Cyber operations’ performance or impact analysis varies based on the nature of the cyber-attacks or missions or operations (e.g., defensive or offensive).
For example, the following cyber analysis activities can be used in cyber operations assessment (Kott et al. 2015):
Detect attacks in a mission-supporting manner.
Assess damages relevant to the mission: Forensic tools are important to understand the attack, attackers, and assess damages.
Investigate impacts on mission elements.
Recover from attacks.
Decide on how to respond to cyber-attacks to maximize mission success.
Evaluate different possible mitigation alternatives.
Kott et al. (2015) discussed different models to cyber operations’ impact analysis (COIA) such as: risk analysis problem, control theoretic style, game theoretic, reverse engineering, malware analysis, and adversary modeling.
In studying cyber operations’ impact analysis, we should not also ignore the dimensions related to understand humans’ behavior; whether those are the defenders or the attackers. Cognitive modeling and tools such as Adaptive Control of Thought—Rational (ACT-R) can be used to model attackers’ behaviors.
Kott et al. (2015) mentioned two particular models that can be utilized in COIA, namely: Canadian Automated Computer Network Defense (ARMOUR) demonstrator and European Union PANOPTESEC.
In a COIA model by MITRE (www.mitre.org), the model described several model requirements through which assessment can be thorough and accurate, Fig. (Musman et al. 2009). This model is an example of a data-flow representation.
Extending MITRE Cyber Mission Impact Assessment (CMIA) Tool, AMICA model combines process modeling, discrete event simulation, graph-based dependency modeling, and dynamic visualizations (Noel et al. 2015). Jakobson (2011) proposes an impact dependency graph, Fig.