To install StudyMoose App tap and then “Add to Home Screen”
Save to my list
Remove from my list
To understand why there is so much uncertainty in decision making for cyber security, the possible reasons which could be affecting the decision-making process and few methods which experts and analyst have used to overcome uncertainty in decision making.
War is the realm of uncertainty; three quarters of the factors on which action in war is based are wrapped in a fog of greater or lesser uncertainty. A sensitive and discriminating judgment is called for; a skilled intelligence to scent out the truth.
?Carl von Clausewitz
The above statement is the typical description of fog of war.
The uncertainty faced by military personals in operations, when they doubt their own capabilities and find it difficult to understand the rivals plan of action. In Cyber Security the term considered is cyberfog according to Alexander Kott in his article The Fog of War in Cyberspace. He says the information needs to be fragmented which would be a cyber adversary, but by increasing the fogginess the information could be compromised only partly.
Even if a cyber-attack happens the data will not be acquired fully as it will be stored in fragments. (cited in Alexander Kott 2016, p.1) In a fragmented storage there are chances of different types attacks, also the security operations would have to be more complex. In any operation it's difficult to understand the occurrence of attack, when there's ambiguity of which fragment is exploited and to defend the attack could be difficult.
The protection for such a system should be highly concealed.
On 26th June 2019 the Times of Israel released an article headlined "US cyber-attack on Iran shrouded in digital 'fog of war'". The article claims that US had a retaliatory attack on Iranian missile launch which cannot be proved. While the both the countries do not agree, it's the classic example for fog of war in our context. There are no clues or proves that are left in a cyber-attack. There is uncertainty on maybe there was an attack. There has been follow up article on 29th June 2019 "US cyber-attack on Iran exploited flaw in heavily-guarded network, experts say" which highlights that cyber-attacks have advanced so much that nothing is impenetrable. The article claims that there could have been a heavily guarded network or would have had an extensive preparation before the attack. However, from the incident the conclusion could be made that in real time, the cyber-attacks are highly weaponed.
According to the U.S. Department of Defence (DOD), information environment is defined as" the aggregate of individuals, organizations, and systems that collect, process, disseminate, or act on information.". When there is so many attributes to the information environment, then it becomes highly important to have a simple but confidential platform which can protect data breaches. The human interference ethically or unethically should not cause a damage to it. The environment should contain regularities and integrated operations for the protection of data.
There is uncertainty in decision making for cyber security due to the high risk involved in Information security management. Organisations don't invest as the operations involved with security management requires a huge amount of budget which they don't afford. Limited funds for the cyber security operations can cause higher inadvertent risks. The data breaches are a concern but to understand how critical it is to protect the information also becomes a concern.
The cyber security methodologies are evolving so is the threats. One doesn't know what and at what level to expect threat. The decision on whether the security is the responsibility of government or the organisation is also a difficulty. There are policies which cannot provide clarity to regulate the threat in a technical perspective. According to Benjamin Dean's "A Research Agenda to Improve Decision Making in Cyber Security Policy", he suggests that we could formulate policies in different levels of interventions to protect computer networks and systems. The cyber security policies can have financial loses depending on the threats and also its important to understand the structure and function of each policy to make decisions accordingly.
In other case there could be certain complex methodologies which takes time for analysis of the cyber-attack. Then that could eventually take a lot of time. To make the network stronger the security officers may develop interconnected network which can eventually take time in understanding the cause and then taking a proper action to it. The risk also involves the time taken to decide, the delays can make the system have an instability and head to ineffective decision making.
Uncertainty in decision making for cyber security is obvious, there is so much at stake, a lot of money gets involved and importantly the data is of higher priority amongst such severe pressure it's difficult to make the right choice. Preventing data from threats would be the right way to start. The organisation should not hesitate in investing on advanced cyber operation methodologies on protection of data. It's important to have the confidentiality of data given the highest priority. The cost could be more but at least the risk of cyber-attack is lesser. The environment should be built in way which cannot accept intrusions with much higher shielding capacity.
The decision makers for the cyber-attack retravel should have the advantages and disadvantages clear before taking any action. There needs to be a proper plan which incorporates the policies beneficial for the firm and technical structure about functioning.
Cyber-attack detection should also be given a priority. There must be proper awareness about the policies and clarity about the deterrence for malicious cyber-crimes. When the penalties are higher the occurrence could be reduced. The crimes might be irretraceable but at least the fear of heavy penalties and well-built detection system could stop attackers. Decision making in cyber security can be made certain.
1.Andrew Fielder , Sandra K?nig, Emmanouil Panaousis ID , Stefan Schauer and Stefan Rass (2018) Risk Assessment Uncertainties in Cybersecurity Investments MDPI June 2-14 Games
2.Mohammad S.Jalali, Michael Siegel,StuartMadnick (2019) Decision-making and biases in cybersecurity capability development: Evidence from a simulation game experiment [Online]28 (1)March Available at
3.Wikipedia Fog of War Available at
4.Alexander Kott, Ananthram Swami, and Bruce. J. West, US Army Research Laboratory (2016)
5. A. Shamir, "How to Share a Secret," Comm. ACM, vol. 22, no. 11, 1979, pp. 612-613.
6. The U.S. Department of Defence, in its publication Information Operations (2012, p. I-1)
7.Times of Israel (2019) US cyber attack on Iran shrouded in digital 'fog of war' available at
8. Times of Israel (2019) US cyber attack on Iran exploited flaw in heavily-guarded network, experts say Avaialable at
9. Benjamin Dean, Rose McDermott (april 2017) "A Research Agenda to Improve Decision Making inCyber Security Policy "Available at
10. Strategic Thinking Bucket The Fog of War Available at
11. Congressional Research Service (2018) Defense Primer: Information Operations [online] Available at
12. Benjamin Dean, Rose McDermott (2017) A Research Agenda to Improve Decision Making inCyber Security Policy Penn State Journal of Law & International Affairs [Online]5(1) April 34-71 Available at
13.Rosemary Tropeano (2019) Deterrence in Cyber, Cyber in Deterrence
14. Steven Metz (2018) In Today's Security Environment, Deterrence Is Becoming Personal
Clausewitz Fog of War. (2019, Nov 26). Retrieved from https://studymoose.com/task-1-clausewitz-fog-of-war-in-the-modern-enterprise-information-example-essay
👋 Hi! I’m your smart assistant Amy!
Don’t know where to start? Type your requirements and I’ll connect you to an academic expert within 3 minutes.
get help with your assignment