Abstract

This precis describes a tool for quantifying the vulnerability of a communications network. It is important that information warfare studies include both offensive and defensive strategies in an integrated manner since neither can be studied in isolation. It is assumed that an attacker has a finite amount of resources with which to discover faults in the network security of a data communications network and that each fault discovery consumes the attackersâ?? resources. Network security actions may be taken to increase security in strategic areas of the network and to actively deter an attack. Reactions such as these by network security in response to an attack have a both a monetary cost and a cost in terms of reduction of network resources and degradation of services to network consumers. An optimal course of action by network security in response to an attack is to minimize network access to an attacker while also minimizing the impact to legitimate network consumers. This requires precise assessment of network security vulnerability and quantification of effects on network consumers by actions taken by network security in response to an attack. This white paper proposes incorporating methods and algorithms into an existing proto-type tool that we have developed for using vulnerability information collected from an actual network and simulating the results of an attack so the command and control strategies can be studied.