A characterization of cybersecurity simulation scenarios

The rate and sophistication of cyber-attacks are ever increasing forcing organizations to test their systems and assess their risks for specific situations (eg, data breach). Simulation is an emerging field in testing and assessing cybersecurity risk as it allows modeling cyber systems, their interdependencies, and interactions between cyber systems and people who are using, policing, and even attacking these systems. With cybersecurity scenarios, we help describe and formulate these complex interdependencies and relationships. In this paper, we first characterize cybersecurity scenarios along (1) the nature of cyber systems with considerations for design and (2) the type of actor with considerations of abilities. This characterization provides a more clear distinction compared to military oriented LVC (Live-Virtual-Constructive) simulation characterization. We then review examples from the literature based on our characterization. According to our review, we note that cyber system representation has been widely explored while actor representation is often realized at the technical-level dismissing social and cognitive aspects. Thus, we believe that paying more attention to social and cognitive aspects of actor representation, especially as developing general-purpose tools, will benefit the modeling and simulation community.

Recommended citation: Kavak, Hamdi; Padilla, Jose J; Vernon-Bido, Daniele; Gore, R; Diallo, S. (2016). "A characterization of cybersecurity simulation scenarios". SpringSim (CNS). 3.
Download Paper