a term borrowed from military doctrine that refers to the process of analyzing target vulnerabilities and matching them with specific cyber capabilities (weapons) to achieve a desired effect or objective
a term borrowed from military doctrine that refers to the process of analyzing target vulnerabilities and matching them with specific cyber capabilities (weapons) to achieve a desired effect or objective
Application to Cyber: In the cyber domain, the principles are analogous: Target Analysis: Identifying and characterizing critical systems, networks, or data (targets) and their vulnerabilities. Capability Matching: Selecting or developing the most appropriate cyber "weapon" (e.g., malware, exploit, or a specific technique) to exploit those vulnerabilities. Effect Estimation: Predicting the intended outcome (e.g., disruption, denial, degradation, destruction, or manipulation of data/systems) and assessing potential unintended consequences or "collateral damage". Planning: Integrating the selected cyber capabilities into a broader operational plan to achieve strategic or tactical objectives.