Article

Coming Full Circle with Boyd's OODA Loop Ideas: An Analysis of Innovation Diffusion and Evolution

Authors:
To read the full-text of this research, you can request a copy directly from the author.

Abstract

The Observe-Orient-Decide-Act (OODA) Loop ideas of Air Force Colonel John Boyd have impacted the Department of Defense (DoD), influenced military thought, paved the way for operational change, and helped to shape fighting doctrines. A wide variety of OODA Loop ideas and interpretations exist in the literature, but are unorganized and have not undergone holistic study to determine how Boyd's ideas have spread or changed over time. As such, this research analyzed a quarter century (1976-2003) sample of the OODA Loop literature to examine the diffusion and evolution of OODA Loop ideas since Boyd's original conceptualizations. This research used qualitative data analysis to examine OODA Loop ideas in light of innovation diffusion theory. Ideas from Boyd's original OODA Loop theories were compared and contrasted with subsequent literature instances to assess diffusion and evolution of OODA Loop ideas in the DoD. This research concluded with a proposed conceptual framework for collectively considering OODA Loop ideas.

No full-text available

Request Full-text Paper PDF

To read the full-text of this research,
you can request a copy directly from the author.

... Boyd proposed that fundamental to victory is the capability to create conditions where one can make good, tactical decisions faster than one's opponent (Boyd, 1987). The OODA loop was originally devised by Boyd to understand why U.S. F-86 fighter pilots were winning battles in the skies over Korea during the war (Brehmer, 2005;Angerman, 2004). Boyd's study revealed that although the Korean MiG-15s were superior to the U.S. aircraft, a single design feature and a single mechanical feature enabled pilots to gain the advantage. ...
... Boyd's study revealed that although the Korean MiG-15s were superior to the U.S. aircraft, a single design feature and a single mechanical feature enabled pilots to gain the advantage. The 360° canopy and the powered hydraulics enhanced pilots SA by enhancing their observation and orientation abilities while also allowing them to gain decisive tactical advantages with faster maneuvering (Angerman, 2004). The OODA loop was quickly adopted by all U.S. military services and applied strategically for use offensively (to overcome the fog of war and achieve the element of surprise) and defensively with the goal of shrinking your OODA loop to regain the advantage over an attacking enemy (Schechtman, 1996;Angerman, 2004). ...
... The 360° canopy and the powered hydraulics enhanced pilots SA by enhancing their observation and orientation abilities while also allowing them to gain decisive tactical advantages with faster maneuvering (Angerman, 2004). The OODA loop was quickly adopted by all U.S. military services and applied strategically for use offensively (to overcome the fog of war and achieve the element of surprise) and defensively with the goal of shrinking your OODA loop to regain the advantage over an attacking enemy (Schechtman, 1996;Angerman, 2004). It is from the Observe-Orient portion of the Boyd's theory that the study of SA derives. ...
Thesis
Full-text available
Technology innovations in visual, wireless communications have yet to be leveraged by law enforcement. These technologies have a future in law enforcement. This limited study has provided evidence that the addition of visual, wireless communication for tactical police commanders enhances situational awareness and speeds decision making. In addition, this study has established that the technology would be accepted for use by police tactical officers once utility is demonstrated. Several issues remain that may delay its widespread adoption. These include unfamiliarity, a police-centric design that is rugged, reliable and without impaired vision, and liability and cost. In addition, there is not a current wireless, broadband backbone that could transmit the signals over a large distance. Once these limitations have been overcome this technology has the potential to revolutionize policing and tactical law enforcement.
... US Air Force Colonel John Boyd has greatly influenced the disciplines science, military, sports, business, and litigation with his theories [44]. He authored an essay and six successive presentations between 1976 and 1996, which revolve around the so-called OODA loop, a scalable system and process model [5,44]. • Observation gathers sensory inputs from an observer's vicinity. ...
... An effective action plan has to address all descried counteractive measures. Boyd's OODA loop as the second contributive concept provides a significantly robust template for the activities of this action plan [5]. The figures 3.5 and 3.6 depict the action plans for black-and whitelisting. ...
... An action plan has to bridge the ensuing gap between this current profile and the desired target profile. At this point, Boyd's OODA loop is deployed as the second embedment [5]. The generic action plan as the origin of an abstract framework for the blind revision of instant messages (and the paramount architectural merit of this disquisition) copies the OODA loop inclusive of its four activities observation, orientation, decision, and action. ...
Thesis
Full-text available
Many scientific disquisitions have proposed methods of maintaining IT (Information Technology) security for the processing of sensitive data in outsourced, untrusted, or semi-trusted domains by the means of blind computing. Blind computing in essence dictates that an application processes ciphertext data without a need to decipher the input, output, and/or intermediate results. This approach serves to prevent unscrupulous data mining by those with malicious intent. Despite a wealth of scholarly publications on the matter of blind computing, the problem has not been comprehensively solved in the scenario where a messaging platform in an untrusted environment blindly processes messages in transit. Consider, for example, an IM (Instant Messaging) application tailored for use by adolescents who require technical safeguards against cyberbullying and pedophile stalking. A workable solution not only requires the incorporation of a blind computing scheme for filtering, but should also possess the ability to block just offensive message parts rather than the entire message. Currently, concepts how chat and IM filters can incorporate topic detection, and the vast array of material on blind computing have co-existed as two separate streams. A secure IM filter combining both streams has not been engineered or realized to date, nor has a necessary cryptosystem with the ability to securely edit (i.e. detect and delete malicious content within) instant messages. This dissertation fills this gap by elaborating a framework for the blind revision of instant and/or other electronic messages taking IT security into consideration with a sharp focus on authenticity, integrity, privacy, and resilience. In the beginning, it creates a threat model that reproduces the vulnerabilities and resultant attack vectors in the area of IM. Apposite citations of contemporary literature corroborate the contrived threat model as a relevant real-world problem that still needs to be resolved. The construction and evaluation of a practicable solution must rely upon the application of rigorous methods. For this purpose, the exerted design process amalgamates two well-proven IT security concepts to a framework for the blind revision of instant messages. The framework acts as an effectively applicable method against all modeled threats and utilizes available cryptographic means. The clear and verifiable novelty of this framework relates to the fact that it supports both paradigms blacklisting and whitelisting. While blacklisting blindly purges instant messages with blacklisted payload, whitelisting blindly allows instant messages with solely whitelisted payload. Security and performance analyses rigorously evaluate the utility, quality, and efficacy of the framework. Complementarily, applicable examples effectively demonstrate the framework to both technology- as well as management-oriented audiences.
... 1. Perception -becoming aware of situational events; 2. Comprehension -interpreting what is happening to form a situational understanding of the events; 3. Projection (i.e., prediction) -using the understanding to inform what actions (if any) should be taken to control the network. ...
... So in essence situational awareness is a process, consisting of (i) becoming conscious of the immediate environment, (ii) and understanding how temporal/spatial events (which you may or may not control) will impact on that environment. It is generally understood that inadequate situational awareness is an element of poor decision-making, especially in those situations that are composed of high information flow, with any disastrous consequences resulting from that poor decisionmaking being attributed to 'human error', [2,3]. ...
Conference Paper
Full-text available
In this multi-disciplinary project, we intend to explore the advantages of an information fusion system in which the infrastructure finds new ways to reflect upon its own state and new ways to express this state that provides a good fit to human communication and cognition processes. This interplay should then generate a better and more responsive human computer symbiosis. The outcomes of this project will help to develop context and content aware networks that are better able to extract meaning and understanding from network data and behaviour.
... So in essence situational awareness is a process, consisting of (i) becoming conscious of the immediate environment, (ii) and understanding how temporal/spatial events (which you may or may not control) will impact on that environment. It is generally understood that inadequate situational awareness is an element of poor decision-making, especially in those situations that are composed of high information flow, with any disastrous consequences resulting from that poor decision-making being attributed to 'human error', e.g., fighting in a combat zone (MOD, 2010, chapter 5), piloting an airplane (John Boyd, see Angerman, 2004). ...
... Whilst Endsley's model is useful for understanding the levels of situational awareness, an example from the kinetic sphere readily illustrates how it adds value in a practical context. If we take a brief step into kinetic military doctrine, and view the computer incident response process in the context of Boyd's OODA loop theory (see Angerman, 2004), we find a useful model to review the practical relevance of situational awareness in a combat situation. ...
Chapter
Full-text available
This chapter treats computer networks as a cyber warfighting domain in which the maintenance of situational awareness is impaired by increasing traffic volumes and the lack of immediate sensory perception. Sonification (the use of non-speech audio for communicating information) is proposed as a viable means of monitoring a network in real time and a research agenda employing the sonification of a network’s self organized criticality within a context-aware affective computing scenario is given. The chapter views a computer network as a cyber battlespace with a particular operations spectrum and dynamics. Increasing network traffic volumes are interfering with the ability to present real-time intelligence about a network and so suggestions are made for how the context of a network might be used to help construct intelligent information infrastructures. Such a system would use affective computing principles to sonify emergent properties (such as self-organized criticality) of network traffic and behaviour to provide effective real-time situational awareness.
... US Air Force Colonel John Boyd has highly influenced the disciplines science, military, sports, business, and litigation with his theories. He authored an essay and six successive presentations between 1976 and 1996, which revolve around the so-called OODA loop, a scalable system and process model [2]. Figure 7 delineates a simplified OODA loop with the four activities observation, orientation, decision, and action. ...
... An action plan has to organize all descried counteractive measures. Boyd's OODA loop as the second contributive concept leaves its mark by offering a crafty template for the activities of this action plan [2]. Future work can easily take advantage of this template with the construction of concrete action plans for black-or whitelisting of instant messages. ...
Chapter
Full-text available
Nowadays, cyberbullying and shady data mining represent two serious concerns for IM (Instant Messaging) users. Blind censoring as an amalgamation of blind computing and censoring appears as the most auspicious solution to get rid of perilous instant messages and eavesdroppers in one fell swoop. The planning of a framework for blind censoring of instant messages needs a detailed threat model at the outset to completely counter them with rigorous approaches. This paper establishes such a threat model based on well-known fictional characters in the style of former scientific and engineering literature about cryptology and IT (Information Technology) security. Thereupon, it merges the NIST framework for improving critical infrastructure cybersecurity and Boyd's OODA (Observe-Orient-Decide-Act) loop into an abstract framework for blind censoring of instant messages. With it, future work can instantiate concrete frameworks for black- and whitelisting of instant messages.
... US Air Force Colonel John Boyd has highly influenced the disciplines science, military, sports, business, and litigation with his theories. He authored an essay and six successive presentations between 1976 and 1996, which revolve around the so-called OODA loop, a scalable system and process model [2]. Figure 7 delineates a simplified OODA loop with the four activities observation, orientation, decision, and action. ...
... An action plan has to organize all descried counteractive measures. Boyd's OODA loop as the second contributive concept leaves its mark by offering a crafty template for the activities of this action plan [2]. Future work can easily take advantage of this template with the construction of concrete action plans for black-or whitelisting of instant messages. ...
Preprint
Full-text available
Nowadays, cyberbullying and shady data mining represent two serious concerns for IM (Instant Messaging) users. Blind censoring as an amalgamation of blind computing and censoring appears as the most auspicious solution to get rid of perilous instant messages and eavesdroppers in one fell swoop. The planning of a framework for blind censoring of instant messages needs a detailed threat model at the outset to completely counter them with rigorous approaches. This paper establishes such a threat model based on well-known fictional characters in the style of former scientific and engineering literature about cryptology and IT (Information Technology) security. Thereupon, it merges the NIST framework for improving critical infrastructure cybersecurity and Boyd's OODA (Observe-Orient-Decide-Act) loop into an abstract framework for blind censoring of instant messages. With it, future work can instantiate concrete frameworks for black- and whitelisting of instant messages.
... We use a basic model of decisionmaking called the observe, orient, decide, and act (OODA) loop, shown in Figure S.1, as our primary structure (Angerman, 2004). Operating strategically means scanning the horizon (observing) and discovering implications (orienting). ...
... Others have recognized that the OODA loop presents a valid model for decisionmaking within organizations, as well as at the level of the individual (Angerman, 2004). Because of the explicit emphasis on acts of observation and orientation, the application to strategy is very strong. ...
Technical Report
RAND Corporation researchers provided support to an Israeli government team of high-level officials charged with improving the processes for long-term socioeconomic strategy within the government. This report highlights selected inputs the researchers made to the government team to summarize the essential mechanics and roles for bringing a strategic perspective to the consideration of policy. In doing so, it provides the example of problems associated with an aging population as an illustration of how one can use a strategic perspective in an analysis of policy choices. Israel will benefit from bringing a systemic strategic perspective into its policy process. The concept is integral to formal strategic planning but distinct; although the latter places emphasis on an output (a strategic plan), a strategic perspective is a process for bringing an analytical element into policy decisionmaking. A strategic perspective helps to bridge not only the gap between a short-term focus and longer-term outcomes but also that across ministerial portfolios and responsibilities. A strategic perspective typically begins with a vision of what a desirable future state of the world might be. Translating a vision into policy requires an understanding of the challenges to achieving the vision and employing processes for setting specific goals to meet those challenges, identifying indicators to measure both status and progress toward goals, and designing and implementing policy measures that will contribute to achievement of goals.
... OODA (Observe, Orient, Decide, and Act), developed by strategist and United States Air Force Colonel John Boyd, is a widely used model in the decision-making process by many military/ law enforcement agencies during the conduct of military operations. [10] The OODA model extends a practical concept called the OODA loop, designed to underpin rational thinking in muddled situations. An effective OODA loop empowers the commanders in the decision-making process. ...
Article
Engineered Science Publisher Events Registration All Events Schedule Guidelines Author Reviewer Policies Copyright Information Conflicts of Interest Ethics Videos Most Popular Most Recent All videos Submit Newsroom Recommend to Libarian Search...... Engineered Science From The Journal: Engineered Science Volume 20, 2022 Explosive Weapons and Arms Detection with sIngular Classification (WARDIC) on Novel Weapon Dataset using Deep Learning: Enhanced OODA Loop Authors Authors and affiliations Anant Bhatt and Amit Ganatra Abstract Rising armed conflicts and violent agitations in populated areas have upstretched stark trepidations worldwide. Especially, the armed conflicts are increasingly being fought using explosive weapons, rifles, and lethal arms, endangering civilian lives and infrastructure. Concerns raised by the state actors accentuate the importance of identifying the miscreants in possession of explosive weapons to limit unlawful activities. Armed forces, law enforcement agencies, while carrying out operations in populated areas, demand the high availability of meaningful information promptly to shorten the OODA loop for effective decision-making by the military commanders. Existing research is limited to classifying revolvers, pistols, and knives and has privations to detect explosive weapons and firearms due to severe void of relevant datasets, computationally optimal weapon detection methodology, which imposes severe restrictions in instrumenting an effective system. Hence, we introduce two customized, high-balanced Novel Operational Weapon Arms Datasets - named NOWAD post detailed Exploratory Data analysis. We propose a state-of-the-Art methodology to implement a novel weapons and arms detection singular classifier -named (WARDIC) to identify explosive weapons and arms. The WARDIC - an augmented architecture of the ConvNets and Singular Classifiers showed promising performance in detecting weapons in surveillance feeds. The evaluation metrics show promising performance of the tuned WARDIC classifier (fusion of DenseNet-121 with the Isolation Forest) over traditional baselines models with the perfect scores of 100%. Cross validations of the classifier employing 5-Fold and 10-Fold CV showed accuracy scores of 99.27% and 99.46%, respectively, with linear complexity. Our experiments propose the State-of-the-Art Classifier formulation, which shortens the OODA loop for effective decision-making by significant improvement in computational complexity to instrument a quick response system. The WARDIC classifier distinctively supersedes the performance of the existing classifiers with enhanced computational speed for veristic operational scenarios.
... Diffusion of information is the net movement of data throughout a network which is well aligned with distributed processing [25]. Diffusion incorporates the plan of actions to support multi-movement of actions identified with decentralized tracking [26] and user decision making [27]. A diffusion approach to information dissemination has been applied to network learning [28], information exchange [29], data fusion for net-centric warfare [30], and optimal resource selection [31]. ...
Conference Paper
Full-text available
Information fusion systems include the collection of information from various sources (e.g., sensors) in support of a user's task. After receiving the information, the user has many options associated with the diffusion of information such as dissemination to others, storage in a database, of multiplicative tasking for new information. This paper revisits the notions of the Joint Director of the Laboratories/Data Fusion Information Group (JDL/DFIG) information model that seeks a balance between information estimation and management from collection to diffusion. The data diffusion framework extends the JDL/DFIG model for action diffusion.
... A sudden increase in certain types of tra c (such as small UDP packets) might indicate that a distributed denial-of-service attack is in progress, for example, and corrective action would need to be taken to protect the network. 2 Given the large volume of tra c passing through a network every second in the form of data packets and the fact that each packet will be associated with particular sender and receiver IP addresses and port numbers, understanding what is happening to a network requires information about the tra c data to be aggregated and presented to the network administrator in an easy-to-understand way. This problem of information presentation and interpretation, or 'situational awareness', was addressed by the military leading to Boyd's OODA (observe, orient, decide, act) model (see [1]), and others have followed (notably Endsley's three-level model [2]). Situational awareness, as Cook put it, "requires that various pieces of information be connected in space and time" (Nancy Cooke in McNeese [3]). ...
Article
Communication networks involve the transmission and reception of large volumes of data. Research indicates that network traffic volumes will continue to increase. These traffic volumes will be unprecedented and the behaviour of global information infrastructures when dealing with these data volumes is unknown. It has been shown that complex systems (including computer networks) exhibit self-organized criticality under certain conditions. Given the possibility in such systems of a sudden and spontaneous system reset the development of techniques to inform system administrators of this behavior could be beneficial. This article focuses on the combination of two dissimilar research concepts, namely sonification (a form of auditory display) and self-organized criticality (SOC). A system is described that sonifies in real time an information infrastructure’s self-organized criticality to alert the network administrators of both normal and abnormal network traffic and operation. It is shown how the system makes changes in a system’s SOC readily perceptible. Implications for how such a system may support real-time situational awareness and post-hoc incident analysis are discussed.
... When addressing these questions, it is important to keep reexamining and reevaluating these answers based on new information. 63 Training Public Health Officials to Make Decisions in Crises Disaster Medicine and Public Health Preparedness CONCLUSION Public health emergencies can be extremely stressful events for those who have to make decisions on appropriate measures and interventions in crisis situations. The chaos, unpredictability, and constant changes of circumstances make it especially hard to take all important considerations into account when making decisions that can have grave longterm consequences for the affected communities and individuals. ...
Article
Full-text available
Three sets of issues tend to be overlooked in public health emergency preparedness and response, which can be addressed with new training protocols. The first issue is procedural and concerns the often intuitive (as opposed to deliberative) nature of effective crisis decision-making. The second issue is substantive and pertains to the incorporation and prioritization of ethical, political, and logistical concerns in public health emergency guidelines. The third issue is affective and concerns human feelings and human frailty, which can derail the most well designed and best practiced procedural and substantive approaches to emergency response. This article offers an outline for a decision-making framework for public health emergencies that addresses and incorporates these issues within relevant guidelines and training. ( Disaster Med Public Health Preparedness . 2015;0:1–9)
... The strategy adopted was developed by John Bloyd (Angerman, S., 2004), known by the cycle O-O-D-A ( Figure 6). Boyd said that, in a competitive environment, the entity capable of guiding the decision process formed by the cycle "observe; orient; decide and act" in a faster and efficient manner shall perform his task more successfully than his opponents. ...
Chapter
In this chapter the authors show, by using a case study, how it is possible to achieve the alignment between business and Information Technology (IT). It describes several phases of project development, from planning strategy, enterprise architecture, development of businesses supporting tools and keeping dynamic alignment between the business and the IT. The authors propose a framework, framed under an enterprise architecture that guarantees a high level of response to the applications development or configuration as improves its alignment to business by solving some limitations of traditional software development solutions namely: difficulty in gathering clients requirements, which should be supported by the applications; difficulty to connect the organisation processes used to answer the client, which must also be integrated in the applications and the difficulty to develop the applications that can follow the business cycle. To test the approach, this was applied to a real case study consisting in the configuration of an application that manages the relationship with the clients.
... This includes for examples systems, which integrate static and dynamic data about vessels with information from external sources (further called as ancillary information). Such systems would support operators in charge in the process of monitoring and controlling of the maritime traffic as well as in the OODA loop (Angerman, 2004): ...
Book
Full-text available
The book delivers a rich set of foundations, state-of-the-art knowledge, new approaches and methods for the purpose of anomalies detection, maritime traffic analysis as well as risk and reliability assessment. It addresses relevant research problems at the intersection of maritime transport in global economies, reliability and risk assessment, and information systems and data processing. The book provides a theoretical overview of available maritime data sources and approaches for maritime data analysis, as well as a set of novel tools and methods for maritime data retrieval, fusion, and analysis. The proposed methods are evaluated on real-life AIS data, covering the entire world and more than 200 thousands of vessels, illustrating how they may be used for anomaly detection and risk assessment. The primary audience of the book are researchers from the fields of computer science and maritime transport as well as logistics service providers, shipping companies and port authorities companies that need support in managing security, safety, and risk of maritime transport services in global economies by making use of large-scale data processing.
... The strategy adopted was developed by John Bloyd (Angerman, S., 2004), known by the cycle O-O-D-A (Figure 4). Boyd said that, in a competitive environment, the entity capable of guiding the decision process formed by the cycle "observe; orient; decide and act" in a faster and efficient manner shall perform his task more successfully than his opponents. ...
Chapter
Full-text available
In this article is proposed a new approach, framed under enterprise architecture, it guarantees a high level of response to the applications development or configuration as improves its alignment to business by solving some limitations of traditional software development solutions namely: difficulty in gathering clients requirements, which should be supported by the applications, difficulty to connect the organisation processes used to answer the client, which must also be integrated in the applications and the difficulty to develop the applications that can follow the business cycle. To test the approach, this was applied to a real case study consisting in the configuration of an application that manages the relationship with clients.
... Boyd's OODA (observe, orient, decide, act) loop theory [2] has added more depth to the understanding of situational awareness. Boyd's theory is based on his study of the decision making of combat pilots and the first stage (observe) involves taking in information about features of the environment. ...
Article
Full-text available
Maintaining situational awareness of what is happening within a network is challenging, not least because the behaviour happens within computers and communications networks, but also because data traffic speeds and volumes are beyond human ability to process. Visualisation is widely used to present information about the dynamics of network traffic dynamics. Although it provides operators with an overall view and specific information about particular traffic or attacks on the network, it often fails to represent the events in an understandable way. Visualisations require visual attention and so are not well suited to continuous monitoring scenarios in which network administrators must carry out other tasks. Situational awareness is critical and essential for decision-making in the domain of computer network monitoring where it is vital to be able to identify and recognize network environment behaviours.Here we present SoNSTAR (Sonification of Networks for SiTuational AwaReness), a real-time sonification system to be used in the monitoring of computer networks to support the situational awareness of network administrators. SoNSTAR provides an auditory representation of all the TCP/IP protocol traffic within a network based on the different traffic flows between between network hosts. SoNSTAR raises situational awareness levels for computer network defence by allowing operators to achieve better understanding and performance while imposing less workload compared to visual techniques. SoNSTAR identifies the features of network traffic flows by inspecting the status flags of TCP/IP packet headers and mapping traffic events to recorded sounds to generate a soundscape representing the real-time status of the network traffic environment. Listening to the soundscape allows the administrator to recognise anomalous behaviour quickly and without having to continuously watch a computer screen.
... The steps in the Boyd or OODA loop encourage decision-makers to investigate what has happened, gather information about what happened, make a decision, and, finally, take action. [5][6][7] Analysis We used Qualtrics, an online survey instrument, to collect the study data. 8 An SRT member tabulated descriptive statistics and performed chi-squared or Fisher's exact tests to compare categorical variables and t-tests to compare continuous variables. ...
Article
Full-text available
The goal of this study was to gain insights into the decision-making processes used by California public health officials during real-time crises. The decision-making processes used by California public health officials during the 2009 H1N1 influenza pandemic were examined by a survey research team from the University of California Berkeley. The survey was administered to local public health officials in California. Guidelines published by the Centers for Disease Control and Prevention had recommended school closure, and local public health officials had to decide whether to follow these recommendations. Chi-squared tests were used to make comparisons in the descriptive statistics. The response rate from local public health departments was 79%. A total of 73% of respondents were involved in the decision-making process. Respondents stated whether they used or did not use 15 ethical, logistical, and political preselected criteria. They expressed interest in receiving checklists and additional training in decision-making. Public health decision-makers do not appear to have a standard process for crisis decision-making and would benefit from having an organized decision-making model. The survey showed that ethical, logistical, and political criteria were considered but were not prioritized in any meaningful way. A new decision-making tool kit for public health decision-makers plus implementation training is warranted. (Disaster Med Public Health Preparedness. 2015;9:464-471).
... Whilst Endsley's model is useful for understanding the levels of situational awareness, an example from the kinetic sphere readily illustrates how it adds value in a practical context. If we take a brief step into kinetic military doctrine, and view the computer incident response process in the context of Boyd's OODA loop theory (see Angerman [6]), we find a useful model to review the practical relevance of situational awareness in a combat situation [1]. ...
Article
Full-text available
This paper looks at the problem of using sonification to enable network administrators to maintaining situational awareness about their network environment. Network environments generate a lot of data and the need for continuous monitoring means that sonification systems must be designed in such a way as to maximise acceptance while minimising annoyance and listener fatigue. It will be argued that solutions based on the concept of the soundscape offer an ecological advantage over other sonification designs.
... A sudden increase in certain types of traffic (such as small UDP packets) might indicate that a distributed denial-of-service attack is in progress, for example, and corrective action would need to be taken to protect the network. 1 Given the large volume of traffic passing through a network every second in the form of data packets and the fact that each packet will be associated with particular sender and receiver IP addresses and port numbers, understanding what is happening to a network requires information about the traffic data to be aggregated and presented to the network administrator in an easy-to-understand way. This problem of information presentation and interpretation, or 'situational awareness', was addressed by the military leading to Boyd's OODA (observe, orient, decide, act) model (see (Angerman, 2004)), and others have followed (notably Endsley's three-level model (Endsley, 1995)). Situational awareness, as Cook put it, "requires that various pieces of information be connected in space and time" (Nancy Cooke in (McNeese, 2012)). ...
Article
Full-text available
Communication networks involve the transmission and reception of large volumes of data. Research indicates that network traffic volumes will continue to increase. These traffic volumes will be unprecedented and the behaviour of global information infrastructures when dealing with these data volumes is unknown. It has been shown that complex systems (including computer networks) exhibit self-organized criticality under certain conditions. Given the possibility in such systems of a sudden and spontaneous system reset the development of techniques to inform system administrators of this behaviour could be beneficial. This article focuses on the combination of two dissimilar research concepts, namely sonification (a form of auditory display) and self-organized criticality (SOC). A system is described that sonifies in real time an information infrastructure's self-organized criticality to alert the network administrators of both normal and abnormal network traffic and operation.
... By far the most common situational awareness paradigm cited in our review was Mica Endsley's perception, comprehension, projection, decision, and performance model [19]. In the military literature, John Boyd's observe, orient, decide, and act (OODA) cycle has been similarly incorporated into military decision literature [20]. Both Endsley and Boyd have been mapped to data fusion paradigms [12] and extended to the cybersecurity incident management domain [9] [21]. ...
Article
Full-text available
To aid in the practice of securing computing systems and managing related incidents, the United States government cybersecurity community has proposed and promulgated a variety of incident handling life cycles, taxonomies, and data formats. However, current incident handling life cycles are limited to a set of discrete, ordered, and sequential steps executed for a specific security incident that is assumed to be identifiable knowable, and resolvable. These life cycles have not been reconciled with existing taxonomies and data formats nor have they been designed for concurrency or compatibility with business, military, or situational awareness process models. We propose building on existing work in the cybersecurity field by modifying linear life cycles into a distributed, concurrent loosely coupled, and action driven framework that can manage multiple, simultaneous, and complex events. By reevaluating existing processes, mapping them to relevant decision support process models, identifying functional user roles, and incorporating information elements from existing taxonomies and data formats, we describe a coordination network process model for crosscutting cybersecurity incidents.
... The OODA loop diffused through a variety of military channels [3] and is recognized as a foundational "timing" concept in operational art [18]. Although it has been suggested that the OODA loop theory is of diminished utility in so-called "fifthgeneration warfare" [67], other commentators argue that this opinion is grounded in a superficial understanding of the theory [54]. ...
Article
This comparative case study explores the impact of four "practice theories" in the separate domains of finance, military strategy, nursing, and theology, and discusses potential "outputs" in each field that might be developed into new metrics to enrich the current practice of informetrics.
... It shapes the way we interact with the 17 "Time is the dominant parameter. environment[...]." [Boy87] According to Boyd, "variety/rapidity/harmony/initiative (and their interaction) seem to be key qualities that permit one to shape and adapt to an ever changing environment" [Ang86]. A key characteristic of both the Red Queen hypothesis and the OODA Loop models is that they describe a learning process which ultimately results in an adaptation. ...
Article
Software vulnerabilities are the root cause of many computer system security failures. This dissertation addresses software vulnerabilities in the context of a software lifecycle, with a particular focus on three stages: (1) improving software quality during development; (2) pre- release bug discovery and repair; and (3) revising software as vulnerabilities are found.^ The question I pose regarding software quality during development is whether long-standing software engineering principles and practices such as code reuse help or hurt with respect to vulnerabilities. Using a novel data-driven analysis of large databases of vulnerabilities, I show the surprising result that software quality and software security are distinct. Most notably, the analysis uncovered a counterintuitive phenomenon, namely that newly introduced software enjoys a period with no vulnerability discoveries, and further that this “Honeymoon Effect” (a term I coined) is well-explained by the unfamiliarity of the code to malicious actors. An important consequence for code reuse, intended to raise software quality, is that protections inherent in delays in vulnerability discovery from new code are reduced.^ The second question I pose is the predictive power of this effect. My experimental design exploited a large-scale open source software system, Mozilla Firefox, in which two development methodologies are pursued in parallel, making that the sole variable in outcomes. Comparing the methodologies using a novel synthesis of data from vulnerability databases, These results suggest that the rapid-release cycles used in agile software development (in which new software is introduced frequently) have a vulnerability discovery rate equivalent to conventional development.^ Finally, I pose the question of the relationship between the intrinsic security of software, stemming from design and development, and the ecosystem into which the software is embedded and in which it operates. I use the early development lifecycle to examine this question, and again use vulnerability data as the means of answering it. Defect discovery rates should decrease in a purely intrinsic model, with software maturity making vulnerabilities increasingly rare. The data, which show that vulnerability rates increase after a delay, contradict this. Software security therefore must be modeled including extrinsic factors, thus comprising an ecosystem.
... A sudden increase in certain types of traffic (such as small UDP packets) might indicate that a distributed denial-of-service attack is in progress, for example, and corrective action would need to be taken to protect the network. 2 Given the large volume of traffic passing through a network every second in the form of data packets and the fact that each packet will be associated with particular sender and receiver IP addresses and port numbers, understanding what is happening to a network requires information about the traffic data to be aggregated and presented to the network administrator in an easy-tounderstand way. This problem of information presentation and interpretation, or 'situational awareness', was addressed by the military leading to Boyd's OODA (observe, orient, decide, act) model (see [1]), and others have followed (notably Endsley's three-level model [2]). Situational awareness, as Cook put it, ''requires that various pieces of information be connected in space and time" (Nancy Cooke in McNeese [3]). ...
... Other cycles similar to Popper's have also been proposed, for example, SECI (Nonaka 1994;Nonaka and Takeuchi 1995), single and double loop learning (reviewed by Blackman, Connelly and Henderson 2004) or the knowledge life cycle (Firestone and McElroy 2003a). Because of its similarities to Popper's representation of the evolutionary theory of knowledge and the severe testing it has received in real-world conflicts (Mutch 2006), we find Boyd's (1976Boyd's ( -1996 observe-orient-decide-act (OODA) cycle (Angerman 2004;Grant and Kooter 2004;Hall 2003Hall , 2005Hall , 2006aMartin, Philp and Hall 2009;Philp and Martin 2009;Richards 2008) (see Figure 6.4) is suited to the discussion here. From Hall 2005(after Boyd 1976-1996 ;Richards 2008 'Observe' and 'orient' involve the cybernetic processing of information in W2 (as shown in Figure 6.4) to collect and then contextualise observations of the world. ...
Chapter
Full-text available
Serious consideration of this contradistinction between ‘the lifeworld’ and the more focused and harder work of science, poses some daunting intellectual and practical challenges. We aim to explore some of these challenges in this chapter. In so doing, we will cross over a multitude of perspectives and boundaries. In doing this, we are interested in unpacking some of the theoretical inter-relationships between lifeworlds and science, and between constructivism and realism.But first we ask – can these particular cross-paradigmatic perspectives be reasonably represented and reconciled in textual form? We think that attempts to do so are worthy of the greatest effort and that the reason for doing this is self-evident. Ideas are refined and improved through the process of writing. But beyond this, creation of textual representations of knowledge is of fundamental importance to the effective functioning of research intensive networks. To support the increased efficacy and efficiency of research intensive networks and their impact in the world, we claim there is a need to expand the context of knowledge systems associated with research intensive networks. This idea for us involves the development of a public knowledge imperative. We suggest that textual representations expressed as knowledge claims can no longer be hidden away from the eyes of public scrutiny when there are important matters of public interest either implicitly or explicitly at stake. The recent catastrophe in the Gulf of Mexico provides an example of how particular types of knowledge, for example procedures associated with offshore oil rigs, can rise up to become of the highest public priority almost overnight. To neglect the potency of such knowledge through a lack of public scrutiny can have devastating consequences as the whole world has found out.We set out to provide a rationale as to why we think a public knowledge imperative is so important. To give expression to this imperative, we think there is a need for a new type of institutional and regulatory framework to protect and enhance the role of public knowledge. We call this framework a public knowledge space. It is public by virtue of the fact that it relies on semantic technologies and web-publishing principles. But more importantly, in order to understand the multiple functions of a public knowledge space, we suggest it is first necessary to develop a detailed ontology of knowledge itself. Our ontology outlined in this chapter is broadly based because we emphasise the value of experience and lifeworlds as much as we do the importance of rigorous critiquing and transparent review. By extension, our views are slightly orthogonal to prevailing perspectives of the semantic web.
... The NIST (National Institute of Standards and Technology) penned one of them with a framework to ameliorate the cybersecurity of critical infrastructure by outputting an action plan [21,22,30]. Boyd's OODA loop as the second contributive concept leaves its mark by offering a crafty template for the activities of this action plan [2,21,22]. The below-mentioned Sect. 3 explicates the action plans for black-and whitelisting, whose algorithms finally ran for a contrasting juxtaposition of their performance in Sect. 4. ...
Conference Paper
Full-text available
The European Union Agency for Law Enforcement Cooperation (hereinafter denominated as Europol) has constantly warned society about the unbowed growth of child sexual exploitation in its six issued IOCTAs (Internet Organised Crime Threat Assessments). If already all attempts succeed to thwart grooming as the initiation of contacts between pedophiles and adolescents, then CSEM (Child Sexual Exploitation Material) cannot accrue and SGEM (Self Generated Explicit Material) does not find its way to perpetrators. IM (Instant Messaging) spearheads the list of preferred communication tools that render grooming possible. The consensual editing of encrypted instant messages without decrypting nor understanding them based on black- or whitelisting commits itself to the thwarting of grooming. Existing literature attests whitelisting better functionality and worse performance than blacklisting. In contrast, recent related work objects to the inferior performance of whitelisting, since former experiments for both paradigms happened under incomparable conditions, and demands their remake under fair circumstances. This scholarly piece refutes the inferiority of whitelisting by exhibiting the results of a new test series in which blacklisting screens the complementary set of words that whitelisting does not incorporate. At the end, it corroborates that whitelisting outplays blacklisting and emerges victorious.
... Diffusion of information is the net movement of data throughout a network which is well aligned with distributed processing [9]. Diffusion incorporates the plan of actions to support multi-movement of actions identified with decentralized tracking [10] and user decision making [11]. A diffusion approach to information dissemination has been applied to network learning [12], information exchange [13], data fusion for net-centric warfare [14], and optimal resource selection [15]. ...
... The transformation was therefore an action oriented continuous learning cycle based on action, observation, retrospection and revision as shown in Figure 3. This cycle incorporated the best practice contained within Shewhart's 'Plan Do Study Act' cycle, Deming's 'Plan Do Check Act' cycle (Moen and Norman, 2006) along with Boyd's 'Observe Orient Decide Act' process (Angerman, 2004) and Kim's (1998) 'Observe Assess Design Implement' cycle (Davis, 2017e), all of which generate a relentless cycle of feedback and adaptation. (Argyris, 1995) and facilitated the alignment with the current context as necessary (Donaldson, 2001). ...
Thesis
Full-text available
The application of the scaled lean agile methodologies within a traditional domain, based on an appreciation of neuroscience and human interaction, to improve the delivery of valuable outcomes.
... The strategy adopted was developed by John Bloyd (Angerman, S., 2004), known by the cycle O-O-D-A ( Figure 6). Boyd said that, in a competitive environment, the entity capable of guiding the decision process formed by the cycle "observe; orient; decide and act" in a faster and efficient manner shall perform his task more successfully than his opponents. ...
Chapter
Full-text available
In this chapter the authors show, by using a case study, how it is possible to achieve the alignment between business and Information Technology (IT). It describes several phases of project development, from planning strategy, enterprise architecture, development of businesses supporting tools and keeping dynamic alignment between the business and the IT. The authors propose a framework, framed under an enterprise architecture that guarantees a high level of response to the applications development or configuration as improves its alignment to business by solving some limitations of traditional software development solutions namely: difficulty in gathering clients requirements, which should be supported by the applications; difficulty to connect the organisation processes used to answer the client, which must also be integrated in the applications and the difficulty to develop the applications that can follow the business cycle. To test the approach, this was applied to a real case study consisting in the configuration of an application that manages the relationship with the clients. 20 How to Use Information Technology Effectively to Achieve Business Objectives
... Within each of these kill chain stages, decision-making occurs in a recurring cycle of observe-orient-decide-act (OODA) 16 (Fig. 2). The US Department of Defense has used the OODA Loop, with variations, 17 to model human decision-making, command and control processes, and time-based competition cycles at all levels of conflict [14]. It provides an explanation for the information fusion process and has been referred to as an alternative to the "information fusion" process [15]. ...
Article
The influence operations domain would benefit from a strategic adoption of automation, technological adaptability, and agile processes. The focus of this article is on the technical aspects of determining the required technologies to fully support conducting an influence operation rather than cognitive aspects of an operation. A unified approach to the application of these technologies does not appear to have occurred in this domain. A conceptual information theoretic framework for identifying appropriate technologies to support influence and other cyber operations is presented. It provides a holistic framework for making planning decisions about the development and employment of technology capabilities independent of specific detailed operational requirements, while allowing assessments of risk, cost, and effectiveness to be considered in the process. The framework defines the data, information needs, and acquisition process in the context of specific technology insertion point data, information, or knowledge requirements and services to facilitate execution of an operation. The framework allows for identification, down-selection, and prioritization of specific shared technologies that support multiple phases of the decision process and stages of an operation. This allows for concentration of limited engineering, programmatic, and financial resources on technologies with the widest applicability irrespective of the specific operation.
Article
Innovation is not business as usual. Many enterprises struggle to build the systems necessary to consistently deliver new and improved sources of value to customers and stakeholders. Through a thematic analysis, expert interviews, systems mapping, and a case study with the $100B Ontario Municipal Employees Retirement System (OMERS), this paper presents a framework for the design of enterprise innovation systems, called the innovation systems design cycle (ISDC). To apply the ISDC, innovators iteratively plan, build, check, and refine innovation systems. The ISDC framework is detailed with new models exploring innovation system mapping and implementation, modes to assess and compare an innovation system’s development, and configurations to support rapid, adaptable design. Together they support innovators of all experience levels in applying the ISDC to design more resource‐efficient innovation systems with a greater capacity to shape an innovation ecosystem and avoid enterprise disruption. The ISDC can be used to build or enhance an innovation system, benchmark performance, frame best practices, quantify value creation potential, demystify innovation systems design, and democratize innovation across not‐for‐profits and other organizations towards a more just, democratic, and sustainable collective future.
Article
This thesis explores how E-3 Air Battle Managers train for and perform their duties on board the Airborne Warning and Control System. The study focuses on how E-3 training is driven by the maintenance of a set of battle management core competencies rooted in the basics of aircraft tactical fluid control force accountability and aerial refueling. The advent of a revolution in Information Management technology in the form of the 40/45 weapons system upgrade for the E-3 will drive the Air Force to rethink how training is accomplished with new capabilities and emerging missions in the battlespace. The current approach to block will not allow the Air Force to exploit the capabilities of the 40/45 airframe. Lessons from emerging areas such as knowledge management and sensemaking need to be assimilated into the way the Air Force trains E-3 Air Battle Managers to ensure future combat capability of aircrews in the increasingly technical and complex battlespace of future military operations. Existing core competencies need to be considered individual skill sets and knowledge management and sensemaking introduced to better prepare battle managers to effectively and efficiently interpret inputs in the battlespace and place information where it needs to be.
Conference Paper
Full-text available
This paper demonstrates the use of map-based modeling and simulations to facilitate supply chain training. It suggests that periodic training sessions conducted online in "virtual gatherings" of representatives from various organizations involved in disaster recovery efforts will enable them to use web-based simulations to practice their roles and responsibilities, and improve their skills in working together and creating effective supply chains for use in disaster settings.
Article
Cyber threats are becoming increasingly sophisticated and subtle, making them even harder to detect and contain, and the number of critical, often simultaneous cyber incidents continues to rise at an alarming rate. In this environment, coordinated incident handling across a variety of organizations and incidents is essential for effective response. Current approaches use linear processes developed to handle single incidents with little attention paid to simultaneous or complex attacks encompassing many incidents, to coordination with other organizations, or the ability to scale to the size necessary for large, cross-cutting incidents. We have developed a coordination model for cyber incident management that provides enough structure to enable cooperative operations, but is sufficiently abstract to enable the organizational autonomy and customization essential for effective response for all types of organizations. It is easily understood, straightforward to apply, and versatile enough to overlay on existing organizational processes and structures, both for small, local activities as well as large, cross-organizational ones. This model will enable faster recognition and more rapid escalation of important cyber incidents as well as improving knowledge about such incidents for organizational peers across the community, further enhancing their local response capabilities.
Conference Paper
Autonomic control systems provide self-management capabilities to networks using closed-loop controllers. The Rainbow framework from Carnegie Mellon University is an example of such a capability that uses an ability to reason on and manipulate a formal model of the network architecture to decide what changes to make in response to the situation. Probes and gauges feed the reasoning capability. These probes and gauges can provide some situational awareness to both systems and human controllers, but at a low level of abstraction making it difficult to gain an understanding of the status of a large network of complex systems. We believe that a side effect of utilizing an autonomic framework is enhanced situational awareness at a higher level of abstraction. This paper describes work in progress to develop gauges for Rainbow that incorporate machine learning to allow for early recognition of situation changes. It also describes how the use of strategy selection not only allows the network to adapt, but also to inform situational awareness.
Chapter
P3 is a petri dish brimming with questions, not answers, but suggestions, to explore. The aim is not to teach or pontificate but may swing the proverbial pendulum between science and engineering in the context of commercial and consumer services. The reader may ponder about the amorphous questions or wonder in confusion. We disrupt the status quo and indulge in orthogonal, nonlinear, and asymmetric information arbitrage which may not be correct. This is a seed, sterile unless cultivated. We aspire to inform that tools and data related to the affluent world are not a template to be “copied” or applied to systems in the remaining (80%) parts of the world which suffer from economic constraints. We need different thinking that resists the inclination of the affluent 20% of the world to treat the rest of the world (80% of the population) as a market. The 80/20 concept evokes the Pareto [1] theme in P3 and the implication is that ideas may float between (porous) the 80/20 domains (partition).
Technical Report
Full-text available
Although efforts are underway through Information Security Continuous Monitoring initiatives to improve situational awareness and risk mitigation at the operational level, the federal government must make better enterprise-level cybersecurity decisions in the shortest time possible. This report outlines an approach called Data Driven Cybersecurity Governance Decision Making. This approach leverages the Observe, Orient, Decide, Act (OODA) loop used by the U.S. Department of Defense to enable decision makers at the strategic levels of government to best set the conditions for success at the point of execution. To best target the unique considerations of enterprise decision makers, this report discusses the difference between cybersecurity governance and cybersecurity operations. Within this context, it describes best practices in collecting and analyzing authoritative data present in the federal space to develop a level of situational awareness tailored to decision makers’ needs in a cybersecurity governance scorecard. Cybersecurity governance decision makers can leverage this enhanced situational awareness to support a data-driven decision making process that targets root causes of the problems facing the federal government enterprise. Finally, the report discusses key considerations to ensure success at the point of execution based on work performed in the Observe, Orient, and Decide phases of the OODA Loop.
Article
Full-text available
The decision to strategically mandate offensive operations in the post-cold war peacekeeping era, is for the most part unchartered territory and will require forward thinking and some amount of trial and error. This article is a continuation of the research published in my previous paper, ‘United Nations Peacekeeping Offensive Operations: Theory and Doctrine’. Where theory provides a construct for the conduct of operations, doctrine should guide the execution of operations without being overly prescriptive (US, 2014: 70). Doctrine provides the ‘how to’ in the conduct of operations where concepts look to the future of peacekeeping offensive operations.
Book
RAND Corporation researchers provided support to an Israeli government team of high-level officials charged with developing a long-term socioeconomic strategy for the state.The report focuses on an aging population as an illustration of how one can use a strategic perspective in an analysis of policy choices. The researchers found that Israel will benefit from bringing a systemic strategic perspective into its policy process. The concept is integral to formal strategic planning but distinct; although the latter places emphasis on an output (a strategic plan), a strategic perspective is a process for bringing an analytical element into policy decision-making. The research report highlights selected inputs made to summarize the essential mechanics and roles for bringing a strategic perspective to the consideration of policy. In doing so, it provides the example of problems associated with an aging population as an illustration of how one can use a strategic perspective in an analysis of policy choices.
Chapter
Public policy has always confronted future uncertainties. Projecting likely futures has been viewed as best practice for assessing proposed plans even though few would expect exactly those futures to occur. But in an era of deep uncertainties in which prior rules of thumb are no longer believed likely to hold true in years to come, sufficient diligence for policy analysis demands a different standard.
Conference Paper
Social Media (SM) is a relatively new phenomenon. Intelligence agencies have been struggling to understand how to exploit the social pulse that flows from this source. The paper starts with a brief overview of SM with some examples of how it is being used by adversaries and how we might be able to exploit this usage. Often treated as another form of open source intelligence (OSINT), we look at some of the differences with traditional OSINT compared to SM then outline the possible uses by military intelligence. The next section looks at how SM fits into the different phases of the intelligence cycle: Direction, Collection, Processing and Dissemination. For the first phase, Direction, a number of questions are identified that can be answered typically by SM. For the second phase, the Collection, it is explained how SM, as an asset, transfers questions into methods and the use of different SM resources (e.g. marketer, cognitive behavioral psychologist) and sources to seek the required information. SM is exploited as a multi-intelligence capability. For the Processing phase some aspects are described in how to deal with this capacity (e.g. enabling other intelligence sources) and also which techniques are used to be able to validate the SM sources used.
Article
Full-text available
The article concerns integration and disambiguation of data related to maritime domain. A developed system is described, which collects and merges data about several maritime-related entities (vessels, vessel types, ports, companies etc.) retrieved from different internet sources and feeds the data into a single database. This process is however not trivial since there are few challenges, which need to be faced to successfully conduct it. Firstly, in different sources, entities may be referenced to in different ways, for example, using different text strings. Additionally, some of these references may be ambiguous, i.e. potentially the reference may point to more than one entity. To enable efficient analysis of data coming from different sources, such ambiguities must be resolved as a preprocessing step, before the data is uploaded to the database and utilized in further computations. The aim of the disambiguation process is to assign artificial, unique identifiers to each entity and then, if possible, automatically assign these identifiers to each data item related to a given entity. In the article, developed methods for resolving such ambiguities are discussed and their evaluation is presented.
Article
The purpose of writing medical notes in a computer system goes beyond documentation for medical-legal purposes or billing. The structure of documentation is a checklist that serves as a cognitive aid and a potential index to retrieve information for learning from the record. For the past 50 years, one of the primary organizing structures for physicians' clinical documentation have been the SOAP note (Subjective, Objective, Assessment, Plan). The cognitive check list is well-suited to differential diagnosis but may not support detection of changes in systems and/or learning from cases. We describe an alternative cognitive checklist called the OODA Loop (Observe, Orient, Decide, Act. Through incorporation of projections of anticipated course events with and without treatment and by making "Decisions" an explicit category of documentation in the medical record in the context of a variable temporal cycle for observations, OODA may enhance opportunities to learn from clinical care.
Article
Systems teams, development projects, and organizations, who are involved in product development, are often faced with the question as to whether they should adapt agile systems practices into their programs and processes. In trying to answer this question these groups are almost immediately confronted with the problem of determining what is motivating the decision, where should agile principles be applied, and how much agility is necessary. There are several interrelated systems involved in this inquiry and the development of a proper understanding around these considerations is not a trivial exercise. A method of inquiry and decision making that is in itself agile and that can produce actionable results needs to guide the development of this understanding. The purpose of this paper is to present work accomplished to date on the definition, prototyping, and evaluation of a decision guidance system to help a development team or organization achieve a necessary understanding that can lead to useful actionable decisions regarding agile adoption.
Chapter
The purpose of this chapter is to introduce cyber security researchers to key concepts in modern control and game theory that are relevant to Moving Target Defenses and Adaptive Cyber Defense. We begin by observing that there are fundamental differences between control models and game models that are important for security practitioners to understand. Those differences will be illustrated through simple but realistic cyber operations scenarios, especially with respect to the types and amounts of data require for modeling. In addition to modeling differences, there are a variety of ways to think about what constitutes a “solution.” Moreover, there are significant differences in the computational and information requirements to compute solutions for various types of Adaptive Cyber Defense problems. This material is presented in the context of the advances documented in this book, the various chapters of which describe advances made in the 2012 ARO ACD MURI.
Article
Full-text available
It has been proposed that if we could configure individual personnel with micro-video cameras and wireless communications such that they could transmit a video stream of what they were seeing to a remote observer, this would be an enormous improvement in reconnaissanc e and battlefield command and control. We looked ahead, based on current video and wireless communications technologies and trends to what we can expect to have available in terms of streaming video quality of service (QOS) and we used those predictions to conduct an experiment to determine if this assertion of improvement is true. Participants viewed a digital video with a data rate associated with a given transmission technology. They were asked to maintain their orientation by tracking the position of the camera on a paper floor plan diagram. They were also asked to identify a number of objects and place them in the correct room on the floor plan. The results show that participants found all conditions except the live walkthrough control condition to be extremely difficult with poor performance on both the spatial orientation task and the object identification task. Bandwidth does affect error as increased data rate improves performance. Rapid head rotations seem to be the largest contributor to disorientation, especially with low data rate video. Our results suggest that simply supplying video feedback to a remote observer may be useless at best or possibly damaging at worst. What is needed is not necessarily more bandwidth, but better interfaces and tools to help observers to remain oriented such that they can extract what is needed from the video stream.
Article
Full-text available
Next-generation cyberspace intrusion detection (ID) systems will require the fusion of data from myriad heterogeneous distributed network sensors to effectively create cyberspace situational awareness.
Article
maximum 200 words) This thesis research focused on the design, development, and implementation of an agent-based simulation of a Marine infantry squad in an urban environment. The goal was to design an autonomous-agent framework that could model a combatant's decision cycle. A squad entity comprised of these agents was created to explore the idea of team dynamics and the balance between meeting individual goals and team goals. The agents were placed in a two-dimensional, discrete-state, simulation world with a simple model of urban infrastructure. The squad goal was to patrol through the environment using checkpoints. The individual agent goals were to move to a destination and maintain the squad formation. The critical issues of agent movement were collision detection/avoidance, goal managing and forward planning. Distinguishing the agents by their role in the squad allowed a single agent to act as the squad leader. This agent was given the ability to plan a path to accomplish the squad's overall goal as a series of sub-goals, which was successful in getting the majority of the agents to their checkpoints in squad formation. The design of the simulation program facilitates further research in using autonomous agents to model small-units in an urban environment. 15. NUMBER OF PAGES 161 14. SUBJECT TERMS Autonomous agents, Computer Simulation, Urban Combat, Military Operations in Urban Terrain, Java, Software Engineering, Model-View-Controller Architecture 16. PRICE CODE 17. SECURITY CLASSIFICATION OF REPORT Unclassified 18. SECURITY CLASSIFICATION OF THIS PAGE Unclassified 19. SECURITY CLASSIFICATION OF ABSTRACT Unclassified 20. LIMITATION OF ABSTRACT UL NSN 7540-01-280-5500 Standard Form 298 (Rev. 2-89) Prescribed by ANSI Std. 239-18 ii THIS PAGE INTENT...
Article
Our military future will likely be radically different from our past. Consequently, military personnel can prepare for this future by investigating ways to adapt to novel challenges posed by new weapons, or new theories, or new organizations. This paper explores the problem of how joint task force staffs should reorganize to improve future command and control, in order to meet demands of the most likely future environment. The research methodology consisted of a literature search from a broad body of evidence. Sources included business literature, studies by organizations such as the Center for Naval Analyses, and research papers produced by other students. Several key changes envisioned for the military provide a foundation for the project and introduce future operational and environmental complexities. These changes include emerging international and national trends, such as increased MOOTW and growing military pressures to shrink but remain effective. Another trend, the revolution in military affairs, includes aspects like a system of systems and dominant battlespace awareness. Additionally, Joint Vision 2010 offers a conceptual view of future battlespace activities that are portrayed as markedly different from today s activities. Against this backdrop of change, two primary reasons for using military staffs information management and decision-making open a path to the heart of the paper and serve as a frame of reference for new organizational designs. Two metaphors offer vivid conceptual staff images. First, the ?Spider Plant? metaphor depicts a multifaceted organization with a core structure and many outlying satellite organizations; illustrating the potential for semi-autonomous operations. Second, the ?Brain? metaphor captures the essence of relationships between key organizational elements and shows natural applications of decentralized decisionmaking.
Article
Despite its crucial role in campaign planning, the center of gravity (COG) concept remains poorly understood and inconsistently applied. This research paper seeks to understand the common sources of confusion that can occur when the COG concept is employed. It investigates the extent to which these inconsistencies can be resolved and the implications for the employment of the concept when these inconsistencies persist. To address these core questions, the paper first highlights the confusions that are caused by an incomplete reading of Clausewitz's theoretical framework that underpins his magnum opus On War. The analysis then proceeds to distill the additional sources of confusion that can lead to disagreements during the employment of the concept. The paper discusses the contentious issues of inconsistency in definitions, misunderstandings regarding the nature of the COG concept, divergent Services perceptions, and finally, inconsistencies that are caused by the inherent unpredictability of war. The ideas are then applied historically to help understand the anomalies that arose during the Gulf War. Unlike previous studies which purport that much of the confusion can be easily removed by having clearer and more unambiguous definitions, the findings in this paper suggests otherwise; the sources of confusion are multifarious, and some may not even be amenable to complete resolution. The implication of having these enduring inconsistencies is neither to jettison the concept nor to return to a reductionist conception of the COG, but to confront non-linearities by applying the principles of systems thinking, superior leadership, and decisive action that is supported by a flexible feedback system.
Article
In an information-age military, the proper organizational orientation may no longer be one of command and control, but command or control. Historically, the military's response to new information technology has always been greater centralized control. Unfortunately, greater centralized control is the exact opposite of what is desired to maximize the benefits of information technology. As the tempo of operations increases, so does the demand for faster decision making. Information technology, however, is creating a faster information gathering cycle, but not a correspondingly faster decision making cycle. This creates an imbalance that can only be corrected by the proper organizational orientation which takes full advantage of information. The information-age military needs the shared information-gathering advantages of a networked organization with the decentralized decision-making advantages of a flattened hierarchical organization. Failure to adapt to a new organizational orientation of decentralized control may result in a US military unable to operate at the increased tempo of future warfare.
Article
About six years ago when Air Force Manual 1-1, "Basic Aerospace Doctrine of the U.S. Air Force," was being re-written, then-Lt Gen Michael Dugan, the Deputy Chief of Staff for Plans and Operations, proposed an unusual idea. Doctrine manuals were fine, but he wanted something brief and succinct, something that encapsulated the essence of airpower. His ultimate goal: to produce a list of principles or rules of airpower so succinct they would fit on a wallet-size card that airmen could carry in their pocket. My first reaction was one of skepticism. As a historian I had been taught to eschew simple solutions, formulas, models, and similar gimmicks that attempted to deal with complex problems. Yet, as one observer phrased it: "The consistency of the principles of war indicates that despite the doubts expressed by military theoreticians concerning their validity, they satisfy a deep need in military thinking. These "needs" are a psychological search for guidelines when in chaos, the tendency to apply scientific concepts of cause and effect to daily activities, and the desire for an understandable belief system to use as an educational tool for young officers.
Conference Paper
In computer and network security, standard approaches to intrusion detection and response attempt to detect and prevent individual attacks. However, it is not the attack but rather the attacker against which our networks must be defended. To do this, the information that is being provided by intrusion detection systems (IDS) must be gathered and then divided into its component parts such that the activity of individual attackers is made clear. Our approach to this involves the application of Bayesian methods to data being gathered from distributed IDS. With this we hope to improve the capabilities for early detection of distributed attacks against infrastructure and the detection of the preliminary phases of distributed denial of service attacks
Conference Paper
Airpower's strength lies in quickly striking the enemy directly where they are vulnerable while being unhampered by geography and surface forces. Airpower theory suggests the effects of these strikes propagate throughout an opponent's military system, yielding catastrophic output or strategic effects. Despite this theory being a cornerstone of US Air Force doctrine, current Air Force models do not seem to capture airpower's inherent strength. Since these models are used to support budgetary decision making, the US may not be funding the airpower capability it needs. The article focuses on developing an approach to capture strategic effects in models. The approach establishes a basis for the effects in military theory as well as the field of complex adaptive systems. Using these concepts as a foundation, a simulation model called the Hierarchical Interactive Theater Model (HITM) is constructed and exercised. HITM output depicts a cascading deterioration in force effectiveness and eventual total collapse resulting from destruction of vital targets. This outcome is consistent with the expected results of strikes against centers of gravity defined in Air Force doctrine, suggesting agent based modeling is an effective way to simulate strategic effects at the operational level of war
Conference Paper
The American military spends a great deal of its resources in efforts to outmatch potential opponents. Usually this takes the form of better equipment, morale and training. Nonetheless, the most important facet of the military operation is leadership. There are, however, few concrete methods that can be applied to lend the commander a reliable advantage. One such approach that has proven successful is that of increasing the operational tempo to a rate that cannot be matched by the adversary. This article presents a qualitative field investigation of an effort to introduce a group support system (GSS) into the daily work of the staff of the US Navy's Commander, Third Fleet (C3F or COMTHIRDFLT). This application is directly targeted at providing an operational advantage by speeding the commander's decision-action cycle.
Article
Over the last two decades there have been several process models proposed (and used) for data and information fusion. A common theme of these models is the existence of multiple levels of processing within the data fusion process. In the 1980's three models were adopted: the intelligence cycle; the JDL model; and the Boyd control. The 1990's saw the introduction of the Dasarathy model and the Waterfall model. However, each of these models has particular advantages and disadvantages. A new model for data and information fusion is proposed. This is the Omnibus model, which draws together each of the previous models and their associated advantages whilst managing to overcome some of the disadvantages. Where possible, the terminology used within the Omnibus model is aimed at a general user of data fusion technology to allow use by a distributed audience