:orphan: .. **************************************************************************** .. CUI .. .. The Advanced Framework for Simulation, Integration, and Modeling (AFSIM) .. .. The use, dissemination or disclosure of data in this file is subject to .. limitation or restriction. See accompanying README and LICENSE for details. .. **************************************************************************** cyber_protect ------------- Navigation: :ref:`cyber_overview` .. command:: cyber_protect ... end_cyber_protect :block: .. parsed-literal:: cyber_protect # Defines the response to the attack **. # Repeat as necessary to handle additional attack types attack_response_ ** probability_of_scan_detection_ ... probability_of_scan_attribution_ ... probability_of_attack_success_ ... probability_of_status_report_ ... probability_of_attack_detection_ ... probability_of_attack_attribution_ ... probability_of_future_immunity_ ... attack_detection_delay_time_ ... attack_recovery_delay_time_ ... script bool :command:`cyber_protect.IsVulnerable` ... script bool :command:`cyber_protect.OnScanDetection` ... script bool :command:`cyber_protect.OnAttackDetection` ... script bool :command:`cyber_protect.OnAttackRecovery` ... end_attack_response # Define the default attack response should an attack occur # for an attack type that does not have an accompanying response. attack_response_ default ... end_attack_response end_cyber_protect The name of the cyber_protect type being defined. The name of an existing cyber_protect type or WSF_CYBER_PROTECT, whose definition will be used as the initial definition of the new type. Instantiation on a platform type: .. parsed-literal:: platform_type cyber_protect ... end_cyber_protect end_platform_type Adding cyber_protect_ to a platform: .. parsed-literal:: platform # or edit platform add cyber_protect ... end_cyber_protect end_platform Editing a cyber_protect_ object on a platform: .. parsed-literal: platform # or edit platform edit cyber_protect ... end_cyber_protect end_platform Overview ======== The cyber_protect_ object defines a platforms response to cyber attacks, which includes the ability to block, detect and recover from an attack. Every active platform active in a simulation will have either an explicitly or implicitly define cyber_protect_ object. The object contains zero or more attack_response_ blocks, each of which defines the response to a particular type of attack as defined by :command:`cyber_attack`. When an attack is attempted the response will be selected according to the following algorithm: 1. Attempt to locate the :command:`cyber_protect.attack_response` with the name ''. 2. If step 1 fails, for each :command:`cyber_attack` type that '' inherits from, attempt to locate the :command:`cyber_protect.attack_response` whose name matches the inherited type. 3. If steps 1 and 2 fail attempt to locate the :command:`cyber_protect.attack_response` entry named 'default'. 4. If steps 1, 2 and 3 fail use an internal response dynamically created from the default default response values in the :command:`cyber_attack` type ''. For more information about the implementation of a cyber attack please see :ref:`cyber_overview`. Commands ======== .. command:: attack_response [ | default ] ... end_attack_respone Define the response to the attack **. ** must be a defined :command:`cyber_attack` type or the word 'default', which signifies the attack response to use if an attack is received for which there is not a defined attack response. attack_response Subcommands ^^^^^^^^^^^^^^^^^^^^^^^^^^^ .. begin This section defines the commands that occur within the attack_response_. .. command:: probability_of_scan_detection [ 0 .. 1 ] The probability threshold that a scan function will be detected. **Default**: From :command:`cyber_attack.probability_of_scan_detection` in the applicable :command:`cyber_attack`. .. command:: probability_of_scan_attribution [ 0 .. 1 ] The probability threshold that a scan function will be attributed. **Default**: From :command:`cyber_attack.probability_of_scan_attribution` in the applicable :command:`cyber_attack`. .. command:: probability_of_attack_success [ 0 .. 1 ] The probability threshold that an attack will be declared successful. **Default**: From :command:`cyber_attack.probability_of_attack_success` in the applicable :command:`cyber_attack`. .. command:: probability_of_status_report [ 0 .. 1 ] The probability threshold that the attacker will receive immediate notification of the success or failure of an attack. **Default**: From :command:`cyber_attack.probability_of_status_report` in the applicable :command:`cyber_attack`. .. command:: probability_of_attack_detection [ 0 .. 1 ] The probability threshold that an attack will be detected by the victim. **Default**: From :command:`cyber_attack.probability_of_attack_detection` in the applicable :command:`cyber_attack`. .. command:: probability_of_attack_attribution [ 0 .. 1 ] The probability threshold that an attack will be attributed by the victim. **Default**: From :command:`cyber_attack.probability_of_attack_attribution` in the applicable :command:`cyber_attack`. .. command:: probability_of_future_immunity [ 0 .. 1 ] The probability threshold that the victim will be immune to future attacks of the same type. **Default**: From :command:`cyber_attack.probability_of_future_immunity` in the applicable :command:`cyber_attack`. .. command:: attack_detection_delay_time The amount of time it takes before the victim become aware of an attack. **Default**: Infinity .. command:: attack_recovery_delay_time The amount of time it takes for the victim to recover from an attack after it becomes aware of the attack. **Default**: Infinity .. command:: IsVulnerable (script) .. parsed-literal:: script bool IsVulnerable(:class:`WsfCyberEngagement` aEngagement) end_script Define an optional script that is invoked when a scan or an attack occurs against the platform. This may be used to implement more complex vulnerability assessment based on the operating conditions rather than just using random draws. The script should return a 'true' if the platform is vulnerable to the scan or attack or 'false' if not. If this script returns a 'false' not vulnerable value, then the scan or attack currently in progress will be aborted without providing any notification to the attacker. Note that even if this script determines that a victim platform is vulnerable to an attack or scan, the victim's immunity status will still be evaluated in determining whether or not to proceed with the scan or attack. **Default**: Not defined. .. command:: OnScanDetection (script) .. parsed-literal:: script void OnScanDetection(:class:`WsfCyberEngagement` aEngagement) end_script Define an optional script that is invoked when a scan occurs against the platform. This may be used to model such effects as notifying others that something suspicious is occurring. **Default**: Not defined. .. command:: OnAttackDetection (script) .. parsed-literal:: script void OnAttackDetection(:class:`WsfCyberEngagement` aEngagement) end_script Define an optional script that is invoked after an attack has occurred upon the expiration of the attack_detection_delay_time_. This might be used to model effects such notify others of the attack. **Default**: Not defined. .. command:: OnAttackRecovery (script) .. parsed-literal:: script void OnAttackRecovery(:class:`WsfCyberEngagement` aEngagement) end_script Define an optional script that is invoked during an attack after the expiration of the attack_recovery_delay_time_. This may be used to model such effects as notifying others that they are once again operational. **Default**: Not defined. .. end