Fuzzy Multiple Criteria Workflow Robustness and Resiliency Modeling with Petri Nets

The increasing complexity and tight coupling between people and computer systems in military operations has led to improved efficiency, as well as greater vulnerability due to system failure. Careful management of workflow systems can minimize operational vulnerability in command and control. Tavana et al. (2011) developed a workflow management framework capable of both modeling structure and providing a wide range of quantitative analysis with high-level Petri nets (PNs). The framework is based on a sustainability index that captures the concepts of self-protecting and self-healing systems. This index uses crisp numerical values to measure the robustness and resiliency of the system. However, the observed values of data in real-world military operations are often imprecise or vague. These inexact data can be represented by fuzzy numbers to reflect the decision makers’ intuition and subjective judgments. In this paper, the authors extend this model to a fuzzy framework by proposing a new fuzzy workflow modeling system with PNs. The new model plots the fuzzy robustness and resiliency measures in a Cartesian coordinate system and derives an overall fuzzy sustainability index for the system based on the theory of displaced ideals. The proposed model also considers multiple criteria to produce this fuzzy index

A Fuzzy Cyber-Risk Analysis Model for Assessing Attacks on the Availability and Integrity of the Military Command and Control Systems

The increasing complexity in Military Command and Control (C2) systems has led to greater vulnerability due to system availability and integrity caused by internal vulnerabilities and external threats. Several studies have proposed measures of availability and integrity for the assets in the C2 systems using precise and certain measures (i.e., the exact number of attacks on the availability and the integrity, the number of countermeasures for the availability and integrity attacks, the effectiveness of the availability and integrity countermeasure in eliminating the threats, and the financial impact of each attack on the availability and integrity of the assets). However, these measures are often uncertain in real-world problems. The source of uncertainty can be vagueness or ambiguity. Fuzzy logic and fuzzy sets can represent vagueness and ambiguity by formalizing inaccuracies inherent in human decision-making. In this paper, the authors extend the risk assessment literature by including fuzzy measures for the number of attacks on the availability and the integrity, the number of countermeasures for the availability and integrity attacks, and the effectiveness of the availability and integrity countermeasure in eliminating these threats. They analyze the financial impact of each attack on the availability and integrity of the assets and propose a comprehensive cyber-risk assessment system for the Military C2 in the fuzzy environment