Cyber operations are relatively a new phenomenon of the last two decades. During that period, they have increased in number, complexity, and agility, while their design and development have been processes well kept under secrecy. As a consequence, limited data(sets) regarding these incidents are available. Although various academic and practitioner public communities addressed some of the key points and dilemmas that surround cyber operations (such as attack, target identification and selection, and collateral damage), still methodologies and models are needed in order to plan, execute, and assess them in a responsibly and legally compliant way. Based on these facts, it is the aim of this article to propose a model that i)) estimates and classifies the effects of cyber operations, and ii) assesses proportionality in order to support targeting decisions in cyber operations. In order to do that, a multi-layered fuzzy model was designed and implemented by analysing real and virtual realistic cyber operations combined with interviews and focus groups with technical – military experts. The proposed model was evaluated on two cyber operations use cases in a focus group with four technical – military experts. Both the design and the results of the evaluation are revealed in this article.@en

Cyber Operations stopped being utopia or Sci-Fi based scenarios: they became reality. When planning and conducting them, military actors encounter difficulties since they lack methodologies and models that support their actions and assess their effects. To address these issues by tackling the underlying scientific and practical gap, this article proposes an assessment methodology for the intended and unintended effects of Cyber Operations, labeled as Military Advantage, Collateral Damage and Military Disadvantage, and aims at supporting the targeting process when engaging targets in Cyber Operations. To arrive at this methodology, an extensive review on literature, military doctrine and methodologies was conducted combined with two series of interviews with military commanders and field work in joint military exercises. The assessment methodology is proposed considering multidimensional factors, phases and steps in a technical - military approach. For validation, one realistic Cyber Operation case study was conducted in a focus group with nine military experts plus four face-to-face meetings with another four military experts.@en

Cyber operations lack models, methodologies, and mechanisms to describe relevant data and knowledge. This problem is directly reflected when cyber operations are conducted and their effects assessed, and it can produce dissonance and disturbance in corresponding decision-making processes and communication between different military actors. To tackle these issues, this article proposes a knowledge model for cyber operations implemented as a computational ontology following a design science approach grounded on extensive technical-military research. This model classifies the essential entities of cyber operations and is exemplified in three case studies. Validation results show that this model can be used to describe cyber operations clearly and concisely. @en

Cyber Warfare is perceived as a radical shift in the nature of warfare. It can represent a real alternative next to other types of Military Operations to achieve military and/or political goals in front of adversaries. To this end, Cyber Operations use specific technologies i.e. cyber weapons/capabilities/means. With a short but intense history of incidents/ events labelled as Cyber Operations or Cyber Warfare incidents, their potential and scale of impact has proven to cross geographical and digital borders. In this way, their effects are impacting not only their engaged targets, but also other collateral actors and systems, at local, national, regional, and global scale.@en

As cyber operations are evolving to become a major military enabler, cyber activities and their resulting effects should also be represented in simulation environments. Currently much effort is being put into creating simulation environments to enable the simulation of cyber operations at the technical (network) level. At this level the focus is on detection and exploitation of vulnerabilities on the offensive side and on prevention, detection and mitigation of malicious intrusions on the defensive side. Simulations at this level facilitate training of and competition between cyber technicians. Typical examples are so-called “Capture-the-flag” events. However, cyber operations also have an important impact at the tactical, operational and strategical level, but so far little effort has been put into integration of cyber operations and their effects at these levels. What there is, is mainly limited to degrading some of the tactical data communication or switching off C2 systems or simulators. A standard approach is required to integrate offensive and defensive cyber activities and their resulting effects in simulation environments in a timely, efficient, interoperable, and cost-effective manner. A first requirement for a standard approach is to describe the elements of systems that can be affected by cyber operations, their characteristics, the way they interact, offensive and defensive cyber activities and the effects they can have on operational capabilities. For this purpose, taxonomies and ontologies for cyber operations have been described in the literature, but they only cover elements of cyber operations (tailored to specific attacks, threats, vulnerabilities et cetera). All these attempts serve a specific research purpose and there is limited or no coherence between them. With only one exception that we know of, the research results have, beside papers, not been available for further development. Open sources and standards are lacking which hinders further development of interoperable products for introducing cyber operations in modelling and simulation for training and experimentation as they do exist for Land, Sea, Air, and Space. An ontology for the cyber domain is – however – important to the development of (re-usable) simulation conceptual models, simulation scenarios and simulation data exchange models. An ontology provides amongst others consistent naming, meaning, relations and interactions of the various elements used in the different models. TNO Defence Research is strongly involved in many standardisation activities for modelling and simulation in the military domain. In addition, as part of a doctoral research project (Technical University Delft, TNO Defence Research, and Netherlands Defence Academy (NLDA)) aimed at assessing the effects of cyber operations in support of targeting decision making that avoids collateral damage. In this context computational ontologies have been developed to describe cyber operations and to represent and reason around the necessary knowledge to assess the effects of cyber operations. These ontologies can be regarded as a (knowledge-based) simulation environment resulting from empirical research and design studies in the military cyber domain. This paper describes a development method, focussed on the construction of a cyber operations ontology for training and exercises, and the initial steps toward a cyber simulation data exchange model.@en

Due to the advancement of technology and continuing emergence of international conflict situations, wars are now also conducted into the official new battlefield: Cyberspace. Although several incidents have been characterized in terms of cyber operations, there is an important gap in the existing body of knowledge concerning the definition of this concept, and a formal mechanism of representing such operations is lacking. This can produce dissonance and disturbance in the decision making processes and communication in cyber operations, for instance, when planning or assessing their effects. In order to understand what cyber operations represent and to make communication more effective, this article proposes a multidisciplinary definition and a knowledge base for cyber operations implemented as a computational ontology. This article follows a design science approach and grounds its sources in extensive literature review, reports, military doctrine, case studies, evaluation interviews and direct participation and observation in joint military operations exercises and experience in writing cyber operations scenarios. The computational ontology has been designed to reflect the understanding of and the necessary communication in cyber operations based on the abovementioned sources. Its upper classes are: Context, Actor, Type, MilitaryObjective, Phase, Target, Cyber Weapon, Asset, Geolocation, Action and Effect. The ontology has been developed in Protégé by using the Ontology Engineering Methodology, and contains 140 classes, 37 individuals and 94 properties. This ontology makes possible the classification of the essential entities of a cyber operation: Military objective, target, cyber weapon/capability and effect. The proposed ontology has been exemplified and evaluated on two case studies conducted on Operation Olympic Games/Stuxnet and Georgia and with the help of two military experts with international experience. The validation results show that the proposed ontology is effective in representing cyber operations accurately, clearly and concisely. To increase its applicability, future research will focus on assessing the effects of Cyber Operations.@en

In the last decades we witnessed the creation of a virtual world: cyberspace, which offers plenty of opportunities and challenges. Meanwhile, we are confronted with many conflict situations between different groups of people or countries. In the last years, several events have been described in terms of cyber warfare or the use of cyber weapons, leading to critical international security concerns. At the same time, there is little research on the definitions of what constitutes a cyber weapon and how it can be profiled.The present article gives an answer to the question “How to define cyber weapons?” and proposes a conceptual framework that defines and profiles cyber weapons from a multidisciplinary perspective: cyber and military, considering legal aspects as well. This framework establishes the context of use and the life cycle of cyber weapons, defines them, presents their structure and proposes a way to profile them. The aim of this article is to support decision makers and academia that have to deal with the implications and consequences of cyber weapons. Therefore, to evaluate our framework, we propose a profiling matrix for Stuxnet, Operation Orchard and Black Energy and we conduct an exploratory case study on Stuxnet based on the existing literature@en