Metrics Framework of Cyber Operations on Command and Control

The reliance of modern military forces on networks and information systems makes them susceptible to cyber attacks and highlights the importance of cyber operations. This increased awareness of cyber operations has led to a need for concept development and experimentation. Concept development and experimentation work must be assessed, which requires measurement and metrics. To date, little work has been done to measure the impact of cyber operations on military command and control. This paper will address this requirement by putting forward a framework for the measurement of the impact of cyber operations on the effectiveness of the command and control of military missions. There have been many research efforts to describe measurement in the following capabilities: Command, Control, Communications, Computers, Intelligence, Surveillance and Reconnaissance (C4ISR), Network Enabled Operations (Net Enabled Ops), and Command and Control (C2). While these related fields have strong links to cyber operations, none of the associated measurement efforts specifically address the particular measurement requirements of the cyber realm. We propose a metrics framework for cyber operations that is adapted from the measures development work of the US Department of Defence Director of Operational Test and Evaluation, which recommends conducting the assessment at the mission, task and system level. We pay particular attention to the mission and task levels, which describe what is being done, why it is being done, and how well it is being done. The framework elements are "Mission Objective", "Desired Effects", "Functions", "Attributes", and "Metrics". This paper will describe how the framework measures the cyber effects described in Simulation Approach for Military Cyber Operations (also submitted to this conference). The major contribution of the paper will be the application of the attributes and metrics discussed in the related capabilities of C4ISR, Net Enabled Ops, and C2 to the measurement of cyber effects.