Cyber-FIT

Overview | People | Collaborators | Sponsors | Publications | Tools

In April of 2015, the United States Department of Defense published its Cyber Strategy, laying out a strategic direction to defend the country's cyberspace terrain that the military depends on. The report identifies a need for an "enterprise-wide cyber modeling and simulation capability" and the ability to "assess the capacity of the projected Cyber Mission Force to achieve its mission objectives when confronted with multiple contingencies". This project is a response to that call for action: the Cyber-FIT (Forces-Interactions-Terrain) agent-based modeling and simulation framework. This project lays out a framework with which military planners can simulate conflicts while varying adversary types, terrain types, and cyber mission force packages. The framework is seeded with empirically observed data, in order to present realistic interactions and behaviors. The primary focus of the Cyber-FIT project is allowing military planners to gain a more thorough understanding of the measures of cyber teams. The framework is designed to be flexible enough to conduct virtual experiments in many different ways. A visual representation of the framework is shown below:

Cyber-FIT 1

So far, virtual experiments have been conducted that measure cyber force package mission effectiveness, defender actions to counteract realistic cyber adversarial behavior, and cognitive modeling of team based cyber situational awareness. Currently, the code base is being updated to project cyber conflicts at scale, and dynamically analyze cyber team interactional behaviors. The goal of Cyber-FIT is to provide a mechanism with which to test out any number of theories or questions that are of interest to military planners. This could be a force development issue: What mixture of classroom training and on the job training leads to a better trained brigade? This could be strategic in nature: What is the proper ratio of cyber and kinetic missions? This could be technical in nature: Does a large scale system refresh actually decrease enterprise vulnerability levels? A screenshot of the dashboard of the NetLogo version is shown below:

Contrasting Twitter 2