Solution

• Cyber operations’ performance or impact analysis varies based on the nature of the cyber-attacks or missions or operations (e.g., defensive or offensive).

• For example, the following cyber analysis activities can be used in cyber operations assessment (Kott et al. 2015):

• Detect attacks in a mission-supporting manner.

• Assess damages relevant to the mission: Forensic tools are important to understand the attack, attackers, and assess damages.

• Investigate impacts on mission elements.

• Recover from attacks.

• Decide on how to respond to cyber-attacks to maximize mission success.

• Evaluate different possible mitigation alternatives.

• Kott et al. (2015) discussed different models to cyber operations’ impact analysis (COIA) such as: risk analysis problem, control theoretic style, game theoretic, reverse engineering, malware analysis, and adversary modeling.

• In studying cyber operations’ impact analysis, we should not also ignore the dimensions related to understand humans’ behavior; whether those are the defenders or the attackers. Cognitive modeling and tools such as Adaptive Control of Thought—Rational (ACT-R) can be used to model attackers’ behaviors.

• Kott et al. (2015) mentioned two particular models that can be utilized in COIA, namely: Canadian Automated Computer Network Defense (ARMOUR) demonstrator and European Union PANOPTESEC.

• In a COIA model by MITRE (www.mitre.org), the model described several model requirements through which assessment can be thorough and accurate, Fig. (Musman et al. 2009). This model is an example of a data-flow representation.

• Extending MITRE Cyber Mission Impact Assessment (CMIA) Tool, AMICA model combines process modeling, discrete event simulation, graph-based dependency modeling, and dynamic visualizations (Noel et al. 2015). Jakobson (2011) proposes an impact dependency graph, Fig.