1 of 11

Cyber Risk to Mission (CRM) �Command and Control (C2)

Dr. David S. Alberts

Senior Fellow

Institute for Defense Analyses

 

presented to the

30th ICCRTS

Swedish Defence University

3-6 November 2025, Stockholm. Sweden

2 of 11

Power of a Cyber Enabled, Networked Force

  1. Cyber Capabilities have created networked forces and revolutionized military operations
  2. Co-evolution of Organization and Doctrine, especially C2 Approaches, have leveraged these capabilities to dramatically increase Competitive Advantage

3 of 11

Impact of Loss of �Cyber and Cyber Enabled Capabilities

4 of 11

CRM C2 Analysis

CRM C2 Analysis involves the simultaneous analysis of

both Cyber Risk and a Mission Risk Analysis

as these analyses are interdependent

“Mission Critical Cyber Capabilities Damaged and not Restored

in a Timely Manner” provides the link between

cyber-enabled and mission effectiveness.

Potential Threats and Hazards

Events

Damage to Critical Cyber Enabled Capability

Cyber Damage Not Restored �in a Timely Manner

Potential Impact on Mission

Impact Mitigation/ Adaptation

Impact on Mission

Cyber

Risk

To

Mission

Deterrence & Prevention Strategy

Damage Assessment & Response

Restoration & Recovery

Risk�Judgement

Risk Management

Cyber Risk AssessmentDetermining Extent/Duration of Damage to Cyber-Enabled Capabilities

Mission Risk AssessmentDetermining Mission Impact of Degraded Capabilities

5 of 11

Cyber and Mission Risk Analysis Interdependencies�

  • Cyber C2 decision quality is a function of the appropriateness of the adopted C2 Approach
  • Mission Outcomes depend upon Mission Agility
  • Mission Agility depends upon effective design and employment of PACE Plans

6 of 11

CRM Multi-Domain C2 Approach Space

7 of 11

CRM C2 Multi-Domain Arrangements Considered

8 of 11

CRM C2 Arrangements and Awareness�

  • Arrangements differ in their harmonization levels which impact the degree to which they possess Shared Awareness
  • It is assumed that Local Forces have slightly more accurate perceptions re: which Cyber Assets are Mission Critical
  • It is assumed that the Mission Force understands Cyber Assets PACE Plan associations

9 of 11

CRM C2 Decisions

  • The efficiency and effectiveness of these decisions depends upon information that is not organic, thus sharing of information is needed to made the best decisions
  • Proposition: CRM C2 Approaches with higher levels of harmonization should result in greater shared awareness, more appropriate decisions, and ultimately lower CRM.

10 of 11

CRM Parametric Model Results

11 of 11

The Value of Perfect Information

Probability of Correct Perception =.8

Probability of Correct Perception =.8