Abstract
In recent years, cyberspace events, attacks, effects and responses have been added increasingly to LVC simulations, e.g., to increase awareness among general military personnel of the potential impact of a cyberattack on a mission.
In 2024, the Simulations Interoperability Standards Organization (SISO) released the Cyber Data Exchange Model (Cyber DEM) designed to support the interoperability between cyberspace models, simulations, cyber ranges participating in LVC simulations, and potentially also other cybersecurity systems. Connecting actual cyberspace elements, such as cyber ranges, can drastically improve the fidelity of simulated attacks, responses and effects.
Although highly desirable, the integration of a cyber range into a simulation environment could involve a significant effort, depending on the chosen architecture. That is, given that a cyber range is essentially a broad collection of ICT systems and software, interfacing with the Cyber DEM at the individual application level could result in a large number of specific interfaces.
An alternative architecture would involve integration through mediation with existing communication standards used within the military cyber security domain that also intend to describe cyberspace events, attacks, effects and responses. An initial exploration revealed two candidates. First, the NATO APP-11 Message Catalogue recently added six messages describing cyber events, observations, and responses. Second, the Malware Intelligence Sharing Platform (MISP) was recently adopted as the NATO standard for sharing threat intelligence between Cyber Security Operation Centers (SOC). In this paper, we will explore the integration potential of both.
The intended exploration will involve both a theoretical investigation and a bottom-up implementation-driven investigation performed within the context of the Coalition Warrior Interoperability Exercise (CWIX) 2025. Also, the paper will report on ongoing activities performed within the scope of NMSG 200, which looks at interoperability of cyber models within the scope of LVC simulations.