios of interest were considered in more detail and grouped based on the reason for the result.

9.1.1 Attacking a superior force

Scenario 3, 17 and 33 all feature an inferior combat force attacking a superior force.

Scenario 3. A platoon attacks a superior combat team that is defending on high ground. The platoon is destroyed on every occasion. The MOFE is 189 for the superior defending red force.

Scenario 17. A small combat team tries to capture a location defended by a battlegroup. The MOFE is 173 for the superior defending red force.

Scenario 33. A battle group attempts to clear the same location that a platoon is seeking to clear. The blue force has a cyber-attack capability however the red force has a cyber-defence capability. The MOFE for this scenario is 181 and efficiency 35 for the superior blue force. The smaller red force suffered particularly heavy casualties in this scenario because it was consistently engaged by the superior tanks and artillery at long ranges, beyond the platoon weapon systems.

331

Cyberspace Weaponisation: Modelling Cyber-Effects and their Impacts on Mission Success, Human Factors and Kinetic Outcomes in the Tactical Land Combat Environment. Lieutenant Colonel David Ormrod.

9.1.2 Defending against a superior force

Scenarios 12, 14, 16, 21 and 25 all demonstrate platoon sized forces seeking to defend against superior forces.

Scenario 12. A platoon attempts to delay a battle group on a clearing mission. The MOFE is 187 for the superior attacking red force.

Scenario 14. A platoon attempts to delay a larger combat team clearing an objective. The MOFE is 183 for the superior red force attacker.

Scenario 16. A platoon seeks to delay a battle group capturing a location. The MOFE is 173 for the superior attacking red force.

Scenario 21. A large combat team seeks to capture a location whilst a platoon attempts to delay the attack. The MOFE is 178 for the superior attacking blue force.

Scenario 25. A large combat team attempts to capture a location whilst a platoon seeks to delay the attack. The MOFE is 178 for the superior attacking blue force.

9.1.3 Ineffective cyber attack

Scenario 13. A small combat team attempts to capture a location defended by a larger combat team (an inferior force attacking a superior force). The smaller combat team launches a cyber- attack on the information target, fire mission location. However, the red force does not have a fire mission capability. Therefore, the attack is ineffective. The MOFE is 189 for the defending red force.

9.1.4 Successful cyber attack

Scenario 6. Equal forces with one platoon clearing a location whilst another platoon seeks to delay. A cyber-attack is utilised by the blue force to issue malicious orders. The red force does not possess a cyber-defence capability and uses personality A.

Scenario 8. A small combat team seeks to capture the same location a battle group is clearing (inferior force attacking a superior force). The combat team has a cyber-attack capability. The battle group does not have a cyber defence capability. The information target is the order process. Agent C is the most susceptible to cyber-attack when uncertain. The orders are changed to a location away from the objective of the red force. The MOFE is 200 with an

332

Cyberspace Weaponisation: Modelling Cyber-Effects and their Impacts on Mission Success, Human Factors and Kinetic Outcomes in the Tactical Land Combat Environment. Lieutenant Colonel David Ormrod. efficiency of 1 for the attacking blue force. Although this scenario is not the most efficient option because it does not deplete the opposing force, it results in a very high MOFE for the winner because there are no casualties.

Scenario 18. A battle group attacks an objective whilst another battle group defends it (equal forces). The Blue Force has a cyber-attack capability that targets order location information. Personality A, which refers to its sensors, moves to a defendable position and switches off the system. This reduces the casualties however it prevents mission success (capturing the objective). The MOFE is 188 for blue force, who successfully defends their location.

Scenario 20. A battle group defends a location whilst a combat team seeks to capture it. The Blue Force has a cyber-attack capability. The MOFE is 200 and efficiency is 47 for the blue force. The compromised red force network and the information target of their orders are used to direct accurate blue force offensive support artillery fire onto the red force.

Scenario 27. A combat team attempts to clear a location whilst a battle group seeks to delay. The blue force has a cyber-attack capability, targeting the fire mission information target. Personality B is used by the red force, with no cyber-defence capability. The MOFE for the combat team blue force is 175, despite the initially inferior CP ratio of 0.87. The battle group’s offensive support capability target their own forces through the cyber-attack, changing the target fire mission locations to friendly force locations.

9.1.5 Discussion

The relationship between cyber-attack, cyber-defence and the MOFE outcome is depicted in Figure 105. The relationship between a cyber-attack without adequate cyber-defence is evident in the cluster of scenarios with a red circle at the top-left corner of the graph (indicating cyber-attack capability without a cyber-defence capability). Note that only blue forces had a cyber-attack capability and only red had a cyber-defence capability in each scenario. Scenario 13, as previously discussed, is an outlier in the bottom right of the graph, because the cyber-attack targeted an information target that was not in use (fire mission locations) and therefore was wasted.

333

Cyberspace Weaponisation: Modelling Cyber-Effects and their Impacts on Mission Success, Human Factors and Kinetic Outcomes in the Tactical Land Combat Environment. Lieutenant Colonel David Ormrod.

Figure 105 - Relationship between MOFE and cyber-attack/defence capability

The proof-of-concept revealed a relationship between mission success, kinetic outcomes and cyber-attack. This was most evident in scenarios 6, 8, 18, 20 and 27.

Scenario 6 demonstrated a relatively equal casualty rate between the red and blue forces. The cyber-attack capability supported a blue victory by disrupting the orders process and causing red to fail to delay the blue capture mission. In this instance, the kinetic impact does not appear to have been heavily influenced by the cyber-attack event. However, the mission impact was significant, because the red force failed to delay long enough to achieve mission success.

Scenario 8 demonstrated two forces that have suffered few casualties whilst only one has achieved mission success. This scenario featured a cyber-attack capability for one side, whilst the other side lacked a cyber-defence capability and was utilising personality C, which often believes the system when uncertain. The combination of these parameters meant that little conflict occurred in this scenario. The cyber-attack successfully changed the orders received by the agents in the red force. The altered objective location led the red force away from their actual mission objective.

Scenario 18 demonstrated that different personalities can lead to different mission outcomes. Personality A in scenario 18 switched off the system when there was a risk of compromise. As a result, the number of casualties on both sides appears to have reduced but the mission, to capture, could not be achieved by the red force. Blue force achieved the mission because of red force’s physical response to the cyber-attack.

334

Cyberspace Weaponisation: Modelling Cyber-Effects and their Impacts on Mission Success, Human Factors and Kinetic Outcomes in the Tactical Land Combat Environment. Lieutenant Colonel David Ormrod.

Scenario 20 demonstrated that the compromise of the red force network combined with offensive support capabilities on the blue force side was very efficient, because a large number of entities on the red side were suppressed and killed by artillery fire before the red force agents could respond. As soon as the first locstat message was sent by the red force over the network after it had been compromised by malware, artillery fire was directed onto their locations.

Scenario 27 demonstrated the potential for using an opposing force’s offensive support systems to target themselves, through a cyber-attack. In this scenario, the cyber-attack compromised the fire-control network and fire missions were ordered on key assets through malicious messages. The personality factor did not trigger any changes because the JFCC agent was not receiving conflicting information on the locations of friendly forces. This has been identified as future work.

The effectiveness of a comprehensive cyber-defence can be observed in the SPOC results. Cyber defence was modelled in the simulation through the patching of software, an IDS and a small CERT with the ability to isolate compromised systems remotely across the network. This capability led to a reduced MOFE for Blue Force, although the reaction time of the cyber- defence capability was generally insufficient to prevent an impact. These observations have led to the identification of future work, to examine the impact different response times for cyber- defenders have on mission success. More detailed mitigation options will be considered as part of this future work.

Overall, the results of the SPOC has established a relationship between cyber-attack capabilities, human factors, kinetic outcomes and mission success. These results support the observations collected in the preceding chapters of this thesis, including the results of the interviews, the relationships identified between system MOP and the extensive relationships identified within the BCEO. The use of NOLH has provided a useful means of comparing data across multiple parameters. However, the breadth of factors makes it difficult to clearly establish cause and effect. These results are preliminary and require further investigation. Therefore, the author has sought to establish broad relationships resulting from the SPOC results. There are opportunities for improving the agent situational awareness model, decision making processes and behaviours employed in the SPOC before more extensive claims of causation can be asserted. This will be discussed in more detail in the next chapter, as future work.

335

Cyberspace Weaponisation: Modelling Cyber-Effects and their Impacts on Mission Success, Human Factors and Kinetic Outcomes in the Tactical Land Combat Environment. Lieutenant Colonel David Ormrod.

9.2 Design Science Research Validation

9.2.1 DSR Validation

Eight research questions were proposed by (Hevner & Chatterjee 2010b). These are considered below to validate the Design Science Research (DSR) research employed within this thesis. o What is the research question (design requirements)?

The research question is: How can cyber-effects in the tactical land combat environment be modelled and measured in terms of mission success, human factors and kinetic outcomes? o What is the artefact? How is the artefact represented? o More than one artefact was created because of the triangulation approach. These were:

o The cyber-doctrine artefact is the CCF. o The human factors artefact is the DC2HFC model. o The ontology artefact is the BECO. o The measures artefact is the MCEM. o The simulation artefact is CELTS, a SPOC, represented in Python 3 code.

o What design processes (search heuristics) will build the artefact? o The BICKE method led the design methodology.

o How are the artefact and the design processes grounded by the knowledge base? o The conduct of environmental elicitation grounded the knowledge base. This included:

o Interviews with military decision makers and the analysis of this data using grounded theory thematic analysis and Q methodology;

o The development of a human factors model based on the thematic analysis results;

o The development of a conceptual framework built upon a thorough review of doctrine;

o The development of detailed business processes in the problem space;

336

Cyberspace Weaponisation: Modelling Cyber-Effects and their Impacts on Mission Success, Human Factors and Kinetic Outcomes in the Tactical Land Combat Environment. Lieutenant Colonel David Ormrod.

o The development of cyber-attack and cyber-defence BPDs extending on the state-of-the-art;

o The development of measures of effect in combat; o The development of a detailed ontology; o The development of detailed requirements; o Qualitative and quantitative comparison of potential simulation tools.

o What, if any, theories support the artefact design and the design process? o The theories supporting the artefact design and design process are described throughout Chapter 3 - Methodology. Grounded theory and Q methodology have supported the design process.

o What evaluations are performed during the internal design cycles? o Evaluations included: o Ethics review of the interview questions and scenarios o Thematic analysis review by the thesis supervisor o Qualitative and quantitative analysis was performed of the available simulation tools

o The CESO was subjected to testing throughout its development, prior to actual data collection.

o What design improvements are identified during each design cycle? o A number of design improvements have occurred. The ontological design, for example, consisted of four domains in the paper published in 2015 (Ormrod, Turnbull, & O'Sullivan 2015). This was expanded to 13 domains in the literature review (Chapter 2). The final nested domain model of this thesis consists of 42 domains.

o How is the artefact introduced into the application environment and how is it field tested?

o The artefact is a SPOC. A full VV&A has not occurred at this time. However, testing has been conducted at an entity and component level, to ensure results are traceable and within acceptable boundaries. The artefact has achieved the goal of exploring the problem space with a new approach. The artefact will be released as an open source 337

Cyberspace Weaponisation: Modelling Cyber-Effects and their Impacts on Mission Success, Human Factors and Kinetic Outcomes in the Tactical Land Combat Environment. Lieutenant Colonel David Ormrod.

project to the research community following a code base refactor and review of specific behavioural modules.

o What metrics are used to demonstrate artefact utility and improvement over previous artefacts?

o The metrics used to demonstrate utility are the causal patterns established from the measures identified within the simulation scenarios arising from this thesis.

o What new knowledge is added to the knowledge base and in what form (e.g. peer- reviewed literature, meta-artefacts, new theory, new method)?

o This thesis has presented several contributions to knowledge in the form of new models, a detailed ontology and a simulation. In addition, a number of peer-reviewed articles have been developed and published from this work.

o Has the research question been satisfactorily addressed? o The research question has been addressed. This will be explained in detail in Chapter 10.

9.3 Refactoring

The ontology and simulation were extensively modified throughout their development. Further refactoring is proposed as future work, as explained in Chapter 10.

9.4 Chapter Nine Summary

This chapter has explained the data outputs of the CELTS SPOC and validated the DSR approach. The DSR approach was introduced in Section 3.2. A complete iteration of the BICKE method provides an opportunity to confirm the DSR approach. The results of the DSR validation using the questions introduced by Hevner & Chatterjee (2010b), confirmed the methodology and design process undertaken within this thesis.

The results of the simulation demonstrated the relationship between cyber-attack, cyber- defence, human factors (agent personality) and combat outcomes as measured through mission success and casualties. The MOFE was implemented as the primary measurement tool, which facilitated the identification of scenarios of interest. These scenarios were further analysed,

338

Cyberspace Weaponisation: Modelling Cyber-Effects and their Impacts on Mission Success, Human Factors and Kinetic Outcomes in the Tactical Land Combat Environment. Lieutenant Colonel David Ormrod. resulting in specific circumstances being identified where a cyber-attack could influence the outcome of tactical land combat. These general observations provide opportunities for future work.

339

Cyberspace Weaponisation: Modelling Cyber-Effects and their Impacts on Mission Success, Human Factors and Kinetic Outcomes in the Tactical Land Combat Environment. Lieutenant Colonel David Ormrod.

Chapter Ten - Conclusion

340

Cyberspace Weaponisation: Modelling Cyber-Effects and their Impacts on Mission Success, Human Factors and Kinetic Outcomes in the Tactical Land Combat Environment. Lieutenant Colonel David Ormrod.

10. Chapter Ten - Conclusion

10.0 Chapter Ten Introduction

This concluding chapter will describe the outcomes of the thesis against the original research questions, the contributions to knowledge, key research findings, limitations of the research and future work. This thesis has provided information relevant to military practitioners, tacticians, the M&S community, network system developers, procurement staff, doctrine writers, and network system defenders.

The purpose of this thesis was to model cyber-effects and their impacts on mission success, human factors and kinetic outcomes in the tactical land combat environment. Importantly, this thesis explores a complex problem space that lacks effective, open source models capable of answering critical research questions regarding cyber-effects in the tactical land combat environment. The problems of modelling and measuring cyber-effects on mission success, human factors and kinetic outcomes in the tactical land combat environment were addressed. The aim was to produce a model of cyber-effects and measure them in the tactical land combat environment, whilst establishing relationships between cyber-effects, kinetic outcomes, human factors and mission success.

The Cyber-Conceptual Framework (CCF), presented as a novel contribution in Section 2.3, provided a theoretical model of cyber-effect impacts on kinetic outcomes and mission success. This model was expanded by the development of another contribution to knowledge, the DC2HFC model (Section 4.2), which linked human factors to the use of digital C2 systems on the battlefield. This model was then tied into business process representation (Section 4.3) and the cyber-attack and cyber-defence BPDs in Section 4.4. These extended on the state-of-the-art contemporary models in a novel way. Finally, measures relating to aspects of all of these models were developed and presented as the MCEM in Section 4.5, which combined a number of existing measurement models for tactical land combat and cyber- effects. This model was extended further using the simulation results to produce a hierarchical measures model and observation of causal relationships.

The thesis found that a relationship does exist between cyber-effects and kinetic outcomes; through the manipulation of information provided to decision makers in combat. The provision of faulty data, DoS and the eroding effects these have on SA, contribute to adverse kinetic outcomes for the victim.

341

Cyberspace Weaponisation: Modelling Cyber-Effects and their Impacts on Mission Success, Human Factors and Kinetic Outcomes in the Tactical Land Combat Environment. Lieutenant Colonel David Ormrod.

The relationship between cyber-effects and missions impact was of a similar nature. This is partly because of the integrated nature of the two problems; in many cases mission success leads from kinetic outcomes. However, the results of the thesis have demonstrated that even manoeuvre tactics can be influenced by cyber-effects. In some cases, a cyber-effect did not lead to greater casualties, but it did prevent mission success by the transmission of malicious information which led to incorrect tactical decisions.

The relationship between cyber-effects and human factors was established as important when analysing the ontological connections between BPD decision gates and the data provided by systems, which could be compromised. This observation was reinforced in the simulation when specific personality types changed the cyber-effect results.

The personality impacts of cyber-effects were observed to influence outcomes in unexpected ways. Where a cyber-attack occurred against a force who reacted by switching the system off when trust was lost, the mission was not accomplished, although combat losses were reduced. Conversely, those with the greatest trust in the system, once the network was compromised, also suffered fewer casualties but could not achieve the mission.

The measures developed in this thesis have been placed within a hierarchical model based on the simulation results. This model is subject to further review in future experiments, because it has been based on limited data provided by a SPOC. However, the insights into causal links throughout the model and the relationships between specific parts of the model offer tantalising opportunities for future research.

The implications of the observations emerging from this thesis are that real-world training on digital C2 systems must include training on cyber-attack. Military forces should also provide an active cyber-defence CERT capability in real-time at the tactical level. However, the results of this thesis should be investigated further prior to application. The CELTS should undergo an extensive VV&A process using validated data. The transition from a SPOC to application is likely to require further testing and extension.

The most important insight from this thesis is the relationship between cyber-effects and mission success. This insight reinforces the need for thorough and replicable research in this area. Research results can then be communicated in a form that military tactical commanders can understand and use to make risk assessments.

This thesis demonstrates a relationship between cyber-effects, mission success, human factors and kinetic outcomes. Mission success and cyber-effects are related through the command and

342

Cyberspace Weaponisation: Modelling Cyber-Effects and their Impacts on Mission Success, Human Factors and Kinetic Outcomes in the Tactical Land Combat Environment. Lieutenant Colonel David Ormrod.

control of combat forces by military decision makers. Compromising the situational awareness and passage of information between decision makers and combat forces has an indirect, but significant, impact on mission success. This has been demonstrated in the simulation proof-of- concept results, the relationships discovered through the semantic model and the qualitative data derived from interviews.

Further work is recommended to extend upon the simulation proof-of-concept and develop more extensive semantic use cases. Whilst the relationship between cyber-effects, mission success, kinetic outcomes and human factors has been established through this research, there remains an array of questions as to how these relationships interact and influence each other. Further research is required to develop more realistic data sets and to gather observations that will support practical outcomes in the tactical land combat environment.

343

Cyberspace Weaponisation: Modelling Cyber-Effects and their Impacts on Mission Success, Human Factors and Kinetic Outcomes in the Tactical Land Combat Environment. Lieutenant Colonel David Ormrod.

10.1 Outcomes in Relation to the Research Questions

10.1.1 Outcomes in Relation to the Master Research Question

This thesis’ master research question was:

How can cyber-effects in the tactical land combat environment be modelled and measured in terms of mission success, human factors and kinetic outcomes?

Cyber-effects can be modelled in a variety of ways. Mixed methods research supports the understanding of the complex relationships between domains through the triangulation of research methodologies and the synthesising of data from a variety of sources. Cyber-effects occur in a SOS. The modelling and measurement of cyber-effects, therefore, requires a broad understanding of the relationships between various interacting domains. Human factors, for example, can manage a degree of uncertainty and dynamic change that exceeds the technological limitations of a digital system. This factor alone can provide a degree of resilience sufficient to ensure mission success, depending on the environmental circumstances and the humans involved. However, cyber-effects can degrade SA and the quality of information available to decision makers to such an extent that they influence the outcomes of missions and kinetics.

10.1.2 Outcomes in Relation to the Sub-Questions

SQ1. What is the relationship between tactical land combat human factors and cyber- systems?

Humans provide the SOS with the ability to respond to unexpected changes in the tactical land combat environment. In an adversarial environment where survival and victory are the rewards, this is a vital component of the broader SOS. Whereas digital C2 systems offer significant efficiencies and are effective within specific tasks, when successfully compromised they offer advantages to an attacker. However, the range of actions humans are capable of, and the difficulty in adequately describing the variables associated with human decision making, make this aspect of combat difficult to model efficiently. This thesis gathered data from military decision makers to understand their perspectives and opinions in an effort to develop a model specifically designed to deal with the real-life use of digital C2 systems. It also considered aspects of trust and uncertainty when using these systems in combat. The interviews revealed

344

Cyberspace Weaponisation: Modelling Cyber-Effects and their Impacts on Mission Success, Human Factors and Kinetic Outcomes in the Tactical Land Combat Environment. Lieutenant Colonel David Ormrod.

relationships between human factors and cyber-systems, including experience, aptitude, trust, and uncertainty. These relationships led to different attitudes to digital systems and differing responses to potential cyber-attack. As a result, the DC2HFC model was established with four agent personalities.

In addition to the DC2HFC model, the relationships between human factors and cyber-systems were explored through the BCEO, an ontology with detailed links between domains, business processes, instances and objects. Through queries and use cases, the BCEO allows a researcher to semantically search and examine the detailed relationships between a variety of aspects represented within the ontology.

SQ2. What is the relationship between tactical land combat kinetic outcomes and cyber- systems?

Many kinetic systems operate without cyber-systems. However, a relationship between these two factors exists. The relationship is indirect and occurs through the human decision maker. Despite a lack of available models that describe the link between cyber-effects and kinetic outcomes, a causal chain presented in the Cyber Conceptual Framework (CCF) (Section 2.3) explained the broad principles, components and levels of effect. This causal chain formed a baseline for the remainder of the thesis. The interviews led to the observation that the relationship between cyber-effects and kinetic outcomes depended to an extent on the relationship between the decision maker and the digital C2 system. The decision maker’s experience, aptitude and trust in the digital systems influenced the way that they used these systems and the degree of influence such a system had on their decision-making process.

The data provided to the decision maker, the way the agent responds and the certainty they have in the system’s trustworthiness are all relevant factors. Despite the fact that these aspects are part of the human factors research question, they influence the kinetic outcome through the relationship between SA, decisions and action.

Kinetic outcomes were modelled in the Battlespace Cyber-Effects Ontology (BCEO) (Chapter 5). However, the lack of effective combat representation in the ontology led to the development of an ABM, in a simulation. The simulation modelled kinetic outcomes using a probabilistic combat model including detailed terrain, tactics and C2 representation. Cyber-systems were also modelled using a networked series of nodes, which passed messages between users.

345

Cyberspace Weaponisation: Modelling Cyber-Effects and their Impacts on Mission Success, Human Factors and Kinetic Outcomes in the Tactical Land Combat Environment. Lieutenant Colonel David Ormrod.

SQ3. What are the relationships between cyber-effects and tactical land combat mission success?

Land combat mission success was described using the MCEM (Section 4.5). Measure of Force Effectiveness (MOFE) was the primary measure of success. This encapsulates mission success against a specified task verb (such as defend), a location and time. However, it also utilises the relative CP lost by either side to achieve this tactical effect.

Cyber-effects do not directly impact either major component of mission success. However, the relationship is strong, even if indirect. Orders and plans above the platoon level may be issued over the digital C2 system and if they are compromised, the opposing force may have the opportunity to understand the victim’s plans in detail, prevent their circulation, or alter the information. The relationships between MOP and systems was depicted in the MCEM Aggregated Schema (Section 4.5.4).

The Battlespace Cyber-Effects Ontology (BCEO) demonstrated a relationship between cyber- effects and mission success through the BPDs, where digital C2 data of importance was used to make decisions. The extent of this effect is moderated by the relationship between the decision maker and the digital system, in terms of the trust they have in the security of the network and in the information.

SQ4. How can the impact of cyber-effects on tactical land combat mission success be described and measured?

There is a general relationship that is evident in the CCF, DC2HFC and BCEO relating to the utility or value of information and the corresponding impact on mission success. The ‘crown jewels’ model is evidence of this general relationship. More specifically, the CCF identifies five levels and four components of a cyber-effect which allow the cyber-effect to be described in terms of its impact across the SOS.

The measures used for tactical land combat mission success and cyber-effects were considered together in the MCEM, within Section 4.5. This model led to the development of measures within the broad categories of MOFE, MOE and MOP. The MCEM forms an aggregated schema which links to each of the individual measures. Through this aggregated view, it is possible to identify the causal links between measures. However, more detailed analysis is required through future work to identify the individual mechanics related to causal changes between measures.

346

Cyberspace Weaponisation: Modelling Cyber-Effects and their Impacts on Mission Success, Human Factors and Kinetic Outcomes in the Tactical Land Combat Environment. Lieutenant Colonel David Ormrod.

The MOFE Matrix demonstrated value when comparing the results of the 33 scenarios simulated with the SPOC in Section 9.1. The high-level analysis of outliers, which is particularly suited to data farming, revealed a cluster of cyber-attack scenarios that was evident from the way that the data was presented.

SQ5. What broad mitigation strategies are available to reduce the mission impact of a cyber- effect?

Resilience, degeneracy and behavioural defence have all been discussed as broad mitigation strategies to reduce the impact of a cyber-effect. The cyber-defence BPD was developed and incorporated into the BCEO in an effort to identify the relationship between cyber-defence, cyber-attack and impact.

The interview data in Section 4.1, and the DC2HFC in Section 4.2, led to the observation that human behaviour is a mitigation of cyber-effects. However, to reduce the risk in a controlled manner, this behaviour must be regulated through training, drills and SOPs. Parallel business processes should be available and utilised regularly, to reduce dependence and ensure the broader SOS is resilient to cyber-attack. Whilst efforts to build assured cyber-systems and seeking to ‘fight through’ in cyberspace should be continued, the human ability to respond to cyber-attack should also be nurtured and developed.

The SPOC demonstrated the impact that specific mitigation factors can have on the results of a cyber-attack.

10.2 Contributions to Knowledge

This thesis makes seven contributions to knowledge.

10.2.1 The Cyber-Conceptual Framework (CCF)

The CCF describes a single cohesive and comprehensive baseline framework upon which the remainder of the thesis is built. The CCF provides a consistent international military lexicon which could assist in communication between multinational partners and the creation of integrated doctrine across military services and partner nations. The CCF supports the resolution of SQ2: What are the relationships between tactical land combat kinetic outcomes and cyber-systems?

347

Cyberspace Weaponisation: Modelling Cyber-Effects and their Impacts on Mission Success, Human Factors and Kinetic Outcomes in the Tactical Land Combat Environment. Lieutenant Colonel David Ormrod.

10.2.2 The Battlespace Integrated Cyber-Kinetic Effect (BICKE) Method

The BICKE method provides a cyclic process consisting of seven parts, which combines the components of a number of different simulation models to provide a unique methodology. This methodology is specifically designed to model cyber-kinetic effects (BICKE phenomena) using simulation. The BICKE is unique because of its semantically rigorous, mixed methods, iterative design research approach that reduces the uncertainty (and therefore risk) inherent in environments that feature BICKE capabilities. The BICKE method has been utilised to guide both the structure and approach of this thesis.

10.2.3 The Digital C2 Human Factors Combat (DC2HFC) Model

The DC2HFC model is suitable for the M&S of tactical land combat human factors influencing cyber and kinetic effects. The DC2HFC model does not provide complete coverage of every aspect of human factors. However, it advances the state of the art, and is unique because it utilises grounded theory to develop a model suited to simulation directly from data acquired from currently serving, operationally experienced, military practitioners. This is different to many existing simulation approaches that have sought to incorporate human factors.

The integration of Q methodology and grounded theory thematic analysis for semi-structured interviews to develop agent personalities for simulation is unique. Grounded theory thematic analysis develops themes through the inductive coding of qualitative data, leading to theory development (Strauss & Corbin 1994). In contrast, Q methodology treats the contextualised sum of communications on a topic as a statistical population. Q methodology has been seen as the enigma of mixed-methods research approaches (Ramlo 2016). Participants are variables who sort statements to reflect their opinions and viewpoints (Huggins et al. 2015a). Whilst Q methodology has been used in other studies as a precursor to thematic analysis (Huggins et al. 2015b), the author was unable to identify an instance where the two approaches have been implemented together. This thesis attempts to unite the two approaches to assist in the development of theory. Parallel, rather than sequential application of the two approaches, has allowed the author to unite the Q methodology factor results and the thematic analysis for each participant. This approach permits the development of agent personalities. The DC2HCF model supports the resolution of SQ1: What are the relationships between tactical land combat human factors and cyber-systems?

348

Cyberspace Weaponisation: Modelling Cyber-Effects and their Impacts on Mission Success, Human Factors and Kinetic Outcomes in the Tactical Land Combat Environment. Lieutenant Colonel David Ormrod.

10.2.4 The Battlespace Cyber-Effects Ontology (BCEO)

The Battlespace Cyber-Effects Ontology (BCEO) provides a consistent, unified model for using semantic reasoning to examine the relationships between the different domains that influence cyber-effects. The BCEO utilises a Stoic meta-ontology and nested domain model to describe the relationships across the land tactical combat environment, including mission success, human factors and kinetic outcomes. The BCEO supports the resolution of SQ3: What are the relationships between cyber-effects and tactical land combat mission success?

10.2.5 The Measures of Combat Effect Model (MCEM)

The Measures of Combat Effect Model (MCEM) presents a comprehensive series of measures suited to assessing tactical land combat success. Combat effect is measured through force effectiveness, effectiveness and performance. The MCEM supports the resolution of SQ4: How can the impact of cyber-effects on tactical land combat mission success be described and measured?

10.2.6 Cyber-Effects Land Tactics Simulation (CELTS)

The Cyber-Effects Land Tactics Simulation (CELTS) is a Simulation Proof-of-Concept (SPOC) that tests the relationships described in this thesis. The SPOC measures cyber-effect impacts in a tactical land combat environment using human factors, mission success and kinetic outcomes. The CELTS supports the resolution of all SQs.

10.3 Key Research Findings

This thesis determined that a relationship exists between cyber-effects, mission success, human factors and kinetic outcomes. Cyber-effects can be modelled and measured to develop an enhanced understanding of these relationships. The problem space intersecting cyber- effects, mission success, human factors and kinetic outcomes is complex, and the models required to understand the interactions between differing domains must, by their nature, incorporate a range of variables. Given that each factor exists as one part of a larger SOS, triangulation of methodologies and data provides insights into aspects of different domains. Through an incremental and graduated creation of new knowledge, models will evolve and become more explanatory.

349

Cyberspace Weaponisation: Modelling Cyber-Effects and their Impacts on Mission Success, Human Factors and Kinetic Outcomes in the Tactical Land Combat Environment. Lieutenant Colonel David Ormrod.

The use of an ontology to describe relationships offers excellent insights into the interactions between domains in the tactical land combat environment, including in the physical and virtual components that exist within cyberspace. However, an ontology without instances and use cases does not offer sufficient information about these relationships. The creation of specific scenarios supports the creation of instances and use cases within the ontology. The development of an ontology must, therefore, include specific instances of objects and a series of scenarios against which queries can be directed.

Simulation is one of a number of tools that can be used to understand cyber-effects, and is an excellent tool for understanding cause-and-effect in a stochastic environment. This thesis contends that simulations of cyber-effect impacts should include human factors, because the human acts as an interface and provides a great deal more capacity to adapt to the environment than a technological system alone. Until machines have replaced humans, this factor remains a significant gap in state-of-the-art cyber-effects models. The depiction of human trust and interaction with digital C2 systems remains in its infancy. This thesis has sought to extend on the state of the art and develop agent models suited to future experimentation.

Measures of tactical land combat success, despite the significant research which has been invested in modelling warfare, remain relatively basic and lack a clear body of knowledge that is relevant to modern warfare. The transition to manoeuvrist warfare and network- enabled combat appears to have resulted in models that are very strong in one particular area but lack a comprehensive link between all of the interacting parameters. This thesis has sought to develop a clear system of measuring battlefield success, the MOFE Matrix, and has gathered the various measures and metrics into an aggregated model. However, additional work is required to develop a detailed causal model between the interacting systems that lead to mission success and kinetic outcomes in the tactical land combat environment.

Cyber-attacks prosecuted without a corresponding cyber-defence capability from the adversary were observed to enjoy a degree of success in the SPOC, which led to their identification as outliers in the data. These results can be classified based on three outcomes. The first outcome was a cyber-attack victim committing resources in a way that did not add to their odds of mission success. In this case, a successful cyber-attack targeted the orders process and led to the victim force committing resources to manoeuvres which did not provide an advantage, for example attacking the wrong location. In this case casualties were

350

Cyberspace Weaponisation: Modelling Cyber-Effects and their Impacts on Mission Success, Human Factors and Kinetic Outcomes in the Tactical Land Combat Environment. Lieutenant Colonel David Ormrod.

kept to a minimum on both sides, as decisive engagement did not occur. The second outcome was a cyber-attack victim losing trust in their digital C2 system and withdrawing. In this case, the victim realised they had been compromised and switched the system off. This response varied based on the personality of the agent. However, when this occurred, the agent personality in question also undertook a physical response. The physical response was to withdraw to a defendable position, on the understanding that prior communications may have been compromised. This response reduced the casualties incurred by both forces. However, it also led to mission failure because the force was no longer seeking to accomplish its mission. The third outcome was a cyber-attack victim suffering significant casualties as a result of a compromised fire control system. In this case, malware was able to infect and traverse a poorly patched fire control network, which lacked an IDS or CERT protection. Once the fire control network was compromised and privileges escalated, fire mission messages were created targeting high value assets by the cyber-attacker. This resulted in fratricide, the force firing artillery on its own agents. This scenario demonstrated that a cyber-attack could have a kinetic effect. Further analysis of the variables leading to this result is required, to develop a more realistic outcome. The scenario in the SPOC lacked some of the controls outside of cyber-space that would be present in the combat environment. Nonetheless, the capability and potential of a cyber-attack leading to a kinetic impact was explored and demonstrated.

The cyber-attack business process and its corresponding counterpoint, the cyber-defence process, provide a useful methodology for exploring the interaction of cyberspace in business processes and the interaction between compromised networks, network nodes and data with business process outcomes. This thesis has developed detailed business processes and a supporting ontological artefact that describes the relationships between data, users, business processes and other objects in the environment. Ultimately, it is business processes that transform resources into value adding outputs that contribute to organisational success. Understanding how a cyber-attack can maliciously interfere with business processes, and how cyber-defence can prevent that interference, is an approach that has utility.

Mitigations explored throughout this thesis have included resilience, degeneracy, the use of cyber-defence resources and the application of IDS, patching and blue-teaming solutions. The exploration of human factors has identified a number of broad mitigation strategies available to organisations beyond simple information security training solutions. These include the development of red teaming strategies that employ dedicated and robust adversarial strategies to test cyber-defences, the use of honeynets, realistic exercises and the employment of a

351

Cyberspace Weaponisation: Modelling Cyber-Effects and their Impacts on Mission Success, Human Factors and Kinetic Outcomes in the Tactical Land Combat Environment. Lieutenant Colonel David Ormrod.

behavioural defence methodology across the organisation to deny enemy confidence when systems are compromised.

10.4 Limitations of Research and Future Work

This thesis highlights six directions for future work that would extend knowledge in this field. These future research directions include ontology development, refactoring and refining the SPOC, enhance the behavioural models, improving simulation outputs and measures, conduct VV&A and explore mitigation options. Future research directions are discussed below and potentially related research areas.

10.4.1 Ontology development

The ontology developed in Chapter 5 is well-formed and is a solid basis for future research in the area. However, there are ways that would make it more extensible and, therefore, more easily used by researchers. By categorising ontological relationships between different domains, subsets of the ontology could be used without requiring all domains to be implemented. Therefore, future versions of the ontology will create a relationships domain, which will contain all the inter-domain relationships (interstitials) described in the ontology. This will allow each domain to be loaded independently, without the links to other domains and prefixes. Currently, when a domain is loaded, the references to other domains are also present in the ontology, which may not suit all experimental use cases. For example, a researcher working in the field of industrial control system security might select the relevant ontological domains and avoid those related to land warfare and tactics.

10.4.2 Refactor and refine the SPOC

The SPOC has provided a useful tool to examine relationships and many lessons on the development of a product suited to cyber-kinetic simulation. Future work includes the re- examination of the CELTS code base and refinement of specific modules prior to its release as open source application.

10.4.3 Enhance behavioural models

Tactics requires the use of adaptive thinking and is heavily influenced by the environment, the adversary and the situation. Business Process Model and Notation (BPMN) has been used to model the process of making tactical decisions, although this modelling is based more on an

352

Cyberspace Weaponisation: Modelling Cyber-Effects and their Impacts on Mission Success, Human Factors and Kinetic Outcomes in the Tactical Land Combat Environment. Lieutenant Colonel David Ormrod.

‘if…then…’ structure. The enhancement of this process and addition of Bayesian models or machine learning will be dealt with in future work. The conduct of further research into human factors through further interviews and Q sorts with different samples would allow the model to be refined, developed and subject to further analysis.

10.4.4 Simulation outputs and measures

The planned data output format for each simulation run is depicted in Table 32. The SPOC does not provide an output for all of these values. However, these values provide a goal for future work. The implementation of these measures will require the complete development of the MCEM aggregated model within the simulation. Whilst this was considered out of scope for the SPOC, it is planned that this work will be undertaken to develop a full simulation product for distribution.

Table 32 - Data Output Format for Each Simulation Run

10.4.5 VV&A

Verification, Validation and Accreditation (VV&A) is recognised as an important component of simulation development. Verification of all simulation objects was conducted during simulation development to ensure they corresponded to the artefacts developed within this

353

Cyberspace Weaponisation: Modelling Cyber-Effects and their Impacts on Mission Success, Human Factors and Kinetic Outcomes in the Tactical Land Combat Environment. Lieutenant Colonel David Ormrod.

document, and aligned to the principles of the experiment. Some sensitivity testing was also conducted. Development of an accredited system is likely to lead to a security classification. Instead, the thesis, ontology, simulation and supporting artefacts have been created to extend the academic understanding of the problem space and create a framework and components that can now be subjected to further verification and validation. It is intended that with further refinement and development, the products may be subject to a complete VV&A. However, this may require that a classified development branch is created, subject to Defence support.

10.4.6 Mitigation options and cyber-defence resources

The SPOC included a cyber-defence capability. However, it was observed that on some occasions the response time of the cyber-defence resources and the way that they responded did not sufficiently prevent the cyber-effect from influencing mission success or kinetic outcomes. There is an opportunity for future work to examine the optimal mix of cyber- defence capabilities to reduce the physical and mission impacts of a cyber-attack.

10.4.7 Related research areas

There are also other potential areas of research this work has discovered, although they are beyond the scope of this thesis. Given the findings outlined in Chapter 9, there is a research opportunity to expand the scope of this work to other related fields. These fields may be military in nature, or may relate to other commercial business impacts. The use of IDS or other technologies that include human interaction and geographic dislocation across a three- dimensional space, with an impact in the physical world, are ideally suited to research using the SPOC and CESO presented in this thesis.

10.5 Conclusion

This thesis has demonstrated a relationship between cyber-effects, mission success, kinetic outcomes and human factors in the tactical land combat environment. This thesis has presented six unique contributions to knowledge and advanced the state of the art. The semantic model provides a reusable foundation for cross-domain research, which has capacity for extension into other cyber-security research areas, including ICS and critical infrastructure protection. The SPOC provides valuable lessons and an extensible tool for replicable agent based simulation, capable of bridging the gap between the non-physical and physical aspects of the cyber-kinetic environment.

354

Cyberspace Weaponisation: Modelling Cyber-Effects and their Impacts on Mission Success, Human Factors and Kinetic Outcomes in the Tactical Land Combat Environment. Lieutenant Colonel David Ormrod.

Chapter Eleven – Glossary of Terms

355

Cyberspace Weaponisation: Modelling Cyber-Effects and their Impacts on Mission Success, Human Factors and Kinetic Outcomes in the Tactical Land Combat Environment. Lieutenant Colonel David Ormrod.

Glossary of Terms Agility. “A capability that results in a specific outcome under specific conditions. The specified outcome is success, where success is defined either by the entity itself or external to the entity” (Alberts 2014).

Attack. Task verb, meaning to “Take offensive action against a specified objective” (North Atlantic Treaty Organisation 2006, pp. A-2).

Battle Damage Assessment. The timely and accurate estimate of the damage resulting from the application of military force. Battle damage assessment estimates physical damage to a particular target, functional damage to that target, and the capability of the entire target system to continue its operations (US Marine Corps 2011, pp. II-9).

Battlefield Operating Systems (BOS). “There are seven battlefield operating Systems. The BOS provide the Army a common taxonomy of critical tactical activities. They provide the commander and his staff a means of assessing the planning, preparation, and execution of an operation in discrete subsets. The seven BOS are: Intelligence; Manoeuvre; Fire support; Air defence; Mobility/countermobility/survivability; Combat service support; and Command and control” (Department of Defense 2001a, pp. 2-5).

Cognitive dimension. “Composed of the knowledge, values, beliefs, concepts, intentions, and perceptions of individuals and groups transmitting and receiving information. This dimension focuses on the societal, cultural, religious, and historical contexts that influence the perceptions of those producing the information and of the target audiences receiving the information. Governments, societies, military forces, enemy forces, and other actors all think, perceive, visualise, understand, and decide within this dimension. These actors are the creators and users of the information that moves in and through the physical dimension. While cyberspace and the EMS do not exist within the cognitive dimension, CEMA is sometimes leveraged as an information-related capability to affect this portion of the information environment” (United States Army 2014, pp. 1-7).

Combat. “A violent struggle between two hostile, thinking, and independent opposing commanders with irreconcilable goals… The interplay between these two opposing commanders, with each commander seeking to accomplish his mission while preventing the other from doing the same” (Department of Defense 2001a, pp. 1-4).

356

Cyberspace Weaponisation: Modelling Cyber-Effects and their Impacts on Mission Success, Human Factors and Kinetic Outcomes in the Tactical Land Combat Environment. Lieutenant Colonel David Ormrod.

Combined arms. “The synchronised or simultaneous application of several arms—such as infantry, armour, artillery, engineers, air defence, and aviation—to achieve an effect on the enemy that is greater than if each arm was used against the enemy separately or in sequence… Weapons and units are more effective when they operate in concert.” (Department of Defense 2001a, pp. 2-6).

Command and control system. “The BOS that includes all collective tasks associated with supporting the exercise of authority and direction by a properly designated commander over assigned and available forces in the accomplishment of the mission” (Department of Defense 2001a, pp. 2-5).

Commander’s intent. “A clear, concise statement of what the force must do and the conditions the force must establish with respect to the enemy, terrain, and civil considerations that represent the desired end state” (Department of Defense 2008, pp. 5-8).

Common Operational Picture (COP). “A single display of relevant information within a commander’s area of interest tailored to the user’s requirements and based on common data and information shared by more than one command” (Department of Defense 2008, pp. 6-12).

Cyberspace. “Cyberspace is a global domain within the information environment consisting of the interdependent network of information technology infrastructures and resident data, including the Internet, telecommunications networks, computer systems, and embedded processors and controllers” (United States Army 2014, pp. 1-5).

Cyberspace operations. “Cyberspace operations are the employment of cyberspace capabilities where the primary purpose is to achieve objectives in or through cyberspace (JP 3- 0). Cyberspace operations consist of three functions: offensive cyberspace operations, defensive cyberspace operations, and Department of Defense information network operations” (United States Army 2014, pp. 1-3).

Cyberspace superiority. “The degree of dominance in cyberspace by one force that permits the secure, reliable conduct of operations by that force, and its related land, air, maritime, and space forces at a given time and place without prohibitive interference by an adversary (United States Army 2014, p. Glossary2).

357

Cyberspace Weaponisation: Modelling Cyber-Effects and their Impacts on Mission Success, Human Factors and Kinetic Outcomes in the Tactical Land Combat Environment. Lieutenant Colonel David Ormrod.

Decisive engagement. “An engagement in which a unit is considered fully committed and cannot manoeuvre or extricate itself. In the absence of outside assistance, the action must be fought to a conclusion and either won or lost with the forces at hand (JP 1-02). …a unit might become decisively engaged to hold key terrain, defeat a specific enemy force, or secure a specific objective. Less common is a defender’s decisive engagement because of being placed in a position of disadvantage by an attacker” (Department of Defense 2001a, pp. 2-6).

Deception. “Those actions executed to deliberately mislead adversary decision makers as to friendly military capabilities, intentions, and operations, thereby causing the adversary to take specific actions (or inactions) that will contribute to the accomplishment of the friendly mission” (Department of Defense 2008, pp. 6-19).

Decisive point. “A geographic place, specific key event, critical factor, or function that, when acted upon, allows commanders to gain a marked advantage over an adversary or contribute materially to achieving success” (Department of Defense 2008, pp. 7-9).

Decisive terrain. “Key terrain whose seizure and retention is mandatory for successful mission accomplishment” (Department of Defense 2001a, pp. 2-18).

Defeat. Task verb, meaning to: “diminish the effectiveness of the enemy, to the extent that he is either unable to participate in combat or at least cannot fulfil his intention” (North Atlantic Treaty Organisation 2006, pp. A-5).

Defensive cyberspace operations. “Passive and active cyberspace operations intended to preserve the ability to utilise friendly cyberspace capabilities and protect data, networks, net- centric capabilities, and other designated systems” (United States Army 2014, p. Glossary2).

Deny. Task verb, meaning to: “Prevent enemy use of a specified thing” (North Atlantic Treaty Organisation 2006, pp. A-6).

Destroy. Task verb, meaning to: “Damage an object or an enemy force so that it is rendered useless to the enemy until reconstituted” (North Atlantic Treaty Organisation 2006, pp. A-6).

Domain. “An area under one rule; a realm” (Allen 2004).

Economy of force. The principle of war stating: “Allocate minimum essential combat power to secondary efforts” (Department of Defense 2008, pp. A-1).

358

Cyberspace Weaponisation: Modelling Cyber-Effects and their Impacts on Mission Success, Human Factors and Kinetic Outcomes in the Tactical Land Combat Environment. Lieutenant Colonel David Ormrod.

Electromagnetic spectrum (EMS). “The electromagnetic spectrum is the range of frequencies of electromagnetic radiation from zero to infinity. It is divided into 26 alphabetically designated bands” (United States Army 2014, pp. 1-5).

Electronic warfare (EW). “Electronic warfare is any military action involving the use of electromagnetic and directed energy to control the electromagnetic spectrum or to attack the enemy” (United States Army 2014, pp. 1-3).

Emission control. “The selective and controlled use of electromagnetic, acoustic, or other emitters to optimise command and control capabilities while minimizing, for operations security: a. detection by enemy sensors; b. mutual interference among friendly systems; and/or c. enemy interference with the ability to execute a military deception plan” (United States Army 2014, pp. 4-7).

End state (military). “A desired future condition represented by the expressed conditions that the commander wants to exist when an operation ends” (Department of Defense 2008, pp. 7- 6).

Engagement. “A small, tactical conflict between opposing maneuver forces, usually conducted at brigade level and below. An engagement can be a stand-alone event or one of several related engagements comprising a battle” (Department of Defense 2001a, pp. 1-2).

Engagement area (EA). “An area where the commander intends to contain and destroy an enemy force with the massed effects of all available weapons and supporting systems” (Department of Defense 2001a, pp. 2-21).

Engagement priority. “Specifies the order in which the unit engages enemy systems or functions. The commander assigns engagement priorities based on the type or level of threat at different ranges to match organic weapon systems capabilities against enemy vulnerabilities” (Department of Defense 2001a, pp. 2-22).

Environment. “The circumstances, objects, or conditions by which one is surrounded” (Merriam Webster 2005).

Fire support system. “This BOS encompasses the collective and coordinated use of target- acquisition data, indirect-fire weapons, fixed-wing aircraft, offensive information operations, and other lethal and nonlethal means against targets located throughout an [Area of Operations]” (Department of Defense 2001a, pp. 2-5).

359

Cyberspace Weaponisation: Modelling Cyber-Effects and their Impacts on Mission Success, Human Factors and Kinetic Outcomes in the Tactical Land Combat Environment. Lieutenant Colonel David Ormrod.

Fix. Task verb, meaning to: “Prevent an enemy from moving any part of his forces from a specified location for a specified period of time” (North Atlantic Treaty Organisation 2006, pp. A-9).

Flanks. “The right or left limits of a unit. The commander tries to deny the enemy opportunities to engage his flanks because a force cannot concentrate as much direct fire on the flanks as it can to the front. Commanders seek to engage enemy flanks for the same reason” (Department of Defense 2001a, pp. 2-7).

Manoeuvre system. “This BOS is the movement of forces to achieve a position of advantage with respect to enemy forces. This system includes the employment of forces on the battlefield in combination with direct fire or fire potential. This system also includes the conduct of tactical tasks associated with force projection” (Department of Defense 2001a, pp. 2-5).

Mission (military). “The task, together with the purpose, that clearly indicates the action to be taken and the reason therefore” (Department of Defense 2008, pp. 6-8).

Mission, Enemy, Terrain and weather, Troops and support available, Time available, and Civil considerations (METT-TC). “The METT-TC analytical framework is useful in assessing operations planning, preparing, and executing. The tactician considers these six factors for any type of operation. Their impact on an operation will differ, but each must be considered as factors during the commander’s visualisation process. That consideration involves both the science and art of tactics. For example, terrain and weather effects on movement rates and fuel consumption are quantifiable and, therefore, part of the science of war. Terrain and weather effects on soldier morale are not totally quantifiable and are part of the art of war” (Department of Defense 2001a, pp. 2-4).

Mutual support. “The support which units render to each other against an enemy because of their assigned tasks, their position relative to each other and to the enemy, and their inherent capabilities” (Department of Defense 2001a, pp. 2-8).

Objective. The principle of war stating: “Direct every military operation toward a clearly defined, decisive, and attainable objective” (Department of Defense 2008, pp. A-1).

Offensive cyberspace operations. “Cyberspace operations intended to project power by the application of force in or through cyberspace” (United States Army 2014)

360

Cyberspace Weaponisation: Modelling Cyber-Effects and their Impacts on Mission Success, Human Factors and Kinetic Outcomes in the Tactical Land Combat Environment. Lieutenant Colonel David Ormrod.

Reconnaissance. “Ground reconnaissance and surveillance conducted in the area extending forward of the forward edge of the battle area. It is directed toward determining the location, composition, disposition, capabilities, and activities of enemy committed forces and is primarily conducted by elements of combat units.” (US Marine Corps 2011, pp. II-13).

Red Teaming. “The independent application of a range of structured, creative and critical thinking techniques to assist the end user make a better informed decision or produce a more robust product” (Ministry of Defence 2013b, pp. 1-5).

Secure. Task verb, meaning to: “Gain possession of a position or terrain feature, with or without force, and to make such disposition as will prevent its destruction or loss to enemy action” (North Atlantic Treaty Organisation 2006, pp. A-13).

Seize. Task verb, meaning to: “Clear a designated area and obtain control of it” (North Atlantic Treaty Organisation 2006, pp. A-13).

Situational awareness. “Immediate knowledge of the conditions of the operation, constrained geographically and in time” (Department of Defense 2008, pp. 6-13).

Suppress. Task verb, meaning to: “Temporarily degrade an enemy capability to enable a friendly action” (North Atlantic Treaty Organisation 2006, pp. A-14).

System of Systems. Integrated, evolving and interdependent systems that when coupled together demonstrate emergent behaviours (Maier 1996).

Tactics. “The employment of units in combat” (Department of Defense 2001a, pp. 1-2).

Tactics (as an art). “The art of tactics consists of three interrelated aspects: the creative and flexible array of means to accomplish assigned missions, decision-making under conditions of uncertainty when faced with an intelligent enemy, and understanding the human dimension - the effects of combat on soldiers” (Department of Defense 2001a, pp. 1-4).

Tactics (as a science). “The science of tactics encompasses the understanding of those military aspects of tactics - capabilities, techniques, and procedures - that can be measured and codified” (Department of Defense 2001a, pp. 1-3).

Tactical level of war. “The level of war at which battles and engagements are planned and executed to accomplish military objectives assigned to tactical units or task forces… The

361

Cyberspace Weaponisation: Modelling Cyber-Effects and their Impacts on Mission Success, Human Factors and Kinetic Outcomes in the Tactical Land Combat Environment. Lieutenant Colonel David Ormrod.

strategic and operational levels provide the context for tactical operations. Without this context, tactical operations are reduced to a series of disconnected and unfocused actions” (Department of Defense 2001a, pp. 1-2).

Tactical victory. “Occurs when the opposing enemy force can no longer prevent the friendly force from accomplishing its mission. That is the end goal of all military operations. Decisive tactical victory occurs when the enemy no longer has the means to oppose the friendly force.” (Department of Defense 2001a, pp. 1-15).

362

Cyberspace Weaponisation: Modelling Cyber-Effects and their Impacts on Mission Success, Human Factors and Kinetic Outcomes in the Tactical Land Combat Environment. Lieutenant Colonel David Ormrod.

References

Abt, CC 1987, Serious Games, University Press of America, New York. Adamsky, D 2010, The Culture of Military Innovation: The Impact of Cultural Factors on the Revolution in Military Affairs in Russia, the Us, and Israel, Stanford University Press, Stanford, CA. Adkins, RC 1975, Analysis of Unit Breakpoints in Land Combat, Naval Postgraduate School, NP School, Monterey, CA, viewed 11 Feb 2017, http://calhoun.nps.edu/handle/10945/20746. Aguilar-Saven, RS 2004, 'Business Process Modelling: Review and Framework', International Journal of Production Economics. Amsterdam, The Netherlands., Publisher, vol. 90, no. 2, pp. 129-49, viewed 26 Feb 2015, http://www.sciencedirect.com/science/article/pii/S0925527303001026. Ahrweiler, P & Gilbert, N 2015, 'The Quality of Social Simulation: An Example from Research Policy Modelling', Policy Practice and Digital Science, Springer, pp. 35-55. Alberts, CJ & Dorofee, AJ 2005, 'Mission Assurance Analysis Protocol (MAAP): Assessing Risk in Complex Environments', Software Engineering Institute, Carnegie Mellon University, PA. USA., viewed 01 Jan 2017, http://resources.sei.cmu.edu/library/asset- view.cfm?assetid=7505. Alberts, D 2006, Code of Best Practice for Joint Experimentation, Defence University Press, Washington DC, USA. Alberts, DS 1996, The Unintended Consequences of Information Age Technologies, National Defense University Press, Washington DC, USA. Alberts, DS 2002, Information Age Transformation: Getting to a 21st Century Military (Revised), Department of Defense Command and Control Research Program, Washington, DC, USA. Alberts, DS 2007, 'Agility, Focus, and Convergence: The Future of Command and Control', The International C2 Journal, Publisher, vol. 1, no. 1, pp. 1-30. Alberts, DS 2010, The Agility Imperative: Precis, Command and Control Research Program, International Command and Control Institute, Washington DC, USA. Alberts, DS 2014, ‘Agility Quotient (AQ)’, 19th International Command and Control Research and Technology Symposium (ICCRTS), Alexandria, VA, USA, Institute for Defense Analyses. NSD-5174. Alberts, DS, Bernier, F, Chan, K & Manso, M 2013, C2 Approaches: Looking for the Sweet Spot, Vol. ADA587018, Institute for Defense Analyses Alexandria VA. Alberts, DS, Garstka, JJ & Stein, FP 2000, Network Centric Warfare: Developing and Leveraging Information Superiority. 2nd Edition, Command and Control Research Program, International Command and Control Institute. , Washington, DC. Alberts, DS & Hayes, RE 2005, Campaigns of Experimentation: Pathways to Innovation and Transformation, Information Age Transformation Series. Code of Best Practice., Command and Control Research Program. International Command and Control Institute. Information Age Transformation Series., Washington DC., viewed 20 Aug 2015, www.dtic.mil/cgi-bin/GetTRDoc?AD=ADA457167. Alberts, DS & Hayes, RE 2006, Understanding Command and Control, Department of Defense, Command and Control Research Program., Washington, DC. USA. Alberts, DS, Huber, RK & Moffat, J 2010, NATO NEC C2 Maturity Model, Department of Defense, Command and Control Research Program., Washington, DC, USA. Allegri, G, Corradi, S, Marchetti, M & Scaglione, S 2007, 'Analysis of the Effects of Simulated Synergistic Leo Environment on Solar Panels', Acta Astronautica, International Academy of Astronautics. Elsevier, Paris, France., vol. 60, no. 3, pp.

363

Cyberspace Weaponisation: Modelling Cyber-Effects and their Impacts on Mission Success, Human Factors and Kinetic Outcomes in the Tactical Land Combat Environment. Lieutenant Colonel David Ormrod.

175-85, viewed 03 Sep 2016, http://www.sciencedirect.com/science/article/pii/S0094576506002761. Allemang, D & Hendler, J 2011, Semantic Web for the Working Ontologist: Effective Modeling in Rdfs and Owl, Elsevier, Amsterdam, The Netherlands. Allen, P 1992, Situational Force Scoring: Accounting for Combined Arms Effects in Aggregate Combat Models, RAND Corporation., Santa Monica, CA., http://www.rand.org/pubs/notes/N3423.html. Allen, RE 2004, The Australian Concise Oxford Dictionary, ed. JM Hughes, PA Michell & WS Ramson, Oxford University Press, Melbourne, Australia. Alturki, A, Bandara, W & Gable, GG 2012, 'Design Science Research and the Core of Information Systems', in K Peffers, M Rothenberger & B Kuechler (eds), Design Science Research in Information Systems. Advances in Theory and Practice, Springer, Heidelberg., pp. 309-27. Amin, S 2011, ‘On Cyber Security for Networked Control Systems’, Masters Thesis, University of California. Amoroso, E 2012, Cyber Attacks: Protecting National Infrastructure, Butterworth- Heinemann Elsevier, New York, USA. Amstutz, P, Andra, M & Rice, D Year, ‘Reasoning, Planning, and Goal Seeking: A Cognitive Approach for Small Combat Unit Constructive Simulation’, Proceedings of the 2012 Symposium on Military Modeling and Simulation, SpringSim '12, 2012 Spring Simulation Multiconference Orlando, FL, USA - March 26-29 2012., Orlando, FL, USA, Society for Computer Simulation International. Ancker, C & Gafarian, A 1988, The Validity of Assumptions Underlying Current Uses of Lanchester Attrition Rates, Department of the Army, US Army Tradoc Analysis Command, California, Los Angeles. Ancker, CJ & Gafarian, AV 1992, 'Modern Combat Models', Operations Research Society of America, Maryland USA., INFORMS. Anderson, E, Choobineh, J, Fazen, M & Grimaila, M Year, ‘Mission Impact: Role of Protection of Information Systems’, International Conference on Information Warfare and Security., Ohio., Academic Conferences International Limited, 8-9 Apr 2010. Anderson, LB 1995, 'Attrition Formulas for Deterministic Models of Large-Scale Combat', Naval Research Logistics., Publisher, vol. 42, no. 3, pp. 345-73, viewed 16 Jul 2015, http://dx.doi.org/10.1002/1520-6750(199504)42:3<345::AID- NAV3220420304>3.0.CO;2-C. Antoniou, G & Van Harmelen, F 2009, 'Web Ontology Language: Owl', in S Steffen & S Rudi (eds), Handbook on Ontologies, Springer, Berlin Heidelberg, Germany, pp. 91- 110. Arbuthnot, J 2013, Defence and Cyber-Security: Sixth Report of Session 2012-13, Vol. 1: Report, Together with Formal Minutes, Oral and Written Evidence, The Stationery Office Ltd., London., viewed 02 Nov 2016, http://www.publications.parliament.uk/pa/cm201213/cmselect/cmdfence/106/10602.h tm. Argauer, B 2007, ‘Vtac: Virtual Terrain Assisted Impact Assessment for Cyber Attacks’, Master of Science in Computer Engineering, Kate Gleason College of Engineering, Rochester Institute of Technology. Argauer, BJ & Yang, SJ Year, ‘Vtac: Virtual Terrain Assisted Impact Assessment for Cyber Attacks’, SPIE Defense and Security Symposium, March 16 2008, Orlando, FL., International Society for Optics and Photonics.

364

Cyberspace Weaponisation: Modelling Cyber-Effects and their Impacts on Mission Success, Human Factors and Kinetic Outcomes in the Tactical Land Combat Environment. Lieutenant Colonel David Ormrod.

Army Materiel Systems Analysis Activity 2015, AMSAA Probability of Hit and Kill Simulation (APHAKS), US Army, Pennsylvania, USA, viewed 11 Feb 2017, http://www.amsaa.army.mil/Documents/APHAKS.pdf. Army, US 2003, 'Field Manual 6-0 Mission Command: Command and Control of Army Forces', Headquarters, Department of the Army: Washington DC, US Army. Artelli, MJ & Deckro, RF 2008, 'Modeling the Lanchester Laws with System Dynamics', The Journal of Defense Modeling and Simulation: Applications, Methodology, Technology. Vista, CA, Publisher, vol. 5, no. 1, pp. 1-20. Ashby, WR 1956, An Introduction to Cybernetics, 4th Impression, 1961 edn., Chapman and Hall Ltd, London, UK, London, UK. Australian Army 2015, Land Warfare Doctrine 3-0 Operations, Commonwealth of Australia,, Canberra, ACT. Australian Signals Directorate 2014, ASD Strategies to Mitigate Targeted Cyber Intrusions - Mitigation Details, Australian Government, Department of Defence, Intelligence and Security, Canberra ACT, viewed 10 Dec 16, http://www.asd.gov.au/publications/Mitigation_Strategies_2014_Details.pdf. Baltzly, D 2014, 'Stoicism', in EN Zalta (ed), The Stanford Encyclopedia of Philosophy, Stanford, Stanford, USA. Barber, DE, Bobo, TA & Strum, KP 2015, 'Cyberspace Operations Planning: Operating a Technical Military Force Beyond the Kinetic Domains', Military Cyber Affairs, South Florida, USA, vol. 1, no. 1, p. 3. Barlow, M & Easton, A 2002, 'Crocadile-an Open, Extensible Agent-Based Distillation Engine', Information & Security International Journal, Sofia, Bulgaria, Publisher, vol. 8, no. 1, pp. 17-51. Barnett, A, Smith, S & Whittington, RP 2014, Using Causal Models to Manage the Cyber Threat to C2 Agility: Working with the Benefit of Hindsight, 19th International Command and Control Research and Technology Symposium. 16-19 June 2014, DaM International, Alexandria, Virginia. Bartone, PT 2006, 'Resilience under Military Operational Stress: Can Leaders Influence Hardiness?', Military Psychology, Washington DC, USA, Publisher, vol. 18, no. S, p. S131. Barwise, J & Perry, J 1980, The Situation Underground, Stanford University Press, Redwood City, CA. Barz, S, Fitzsimons, JF, Kashefi, E & Walther, P 2013, 'Experimental Verification of Quantum Computation', Nature Physics, Edinburgh UK, Publisher, vol. 9, no. 11, pp. 727-31. Bathe, MR, Manwell, JG & McNaught, KR 1988, Modelling Combat as a Series of Mini- Battles, Royal Military College of Sciences, Shrivenham, UK. Baumgartner, N, Gottesheim, W, Mitsch, S, Retschitzegger, W & Schwinger, W 2010, 'Beaware!—Situation Awareness, the Ontology-Driven Way', Data & Knowledge Engineering, Vienna, Austria, vol. 69, no. 11, pp. 1181-93. Baumgartner, N & Retschitzegger, W Year, ‘A Survey of Upper Ontologies for Situation Awareness’, Proc. of the 4th International Conference on Knowledge Sharing and Collaborative Engineering, St. Thomas, US VI., November 29 – December 1, 2006, St. Thomas, US Virgin Islands International Association of Science and Technology for Development (IASTED). Beer, S 1984, 'The Viable System Model: Its Provenance, Development, Methodology and Pathology', Journal of the Operational Research Society, London, UK, vol. 35, no. 1, pp. 7-25.

365

Cyberspace Weaponisation: Modelling Cyber-Effects and their Impacts on Mission Success, Human Factors and Kinetic Outcomes in the Tactical Land Combat Environment. Lieutenant Colonel David Ormrod.

Beldad, A, De Jong, M & Steehouder, M 2010, 'How Shall I Trust the Faceless and the Intangible? A Literature Review on the Antecedents of Online Trust', Computers in Human Behavior, Enschede, The Netherlands, Publisher, vol. 26, no. 5, pp. 857-69. Bennett, J 1988, Events and Their Names, Hackett publishing, Indianapolis, Indiana, USA. Bennett, P & Huxham, C 1982, 'Hypergames and What They Do: A 'Soft O.R.' Approach', Journal of the Operational Research Society, London, UK, pp. 41-50. Bergin, DL 2015, 'Cyber-Attack and Defense Simulation Framework', The Journal of Defense Modeling and Simulation: Applications, Methodology, Technology. VA, USA, vol. 12, no. 4, pp. 383-92. Berkowitz, BD 1997, 'Warfare in the Information Age', in J Arquilla & D Ronfeldt (eds), In Athena’s Camp - Preparing for Conflict in the Information Age, RAND Corporation, Santa Monica, California, pp. 175-90. Bernier, F, Alberts, DS & Manso, M 2013, 'International Multi-Experimentation Analysis on C2 Agility', 18th International Command and Control Research & Technology Symposium (ICCRTS): “C2 in Underdeveloped, Degraded and Denied Operational Environments”, 19-21 June 2013. Alexandria, VA. Bernier, M, LeBlanc, S & Morton, B Year, ‘Metrics Framework of Cyber Operations on Command and Control’, Proceedings of the 11th European Conference on Information Warfare and Security. E. Filiol and R. Erra (Eds). Laval, France, Academic publishing international Ltd., Laval, France 5-6 July 2012, Academic Publishing International Ltd. Bernier, M & Treurniet, J Year, ‘Understanding Cyber Operations in a Canadian Strategic Context: More Than C4isr, More Than Cno’, Conference on Cyber Conflict Proceedings, Tallinn, Estonia, CCD COE Publications. Berson, T, Kemmerer, R & Lampson, B 1999, Realizing the Potential of C4i: Fundamental Challenges, National Academy of Sciences, Washington DC, USA. Berzins, VA 1999, Re-Engineering the Janus (a) Combat Simulation System, Naval Postgraduate School, UAR Office, Monterey, California, CA, www.dtic.mil/dtic/tr/fulltext/u2/a360817.pdf. Best, C, Galanis, G, Kerry, J & Sottilare, R 2013, Fundamental Issues in Defense Training and Simulation, Ashgate Publishing Company, Oxford, UK. Bishop, M, Carvalho, M, Ford, R & Mayron, LM 2011, ‘Resilience Is More Than Availability’, Proceedings of the 2011 workshop on new security paradigms workshop, Marin County, California., ACM. Bodeau, D & Graubart, R 2011a, Cyber Resiliency Engineering Framework, The MITRE Corporation, TM Corporation, Bedford, MA. Bodeau, D, Graubart, R & Heinbockel, W 2013, 'Characterizing Effects on the Cyber Adversary', MTR130432, MITRE Corporation, November, Bedford MA, Publisher. Bodeau, D, Graubart, R, LaPadula, L, Kertzner, P, Rosenthal, A & Brennan, J 2012, Cyber Resiliency Metrics, Version 1.0, Rev. 1, The MITRE Corporation, TM Corporation, Bedford, MA. Bodeau, DJ & Graubart, R 2011b, Cyber Resiliency Engineering Framework, The MITRE Corporation, DNMM MITRE Technical Report, Washington, DC. Bogatinov, D, Angelevski, S & Trajkovik, V 2012, 'Implementing Serious Games in Army Education and Training-Concept of the Macedonian Military Academy', ICT Innovations 2011, Web Proceedings ISSN 1857-7288, Skopje, Macedonia, Publisher, p. 77. Bohemia Interactive 2015, VBS3, Bohemia Interactive Simulations, Orlando, Florida., viewed 11 Feb 2017, https://bisimulations.com/virtual-battlespace-3.

366

Cyberspace Weaponisation: Modelling Cyber-Effects and their Impacts on Mission Success, Human Factors and Kinetic Outcomes in the Tactical Land Combat Environment. Lieutenant Colonel David Ormrod.

Bonds, TM, Peters, JE, Daehner, EM, Galway, LA, Fischbach, JR, Gons, ES, Heath, GD & Jones, JM 2012, Army Network-Enabled Operations, RAND. Boothby, WH 2012, The Law of Targeting, Oxford University Press, Oxford, OX. UK. Bousquet, A 2008, 'Chaoplexic Warfare or the Future of Military Organization', International Affairs, London UK, Publisher, vol. 84, no. 5, pp. 915-29. Bowden, F & Williams, P Year, ‘A Framework for Determining the Validation of Analytical Campaigns in Defence Experimentation’, 20th International Congress on Modelling and Simulation., Adelaide, SA., 01-06 Dec 2013. Bowden, FDJ 1996, Petri Nets and Their Application to Command and Control Systems, Defence Science Technology Organisation. Electronics and Surveillance Research Laboratory., Salisbury, South Australia. Bowman, EK & Thomas, JA Year, ‘Cognitive Impact of a C4ISR Tactical Network’, 14th International Command and Control Research and Technology Symposium., Washington DC., US Army Research Laboratory. Bowman, M, Lopez, A & Tecuci, G 2001, ‘Ontology Development for Military Applications’, Proceedings of the Thirty-ninth Annual ACM Southeast Conference., Atlanta, GA. , 16-17 Mar 2001. Box, GE 1976, 'Science and Statistics', Journal of the American Statistical Association. Alexandria, VA, Publisher, vol. 71, no. 356, pp. 791-9. Boyer, BR 2011, ‘Identification and Ranking of Critical Assets within an Electrical Grid under Threat of Cyber Attack’, Master of Science, Rutgers, The State University of New Jersey. Bratman, M 1987, Intention, Plans, and Practical Reason, University of Chicago Press. Centre for the Study of Language and Information., Standford, CA. Braun, V & Clarke, V 2006, 'Using Thematic Analysis in Psychology', Qualitative Research in Psychology, Publisher, vol. 3, no. 2, pp. 77-101. Bringer, JD, Johnston, LH & Brackenridge, CH 2004, 'Maximizing Transparency in a Doctoral Thesis: The Complexities of Writing About the Use of Qsr*Nvivo within a Grounded Theory Study', Qualitative research, Publisher, vol. 4, no. 2, pp. 247-65, viewed 12 Oct 2015, http://journals.sagepub.com/doi/abs/10.1177/1468794104044434. Broekstra, J, Kampman, A & Van Harmelen, F 2002, 'Sesame: A Generic Architecture for Storing and Querying Rdf and Rdf Schema', in H Ian & H James (eds), The Semantic Web—Iswc 2002, Springer, Amsterdam, The Netherlands, pp. 54-68. Brown, SR 1980, Political Subjectivity, Westford, MA., Yale University Press. Brown, SR, Danielson, S & van Exel, J 2015, 'Overly Ambitious Critics and the Medici Effect: A Reply to Kampen and Tamás', Quality & Quantity, the Netherlands, Publisher, vol. 49, no. 2, pp. 523-37. Brown, SR & Good, JMM 2010, 'Q Methodology', in NJ Salkind (ed), Encyclopedia of Research Design, Vol. 1, SAGE Publications Inc., Thousand oaks, CA. Browne, M & Cook, P 2011, 'Inappropriate Trust in Technology: Implications for Critical Care Nurses', Nursing in critical care. Newcastle, UK, Publisher, vol. 16, no. 2, pp. 92-8. Bryant, A 2013, The Sage Handbook of Grounded Theory, ed. K Charmaz, SAGE Publications, London. Bryant, DJ & Smith, DG 2013, 'Impact of Blue Force Tracking on Combat Identification Judgments', Human Factors: The Journal of the Human Factors and Ergonomics Society. Toronto, Canada, Publisher, vol. 55, no. 1, pp. 75-89. Bryman, A 2015, Social Research Methods, Oxford University Press, London, UK.

367

Cyberspace Weaponisation: Modelling Cyber-Effects and their Impacts on Mission Success, Human Factors and Kinetic Outcomes in the Tactical Land Combat Environment. Lieutenant Colonel David Ormrod.

Buchanan, L, Larkin, M & D'Amico, A Year, ‘Mission Assurance Proof-of-Concept: Mapping Dependencies among Cyber Assets, Missions, and Users’, Homeland Security (HST), 2012 IEEE Conference on Technologies, Waltham, MA, IEEE, 13-15 Nov. 2012. Buckheit, JB & Donoho, DL 1995, 'Wavelab and Reproducible Research', in A Antoniadis & G Oppenheim (eds), Wavelets and Statistics, Springer New York, New York, NY, pp. 55-81, viewed 10 Mar 2016, http://dx.doi.org/10.1007/978-1-4612-2544-7_5. Burch, R Year, ‘A Method for Calculation of the Resilience of a Space System’, Military Communications Conference, MILCOM 2013, IEEE. Burke, MB 1994, 'Dion and Theon: An Essentialist Solution to an Ancient Puzzle', The Journal of Philosophy. New York, USA, Publisher, vol. 91, no. 3, pp. 129-39. Burke, MB 2004, 'Dion, Theon, and the Many-Thinkers Problem', Analysis. Oxford, UK, Publisher, vol. 64, no. 3, pp. 242-50. Cain, B & Belyavin, A 2015, ‘Inclusion of Human Behaviour Representation in Military Modelling and Simulation’, MSG-060 Symposium on" How is Modelling and Simulation Meeting the Defence Challenges out to 2015?, Seine, France, Research and Technology Organisation, NATO. Cambridge University 2016, 'Rdf Vs. Xml', Cambridge Semantics. Boston, MA, Publisher, viewed 29 Feb 2016, http://www.cambridgesemantics.com/semantic-university/rdf- vs-xml. Canadian Defence Force 2009, Canadian Forces Joint Publication Cfjp 01. Canadian Military Doctrine., Canadian Defence Force, Ottawa, Canada, viewed 01 Feb 2016, http://publications.gc.ca/collections/collection_2010/forces/D2-252-2009-eng.pdf. Cannon-Bowers, JA & Salas, E 1998, Making Decisions under Stress: Implications for Individual and Team Training, American Psychological Association, New York, NY. Cantwell, GL 2003, Can Two Person Zero Sum Game Theory Improve Military Decision- Making Course of Action Selection?, School of Advanced Military Studies. United States Army Command and General Staff College, SoAM Studies, Fort Leavenworth, Kansas, USA. Cares, JR 2004, 'An Information Age Combat Model', Paper for the 9th International Command and Control Research & Technology Symposium (ICCRTS). Copenhagen, Denmark 14-16 September 2004. Carey, S, Kleiner, M, Hieb, M & Brown, R Year, ‘Standardizing Battle Management Language–a Vital Move Towards the Army Transformation’, IEEE Fall Simulation Interoperability Workshop, Orlando, FL, Orlando, Florida, USA, IEEE. Carr, J 2010, Inside Cyber Warfare: Mapping the Cyber Underworld, O'Reilly Media, Inc., Sebastopol, CA. Carr, J 2011, 'Why Us Will Lose a Cyber War', The Diplomat. Washington DC, USA, Publisher. Carreno, J, Bantell, F, Galdorisi, G & Grall, R 2010, ‘Enabling Multinational Communications with Centrixs’, 15th International Command and Control Research & Technology Symposium (ICCRTS) - The Evolution of C2, June 22-24 2010, Santa Monica, CA. Carson, JS, II Year, ‘Introduction to Modeling and Simulation’, Winter Simulation Conference 2004, Proceedings of the Winter Simulation Conference, Washington DC. December 05-08 2004, Winter Simulation Conference, 4-7 Dec. 2005. Carter, CF & Ross, GC 1989, Tactical Scenarios for Use with the Tactical Staff Training Module, US Army Research Institute, US Army Research Institute for the Behavioral and Social Sciences, Fort Leavenworth, KA, viewed 29 Jun 2016, www.dtic.mil/cgi- bin/GetTRDoc?AD=ADA209957.

368

Cyberspace Weaponisation: Modelling Cyber-Effects and their Impacts on Mission Success, Human Factors and Kinetic Outcomes in the Tactical Land Combat Environment. Lieutenant Colonel David Ormrod.

Carvalho, M, Dasgupta, D, Grimaila, M & Perez, C Year, ‘Mission Resilience in Cloud Computing: A Biologically Inspired Approach’, 6th International Conference on Information Warfare and Security., Washington DC., Academic Conferences International Limited., 17-18 Mar 2011. Carvalho, R, Costa, P, Laskey, K & Chang, K Year, ‘Prognos: Predictive Situational Awareness with Probabilistic Ontologies’, 13th Conference on Information Fusion (FUSION), Edinburgh UK. 26-29 July 2010, IEEE. Caton, J Year, ‘Beyond Domains, Beyond Commons: Context and Theory of Conflict in Cyberspace’, 4th International Conference on Cyber Conflict (CYCON), 05-08 Jun 12., Tallinn, Estonia. 05-08 June 2012, NATO CCD COE Publications. Caton, JL 2013, 'Complexity and Emergence in Ultra-Tactical Cyberspace Operations', pp. 1- 14. 5th International Conference on Cyber Conflict (CyCon), 4-7 June 2013. Cayirci, E & Ghergherehchi, R Year, ‘Modeling Cyber Attacks and Their Effects on Decision Process’, Proceedings of the 2011 Winter Simulation Conference, Phoenix, AZ. USA., Winter Simulation Conference, 11-14 Dec. Chan, K 2014, Dynamics of Trust and Information Sharing. Research Paper Released Online. , United States Army Research Laboratory., Arlington, VA., www.arl.army.mil/.../IS22_OCOH%20CISD%20Trust%20Info%20Sharing_final.pdf. Chandrasekaran, S, Silver, G, Miller, JA, Cardoso, J & Sheth, AP 2002, ‘Xml-Based Modeling and Simulation: Web Service Technologies and Their Synergy with Simulation’, 34th conference on Winter simulation: exploring new frontiers, San Diego, California, USA. 08-11 December 2002., Winter Simulation Conference. Charitoudi, K & Blyth, AJC 2014, 'An Agent-Based Socio-Technical Approach to Impact Assessment for Cyber Defense', Information Security Journal: A Global Perspective, Publisher, vol. 23, no. 4-6, pp. pp125-36. Charmaz, K 2006, Constructing Grounded Theory : A Practical Guide through Qualitative Analysis, Sage Publications, Thousand Oaks, California. Charmaz, K 2014, Constructing Grounded Theory, Sage Publications, Thousand Oaks, California. Chau, W & Grieger, D 2013, ‘Operational Synthesis for Small Combat Teams: Exploring the Scenario Parameter Space Using Agent-Based’, 22nd National Conference of the Australian Society for Operations Research, Adelaide, South Australia, Australian Society for Operations Research. Checkland, P 1999, Systems Thinking, Systems Practice: Includes a 30-Year Retrospective, John Wiley., Chichester, UK. Cherns, A, Trist, E & Murray, H 1993, 'Principles of Socio-Technical Design', The social engagement of social science, Publisher, vol. 2, pp. 314-23. Chmielewski, M Year, ‘Data Fusion Based on Ontology Model for Common Operational Picture Using Openmap and Jena Semantic Framework’, Military Communications and Information Systems Conference., Krakow, Poland., 22-24 Sep 2008. Chmielewski, M Year, ‘Ontology Applications for Achieving Situation Awareness in Military Decision Support Systems’, International Conference on Computational Collective Intelligence, Springer. Choobineh, J, Anderson, EE & Grimaila, MR 2012, ‘Measuring Impact on Missions and Processes: Assessment of Cyber Breaches’, 45th Hawaii International Conference on System Science (HICSS). Maui, Hawaii 4–7 Jan 2012. Christopher, P & Kai, W 2008, 'Einstein Goes to War: A Primer on Ground Combat Models', USA: 000, Publisher. Cianchi, J 2015, Radical Environmentalism: Nature, Identity and More-Than-Human Agency, Palgrave Macmillan UK.

369

Cyberspace Weaponisation: Modelling Cyber-Effects and their Impacts on Mission Success, Human Factors and Kinetic Outcomes in the Tactical Land Combat Environment. Lieutenant Colonel David Ormrod.

Ciano, JF 1988, The Quantified Judgement Model and Historic Ground Combat, Naval Post Graduate School., Monterey, CA. Citino, R 2004, 'Beyond Fire and Movement: Command, Control and Information in the German Blitzkrieg', Journal of Strategic Studies, Publisher, vol. 27, no. 2, pp. 324-44. Clark, DK 1954, Casualties as a Measure of the Loss of Combat Effectiveness of an Infantry Battalion, Operations Research Office. Johns Hopkins University., U Army., Baltimore, MD. Clark, JA 1989, Dimensional Analysis of the Quantified Judgement Model, Naval Postgraduate School, NP School, Monterey, California, viewed 01 Aug 2015, http://calhoun.nps.edu/bitstream/handle/10945/26997/dimensionalanaly00clar.pdf?seq uence=1. Clarke, RA & Knake, RK 2012, Cyber War: The Next Threat to National Security and What to Do About It., HarperCollins Publishers., New York, NY. USA. Cloppert, M 2009, 'Security Intelligence: Attacking the Cyber Kill Chain', SANS Computer Forensics, Publisher, viewed 25 Apr 2016, https://digital- forensics.sans.org/blog/2009/10/14/security-intelligence-attacking-the-kill-chain. Cohen, F 1999, 'Simulating Cyber Attacks, Defences, and Consequences', Computers & Security. Indiana, USA, vol. 18, no. 6, pp. pp479-518, viewed 11 Feb 2015, http://www.sciencedirect.com/science/article/pii/S0167404899801151. Cohen, F, Phillips, C, Swiler, LP, Gaylor, T, Leary, P, Rupley, F & Isler, R 1998, 'A Cause and Effect Model of Attacks on Information Systems: Some Analysis Based on That Model, and the Application of That Model for Cyberwarfare in CID', Computers & Security, Publisher, vol. 17, no. 3, pp. 211-21. Cohn, M 2004, User Stories Applied: For Agile Software Development, Addison-Wesley Professional. Colarik, A & Janczewski, L 2012, 'Establishing Cyber Warfare Doctrine.', Journal of Strategic Security, Publisher, vol. 5, no. 1, pp. 31-48. Collins, S & McCombie, S 2012, 'Stuxnet: The Emergence of a New Cyber Weapon and Its Implications.', Journal of Policing, Intelligence and Counter Terrorism, Publisher, vol. 7, no. 1, pp. 80-91. Commonwealth of Australia 2009a, Addp 3.14 Targeting, Commonwealth of Australia, Canberra, Australia, viewed 18 Feb 2015, http://www.defence.gov.au/foi/docs/disclosures/021_1112_Document_ADDP_3_14_ Targeting.pdf. Commonwealth of Australia 2009b, Network Centric Warfare Roadmap 2009, Commonwealth of Australia, Canberra, Australia, viewed 03 Mar 2015, http://www.defence.gov.au/capability/_pubs/NCW%20Roadmap%202009.pdf. Commonwealth of Australia 2012a, Australian Defence Doctrine Publication–D (Addp–D) — Foundations of Australian Military Doctrine, Edition 3, Australian Department of Defence, Canberra, ACT, Australia, http://www.defence.gov.au/adfwc/Documents/DoctrineLibrary/ADDP/ADDP-D- FoundationsofAustralianMilitaryDoctrine.pdf. Commonwealth of Australia 2012b, Australian Defence Doctrine Publication. Addp 6.0 Communication and Information Systems, Department of Defence, Canberra, Australia, viewed 24 May 2015, http://blogs.auth.gr/kpolitis/files/2014/09/ADDP_6- 0_CIS.pdf. Commonwealth of Australia 2013a, Australian Defence Doctrine Publication. Addp 3.13 Information Activities. Released under Foi 330/13/14, Department of Defence, Canberra, ACT, Australia, viewed 21 May 2015, http://www.defence.gov.au/FOI/Docs/Disclosures/330_1314_Document.pdf.

370

Cyberspace Weaponisation: Modelling Cyber-Effects and their Impacts on Mission Success, Human Factors and Kinetic Outcomes in the Tactical Land Combat Environment. Lieutenant Colonel David Ormrod.

Commonwealth of Australia 2013b, Defence White Paper, Australian Department of Defence, Canberra, ACT, Australia. Commonwealth of Australia 2013c, The Fundamentals of Land Power, Department of Defence, Australian Army, Canberra, ACT, Australia, https://www.army.gov.au/sites/g/.../lwd_1_the_fundamentals_of_land_power_full.pdf . Commonwealth of Australia 2014a, Defence Capability Development Handbook, Australian Department of Defence, Canberra, ACT, Australia, viewed 01 Nov 2016, http://www.defence.gov.au/publications/docs/Defence%20Capability%20Developme nt%20Handbook%20(DCDH)%202014%20-%20internet%20copy.pdf. Commonwealth of Australia 2014b, Defence Issues Paper 2014, Commonwealth of Australia, Canberra, Australia. Commonwealth of Australia 2014c, Future Land Warfare Report 2014, Australian Army, Canberra, ACT, Australia, viewed 24 May 2015, https://www.army.gov.au/sites/g/files/net1846/f/flwr_web_b5_final.pdf. Commonwealth of Australia 2015, 'Critical Infrastructure Resilience Strategy: Plan', Commonwealth of Australia,, Canberra,. Complexible 2017, Stardog Version 4.2, http://stardog.com/. Conaster, JL & Grizio, VE 2005, Force Xxi Battle Command Brigade and Below-Blue Force Tracking (Fbcb2-Bft). A Case Study in the Accelerated Acquisition of a Digital Command and Control System During Operations Enduring Freedom and Iraqi Freedom. Mba Professional Report, Naval Postgraduate School, Monterey, CA, USA, viewed 20 Aug 2015, http://www.dtic.mil/dtic/tr/fulltext/u2/a443273.pdf. Conti, G, Ahamad, M & Stasko, J Year, ‘Attacking Information Visualization System Usability Overloading and Deceiving the Human’, Proceedings of the 2005 Symposium on Usable Privacy and Security (SOUPS 2005), New York, NY, USA, Association for Computing Machinery (ACM). Cooperative Cyber Defence Centre of Excellence 2010, Global Commons Strategic Issues. Act Workshop Report - Nato in the Cyber Commons, North Atlantic Treaty Organisation, Tallinn, Estonia. Copeland, BJ 2006, Colossus: The Secrets of Bletchley Park's Code-Breaking Computers, Oxford University Press, Oxford, OX. UK. Costa, P, Hieb, M & de Barros Barreto, A 2014, ‘Cyber-Argus: Modeling C2 Impacts of Cyber Attacks’, 19th International Command and Control Research and Technology Symposium – C2 Agility: Lessons Learned from Research and Operations, Alexandria, Virginia, USA, June 16-19. Costa, PC 2005, Bayesian Semantics for the Semantic Web, George Mason University. Costa, PC, Chang, K-C, Laskey, K, Levitt, T & Sun, W Year, ‘High-Level Fusion: Issues in Developing a Formal Theory’, 2010 13th Conference on Information Fusion (FUSION), Edinburgh, UK., IEEE. Costantini, KC 2007, ‘Development of a Cyber Attack Simulator for Network Modeling and Cyber Security Analysis’, Rochester Institute of Technology. Cresswell, JW 1998, 'Qualitative Inquiry and Research Design: Choosing among Five Traditions', Sage Publications. Creswell, JW & Plano Clark, VL 2011, Designing and Conducting Mixed Methods Research. 2nd Edition, SAGE Publications Inc,, Thousand Oaks, CA. USA. Crowdstrike Global Intelligence Team 2016, Use of Fancy Bear Android Malware in Tracking of Ukrainian Artillery Units, (A Meyers, chairman), Crowdstrike Blog, Crowdstrike, Crowdstrike, Irvine, CA, https://www.crowdstrike.com/wp- content/brochures/FancyBearTracksUkrainianArtillery.pdf.

371

Cyberspace Weaponisation: Modelling Cyber-Effects and their Impacts on Mission Success, Human Factors and Kinetic Outcomes in the Tactical Land Combat Environment. Lieutenant Colonel David Ormrod.

D'Aubeterre, F, Iyer, LS & Singh, R 2009, ‘An Empirical Evaluation of Information Security Awareness Levels in Designing Secure Business Processes’, Proceedings of the 4th International Conference on Design Science Research in Information Systems and Technology., ACM. D’Amico, A, Buchanan, L, Goodall, J & Walczak, P Year, ‘Mission Impact of Cyber Events: Scenarios and Ontology to Express the Relationships between Cyber Assets, Missions and Users’, Proceedings of 5th International Conference on Information Warfare and Security, The Air Force Institute of Technlogy, Wright-Patterson Air Force Base, Ohio, USA. October 22 - 26, 2012, Academic Conferences Limited, 08-09 April. Dahlbom, A & Nordlund, P-J Year, ‘Detection of Hostile Aircraft Behaviors Using Dynamic Bayesian Networks’, 16th International Conference on Information Fusion (FUSION), Istanbul, Turkey. 09-12 Jul 2013, IEEE. Dalle, O 2012, ‘On Reproducibility and Traceability of Simulations’, 2012 Winter Simulation Conference (WSC), Berlin, Germany. 09-12 December 2012, IEEE. Daniel, DC & Herbig, KL 1982, 'Propositions on Military Deception', The Journal of Strategic Studies. Cambridge, MA, Publisher, vol. 5, no. 1, pp. 155-77. Daniel, DC & Herbig, KL 2013, Strategic Military Deception: Pergamon Policy Studies on Security Affairs, Elsevier, New York, USA. Davidson, D 1969, 'The Individuation of Events', in N Rescher (ed), Essays in Honor of Carl G. Hempel, Springer Netherlands, Amsterdam, The Netherlands, pp. 216-34. Davis, PK 1989, Modeling of Soft Factors in the Rand Strategy Assessment System (Rsas), RAND Corporation, R Corporation, Santa Monica, CA. Davis, PK Year, ‘Distributed Interactive Simulation in the Evolution of Dod Warfare Modeling and Simulation’, Proceedings of the IEEE, Santa Monica, CA, IEEE. Davis, PK, Bigelow, JH & McEver, J 2000, Effects of Terrain, Maneuver Tactics, and C4isr on the Effectiveness of Long-Range Precision Fires, RAND Corporation, National Defense Research Institute, Santa Monica, CA. Davis, PK & Blumenthal, D 1991, The Base of Sand Problem: A White Paper on the State of Military Combat Modeling, RAND Corporation, R Corporation, Santa Monica, CA. Davis, RG Adaptive Failure at the Operational Level: Attrition in Vietnam, Canadian Forces College, Canadian Department of National Defence., North York, ON. Canada., http://www.ibrarian.net/navon/paper/ADAPTIVE_FAILURE_AT_THE_OPERATIO NAL_LEVEL_.pdf?paperid=1230201. De Harven, V 2011, 'Everything Is Something: Why the Stoic Ontology Is Principled, Coherent and Comprehensive', Myth and Literature in Ancient Philosophy, Faculty of Classics, University of Cambridge., Publisher, viewed 18 Dec 16, https://philosophy.berkeley.edu/file/666/Everythingv1.pdf. De Harven, V 2012, ‘The Coherence of Stoic Ontology’, Doctor of Philosophy, University of California. Dean, D, Syms, P, Hynd, K, Mistry, B & Vincent, A Year, ‘Modelling and Simulation of Combat Id-the Incider Model’, 2006 IEEE Symposium on Computational Intelligence and Games, Reno, NV, USA. 22 - 24 May 2006, IEEE. Decker, S, Melnik, S, Van Harmelen, F, Fensel, D, Klein, M, Broekstra, J & Horrocks, I 2000, 'The Semantic Web: The Roles of Xml and Rdf', IEEE Internet Computing, Washington DC, USA, Publisher, vol. 4, no. 5, pp. 63-73. Deibert, R 2012, 'Distributed Security as Cyber Strategy: Outlining a Comprehensive Approach for Canada in Cyberspace', Canadian Defence and Foreign Affairs Institute, Calgary, Canada.

372

Cyberspace Weaponisation: Modelling Cyber-Effects and their Impacts on Mission Success, Human Factors and Kinetic Outcomes in the Tactical Land Combat Environment. Lieutenant Colonel David Ormrod.

Dekker, AH Year, ‘Revisiting ‘Scudhunt’and the Human Dimension of Ncw’, Proceedings of the 11th International Command and Control Research and Technology Symposium, Cambridge, UK. 26-28 September 2006, ICCRTS. Deller, S, Bell, MI, Bowling, SR, Rabadi, GA & Tolk, A 2009, 'Applying the Information Age Combat Model: Quantitative Analysis of Network Centric Operations', The International C2 Journal, Orlando, Florida, USA, Publisher, vol. 3, no. 1. Department of Defense 1987, Formal Investigation into the Circumstances Surrounding the Attack on the Uss Stark (Ffg 31) on 17 May 1987 (U), Office of the Chairman The Joint Chiefs of Staff. Accessed 06 Dec 2015 from: http://www.usslibertyveterans.org/files/USS%20STARK%20BASIC.pdf, Washington D.C. USA, http://www.jag.navy.mil/library/investigations/uss%20stark%20basic.pdf. Department of Defense 2001a, 'Fm 3-90 Tactics', Field Manual, Headquarters, Department of the Army. Washington DC, USA, Publisher, pp. pp1-9, 2-7 and 2-8. Department of Defense 2001b, Fm 3-90 Tactics, Department of Defense,, Washington, DC. USA, pp. 1-9, 2-7 and 2-8. Department of Defense 2006, 'Jp3-13 Information Operations', Joint Publication, US Army. Washington DC, USA, Publisher. Department of Defense 2007, 'Fm 101-5-2 U.S. Army Report and Message Formats', US Army Report. Headquarters, Department of the Army. Washington DC, USA., Publisher. Department of Defense 2008, 'Fm 3-0 Operations', Operations. Headquarters, Department of the Army. Washington DC, USA, Publisher. Department of Defense 2009a, Dod Modeling and Simulation (M&S) Verification, Validation, and Accreditation (Vv&a), Department of Defense, Washington DC, USA. Department of Defense 2009b, The United States Air Force Blueprint for Cyberspace, Department of Defense., Washington DC, USA, viewed 01 Oct 15, http://www.nsci- va.org/CyberReferenceLib/2009-11-02-AFSPC%20Cyber%20Blueprint.pdf. Department of Defense 2010, Dodaf Architecture Framework Version 2.02, Department of Defense, CIO, Washington DC, USA, viewed 3 March 2011, http://dodcio.defense.gov/Library/DoD-Architecture-Framework/. Department of Defense 2011, 'Measures Development Standard Operating Procedure (Sop) V2', Joint Test and Evaluation Methodology - Testing. Department of Defense. Washington DC, USA. Department of Defense 2012, Joint Publication 3-13. Information Operations, Department of Defense, Washington DC, USA. Devlin, K 2006, 'Situation Theory and Situation Semantics', in G Dov & J Woods (eds), Handbook of the History of Logic, Vol. 7, Elsevier, Amsterdam, The Netherlands, pp. 601-64. DiLeo, JJ 1994, Use of Petri Nets in the Simulation of Command and Control Systems, (E Snyder, chairman), U. S. Army Materiel Systems Analysis Activity, US Army, Maryland, USA. Dishaw, MT & Strong, DM 1999, 'Extending the Technology Acceptance Model with Task– Technology Fit Constructs', Information & Management, Publisher, vol. 36, no. 1, pp. 9-21, http://www.sciencedirect.com/science/article/pii/S0378720698001013. Dobias, P & Bassindale, S 2007, Modeling Convoy Counter Ied Tactics and Procedures in Mana: Can It Be Done?, DRDC CORA TM 2007-48. Doughty, RA 2014, The Seeds of Disaster: The Development of French Army Doctrine, 1919-39, Stackpole Books, London, UK.

373

Cyberspace Weaponisation: Modelling Cyber-Effects and their Impacts on Mission Success, Human Factors and Kinetic Outcomes in the Tactical Land Combat Environment. Lieutenant Colonel David Ormrod.

Dreier, MJ & Birgl, JS 2010, ‘Analysis of Marine Corps Tactical Level Command and Control and Decision Making Utilizing FBCB2-BFT’, Thesis. Naval Postgraduate School. Drogoul, A, Vanbergue, D & Meurisse, T 2003, ‘Multi-Agent Based Simulation: Where Are the Agents?’, Multi-Agent-Based Simulation II: Third International Workshop, MABS 2002, Bologna, Italy. 15-16 July 2002, Springer Berlin Heidelberg. Dupuy, TN 1976, Comparative Analysis, Arab and Israeli Combat Performance, 1967 and 1973 Wars, Defence Nuclear Agency. Historical Evaluation and Research Organization (HERO). Washington, DC. Dupuy, TN 1985, Numbers, Predictions, and War: Using History to Evaluate Combat Factors and Predict the Outcome of Battles, Hero Books, Dublin Ireland. Dupuy, TN 1987, Understanding War: History and a Theory of Combat, Paragon House Publishers, New York, USA. Dupuy, TN 1995, Attrition: Forecasting Battle Casualties and Equipment Losses in Modern War, Nova Publications, New York, USA. Dwivedi, A, Tebben, D & Harshavardhana, P 2010, ‘Characterizing Cyber-Resiliency’, Military Communications Conference (MILCOM), San Jose, CA. 31 Oct - 03 Nov 2010, Institute of Electrical and Electronics Engineers. Edelman, GM & Gally, JA 2001, 'Degeneracy and Complexity in Biological Systems', Proceedings of the National Academy of Sciences. Washington DC, USA, Publisher, vol. 98, no. 24, pp. 13763-8. Efatmaneshnik, M & Ryan, M Year, ‘Failure Propagation in Sos: Why Sos Should Be Loosely Coupled’, IEEE 9th International Conference on System of Systems Engineering (SOSE), Adelaide, South Australia. 9-13 June 2014, IEEE. Endsley, MR 1995, 'Toward a Theory of Situation Awareness in Dynamic Systems', Human Factors: The Journal of the Human Factors and Ergonomics Society. Santa Monica, CA, Publisher, vol. 37, no. 1, pp. 32-64, viewed 10 Feb 2015, http://hfs.sagepub.com/content/37/1/32. Endsley, MR 2003, 'Designing for Situation Awareness', CRC Press, Hoboken. Endsley, MR 2011, Designing for Situation Awareness: An Approach to User-Centered Design, CRC Press, Florida, USA. Endsley, MR & Connors, ES 2014, 'Foundation and Challenges', in AKe al (ed), Cyber Defense and Situational Awareness, Vol. Advances in Information Security, Springer, Switzerland. Endsley, MR & Garland, DJ 2000, Situation Awareness Analysis and Measurement, Taylor & Francis. Endsley, MR, Garland, DJ, Wampler, RL & Matthews, MD 2000, Modeling and Measuring Situation Awareness in the Infantry Operational Environment, US Army Research Institute for the Behavioral and Social Services, U Army, Washington DC, USA. Epstein, JM 1999, Agent-Based Computational Models and Generative Social Science, Complexity, Vol. 4, John Wiley and Sons, Washington DC, USA, pp. pp4-46. Epstein, JM 2014, Agent_Zero: Toward Neurocognitive Foundations for Generative Social Science, Princeton University Press, New Jersey, USA. Erskine, R & Smith, M 2002, Action This Day: Bletchley Park from the Breaking of the Enigma Code to the Birth of the Modern Computer, Bantam, London, UK. Essam, D & Abbass, HA 2006, 'All Hazards Analysis: A Complexity Perspective', Applications of Information Systems to Homeland Security and Defense. New South Wales, Australia, Publisher, p. 1.

374

Cyberspace Weaponisation: Modelling Cyber-Effects and their Impacts on Mission Success, Human Factors and Kinetic Outcomes in the Tactical Land Combat Environment. Lieutenant Colonel David Ormrod.

Essens, P, Vogelaar, A, Mylle, J, Blendell, MC, Paris, C, Halpin, S & Baranski, J 2005, Military Command Team Effectiveness: Model and Instrument for Assessment and Improvement, NATO - Research and Technology Organisation. Evertsz, R, Thangarajah, J & Ambukovski, N Year, ‘Using Agent-Based Tactics Models to Control Virtual Actors in Vbs3’, Proceedings of the 2015 International Conference on Autonomous Agents and Multiagent Systems, International Foundation for Autonomous Agents and Multiagent Systems. Fábregas, A & Marín, R 2012, 'State Nouns Are Kimian States', Romance Languages and Linguistic Theory 2010: Selected Papers from'Going Romance'Leiden 2010, Publisher, vol. 4, p. 41. Fellows, DS, Pearce, P & Moffat, PJ Year, ‘Measuring the Impact of Situational Awareness on Digitised Force Effectiveness’, 15th International Command and Control Research and Technology Symposium, Santa Monica, CA. 22-24 June 2010, ICCRTS. Fenz, S Year, ‘An Ontology-and Bayesian-Based Approach for Determining Threat Probabilities’, Proceedings of the 6th ACM Symposium on Information, Computer and Communications Security, ACM. Fenz, S & Ekelhart, A Year, ‘Formalizing Information Security Knowledge’, Proceedings of the 4th international Symposium on information, Computer, and Communications Security, ACM. Fewell, M & Hazen, MG 2003, Network-Centric Warfare-Its Nature and Modelling. Dsto- Rr-0262., Defence Science and Tehnology Organisation., Edinburgh, SA. Fischhoff, B 2003, 'Hindsight ≠ Foresight: The Effect of Outcome Knowledge on Judgment under Uncertainty', Quality and Safety in Health Care, Publisher, vol. 12, no. 4, p. 304. Flaherty, C 2007, '3d Tactics: An Advanced Warfare Concept in Critical Infrastructure Protection', International Journal of Emergency Management, Publisher, vol. 4, no. 1, pp. 33-44. Fletcher, J 1999, 'Using Networked Simulation to Assess Problem Solving by Tactical Teams', Computers in Human Behavior, Publisher, vol. 15, no. 3, pp. 375-402. Flick, U 2014, An Introduction to Qualitative Research, Edition 5. edn., ed. K Metzler, Los Angeles SAGE. Forczyk, R 2010, Rescuing Mussolini-Gran Sasso 1943, Osprey Publishing. Fortson, LW 2007, Towards the Development of a Defensive Cyber Damage and Mission Impact Methodology, Air Force Institute of Technology. Wright-Patterson Air Force Base. School of Engineering and Management., Ohio, USA, viewed 23 Nov 2015, http://oai.dtic.mil/oai/oai?verb=getRecord&metadataPrefix=html&identifier=ADA46 7549. Frankel, MS 2000, Report of the Defense Science Board Task Force on Tactical Battlefield Communications, Defense Science Board, Department of Defense., Washington, DC, USA. Fricker, RD 1998, 'Attrition Models of the Ardennes Campaign', Naval Research Logistics, Publisher, vol. 45, no. 1, pp. 1-22. Friedman, N 1997, 'US Naval Institute Guide to World Naval Weapons Systems, 1997–1998', Annapolis, MD: US Naval Institute Press. Garrett, RK, Anderson, S, Baron, NT & Moreland, JD 2011, 'Managing the Interstitials, a System of Systems Framework Suited for the Ballistic Missile Defense System', Systems Engineering, Publisher, vol. 14, no. 1, pp. 87-109, viewed 11 Mar 2016, http://dx.doi.org/10.1002/sys.20173. Garstka, J 2004, Network Centric Operations Conceptual Framework Draft, Version 2.0, https://www.google.com.au/url?sa=t&rct=j&q=&esrc=s&source=web&cd=2&cad=rj

375

Cyberspace Weaponisation: Modelling Cyber-Effects and their Impacts on Mission Success, Human Factors and Kinetic Outcomes in the Tactical Land Combat Environment. Lieutenant Colonel David Ormrod.

a&uact=8&ved=0ahUKEwiMlsGdzt3MAhUMuI8KHTS5BuIQFggpMAE&url=http %3A%2F%2Fwww.ibrarian.net%2Fnavon%2Fpaper%2FNetwork_Centric_Operation s_Conceptual_Framework_V.pdf%3Fpaperid%3D4455264&usg=AFQjCNFHhc- xLvRJjyOeNY84lqwrIW3tFQ&sig2=Cs9X1iH8JbQB5Q19Je9XDA. Garstka, JJ 2003, Datalinks Are the New Weapon of the Information Age, Signal Online, Washington DC, USA, viewed 05 Feb 2013, http://www.afcea.org/content/?q=node/235. Geldenhuys, G 2003, 'A Hypergame Analysis of the Battle of Magersfontein', Orion, vol. 7, no. 1. Georgeff, M, Pell, B, Pollack, M, Tambe, M & Wooldridge, M 1998, 'The Belief-Desire- Intention Model of Agency', Intelligent Agents V: Agents Theories, Architectures, and Languages, Springer, pp. 1-10. Ghosh, S, Heching, AR & Squillante, MS Year, ‘A Two-Phase Approach for Stochastic Optimization of Complex Business Processes’, Simulation Conference (WSC), 2013 Winter, 8-11 Dec. 2013. Giaretta, P & Guarino, N 1995, 'Ontologies and Knowledge Bases Towards a Terminological Clarification', Towards very large knowledge bases: knowledge building & knowledge sharing, Publisher, vol. 25, p. 32. Gibbs, G 2002, Qualitative Data Analysis : Explorations with Nvivo, Open University Press, Buckingham, Philadelphia, USA. Gilmore, JM 2016, Director, Operational Test and Evaluation Fy 2015 Annual Report - Cybersecurity, United States Department of Defense,, viewed 20 Mar 16, http://www.dote.osd.mil/pub/reports/FY2015/pdf/other/2015cybersecurity.pdf Glemser, JL 2014, The Cyber Domain: A Leviathan or Giant Waiting to Be Slain with the Stone of Doctrine, Army Command and Staff College. Fort Leavenworth. School of Advanced Military Studies. ADA612117. Glenny, M & Kavanagh, C 2012, '800 Titles but No Policy—Thoughts on Cyber Warfare', American Foreign Policy Interests, Publisher, vol. 34, no. 6, pp. 287-94. Goldkuhl, G 2012, 'Pragmatism Vs Interpretivism in Qualitative Information Systems Research', European Journal of Information Systems, Publisher, vol. 21, no. 2, pp. 135-46. Goldman, AI 1971, 'The Individuation of Action', The Journal of Philosophy, Publisher, vol. 68, no. 21, pp. 761-74. Goldman, N, Bertone, P, Chen, S, Dessimoz, C, LeProust, EM, Sipos, B & Birney, E 2013, 'Towards Practical, High-Capacity, Low-Maintenance Information Storage in Synthesized DNA.', Nature, Publisher, vol. 494, no. 7435, pp. 77-80. Goldratt, EM, Cox, J & Whitford, D 2004, The Goal: A Process of Ongoing Improvement, Vol. 3, North River Press Great Barrington^ eMA MA. Gonzales, D 2005, Network-Centric Operations Case Study: The Stryker Brigade Combat Team, RAND Corporation. Gooch, J & Perlmutter, A 1982, Military Deception and Strategic Surprise, Psychology Press. Goodall, JR, D'Amico, A & Kopylec, JK Year, ‘Camus: Automatically Mapping Cyber Assets to Missions and Users’, Military Communications Conference, 2009. MILCOM 2009. , Boston, Massachusetts, USA. . Gorton, I 2006, Essential Software Architecture, Springer Science & Business Media. Government of Canada 2010, Canada’s Cyber Security Strategy, Government of Canada, Toronto, Canada. Gray, DE 2013, Doing Research in the Real World, Sage.

376

Cyberspace Weaponisation: Modelling Cyber-Effects and their Impacts on Mission Success, Human Factors and Kinetic Outcomes in the Tactical Land Combat Environment. Lieutenant Colonel David Ormrod.

Green, JM & Johnson, BW 2002, 'Towards a Theory of Measures of Effectiveness', Naval Postgraduate School. San Diego, CA. Grimaila, MR & Badiru, A 2011, 'A Hybrid Dynamic Decision Making Methodology for Defensive Information Technology Contingency Measure Selection in the Presence of Cyber Threats', Operational Research, vol. 13, no. 1, pp. pp67-88. Grimaila, MR, Fortson, LW & Sutton, JL Year, ‘Design Considerations for a Cyber Incident Mission Impact Assessment (Cimia) Process’, Proceedings of the 2009 International Cnference on Security and Management (SAM09). Las Vegas, Nevada., Academic Conferences Limited. Group, OM 2013, 'Business Process Model and Notation V2.0.2', Publisher. Gruber, TR 1993, 'Toward Principles for the Design of Ontologies Used for Knowledge Sharing?', in N Guarino & R Pol (eds), Formal Ontology in Conceptual Analysis and Knowledge Representation, Kluwer Academic Publishers, Palo Alto, CA, p. p1. Guarino, N 1998, Formal Ontology in Information Systems: Proceedings of the First International Conference (Fois'98), June 6-8, Trento, Italy, Vol. 46, IOS press. Guest, G, MacQueen, KM & Namey, EE 2011, Applied Thematic Analysis, Sage. Hacker, PMS 2004, 'Of the Ontology of Belief', Semantik und Ontologie. Ontos, Frankfurt, Publisher, pp. 185-222. Hale, BL 2010, ‘Mission Assurance: A Review of Continuity of Operations Guidance for Application to Cyber Incident Mission Impact Assessment (Cimia)’, Master of Science in Information Resource Management, Air Force Institute of Technology. Hamilton, SN, Miller, WL, Ott, A & Saydjari, OS Year, ‘The Role of Game Theory in Information Warfare’, 4th Information survivability workshop (ISW-2001/2002), Vancouver, Canada. Harris, D, Salas, E, Stanton, NA, Andrews, DH, Herz, LCRP & Wolf, MMB 2012, Human Factors Issues in Combat Identification, Ashgate Publishing, Ltd. Hartley, DS 1995, 'A Mathematical Model of Attrition Data', Naval Research Logistics (NRL), Publisher, vol. 42, no. 4, pp. 585-607. Hartley, DS 2001, Topics in Operations Research: Predicting Combat Effects, Institute for Operations Research and the Management Sciences. Military Applications Society, Linthicum, MD. USA. Hartley, DS & Helmbold, RL 1995, 'Validating Lanchester's Square Law and Other Attrition Models', Naval Research Logistics (NRL), Publisher, vol. 42, no. 4, pp. 609-33. Hayward, P 1968, 'The Measurement of Combat Effectiveness', Operations Research, Publisher, vol. 16, no. 2, pp. 314-23. Haywood, O 1954, 'Military Decision and Game Theory', Journal of the Operations Research Society of America, Publisher, vol. 2, no. 4, pp. 365-85. Healey, J 2013, A Fierce Domain: Conflict in Cyberspace, 1986 to 2012., Atlantic Council, Arlington, VA: Cyber Conflict Studies Association, 2013. Washington, DC. Helmbold, RL 1971, Decision in Battle: Breakpoint Hypotheses and Engagement Termination Data, Rand. Helmbold, RL 1995, 'Rates of Advance in Land Combat Operations', Naval Research Logistics (NRL), Publisher, vol. 42, no. 4, pp. 635-69, http://dx.doi.org/10.1002/1520- 6750(199506)42:4<635::AID-NAV3220420409>3.0.CO;2-O. Helmbold, RL & Rehm, AS 1995, '“The Influence of the Numerical Strength of Engaged Forces in Their Casualties,” by M. Osipov', Naval Research Logistics (NRL), Publisher, vol. 42, no. 3, pp. 435-90, http://dx.doi.org/10.1002/1520- 6750(199504)42:3<435::AID-NAV3220420308>3.0.CO;2-2. Henry, K & Pasley, K 2014, Official (Isc) 2 Guide to the CISSP CBK. 4th Revised Edition, Apple Academic Press Inc., Waretown, New Jersey. .

377

Cyberspace Weaponisation: Modelling Cyber-Effects and their Impacts on Mission Success, Human Factors and Kinetic Outcomes in the Tactical Land Combat Environment. Lieutenant Colonel David Ormrod.

Hernandez, AS, Lucas, TW & Sanchez, PJ 2012, ‘Selecting Random Latin Hypercube Dimensions and Designs through Estimation of Maximum Absolute Pairwise Correlation’, 2012 Winter Simulation Conference (WSC), Berlin, Germany. 09-12 Dec 2012, IEEE, 9-12 Dec. 2012. Hevner, A & Chatterjee, S 2010a, Design Research in Information Systems: Theory and Practice, Vol. 22, Springer Science & Business Media. Hevner, A & Chatterjee, S 2010b, Design Science Research in Information Systems, Springer. Hevner, AR 2007, 'A Three Cycle View of Design Science Research', Scandinavian journal of information systems, vol. 19, no. 2, p. 4. Hevner, AR, March, ST, Park, J & Ram, S 2004, 'Design Science in Information Systems Research', MIS quarterly, vol. 28, no. 1, pp. 75-105. Hicinbothom, JH, Zachary, WW, Knapp, BG, Zaklad, AL & Bittner Jr, AC 1990, Doing Deception: Attacking the Enemy's Decision Processes, US Army Research Institute, UARIftBaS Sciences, Alexandria, Virginia. Hieb, MR & Schade, U Year, ‘Formalizing Command Intent through Development of a Command and Control Grammar (I-069)’, 12th International Command and Control Research and Technology Symposium (ICCRTS). Hildebrand, SM 2007, The Trinitarian Theology of Basil of Caesarea: A Synthesis of Greek Thought and Biblical Truth, CUA Press. Hill, RR, Champagne, LE & Price, JC 2004, 'Using Agent-Based Simulation and Game Theory to Examine the Wwii Bay of Biscay U-Boat Campaign', The Journal of Defense Modeling and Simulation: Applications, Methodology, Technology, vol. 1, no. 2, pp. 99-109. Hiniker, PJ 2004, C3x: Correlation, Causation and Controlled Experimentation for C2, Defense Information Systems Agency, International Command and Control Research and Technology Symposium (ICCRTS), Copenhagen, Denmark. Hiniker, PJ 2008, 'A View of the Combat Cas: Unifying Net-Enabled Teams', in J Moffat (ed), The International C2 Journal, Vol. Vol 2. No 2. Special Issue - Representing Human Decision Making in Constructive Simulations for Analysis, CCRP. Hipel, KW, Wang, M & Fraser, NM 1988, 'Hypergame Analysis of the Falkland/Malvinas Conflict', International Studies Quarterly, Publisher, pp. 335-58. Hirshfield, LM, Hirshfield, SH, Hincks, S, Russell, M, Ward, R & Williams, T 2011, 'Trust in Human-Computer Interactions as Measured by Frustration, Surprise, and Workload', Foundations of Augmented Cognition. Directing the Future of Adaptive Systems, Springer, pp. 507-16. Hochhalter, B, Lichti, N & Zagal, J 2005, 'Towards an Ontological Language for Game Analysis', Publisher. Hoffman, J & Rosenkrantz, GS 2003, 'Platonistic Theories of Universals', Publisher. Hofmann, M 2013, 'Ontologies in Modeling and Simulation: An Epistemological Perspective', Ontology, Epistemology, and Teleology for Modeling and Simulation, Springer, pp. 59-87. Holmes, CS 2012, 'Decision-Making at the Tactical Level', The Australian Army Journal is published by authority of the Chief of Army, Publisher, p. 89. Holsopple, J, Sudit, M & Yang, SJ 2014, 'Impact Assessment', in AKe al (ed), Cyber Defense and Situational Awareness, Vol. Advances in Information Security, Springer, Switzerland. Holsopple, J & Yang, SJ Year, ‘Fusia: Future Situation and Impact Awareness’, 11th International Conference on Information Fusion, Cologne, Germany., Institute of Electrical and Electronics Engineers, Inc., June 30 - July 03.

378

Cyberspace Weaponisation: Modelling Cyber-Effects and their Impacts on Mission Success, Human Factors and Kinetic Outcomes in the Tactical Land Combat Environment. Lieutenant Colonel David Ormrod.

Holsopple, J, Yang, SJ & Sudit, M 2015, 'Mission Impact Assessment for Cyber Warfare', in RR Yager, MZ Reformat & N Alajlan (eds), Intelligent Methods for Cyber Warfare, Springer International Publishing, Switzerland., pp. pp239-66. Horne, G & Seichter, S 2014, ‘Data Farming in Support of Nato Operations - Methodology and Proof-of-Concept’, 2014 Winter Simulation Conference (WSC), Savannah, GA. 07-10 December 2014, Winter Simulation Conference, 7-10 Dec. 2014. Howell, KE 2013, An Introduction to the Philosophy of Methodology, SAGE Publications Ltd. Huggins, TJ, Peace, R, Hill, SR, Johnston, DM & Muñiz, AC 2015a, 'Politics of Practical and Academic Knowledge: A Q-Method Analysis of Gauging Community Disaster Resilience', Journal of contingencies and crisis management, vol. 23, no. 4, pp. 246- 56, http://dx.doi.org/10.1111/1468-5973.12092. Huggins, TJ, Peace, R, Hill, SR, Johnston, DM & Muñiz, AC 2015b, 'Visually Modelling Collaborative Research into Innovative Community Disaster Resilience Practice, Strategy, and Governance', International Journal of Disaster Risk Science, vol. 6, no. 3, pp. 282-94, http://dx.doi.org/10.1007/s13753-015-0061-6. Hurwitz, R 2012, 'Depleted Trust in the Cyber Commons.', Strategic Studies Quarterly, vol. 6, no. 3, p. 20. Hutchins, EM, Cloppert, MJ & Amin, RM 2011, 'Intelligence-Driven Computer Network Defense Informed by Analysis of Adversary Campaigns and Intrusion Kill Chains', Leading Issues in Information Warfare & Security Research, Publisher, vol. 1, p. 80. Hutchins, SG & Kowalski, JT 1993, Tactical Decision Making under Stress: Preliminary Results and Lessons Learned, Naval Command, Control and Ocean Surveillance Center, OoCN Research, San Diego, CA. Idrees, MS, Roudier, Y & Apvrille, L 2014, 'Model the System from Adversary Viewpoint: Threats Identification and Modeling', arXiv preprint arXiv:1410.4305, Publisher. Ii, HJM & Ketcham, CC 1983, 'Sabotage: A Strategic Tool for Guerrilla Forces.', World Affairs, Publisher, vol. 146, no. 3, pp. 249-56, http://www.jstor.org/stable/20671989. Ilachinski, A 2004, Artificial War: Multiagent-Based Simulation of Combat, World Scientific., Singapore. Ilachinski, A 2005, Self-Organized Terrorist-Counterterrorist Adaptive Coevolutions, Part 1: A Conceptual Design, CNA Corporation, C Corporation, Alexandria, Virginia. Ingber, L & Sworder, DD 1991, 'Statistical Mechanics of Combat with Human Factors', Mathematical and computer modelling, Publisher, vol. 15, no. 11, pp. 99-127. Jabbour, K & Muccio, S 2011, 'The Science of Mission Assurance', Journal of Strategic Security, Publisher, vol. 4, no. 2, pp. 61-74. Jahnk, P & Maskell, P 2010, ‘Using Simulation to Support Development, Test and Demonstration of a Recognised Land Picture Proof of Concept Architecture’, Land Warfare Conference Nov 2010, Brisbane, Australia. Jain, PP & Pridemore, B Year, ‘Case Study: Net-Centric Mission Threads Modeling and Analysis Using Bpmn’, International Symposium on Collaborative Technologies and Systems, 2008. CTS 2008, IEEE. Jajodia, S & Noel, S 2010, Advanced Cyber Attack Modeling Analysis and Visualization, DTIC Document. Jakobson, G 2011, ‘Extending Situation Modeling with Inference of Plausible Future Cyber Situations’, IEEE 2011 First International Multi-Disciplinary Conference on Cognitive Methods in Situation Awareness and Decision Support (CogSIMA), IEEE. James, JR, Ragsdale, D, Schafer, J & Presby, T Year, ‘Performance Modeling of the Advanced Field Artillery Tactical Data System’, 2000 IEEE International Conference on Systems, Man, and Cybernetics, IEEE.

379

Cyberspace Weaponisation: Modelling Cyber-Effects and their Impacts on Mission Success, Human Factors and Kinetic Outcomes in the Tactical Land Combat Environment. Lieutenant Colonel David Ormrod.

John F. Schmitt 2003, 'Design and Delivery of Tactical Decision Games Sand Table Exercises', Publisher. Johnson, RB, Onwuegbuzie, AJ & Turner, LA 2007, 'Toward a Definition of Mixed Methods Research', Journal of Mixed Methods Research, Publisher, vol. 1, no. 2, pp. 112-33. Johnston, RB, Waller, V & Milton, SK 2005, 'Situated Information Systems: Supporting Routine Activity in Organisations', International Journal of Business Information Systems, Publisher, vol. 1, no. 1-2, pp. 53-82. Joint Staff 2011, 'Commander’s Handbook for Assessment Planning and Execution', Suffolk, Virginia, Publisher. Kaderka, J 2010, 'Ontology in Cyber Defence and Computer Networks', CYBERNETIC Letters. Kampen, JK & Tamás, P 2014, 'Overly Ambitious: Contributions and Current Status of Q Methodology', Quality & Quantity, Publisher, vol. 48, no. 6, pp. 3109-26. Kass, RA 2006, The Logic of Warfighting Experiments, DTIC Document. Naval Postgraduate School. San Diego, CA. Kim, J 1976, 'Events as Property Exemplifications', Action Theory, Springer, pp. 159-77. Kleiner, MS, Carey, SA & Beach, J Year, ‘Communication Mission-Type Orders to Virtual Commanders’, Simulation Conference Proceedings, Winter, 1998. IEEE. Klimburg, A 2012, National Cyber Security Framework Manual. Nato Ccd Coe Publication, Tallinn 2012. Available From: Https://Ccdcoe.Org/Publications/Books/Nationalcybersecurityframeworkmanual.Pdf [Accessed 17 Feb 15]. Klingaman, RR & Carlton, WB 2002, Einstein Model Validation, DTIC Document. Klyne, G & Carroll, JJ 2006, 'Resource Description Framework (Rdf): Concepts and Abstract Syntax', Publisher. Kokar, MM, Matheus, CJ & Baclawski, K 2009, 'Ontology-Based Situation Awareness', Information Fusion, Publisher, vol. 10, no. 1, pp. 83-98. Konstantinia, C & Andrew, B 2013, 'A Socio Technical Approach to Cyber Risk Management and Impact Assessment', Journal of Information Security, Publisher, vol. 4, no. 1, pp. pp33-41, http://www.scirp.org/journal/jis. Kopp, C 2003, 'Shannon, Hypergames and Information Warfare', Journal of Information Warfare, Publisher, vol. 2, no. 2, pp. 108-18. Kotenko, I 2010, Agent-Based Modelling and Simulation of Network Cyber-Attacks and Cooperative Defence Mechanisms, Discrete Event Simulations, St.-Petersburg Institute for Informatics and Automation of Russian Academy of Sciences Liniya, St. Petersburg, Russia., http://cdn.intechopen.com/pdfs-wm/11547.pdf. Kott, A, Wang, C & Erbacher, R 2014, Cyber Defense and Situational Awareness, Advances in Information Security., Vol. 62, Springer International Publishing, Switzerland. Kovach, NS, Gibson, AS & Lamont, GB 2015, 'Hypergame Theory: A Model for Conflict, Misperception, and Deception', Game Theory, vol. 2015, p. 20, http://dx.doi.org/10.1155/2015/570639. Kramer, FD & Starr, SH 2009, Cyberpower and National Security, Potomac Books, Inc. Kress, M & Talmor, I 1999, 'A New Look at the 3: 1 Rule of Combat through Markov Stochastic Lanchester Models', Journal of the Operational Research Society, , vol. 50, no. 7, pp. 733-44. Kuehl, DT 2009, 'From Cyberspace to Cyberpower: Defining the Problem', in FD Kramer, SH Starr & LK Wentz (eds), Cyberpower and National Security. National Defense University Press. Potomac Books, Inc. Washington, D.C. USA., pp. 24-42.

380

Cyberspace Weaponisation: Modelling Cyber-Effects and their Impacts on Mission Success, Human Factors and Kinetic Outcomes in the Tactical Land Combat Environment. Lieutenant Colonel David Ormrod.

Kuhl, ME, Kistner, J, Costantini, K & Sudit, M 2007, ‘Cyber Attack Modeling and Simulation for Network Security Analysis’, Proceedings of the 39th conference on Winter simulation: 40 years! The best is yet to come, Washington D.C., IEEE Press. Kundur, D, Feng, X, Mashayekh, S, Liu, S, Zourntos, T & Butler-Purry, KL 2011, 'Towards Modelling the Impact of Cyber Attacks on a Smart Grid', International Journal of Security and Networks, Publisher, vol. 6, no. 1, pp. pp2-13. Lampton, DR, Cohn, J, Endsley, M, Freeman, J, Gately, M, Martin, G & Richardson, T Year, ‘Measuring Situation Awareness for Dismounted Infantry Squads’, Interservice/Industry Training, Simulation, and Education Conference, I/ITSEC. Lanchester, FW 1916, Aircraft in Warfare: The Dawn of the Fourth Arm, Constable limited. Lange, M, Kott, A, Ben-Asher, N, Mees, W, Baykal, N, Vidu, C-M, Merialdo, M, Malowidzki, M & Madahar, B 2017, 'Recommendations for Model-Driven Paradigms for Integrated Approaches to Cyber Defense', arXiv preprint arXiv:1703.03306, Publisher. Laskey, G & Laskey, K 2002, Combat Identification with Bayesian Networks, DTIC Document. Laskey, KB & da Costa, P 2012, 'Of Starships and Klingons: Bayesian Logic for the 23rd Century', arXiv preprint arXiv:1207.1354, Publisher. Laskey, KB, Haberlin, R, Carvalho, RN & da Costa, PCG Year, ‘Pr-Owl 2 Case Study: A Maritime Domain Probabilistic Ontology’, STIDS. Lauren, M & Stephen, R 2002a, 'Map-Aware Non-Uniform Automata (Mana)-a New Zealand Approach to Scenario Modelling', Journal of Battlefield Technology, Publisher, vol. 5, no. 1, pp. pp27-31, http://www.argospress.com/jbt. Lauren, M & Stephen, R 2002b, 'Map-Aware Non-Uniform Automata (Mana)-a New Zealand Approach to Scenario Modelling', Journal of Battlefield Technology, vol. 5, pp. 27-31. Lauren, MK 2006, 'A Metamodel for Describing the Outcomes of the Mana Cellular Automaton Combat Model Based on Lauren's Attrition Equation', Defence Technology Agency, Auckland, New Zealand, Publisher. Lauren, MK, Anderson, MA & Stephen, RT 2001, Exploring the Role of Troop Quality in Combat Effectiveness Using Mana, Defence Technology Agency. Lauren, MK, Smith, J, Moffat, J & Perry, N 2005, 'Using the Fractal Attrition Equation to Construct a Metamodel of the Mana Cellular Automaton Combat Model', The Technical Cooperation Program. Lauren, MK, Stephen, RT & Hore, NR 2003, Application of the Mana Model to Operations in East Timor, Defence Technology Agency. Lavazza, A & Robinson, H 2014, Contemporary Dualism: A Defense, Vol. 54, Routledge. LeBar, M 2008, 'Aristotelian Constructivism', Social Philosophy and Policy, vol. 25, no. 01, pp. 182-213. Lee, J-S, Jung, J-R, Park, J-S & Chi, S-D 2005, 'Linux-Based System Modelling for Cyber- Attack Simulation', in TG Kim (ed), Artificial Intelligence and Simulation: 13th International Conference on Ai, Simulation, Planning in High Autonomy Systems, Ais 2004, Jeju Island, Korea, October 4-6, 2004, Revised Selected Papers, Springer, Berlin, Heidelberg, pp. 585-96, http://dx.doi.org/10.1007/978-3-540-30583-5_62. Lee, TW 2008, Military Technologies of the World, ABC-CLIO. Lee, Y & Lee, T 2014, 'Network-Based Metric for Measuring Combat Effectiveness', Defence Science Journal, vol. 64, no. 2, pp. 115-22. Leed, M 2013, Offensive Cyber Capabilities at the Operational Level: The Way Ahead, Center for Strategic and International Studies (CSIS) Georgia Tech Research Institute (GTRI), Washington, DC, www.csis.org.

381

Cyberspace Weaponisation: Modelling Cyber-Effects and their Impacts on Mission Success, Human Factors and Kinetic Outcomes in the Tactical Land Combat Environment. Lieutenant Colonel David Ormrod.

Lehar, J, Krueger, AS, Avery, W, Heilbut, AM, Johansen, LM, Price, ER, Rickles, RJ, Short Iii, GF, Staunton, JE, Jin, X, Lee, MS, Zimmermann, GR & Borisy, AA 2009, 'Synergistic Drug Combinations Tend to Improve Therapeutically Relevant Selectivity', Nat Biotech, vol. 27, no. 7, pp. 659-66, http://dx.doi.org/10.1038/nbt.1549. Lessig, L 2002, The Future of Ideas: The Fate of the Commons in a Connected World. Random House. New York. USA. Lewis, JA & Neuneck, G 2013, 'The Cyber Index. International Security Trends and Realities. Unidir/2013/3.', Geneva, Switzerland. United Nations Institute for Disarmament Research,. Lewis, JA & Timlin, K 2011, Cybersecurity and Cyberwarfare: Preliminary Assessment of National Doctrine and Organization, Center for Strategic and International Studies. UNDIR. Washington, D.C. USA. Available from: http://unidir.org/files/publications/pdfs/cybersecurity-and-cyberwarfare-preliminary- assessment-of-national-doctrine-and-organization-380.pdf [Accessed: 21 Feb 15]. Libicki, MC 2012, 'Cyberspace Is Not a Warfighting Domain. I/S: A Journal of Law and Policy for the Information Society, V. 8, No. 2, Fall 2012, P. 325-340. Available From: Http://Www.Rand.Org/Pubs/External_Publications/Ep51077.Html [Accessed 04 Mar 14]. Libicki, MC 2014, 'Why Cyber War Will Not and Should Not Have Its Grand Strategist.', Strategic Studies Quarterly, Publisher, vol. 7, no. 3, p. 23. Liff, AP 2012, 'Cyberwar: A New ‘Absolute Weapon’? The Proliferation of Cyberwarfare Capabilities and Interstate War', Journal of Strategic Studies, Publisher, vol. 35, no. 3, pp. 401-28. Lin, C, Wang, Y & Wang, Y 2008, ‘A Stochastic Game Nets Based Approach for Network Security Analysis’, Proc. of the 29th International Conference on Application and Theory of Petri Nets and other Models of Concurrency, Concurrency metHods: Issues aNd Applications 2008 Workshop (Invited paper), Citeseer. Linkov, I, Eisenberg, DA, Plourde, K, Seager, TP, Allen, J & Kott, A 2013, 'Resilience Metrics for Cyber Systems', Environment Systems and Decisions, Publisher, vol. 33, no. 4, pp. 471-6. Llanso, T & Klatt, E Year, ‘Cymrisk: An Approach for Computing Mission Risk Due to Cyber Attacks’, 2014 8th Annual Systems Conference (SysCon). Ottawa, ON., Institute of Electrical and Electronics Engineers. Lowe, EJ 2010, Why My Body Is Not Me: The Unity Argument for Emergentist Self-Body Dualism, Contemporary Dualism: A Defense, ed. A Lavazza & H Robinson, Routledge, New York, US. Lucas, TW & Sanchez, SM 2003, Smart Experimental Designs Provide Military Decision- Makers with New Insights from Agent-Based Simulations, Naval Postgraduate School Operations Research Department Monterey, CA. Luke, S, Cioffi-Revilla, C, Panait, L & Sullivan, K Year, ‘Mason: A New Multi-Agent Simulation Toolkit’, Proceedings of the 2004 swarmfest workshop. MacCalman, AD 2013, Flexible Space-Filling Designs for Complex System Simulations, DTIC Document. Machado, AF, Barreto, AB & Yano, ET 2013, Architecture for Cyber Defense Simulator in Military Applications, DTIC Document. MacKay, RB & McKiernan, P 2004, 'The Role of Hindsight in Foresight: Refining Strategic Reasoning', Futures, vol. 36, no. 2, pp. 161-79. Maclntosh, J, Reid, J & Tyler, L 2011, Cyber Doctrine: Towards a Coherent Evolutionary Framework for Learning Resilience, Institute for Security and Resilience Studies,

382

Cyberspace Weaponisation: Modelling Cyber-Effects and their Impacts on Mission Success, Human Factors and Kinetic Outcomes in the Tactical Land Combat Environment. Lieutenant Colonel David Ormrod.

University College London. Available from: https://www.ucl.ac.uk/isrs/publications/CyberDoctrine [Accessed 12 Feb 15]. London, UK. Maienborn, C 2008, 'On Davidsonian and Kimian States', Existence: Semantics and Syntax, Springer, Berlin, Heidelberg, pp. 107-30. Maienborn, C 2011, 'Event Semantics', HSK Handbook. Tubingen, Germany, Publisher. Maier, MW Year, ‘Architecting Principles for Systems‐of‐Systems’, INCOSE International Symposium, Wiley Online Library. Mancuso, VF, Christensen, JC, Cowley, J, Finomore, V, Gonzalez, C & Knott, B Year, ‘Human Factors in Cyber Warfare Ii Emerging Perspectives’, Human Factors and Ergonomics Society Annual Meeting, Chicago, Illinois. 27-31 October 2014, SAGE Publications. Mandiant 2015, 'Mandiant Apt1. Exposing One of China’s Cyber Espionage Units. Appendix B: Apt and the Attack Lifecycle. Https://Www.Fireeye.Com/Content/Dam/Fireeye- Www/Services/Pdfs/Mandiant-Apt1-Report.Pdf', Publisher. Margolis, E & Laurence, S 2007, 'The Ontology of Concepts—Abstract Objects or Mental Representations? 1', Noûs, vol. 41, no. 4, pp. 561-93. Marmick, B 2015, How Computers Broke Science – and What We Can Do to Fix It, The Conversation, Washington DC, USA, viewed 11 Feb 2017 2017, http://theconversation.com/how-computers-broke-science-and-what-we-can-do-to-fix- it-49938 Martino, RA 2011, Leveraging Traditional Battle Damage Assessment Procedures to Measure Effects from a Computer Network Attack, DTIC Document. Martins, J, Santos, H, Nunes, P & Silva, R 2012, ‘Information Security Model to Military Organizations in Environment of Information Warfare’, 11th European Conference on Information Warfare and Security. Matheus, CJ Year, ‘Position Paper: Using Ontology-Based Rules for Situation Awareness and Information Fusion’, Rule Languages for Interoperability. Matheus, CJ, Kokar, MM & Baclawski, K Year, ‘A Core Ontology for Situation Awareness’, Proceedings of the Sixth International Conference on Information Fusion. Matthews, D & Collier, P Year, ‘Assessing the Value of a C4isrew System-of-Systems Capability’, Proceedings of the 5 th International Command and Control Research and Technology Symposium. Mattis, JN 2008a, USIFCOM Commander's Guidance for Effects-Based Operations, DTIC Document. Mattis, JN 2008b, USIFCOM Commander's Guidance for Effects-Based Operations, Parameters. Vol. XXXVIII pp18-24., http://strategicstudiesinstitute.army.mil/pubs/parameters/Articles/08autumn/mattis.pdf , Washington, DC. USA. Maughan, D 2009, A Roadmap for Cybersecurity Research, US Department of Homeland Security, Washington, DC. USA., http://www.dhs.gov/science-and-technology/csd- resources. Mavor, AS & Pew, RW 1998, Modeling Human and Organizational Behavior: Application to Military Simulations, National Academies Press. Mawby, D, McDougall, I & Boehmer, G 2005, A Network-Centric Operations Case Study: Us/Uk Coalition Combat Operations During Operation Iraqi Freedom, DTIC Document. Mayfield, C 2001, 'Mathematical Proofs of Mayfield's Paradox: A Fundamental Principle of Information Security', Information Systems Audit and Control Association (ISACA) Journal., Publisher, vol. 2, viewed 01 Aug 2015,

383

Cyberspace Weaponisation: Modelling Cyber-Effects and their Impacts on Mission Success, Human Factors and Kinetic Outcomes in the Tactical Land Combat Environment. Lieutenant Colonel David Ormrod.

http://www.isaca.org/Journal/archives/2001/Volume-2/Pages/Mathematical-Proofs- of-Mayfields-Paradox-A-Fundamental-Principle-of-Information-Security.aspx. McCormack, L & Mellor, D 2002, 'The Role of Personality in Leadership: An Application of the Five-Factor Model in the Australian Military', Military Psychology, vol. 14, no. 3, p. 179. McCourt, R, Ng, K & Mitchell, R 2012, 'An Agent-Based Approach Towards Network- Enabled Capabilities–I: Simulation Validation and Illustrative Examples', The Journal of Defense Modeling and Simulation: Applications, Methodology, Technology, Publisher, p. 1548512912465359. McIntosh, G 2009, Mana-V (Map Aware Non-Uniform Automata-Vector) Supplementary Manual, Defence Technology Agency. McKeown, B & Thomas, DB 2013, Q Methodology. 2nd Edition., Quantitative Applications in the Social Sciences, ed. J Fox, SAGE Publications, Thousand Oaks, CA. McKeown, DM, Giuliani, JL & Hershey, DJ 2010, ‘Revisiting Correlation: Serious Games and Constructive Simulation’, IMAGE 2010 Conference, Scottsdale, AZ. USA., TerraSim Inc. McMaster, HR 2008, 'On War: Lessons to Be Learned', Survival, Publisher, vol. 50, no. 1, pp. 19-30, viewed 2015/07/13, http://dx.doi.org/10.1080/00396330801899439. McNaught, K 1999, 'The Effects of Splitting Exponential Stochastic Lanchester Battles', Journal of the Operational Research Society, pp. 244-54. Meijer, M 2013, Agility in Command and Control in a Multinational Exercise, DTIC Document. Meixner, U 2000, 'Essential Conceptions of Events', Poznan studies in the philosophy of the sciences and the humanities, vol. 76, pp. 183-94. Melzer, N 2009, 'Keeping the Balance between Military Necessity and Humanity: A Response to Four Critiques of the ICRC's Interpretive Guidance on the Notion of Direct Participation in Hostilities.', New York University Journal of International Law & Politics. Spring 2010, Vol. 42. Issue 3, 831, Publisher. Merriam Webster 2005, The Merriam-Webster Dictionary, Merriam-Webster, Springfield, MA. Millen, RA 2008, Command Legacy: A Tactical Primer for Junior Leaders, Potomac Books. Miller, GJ & Bonder, S 1982, Human Factors Representations for Combat Models, VR Incorporated., US Army. Research Institute for the Behavioral and Social Sciences. Washington, DC., viewed 20 Aug 2015, www.dtic.mil/cgi- bin/GetTRDoc?AD=ADA133351. Miller, J 2006, ‘Modeling and Measuring Network Centric Warfare (Ncw) with the System Effectiveness Analysis Simulation (Seas)’, 8th International Command and Control Research and Technology Symposium., National Defence University. Washington, DC., 17-19 Jun 2003. Ministry of Defence 2003, Aircraft Accident to Royal Air Force Tornado Gr Mk4a Zg710, United Kingdom Ministry of Defence, London, https://www.gov.uk/government/publications/military-aircraft-accident-summary- aircraft-accident-to-raf-tornado-gr-mk4a-zg710. Ministry of Defence 2007, MODAF Viewpoint Linkages, Ministry of Defence, London, UK. Ministry of Defence 2011, The United Kingdom Cyber Security Strategy: Protecting and Promoting the UK in a Digital World, Cabinet Office, London, UK. Ministry of Defence 2013a, 'Cyber Primer. Minstry of Defence, Swindon, Whiltshire. United Kingdom. Available From: Https://Www.Gov.Uk/Government/Publications/Cyber- Primer [Accessed: 24 May 15].

384

Cyberspace Weaponisation: Modelling Cyber-Effects and their Impacts on Mission Success, Human Factors and Kinetic Outcomes in the Tactical Land Combat Environment. Lieutenant Colonel David Ormrod.

https://www.gov.uk/government/uploads/system/uploads/attachment_data/file/360973 /20140716_DCDC_Cyber_Primer_Internet_Secured.pdf. Ministry of Defence 2013b, 'Red Teaming Guide 2nd Ed', UK Ministry of Defence. Ministry of Defence 2014, Joint Doctrine Publication 0-01 Uk Defence Doctrine, UK Ministry of Defence, UK Ministry of Defence, London, UK. Moffat, J, Smith, J & Witty, S 2006, 'Emergent Behaviour: Theory and Experimentation Using the Mana Model', Advances in Decision Sciences, vol. 2006. Moltmann, F 2015, 'States Versus Tropes. Comments on Curt Anderson and Marcin Morzycki:‘Degrees as Kinds’', Natural Language & Linguistic Theory, Publisher, vol. 33, no. 3, pp. 829-41. Moody, WC, Hu, H & Apon, A 2014, ‘Defensive Maneuver Cyber Platform Modeling with Stochastic Petri Nets’, 2014 International Conference on Collaborative Computing: Networking, Applications and Worksharing (CollaborateCom), IEEE. Moon, I-C, Carley, KM & Kim, TG 2013, 'Modeling and Simulating Command and Control: For Organizations under Extreme Situations', SpringerBriefs in Computer Science. Springer-Verlag London., Springer. Mullen, MG 2011, The National Military Strategy of the United States of America, 2011: Redefining America's Military Leadership, Joint Chiefs of Staff. Multilateral Interoperability Programme 2016, 'The MIP Information Model', Accessed on 10 Dec 2016 at: https://www.mimworld.org/portal/projects/welcome/wiki/Welcome. Musman, S & Agbolosu-Amison, S 2014, A Measurable Definition of Resiliency Using “Mission Risk” as a Metric, Mitre Corp, McLean, VA. Musman, S & Grimaila, MR 2013, 'Mission Assurance Challenges within the Military Environment', International Journal of Interdisciplinary Telecommunications and Networking (IJITN), vol. 5, no. 2, viewed 12 Sep 2015, http://www.igi- global.com/article/mission-assurance-challenges-within-the-military- environment/79281. Musman, S, Tanner, M, Temin, A, Elsaesser, E & Loren, L Year, ‘Computing the Impact of Cyber Attacks on Complex Missions’, 2011 IEEE International Systems Conference (SysCon), Montreal, Quebec, Canada, Institute of Electrical and Electronics Engineers. Musman, S, Tanner, M, Temin, A, Elsaesser, E & Loren, L 2011b, ‘A Systems Engineering Approach for Crown Jewels Estimation and Mission Assurance Decision Making’, 2011 IEEE Symposium on Computational Intelligence in Cyber Security (CICS), IEEE. Musman, S, Temin, A, Tanner, M, Fox, D & Pridemore, B 2010, ‘Evaluating the Impact of Cyber Attacks on Missions’, Proceedings of the 5th International Conference on Information Warfare and Security. Nagge, JW 1932, 'Regarding the Law of Parsimony', The Pedagogical Seminary and Journal of Genetic Psychology, Publisher, vol. 41, no. 2, pp. 492-4. Nagle, JA, Richmond, PW, Blais, CL, Goerger, NC, Kewley, RH & Burk, RK 2008, 'Using an Ontology for Entity Situational Awareness in a Simple Scenario', The Journal of Defense Modeling and Simulation: Applications, Methodology, Technology, Publisher, vol. 5, no. 2, pp. 139-58. National Defense Industrial Association 2008, 'National Defense Industrial Association Engineering for System Assurance V1.0', viewed 12 Mar 2016, http://www.acq.osd.mil/se/docs/SA-Guidebook-v1-Oct2008.pdf. Negrete-Pincetic, M, Yoshida, F & Gross, G Year, ‘Towards Quantifying the Impacts of Cyber Attacks in the Competitive Electricity Market Environment’, PowerTech, 2009, Bucharest, Institute of Electrical and Electronics Engineers., 28 June - 2 July.

385

Cyberspace Weaponisation: Modelling Cyber-Effects and their Impacts on Mission Success, Human Factors and Kinetic Outcomes in the Tactical Land Combat Environment. Lieutenant Colonel David Ormrod.

Nesteruk, EA 2009, ‘Security Considerations for Network-Centric Weapon Systems’, Naval Postgraduate School. New Zealand Government 2010, Defence White Paper 2010, New Zealand Ministry of Defence., Auckland, NZ., http://www.nzdf.mil.nz/corporate-documents/defence- white-paper/. New Zealand Government 2014, Defence Capability Plan, New Zealand Ministry of Defence., viewed 02 Feb 16, http://www.nzdf.mil.nz/downloads/pdf/public- docs/2014/2014-defence-capability-plan.pdf New Zealand Ministry of Defence 2014, Defence Assessment, New Zealand Ministry of Defence., Auckland, NZ., http://www.defence.govt.nz/reports-publications/defence- assessment-2014/contents.html Nidumolu, SR, Menon, NM & Zeigler, BP 1998, 'Object-Oriented Business Process Modeling and Simulation:: A Discrete Event System Specification Framework', Simulation Practice and Theory, Publisher, vol. 6, no. 6, pp. 533-71. Nisbett, T 2005, Operational Deception-the Lost Art in Today's Operations, DTIC Document. North Atlantic Treaty Organisation 2006, STANAG 2287 Lo (Edition 1) - Task Verbs for Use in Planning and the Dissemination of Orders, NSA(ARMY)0510(2006)LO/2287, Brussels, BE. O'Sullivan, K 2015, ‘Development of a Cyber Effects Ontology for Use in Military Simulation’. Thesis. University of New South Wales. O'Sullivan, K & Turnbull, B 2015, 'The Cyber Simulation Terrain: Towards an Open Source Cyber Effects Simulation Ontology', Publisher. Onggo, BSS Year, ‘Bpmn Pattern for Agent-Based Simulation Model Representation’, Proceedings of the 2012 Winter Simulation Conference (WSC), Berlin, 9-12 Dec. 2012. Opcin, AE 2016, ‘Modeling Anti-Air Warfare with Discrete Event Simulation and Analyzing Naval Convoy Operations’, Monterey, California: Naval Postgraduate School. Ormrod, D & Turnbull, B Year, ‘The Military Cyber-Maturity Model: Preparing Modern Cyber-Enabled Military Forces for Future Conflicts’, 11th International Conference on Cyber Warfare and Security: ICCWS2016. Ormrod, D, Turnbull, B & O'Sullivan, K Year, ‘System of Systems Cyber Effects Simulation Ontology’, Winter Simulation Conference (WSC), Huntington Beach, California. 6-9 December 2015, IEEE. Park, CL 2004, 'What Is the Value of Replicating Other Studies?', Research Evaluation, Publisher, vol. 13, no. 3, pp. 189-95. Park, CY, Laskey, KB, Costa, P & Matsumoto, S 2013a, ‘Multi-Entity Bayesian Networks Learning in Predictive Situation Awareness’, DTIC Document. Park, CY, Laskey, KB, Costa, PC & Matsumoto, S Year, ‘Multi-Entity Bayesian Networks Learning for Hybrid Variables in Situation Awareness’, 2013 16th International Conference on Information Fusion (FUSION), IEEE. Parkin, SE, van Moorsel, A & Coles, R Year, ‘An Information Security Ontology Incorporating Human-Behavioural Implications’, Proceedings of the 2nd International Conference on Security of Information and Networks, ACM. Parsons, D, Surdu, J & Jordan, B Year, ‘Onesaf: A Next Generation Simulation Modeling the Contemporary Operating Environment’, Proceedings of Euro-simulation interoperability workshop. Partridge, C, Mitchell, A & de Cesare, S 2013, 'Guidelines for Developing Ontological Architectures in Modelling and Simulation', Ontology, Epistemology, and Teleology for Modeling and Simulation, Springer, pp. 27-57.

386

Cyberspace Weaponisation: Modelling Cyber-Effects and their Impacts on Mission Success, Human Factors and Kinetic Outcomes in the Tactical Land Combat Environment. Lieutenant Colonel David Ormrod.

Pearl, J 2000, Causality: Models, Reasoning and Inference, Vol. 29, Cambridge Univ Press. Pelosse, Y 2011, 'Ontological Foundation of Nash Equilibrium'. Accessed 02 Jan 17. https://mpra.ub.uni-muenchen.de/39934/ Perry, W & Signori, D Year, ‘A Mathematical Framework for Measuring the Effects of Information and Collaboration on Shared Awareness 1’, 6th International Command and Control Research and Technology Symposium, Maryland, USA. 19-21 June 2001, ICCRTS. Perry, WL 2002, Measures of Effectiveness for the Information-Age Navy: The Effects of Network-Centric Operations on Combat Outcome, RAND Corporation. Perry, WL, Signori, D & John, E 2004, Exploring Information Superiority: A Methodology for Measuring the Quality of Information and Its Impact on Shared Awareness, RAND Corporation. Petraki, E & Abbass, H Year, ‘On Trust and Influence: A Computational Red Teaming Game Theoretic Perspective’, 7th IEEE Symposium on Computational Intelligence for Security and Defense Applications (CISDA), IEEE. Pierzchała, D, Najgebauer, A, Antkiewicz, R, Chmielewski, M, Rulka, J, Wantoch- Rekowski, R, Tarapata, Z & Drozdowski, T 2012, 'Knowledge-Based Approach for Military Mission Planning and Simulation', Advances in Knowledge Representation, Publisher, pp. 251-72. Plato 360 BC., 'The Sophist', Translated by Benjamin Jowett. Accessed 19 Dec 16. http://izt.ciens.ucv.ve/ecologia/Archivos/Filosofia-II/Plato--Sophist.pdf, Publisher. Poropudas, J & Virtanen, K 2007, ‘Analyzing Air Combat Simulation Results with Dynamic Bayesian Networks’, Proceedings of the 39th conference on Winter simulation: 40 years! The best is yet to come, IEEE Press. Posadas, S & Paulo, EP 2003, 'Stochastic Simulation of a Commander's Decision Cycle', Military Operations Research, Publisher, vol. 8, no. 2, pp. 21-43. Powley, EH, Nissen, ME & Seykora, J 2010, Study of Trust as an Organizational Contingency, Part Ii: Examining Four Dimensions of Trust in Elicit Experimentation, 15th ICCRTS., Santa Monica, CA. USA. Pullen, M, Corner, D, Singapogo, SS, Clark, N, Cordonnier, N, Menane, M, Khimeche, L, Mevassvik, OM, Alstad, A & Schade, U Year, ‘Adding Reports to Coalition Battle Management Language for NATO MSG-048’, 2009 Euro Simulation Interoperability Workshop. QSR International 2015, Nvivo, QSR International., viewed 12 Jan 2015, http://www.qsrinternational.com/. Quine, WV & Van Orman Quine, W 1981, Theories and Things, Belknap Press of Harvard University Press. Quine, WVO 1969, Ontological Relativity and Other Essays, Columbia University Press. Rabkin, JA & Rabkin, A 2012, 'To Confront Cyber Threats, We Must Rethink the Law of Armed Conflict.', Koret-Taube Task Force on National Security and Law., Stanford University, Hoover Institution. Rafferty, L, Stanton, NA & Walker, G 2012, The Human Factors of Fratricide, Ashgate Pub. Ramchand, G 2005, 'Post-Davidsonianism', Theoretical linguistics, Publisher, vol. 31, no. 3, pp. 359-73. Ramlo, S 2016, 'Mixed Method Lessons Learned from 80 Years of Q Methodology', Journal of Mixed Methods Research, Publisher, vol. 10, no. 1, pp. 28-45, http://mmr.sagepub.com/content/10/1/28.abstract. Rao, AS & Georgeff, MP Year, ‘BDI Agents: From Theory to Practice’, ICMAS. Ratcliff, RA 2006, Delusions of Intelligence: Enigma, Ultra, and the End of Secure Ciphers, Cambridge University Press, New York, NY. USA.

387

Cyberspace Weaponisation: Modelling Cyber-Effects and their Impacts on Mission Success, Human Factors and Kinetic Outcomes in the Tactical Land Combat Environment. Lieutenant Colonel David Ormrod.

Ravid, I 1990, 'Military Decision, Game Theory and Intelligence: An Anecdote', Operations Research, Publisher, vol. 38, no. 2, pp. 260-4. Raymond, AD 1991, Assessing Combat Power: A Methodology for Tactical Battle Staffs, DTIC Document. Reckman, H & Cremers, C 2006, 'Concepts across Categories', Inference in Computational Semantics ICoS-5, p. 97. Regalado, D, Villeneuve, N & Railton, JS 2014, Behind the Syrian Conflict’s Digital Frontlines, Fireeye Threat Intelligence. Fireeye Inc. Available from: https://www.fireeye.com/content/dam/fireeye-www/global/en/current-threats/pdfs/rpt- behind-the-syria-conflict.pdf [Accessed 24 May 15]. Reilly, G 1997, 'How Tactical Experience Affects Confidence About Combat Decision Making', U.S Army Command and General Staff College. Masters Thesis., Publisher. Rid, T 2012, 'Cyber War Will Not Take Place', Journal of Strategic Studies, Publisher, vol. Taylor & Francis Group. 35, no. 1, pp. 5-32. Rittel, HW & Webber, MM 1973, 'Dilemmas in a General Theory of Planning', Policy sciences, Publisher, vol. 4, no. 2, pp. 155-69. Robinson, N, Gribbon, L, Horvath, V & Robertson, K 2013, 'Cyber-Security Threat Characterisation', Prepared for the Swedish National Defence College, Stockholm, RAND Corporation, Santa Monica, CA. Robinson, S 2008, 'Conceptual Modeling for Simulation. Part I: Definition and Requirements', The Journal of the Operational Research Society, Publisher, vol. 59, no. 3, pp. pp278-90, http://www.palgrave-journals.com/jors/index.html. Robinson, S 2013, ‘Conceptual Modeling for Simulation’, Proceedings of the 2013 Winter Simulation Conference: Simulation: Making Decisions in a Complex World, IEEE Press. Robinson, SB 2009, ‘A Modeling Process to Understand Complex System Architectures’, Georgia Institute of Technology. Rochlin, GI 1997, Trapped in the Net: The Unanticipated Consequences of Computerization, Princeton University Press. Rodziewicz, J & David, J 2011, 'Cyber Threats: Cyber Crime, Cyber Terror, and Cyber Warfare--Transnational Risk in the Internet’s Global Commons. Available From: Https://Works.Bepress.Com/David_Rodziewicz/4/ [Accessed 12 Mar 15].'. Roman, PA & Brown, D Year, ‘Constructive Simulation Versus Serious Games: A Canadian Case Study’, Proceedings of the 2007 spring simulation multiconference-Volume 3, Society for Computer Simulation International. Roman, PA & Brown, D Year, ‘Games–Just How Serious Are They’, The Interservice/Industry Training, Simulation & Education Conference (I/ITSEC). Roots, E 2007, 'Making Connections: The Relationship between Epistemology and Research Methods', Special Edition Papers, Publisher, vol. 19, no. 1, pp. 19-27. Rosenfield, DK 2009, 'Rethinking Cyber War.', Critical Review, vol. 21, no. 1, pp. 77-90. Rospocher, M, Ghidini, C & Serafini, L Year, ‘An Ontology for the Business Process Modelling Notation’, FOIS. Ross, W, Ulieru, M & Gorod, A 2014, ‘A Multi-Paradigm Modelling & Simulation Approach for System of Systems Engineering: A Case Study’, System of Systems Engineering (SOSE), 2014 9th International Conference on, IEEE. Rouse, WB & Boff, KR 2005, Organizational Simulation, Wiley. S. M. Ritchie 2003, ' The Effectiveness of the Leadership of Admiral Karl Dönitz', GEDDES Papers 2003.

388

Cyberspace Weaponisation: Modelling Cyber-Effects and their Impacts on Mission Success, Human Factors and Kinetic Outcomes in the Tactical Land Combat Environment. Lieutenant Colonel David Ormrod.

Sage, AP & Cuppan, CD 2001, 'On the Systems Engineering and Management of Systems of Systems and Federations of Systems', Information, Knowledge, Systems Management, vol. 2, no. 4, pp. pp325-45. Sanchez, SM 2005, ‘Work Smarter, Not Harder: Guidelines for Designing Simulation Experiments’, Simulation Conference, 2005 Proceedings of the Winter, 4-7 Dec. 2005. Sanchez, SM 2007, ‘Work Smarter, Not Harder: Guidelines for Designing Simulation Experiments’, Simulation Conference, 2007 Winter, 9-12 Dec. 2007. Sanchez, SM 2014, ‘Simulation Experiments: Better Data, Not Just Big Data’, Simulation Conference (WSC), 2014 Winter, 7-10 Dec. 2014. Sanchez, SM & Lucas, TW Year, ‘Exploring the World of Agent-Based Simulations: Simple Models, Complex Analyses: Exploring the World of Agent-Based Simulations: Simple Models, Complex Analyses’, Proceedings of the 34th conference on Winter simulation: exploring new frontiers, Winter Simulation Conference. Sanchez, SM, Sánchez, PJ & Wan, H Year, ‘Simulation Experiments: Better Insights by Design’, Proceedings of the 2014 Summer Simulation Multiconference, Society for Computer Simulation International. Sanchez, SMAov 2011, Nolh Designs Spreadsheet, http://harvest.nps.edu/. Sandia 2014, 'Red Teaming - Idart Quick Reference Sheet', SANDIA Labs. Sandoval, J & Hassell, S 2010, ‘Measurement, Identification and Calculation of Cyber Defense Metrics’, Military Communications Conference 2010., San Jose, CA., IEEE, 31 Oct-03 Nov 2010. Sanger, DE 2012, Confront and Conceal: Obama's Secret Wars and Surprising Use of American Power, Crown Publishing, New York, NY. Santos, E & Zhao, Q 2006, 'Adversarial Models for Opponent Intent Inferencing', Adversarial Reasoning: Computational Approaches to Reading the Opponents Mind (Eds. A. Kott and W. McEneaney), Chapman & Hall/CRC Computer and Information Science Series, Chapman & Hall/CRC: Boca Raton, pp. 1-22. Schade, U & Hieb, MR Year, ‘Formalizing Battle Management Language: A Grammar for Specifying Orders’, 2006 Spring Simulation Interoperability Workshop. Schade, U & Hieb, MR Year, ‘Battle Management Language: A Grammar for Specifying Reports’, IEEE Spring Simulation Interoperability Workshop. Schmitt, M 2012a, 'Classification of Cyber Conflict', Journal of Conflict and Security Law, vol. 17, no. 2, pp. 245-60. Schmitt, M Year, ‘The ‘Use of Force’ in Cyberspace: A Reply to Dr Ziolkowski.’, 4th International Conference on Cyber Conflict., Tallin, Estonia., NATO Cooperative Cyber Defence Centre of Excellence. CCDCOE Publications. Schmitt, MN 2013, Tallinn Manual on the International Law Applicable to Cyber Warfare., NATO Cooperative Cyber Defence Centre of Excellence. CCDCOE. Cambridge University Press. Tallin, Estonia. Schramm, HC & Gaver, DP 2013, 'Lanchester for Cyber: The Mixed Epidemic‐Combat Model', Naval Research Logistics (NRL), vol. 60, no. 7, pp. pp599-605, http://onlinelibrary.wiley.com/doi/10.1002/nav.21555/abstract. Schroth, TF 1989, ‘An Introduction to Human Factors and Combat Models’, Master of Science in Systems Technology (Command Control and Communications), Naval Postgraduate School. Severs, H 2013, The Cyber-Industrial-Complex: What Does the Militarisation of the 'Fifth Domain' Entail and What Are the Consequences?, http://www.henrysevers.com

389

Cyberspace Weaponisation: Modelling Cyber-Effects and their Impacts on Mission Success, Human Factors and Kinetic Outcomes in the Tactical Land Combat Environment. Lieutenant Colonel David Ormrod.

Shackelford, S 2010, 'Estonia Three Years Later: A Progress Report on Combating Cyber Attacks', Journal of Internet Law, Publisher, vol. Feb 2010, Accessed from: http://ssrn.com/abstract=1499849. Shakarian, P 2011, 'The 2008 Russian Cyber Campaign against Georgia', Military Review, Publisher, vol. 91, no. 6, p. 63. Shannon, CE & Weaver, W 1948, 'A Mathematical Theory of Communication.', American Telephone and Telegraph Company. Bell System Technical Journal 27 (4): 623–656. Shine, DR 2005, An Exploratory Study of the Army-as-a-System Core Skills: Comparing the Effectiveness of Warfighting Tactics Using Mana. Dsto-Tr-1663., Defence Science and Technology Organisation., Edinburgh, SA., viewed 18 Mar 2015, http://dspace.dsto.defence.gov.au/dspace/handle/1947/3976. Shiva, S, Roy, S & Dasgupta, D Year, ‘Game Theory for Cyber Security’, Proceedings of the Sixth Annual Workshop on Cyber Security and Information Intelligence Research, ACM. Siebelt, F 1994, 'Singular Causal Sentences and Two Relational Views', Language, Mind and Epistemology, Springer, pp. 199-219. Siem, FM & Murray, MW 1997, Personality Factors Affecting Pilot Combat Performance: A Preliminary Investigation, DTIC Document. Sierla, S, O’Halloran, BM, Karhela, T, Papakonstantinou, N & Tumer, IY 2013, 'Common Cause Failure Analysis of Cyber–Physical Systems Situated in Constructed Environments', Research in Engineering Design, Publisher, vol. 24, no. 4, pp. 375-94. Simmons, C, Shiva, S, Dasgupta, D & Wu, Q 2009, 'Avoidit: A Cyber Attack Taxonomy', University of Memphis, Technical Report CS-09-003, Publisher. Simon, HA 1996, The Sciences of the Artificial. 3rd Ed., MIT press, London, England. Simons, P 2005, Events, The Oxford Handbook of Metaphysics, ed. DZ MJ Loux, Oxford University Press, Oxford, UK. Simulation Interoperability Standards Organization 2014, 'Siso-Std-011-2014 Standard for Coalition Battle Management Language (C-Bml) Phase 1 Version 1.0', Publisher. Sober, E 1981, 'The Principle of Parsimony', British Journal for the Philosophy of Science, Publisher, pp. 145-56. Solis, WM 2005, Defense Logistics: Actions Needed to Improve the Availability of Critical Items During Current and Future Operations, DIANE Publishing Company. Sproles, N 2001, Establishing Measures of Effectiveness for Command and Control: A Systems Engineering Perspective, DTIC Document. Stallard, C 2011, ‘At the Crossroads of Cyber Warfare: Signposts for the Royal Australian Air Force.’, School of Advanced Air and Space Studies. Stanton, NA & Walker, GH 2013, Human Factors Methods: A Practical Guide for Engineering and Design, Ashgate Publishing, Ltd. Starner, SG 1979, A Two-Sided Field Artillery Stochastic Simulation, DTIC Document. Stenbit, JP, Wells, L & Alberts, D 2002, 'Nato Code of Best Practice for C2 Assessment', Washington DC: OASD (NII), Publisher. Stephenson, P 2014, Official (Isc) 2® Guide to the Ccfp Cbk, CRC Press. Stephenson, PR & Prueitt, PS Year, ‘Towards a Theory of Cyber Attack Mechanics’, IFIP wg. Stephenson, W 1993, 'Introduction to Q-Methodology', Operant Subjectivity, Publisher, vol. 17, no. 1, pp. 1-13. Stevenson, RC 2006, The Human Dimension of the Hardened and Networked Army: The Lessons of Friendly Fire, Land Warfare Studies Centre. Stewart, JM, Chapple, M & Gibson, D 2015, Certified Information Systems Security Professional (Cissp) Official Study Guide, Sybex, Wiley, Indianapolis, Indiana. USA.

390

Cyberspace Weaponisation: Modelling Cyber-Effects and their Impacts on Mission Success, Human Factors and Kinetic Outcomes in the Tactical Land Combat Environment. Lieutenant Colonel David Ormrod.

Stone, J 2013, 'Cyber War Will Take Place!', Journal of Strategic Studies, Publisher, vol. 36, no. 1, pp. 101-8. Strauss, A & Corbin, J 1994, 'Grounded Theory Methodology', in NK Denzin & YS Lincoln (eds), Handbook of Qualitative Research, Sage Publications Inc, Thousand Oaks, CA, pp. 273-85. Straver, MC, Vincent, E & Fournier, P 2006, 'Experiences with the Mana Simulation Tool', Defence Research and Development Canada (DRDC) Valcartier Operational Research Team. Technical Memorandum. Quebec, Canada, Publisher, vol. 404, http://pubs.rddc- drdc.gc.ca/BASIS/pcandid/www/engpub/DDW?W%3DAUTHOR+%3D+%27Straver %2C+M.C.%27%26M%3D2%26R%3DY%26U%3D1. Synnaeve, G & Bessiere, P Year, ‘Special Tactics: A Bayesian Approach to Tactical Decision-Making’, IEEE Conference on Computational Intelligence and Games (CIG), Granada, Spain. 11-14 September 2012, IEEE. Szentgali, G 2013, 'The Nato Policy on Cyber Defence: The Road So Far', AARMS: Academic & Applied Research in Military Science. Budapest, Hungary., Publisher, vol. 12, no. 1. Talmadge, C 2013, 'The Puzzle of Personalist Performance: Iraqi Battlefield Effectiveness in the Iran-Iraq War', Security Studies. New York, USA, Publisher, vol. 22, no. 2, pp. 180-221. Tamás, PA & Kampen, JK 2015, 'Heresy and the Church of Q: A Reply', Quality & Quantity. Wageningen, The Netherlands, Publisher, vol. 49, no. 2, pp. 539-40. Taylor, J, Yildirim, U & Murphy, W Year, ‘Hierarchy-of-Models Approach for Aggregated- Force Attrition’, 32nd conference on Winter simulation, Orlando, Florida. 10-13 December 2000, Society for Computer Simulation International. Taylor, JG 1980a, Lanchester-Type Models of Warfare. Volume I, Naval Postgraduate School, NP School, Monterey, CA. Taylor, JG 1980b, Lanchester-Type Models of Warfare. Volume Ii, Naval Postgraduate School, NP School, Monterey, CA. Teddlie, C & Tashakkori, A 2009, Foundations of Mixed Methods Research: Integrating Quantitative and Qualitative Approaches in the Social and Behavioral Sciences, Sage, Los Angeles. Throne, M, Holden, W & Lickteig, C 2000, Automated Measures of Staff Performance for Battle Command Reengineering Iii, US Army Research Institute for the Behavioral and Social Sciences, UAR Institute, Fort Knox, KY. Tipton, HF & Nozaki, MK 2012, Information Security Management Handbook. Sixth Edition, Volume 6, CRC Press. Taylor & Francis. Auerbach Publications., Boca Raton, FL. USA. Tisserand III, JB 2003, Network Centric Warfare Case Study: Us V Corps and 3rd Infantry Division (Mechanized) During Operation Iraqi Freedom Combat Operations (Mar- Apr 2003). Volume 3. Network Centric Warfare Insights, Center for Strategic Leadership, UAW College, Carlisle Barracks, Pennsylvania. Tisue, S & Wilensky, U Year, ‘Netlogo: A Simple Environment for Modeling Complexity’, International Conference on Complex Systems, Boston, MA. 16-21 May 2004, New England Complex Systems Institute. Tolk, A 2012a, 'Challenges of Combat Modeling and Distributed Simulation', in EMaS Engineering (ed), Engineering Principles of Combat Modeling and Distributed Simulation, John Wiley & Sons, Inc., New Jersey, USA, pp. 1-22, http://onlinelibrary.wiley.com/doi/10.1002/9781118180310.ch1/summary.

391

Cyberspace Weaponisation: Modelling Cyber-Effects and their Impacts on Mission Success, Human Factors and Kinetic Outcomes in the Tactical Land Combat Environment. Lieutenant Colonel David Ormrod.

Tolk, A 2012b, Engineering Principles of Combat Modeling and Distributed Simulation, Wiley Online Library. Tolk, A 2013, Ontology, Epistemology, and Teleology for Modeling and Simulation, Springer, Berlin, Heidelberg. Tolk, A, Adam, NR, Cayirci, E, Pickl, S, Shumaker, R, Sullivan, JA & Waite, WF Year, ‘Defense and Security Applications of Modeling and Simulation—Grand Challenges and Current Efforts’, 2012 Winter Simulation Conference (WSC), Berlin, Germany. 09-12 December 2012, Institute of Electrical and Electronics Engineers, December 09 - 12. Tolk, A, Bair, LJ & Diallo, SY 2013, 'Supporting Network Enabled Capability by Extending the Levels of Conceptual Interoperability Model to an Interoperability Maturity Model', The Journal of Defense Modeling and Simulation: Applications, Methodology, Technology. Washington DC, USA, Publisher, vol. 10, no. 2, pp. 145- 60. Tolk, A, Heath, BL, Ihrig, M, Padilla, JJ, Page, EH, Suarez, ED, Szabo, C, Weirich, P & Yilmaz, L Year, ‘Epistemology of Modeling and Simulation’, 2013 Winter Simulation Conference (WSC), Washington DC, USA. 08-11 December 2013, IEEE, 8-11 Dec. 2013. Trkman, P 2010, 'The Critical Success Factors of Business Process Management', International Journal of Information Management. Amsterdam, The Netherlands, Publisher, vol. 30, no. 2, pp. 125-34. Tuukkanen, T 2011, 'Adapting the Current National Defence Doctrine to Cyber Domain', International Journal of Cyber Warfare and Terrorism (IJCWT). Pennsylvania, USA, Publisher, vol. 1, no. 4, pp. 32-52. Tzu, S, Griffith, SB & Hart, BHL 1971, The Art of War, Oxford University Press, Oxford, UK. UK Ministry of Defence 2011, Joint Doctrine Note 3/11: Decision-Making and Problem Solving: Human and Organisational Factors, UK Ministry of Defence, Swindon, Wiltshire. United States Army 2014, Field Manual 3-38 Cyber Electromagnetic Activities, Washington, DC. USA. United States Department of Defense 2001, Joint Publication 1-02. Department of Defense Dictionary of Military and Associated Terms., Department of Defense. Joint Chiefs of Staff. , Washington, DC., viewed 19 Feb 15, http://www.dtic.mil/doctrine/new_pubs/jp1_02.pdf. United States Department of Defense 2011, Department of Defense Strategy for Operating in Cyberspace., ed. Department of Defense, Washington, DC. USA. United States Department of Defense 2013, Task Force Report: Resilient Military Systems and the Advanced Cyber Threat. , Department of Defense., Washington, D.C, viewed 12 Feb 15, http://www.acq.osd.mil/dsb/reports/ResilientMilitarySystems.CyberThreat.pdf. United States Department of Homeland Security 2011, Blueprint for a Secure Cyber Future: The Cybersecurity Strategy for the Homeland Security Enterprise, US Department of Homeland Security, Washington DC, USA. University of Foreign Military and Cultural Studies 2012, Red Team Handbook, University of Foreign Military and Cultural studies, Fort Leavenworth, KA. US Air Force 2010, 'Cyberspace Operations', Air Force Doctrine Document 3-12, Publisher, vol. Incorporating Change 1, 30 November 2011. US Army 2004, Ranger Handbook, Citeseer, Fort Benning, Georgia.

392

Cyberspace Weaponisation: Modelling Cyber-Effects and their Impacts on Mission Success, Human Factors and Kinetic Outcomes in the Tactical Land Combat Environment. Lieutenant Colonel David Ormrod.

US Defense Science Board Task Force 1999, The Defense Science Board Task Force on Tactical Battlefield Communications Final Report, ed. Office of the Under Secretary of Defense for Acquisition and Technology, DIANE Publishing, Washington DC, USA. US Department of Defense 2013, Joint Publication 3-12 (R) - Cyberspace Operations, US Department of Defense, Washington DC, USA, viewed 01 Feb 2016, http://www.dtic.mil/doctrine/new_pubs/jointpub_operations.htm. US Department of Defense 2014, Develop a Methodology for Cyber Electronic Warfare Battle Damage Assessment (BDA) Using Game Theory, Navy Small Business Innovation Research/Small Business Technology Transfer, UDo Defense, National Harbor, MD. US Marine Corps 2011, MCRP 5-12c Marine Corps Supplement to the Department of Defense Dictionary of Military and Associated Terms, Department of Defense., Washington, DC., viewed 15 Feb 2016, http://www.marines.mil/Portals/59/Publications/MCRP%205- 12C%20Marine%20Corps%20Supplement%20to%20the%20DoD%20Dictionary%20 of%20Military%20and%20Associated%20terms.pdf. Van Creveld, M 1985, Command in War, Harvard University Press, Cambridge, MA, USA. Van der Heijden, K 2005, Scenarios: The Art of Strategic Conversation, Wiley, Chichester, UK. van der Hulst, A 2013, ‘The Potential of Serious Games for Training of Urban Operations’, NATO Modelling Simulation and Gaming -111 Multi-Workshop, Sydney, Australia. 17-18 October 2013, NATO Science and Technology Organisation. van Heerden, RP, Irwin, B & Burke, I 2012, ‘Classifying Network Attack Scenarios Using an Ontology’, 7th International Conference on Information Warfare and Security, Seattle, USA. 22-23 March 2012, Academic Conferences Limited. Veerasamy, N, Grobler, M & Von Solms, B 2012, 'Building an Ontology for Cyberterrorism', Publisher. Vego, MN 2002, Operational Deception in the Information Age, DTIC Document. Velten, K 2009, Mathematical Modeling and Simulation: Introduction for Scientists and Engineers, John Wiley & Sons, Berlin, Germany. Vieira, AC, Houmb, SH & Insua, DR Year, ‘A Graphical Adversarial Risk Analysis Model for Oil and Gas Drilling Cybersecurity’, The International Workshop on Graphical Models for Security, Grenoble, France. 12 April 2014, Electronic Proceedings in Theoretical Computer Science (EPTCS). Viswanathan, M 2005, Measurement Error and Research Design, SAGE Publications, Illinois, USA. Von Clausewitz, C 2008, On War, Princeton University Press, New Jersey, USA. von Rosing, M, White, S, Cummins, F & de Man, H 2013, Business Process Model and Notation—Bpmn, Object Management Group, OM Group, Massachusetts, USA. Vorobeychik, Y & Porche, IR 2009, 'Game-Theoretic Methods for Analysis of Tactical Decision-Making Using Agent-Based Combat Simulations', Military Operations Research. Arlington, VA, Publisher, vol. 14, no. 4, pp. 21-39. Wan, SC 2002, ‘An Exploratory Analysis on the Effects of Human Factors on Combat Outcomes’, Master of Science in Operations Research, Naval Postgraduate School. Wang, XH, Zhang, DQ, Gu, T & Pung, HK 2004, ‘Ontology Based Context Modeling and Reasoning Using Owl’, 2nd IEEE Annual Conference on Pervasive Computing and Communications Workshops, Washington DC, USA. 14-17 March 2004, IEEE. Washburn, AR & Kress, M 2009, Combat Modeling, Springer, Berlin, Heidelberg.

393

Cyberspace Weaponisation: Modelling Cyber-Effects and their Impacts on Mission Success, Human Factors and Kinetic Outcomes in the Tactical Land Combat Environment. Lieutenant Colonel David Ormrod.

Watman, K 2001, 'Global 2000', Naval War College Review. Rhode Island, USA, Publisher, vol. 54, no. 2, p. 75. Watters, J, Morrissey, S, Bodeau, D & Powers, SC 2009, 'The Risk-to-Mission Assessment Process (Riskmap): A Sensitivity Analysis and an Extension to Treat Confidentiality Issues', The MITRE Corporation, Institute for Information Infrastructure Protection. Virginia, USA, Publisher, http://www.mitre.org/publications/technical-papers/the- risktomission-assessment-process-riskmap-a-sensitivity-analysis-and-an-extension-to- treat-confidentiality-issues. Watts, BD 1996, Clausewitzian Friction and Future War. Revised Edition. Mcnair Paper 68, National Defense University. Institute for National Strategic Studies. , Washington DC. Watts, S & Stenner, P 2012, Doing Q Methodological Research, SAGE Publications Ltd,, London,. Weber, EP & Khademian, AM 2008, 'Wicked Problems, Knowledge Challenges, and Collaborative Capacity Builders in Network Settings', Public Administration Review. Washington DC, USA, Publisher, vol. 68, no. 2, pp. pp334-49, http://onlinelibrary.wiley.com/doi/10.1111/j.1540-6210.2007.00866.x/abstract. Weedon, C 1996, Feminist Practice and Poststructuralist Theory, 2nd ed. edn., Blackwell Publishing, Cambridge, MA. Weiner, B & Kazdin, A 2000, Encyclopedia of Psychology, Encyclopedia of Psychology, John Wiley and Sons, Washington DC, USA. Whitacre, J & Bender, A 2010, 'Degeneracy: A Design Principle for Achieving Robustness and Evolvability', Journal of Theoretical Biology. Amsterdam, The Netherlands, , vol. 263, no. 1, pp. pp.143-53. Whitacre, J & Bender, A 2013, 'Pervasive Flexibility in Living Technologies through Degeneracy-Based Design', Artificial life. MIT Press. Cambridge, MA, USA, vol. 19, no. 3-4, pp. pp.365-86. Wieringa, RJ 2014, Design Science Methodology for Information Systems and Software Engineering, Springer, Berlin, Heidelberg. Williamson, K 2013, Research Methods: Information, Systems and Contexts, Tilde University Press, Prahran, VIC. Wilson, C 2007, Network Centric Operations: Background and Oversight Issues for Congress, Congressional Research Service., Washington DC, USA, viewed 20 Aug 2015, https://www.fas.org/sgp/crs/natsec/RL32411.pdf. Wit, E, Heuvel, Evd & Romeijn, JW 2012, '‘All Models Are Wrong...’: An Introduction to Model Uncertainty', Statistica Neerlandica. Groningen, the Netherlands, vol. 66, no. 3, pp. 217-36. Wittman, R & Harrison, C 2001, Onesaf: A Product Line Approach to Simulation Development, The MITRE Corporation, TM Corporation, Orlando, Florida, USA. Wittman, R & Surdu, J Year, ‘Onesaf Objective System: Toolkit Supporting User and Developer Lifecycles within a Multi-Domain Modeling and Simulation Environment’, Simulation Technology and Training Conference (SimTecT 2005), Sydney, Australia, CiteSeer. Wohlstetter, R 1965, Cuba and Pearl Harbour: Hindsight and Foresight, RAND Corporation for the Office of the Assistant Secretary of Defense International Security Affairs., Santa Monica, CA. Wright, C & Bradley, T 2007, Artillery Fire Control System, Google Patents. Patent US 7,275,691 B1., San Francisco, USA, https://www.google.com/patents/US7275691.

394

Cyberspace Weaponisation: Modelling Cyber-Effects and their Impacts on Mission Success, Human Factors and Kinetic Outcomes in the Tactical Land Combat Environment. Lieutenant Colonel David Ormrod.

Wu, J, Yin, L & Guo, Y Year, ‘Cyber Attacks Prediction Model Based on Bayesian Network’, IEEE 18th International Conference on Parallel and Distributed Systems, Singapore, 17 Dec - 19 Dec 2012, IEEE Computer Society. Xie, P, Li, JH, Ou, X, Liu, P & Levy, R Year, ‘Using Bayesian Networks for Cyber Security Analysis’, Dependable Systems and Networks (DSN), 2010 IEEE/IFIP International Conference on, IEEE. Yang, A 2006, ‘A Networked Multi-Agent Combat Model: Emergence Explained’, Doctor of Philosophy, University of New South Wales, Australian Defence Force Academy. Yang, A, Abbass, HA & Sarker, R 2005a, 'How Hard Is It to Red Team?', in M Khosrow- Pour (ed), Electronic Government: Concepts, Methodologies, Tools and Applications, Information Science Reference, Pennsylvania, USA, pp. 4045-69. Yang, A, Abbass, HA & Sarker, R 2005b, 'Wisdom-Ii: A Network Centric Model for Warfare', in R Khosla (ed), Knowledge-Based Intelligent Information and Engineering Systems, Springer, Berlin, Heidelberg, pp. 813-9. Yildiz, F 2014, ‘Modeling the Effects of Cyber Operations on Kinetic Battles’, Master of Science in Operations Research, Naval Postgraduate School. Yu, L 2014, A Developer’s Guide to the Semantic Web, Springer Berlin Heidelberg, Berlin, Heidelberg. Yun, W-S, Moon, I-C & Lee, T-E 2015, 'Agent-Based Simulation of Time to Decide: Military Commands and Time Delays', Journal of Artificial Societies and Social Simulation. Surrey, UK, vol. 18, no. 4, p. 10. Zeigler, BP & Sarjoughian, HS 2013, 'Modeling and Simulation of Living Systems as Systems of Systems', Guide to Modeling and Simulation of Systems of Systems, Springer, London, UK, pp. 281-305. Zhang, D & Foo, N 2001, Epdl: A Logic for Causal Reasoning, The University of New South Wales., Sydney, NSW., viewed 19 1, http://catalogue.nla.gov.au/Record/3291197.

395