Complexity Engineering

QCM-based Post-Strike Damage Assessment

Consider an enemy network or infrastructure, such as the one shown below. The network is composed of around fifty assets. It could be an energy distribution or a telecomunication network. Suppose the network must be destroyed or crippled in the context of Offensive Cyber Operations (OCO) or in a more conventional strike using ground or airborne assets. The question is where to strike and when to strike.

However, in this blog we address the equally important issue of measuring the effectivness of the strike, i.e. the goal is to measure damage. This will be done from a systemic perspective using QCM technology.

Let us also suppose that the network has been under observation for a certain period of time and it has been determined that its peak complexity is just over 82 Mbits. The density of the network is 64%. This is a high value of density and means that damage propagation (contagion) throughout such a system should be pretty fast. The network also contains numerous hubs (larger boxes on map’s diagonal). This means that there are plenty of good candidates for attack to choose from. In essence, according to QCM (i.e. according to the capacity of a network to carry information) the best moment to strike is at its peak complexity.

Depending on the available energy budget, a strike is delivered. In practice, a certain number of hubs (nodes) is attacked. The result is a crippled network which does, however, retain some residual functionality. The damaged network is illustrated below.

Complexity has dropped to 24 Mbits, while density is now 21%. The number of hubs is now substantially lower than in the pre-strike configuration. Targeting Assets 29 and, say, 42 or 43 should finish things off.

The chart below shows how the complexity of the network increases from an initial value of just under 60 Mbits. After approximately 20 minutes a strike is delivered when peak complexity is attained (82 Mbits). After one hour and forty minutes, the network complexity is down to 24 Mbits. It does try to recover (see t=60 and 90) but after t=115, the system collapses to its final value of 25 Mbits.

The question now is:

What is the amount of damage?

When it comes to destroying complex critical infrastructures or large networks, it is not easy to determine the degree of damage after the strike has been delivered. One simple way to measure damage is to compute the complexity ratio between the pre and post values:

Damage_c = 1 – C_pre/C_post = 1 – 24/82 = 71%

An alternative is to use network density:

Damage_d = 1 – C_pre/C_post = 1 – 21/64 = 67%

A more comprehensive means of damage assessment is to compare not only the map complexity or densities but to compare the entire topologies of both maps. This can be done using OntoTest. Without going into the details of how this is done, the result is as follows:

OntoTest measures the degree of similarity of two data sets – in this case pre and post strike data sets are compared. It is found that the degree of similarity (correlation) is low, around 18%. This means that:

Damage_t = 1 – 18% = 82%

This is the true amount of damage that has been inflicted. In order to find out how the damage has actually been distributed, it is sufficient to examine the Delta Profile, shown below:

Crippling or destroying Asset 44 induces 4% of the total damage. A additional 3.8% is contributed by Asset49, etc. Other Assets, such as 10, 12, 14 or 19 do not contibute to any systemic damage of the network. This means that targeting them may not have been a good idea.

Established originally in 2005 in the USA, Ontonix is a technology company headquartered in Como, Italy. The unusual technology and solutions developed by Ontonix focus on countering what most threatens safety, advanced products, critical infrastructures, or IT network security - the rapid growth of complexity. In 2007 the company received recognition by being selected as Gartner's Cool Vendor. What makes Ontonix different from all those companies and research centers who claim to manage complexity is that we have a complexity metric. This means that we MEASURE complexity. We detect anomalies in complex defense systems without using Machine Learning for one very good reason: our clients don’t have the luxury of multiple examples of failures necessary to teach software to recognize them. We identify anomalies without having seen them before. Sometimes, you must get it right the first and only time!

0 comments on “QCM-based Post-Strike Damage Assessment

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

%d bloggers like this: