Measuring Cyber Operations Effectiveness
Air Command And Staff College Maxwell Air Force Base United States
Pagination or Media Count:
This paper outlines the various methods currently used to show the effectiveness of Network Operations, Cyber Defensive, and Offensive operations. Network operations effectiveness depends on the view of the person measuring it. It is a delicate balance of usability versus security with the mission of the network providing a guide. Network Defense can be measured using many automated tools, included in the defense hardware and software itself. These devices include hardware and software firewalls, Network Intrusion Detection and Prevention Systems. Security Information Event Management software allow the ingestion of all of the above system data into a single cohesive picture better able to detect advanced threats. The effectiveness of these devices and software can be measured through auditing using network scanners and frameworks like the SANS Critical Security Controls. Finally, a network vulnerability penetration test can be performed to test the systems and controls put in place to ensure they are working as designed. Penetration tests should use a framework like the Penetration Test Execution Standard in order to provide standardized and reproducible results. Measuring success in Offensive and Computer Network Exploitation depends on the goal. If the goal is to exfiltrate information and it was obtained without being detected the operation was a success. Attacks to degrade or harm systems can be measured if the end goal of the attacker can be determined.