In this work, we presented an agent-based modeling framework to study malware spread in mobile tactical networks. Our primary goal was to fill a gap in existing models of MTNs, namely the connection between organizational structure, movement patterns, and cybersecurity. We achieved that through a framework that includes militaryinspired models of hierarchical command structure, unit movement, communication over short-range radio, self-propagating malware, and anti-malware defensive mechanisms. Depending on application-specific needs, our framework could be coupled with higher-fidelity models of mission and task definitions, the tactical environment and terrain, wireless communication, or cyber attack and defense. The interplay between hierarchical command and control and group mobility is the key concept behind our framework. The hierarchical organization of tactical units, sub-tasking of tactical orders, and highly-structured and coordinated movement and behavior are fundamental principles of military strategy, yet the relationships between them and their impact on cybersecurity are not captured by existing models of mobile tactical networks. As previous work has demonstrated, agent-based modeling is particularly well-suited for representing the complex organizational and spatial structures inherent to military operations, especially MTNs. Our results further support this claim, while additionally capturing these key relationships and inter-dependencies. We implemented our framework in Java, as well as several example scenarios representing military units equipped with Bluetooth-enabled mobile devices engaged in tactical operations on a synthetic battlefield. In one scenario, soldiers stationed at outposts around the periphery of a town conduct excursions into the town seeking out and engaging with enemy soldiers. Another scenario considers companies being deployed and redeployed to different towns connected by a road network, some of which are controlled by the enemy and some of which are under allied control. In a third scenario, companies stationed at an FOB are deployed on attack, patrol, or exploratory missions. In a series of experiments, we used our implementation to explore cybersecurity issues under one of the scenarios. In the first experiment, we found that malware spread under our military-inspired hierarchical mobility model exhibits complex dynamics that are not captured by common mobility models such as Random Walk and Random Waypoint, suggesting that caution should be taken in transferring existing results for malware spread in MANETs to the tactical domain. In the next experiment, we evaluated the relative effectiveness of several defensive strategies in slowing the rate of malware spread, in particular exploring the trade-off between robustness of security and adverse impact on tactical capabilities. Our final experiment considered the effectiveness of cyber defense strategies when there is not 100% adoption or compliance. The results indicate that technological solutions that enforce compliance, even if resources are only available for partial adoption, may be more effective than widely-adopted policy solutions that only garner partial compliance. We note that the experimental results presented in this
work should be interpreted qualitatively, as they are highly dependent on contextual and environmental parameters. Their purpose here is to illustrate the benefits of agentbased modeling for representing the complex hierarchical and spatial structures inherent to MTNs and to highlight the need for more extensive research to better understand the risks that the growing threat of cyber attack poses for military operations. We encourage others to incorporate the core principles of our framework into existing tools along with higher-fidelity models of other aspects of MTNs, giving military leaders a more accurate and comprehensive system with which to evaluate cyber defense strategies, thus enabling them to make more informed decisions when trying to secure MTNs against cyber attack. This research was performed in part while the authors were affiliated with the U.S. Army Research Laboratory. The authors’ affiliation with The MITRE Corporation is provided for identification purposes only, and is not intended to convey or imply MITRE’s concurrence with, or support for, the positions, opinions or viewpoints expressed by the authors.