To understand why there is so much uncertainty in decision making for cyber security, the possible reasons which could be affecting the decision-making process and few methods which experts and analyst have used to overcome uncertainty in decision making.
War is the realm of uncertainty; three quarters of the factors on which action in war is based are wrapped in a fog of greater or lesser uncertainty. A sensitive and discriminating judgment is called for; a skilled intelligence to scent out the truth.
?Carl von Clausewitz
The above statement is the typical description of fog of war. The uncertainty faced by military personals in operations, when they doubt their own capabilities and find it difficult to understand the rivals plan of action. In Cyber Security the term considered is cyberfog according to Alexander Kott in his article The Fog of War in Cyberspace. He says the information needs to be fragmented which would be a cyber adversary, but by increasing the fogginess the information could be compromised only partly.
Even if a cyber-attack happens the data will not be acquired fully as it will be stored in fragments. (cited in Alexander Kott 2016, p.1) In a fragmented storage there are chances of different types attacks, also the security operations would have to be more complex. In any operation it’s difficult to understand the occurrence of attack, when there’s ambiguity of which fragment is exploited and to defend the attack could be difficult.
The protection for such a system should be highly concealed.
On 26th June 2019 the Times of Israel released an article headlined “US cyber-attack on Iran shrouded in digital ‘fog of war'”. The article claims that US had a retaliatory attack on Iranian missile launch which cannot be proved. While the both the countries do not agree, it’s the classic example for fog of war in our context. There are no clues or proves that are left in a cyber-attack. There is uncertainty on maybe there was an attack. There has been follow up article on 29th June 2019 “US cyber-attack on Iran exploited flaw in heavily-guarded network, experts say” which highlights that cyber-attacks have advanced so much that nothing is impenetrable. The article claims that there could have been a heavily guarded network or would have had an extensive preparation before the attack. However, from the incident the conclusion could be made that in real time, the cyber-attacks are highly weaponed.
According to the U.S. Department of Defence (DOD), information environment is defined as” the aggregate of individuals, organizations, and systems that collect, process, disseminate, or act on information.”. When there is so many attributes to the information environment, then it becomes highly important to have a simple but confidential platform which can protect data breaches. The human interference ethically or unethically should not cause a damage to it. The environment should contain regularities and integrated operations for the protection of data.
There is uncertainty in decision making for cyber security due to the high risk involved in Information security management. Organisations don’t invest as the operations involved with security management requires a huge amount of budget which they don’t afford. Limited funds for the cyber security operations can cause higher inadvertent risks. The data breaches are a concern but to understand how critical it is to protect the information also becomes a concern.
The cyber security methodologies are evolving so is the threats. One doesn’t know what and at what level to expect threat. The decision on whether the security is the responsibility of government or the organisation is also a difficulty. There are policies which cannot provide clarity to regulate the threat in a technical perspective. According to Benjamin Dean’s “A Research Agenda to Improve Decision Making in Cyber Security Policy“, he suggests that we could formulate policies in different levels of interventions to protect computer networks and systems. The cyber security policies can have financial loses depending on the threats and also its important to understand the structure and function of each policy to make decisions accordingly.
In other case there could be certain complex methodologies which takes time for analysis of the cyber-attack. Then that could eventually take a lot of time. To make the network stronger the security officers may develop interconnected network which can eventually take time in understanding the cause and then taking a proper action to it. The risk also involves the time taken to decide, the delays can make the system have an instability and head to ineffective decision making.
Uncertainty in decision making for cyber security is obvious, there is so much at stake, a lot of money gets involved and importantly the data is of higher priority amongst such severe pressure it’s difficult to make the right choice. Preventing data from threats would be the right way to start. The organisation should not hesitate in investing on advanced cyber operation methodologies on protection of data. It’s important to have the confidentiality of data given the highest priority. The cost could be more but at least the risk of cyber-attack is lesser. The environment should be built in way which cannot accept intrusions with much higher shielding capacity.
The decision makers for the cyber-attack retravel should have the advantages and disadvantages clear before taking any action. There needs to be a proper plan which incorporates the policies beneficial for the firm and technical structure about functioning.
Cyber-attack detection should also be given a priority. There must be proper awareness about the policies and clarity about the deterrence for malicious cyber-crimes. When the penalties are higher the occurrence could be reduced. The crimes might be irretraceable but at least the fear of heavy penalties and well-built detection system could stop attackers. Decision making in cyber security can be made certain.
1.Andrew Fielder , Sandra K?nig, Emmanouil Panaousis ID , Stefan Schauer and Stefan Rass (2018) Risk Assessment Uncertainties in Cybersecurity Investments MDPI June 2-14 Games
2.Mohammad S.Jalali, Michael Siegel,StuartMadnick (2019) Decision-making and biases in cybersecurity capability development: Evidence from a simulation game experiment [Online]28 (1)March Available at
3.Wikipedia Fog of War Available at
4.Alexander Kott, Ananthram Swami, and Bruce. J. West, US Army Research Laboratory (2016)
5. A. Shamir, “How to Share a Secret,” Comm. ACM, vol. 22, no. 11, 1979, pp. 612-613.
6. The U.S. Department of Defence, in its publication Information Operations (2012, p. I-1)
7.Times of Israel (2019) US cyber attack on Iran shrouded in digital ‘fog of war’ available at
8. Times of Israel (2019) US cyber attack on Iran exploited flaw in heavily-guarded network, experts say Avaialable at
9. Benjamin Dean, Rose McDermott (april 2017) “A Research Agenda to Improve Decision Making inCyber Security Policy “Available at
10. Strategic Thinking Bucket The Fog of War Available at
11. Congressional Research Service (2018) Defense Primer: Information Operations [online] Available at
12. Benjamin Dean, Rose McDermott (2017) A Research Agenda to Improve Decision Making inCyber Security Policy Penn State Journal of Law & International Affairs [Online]5(1) April 34-71 Available at
13.Rosemary Tropeano (2019) Deterrence in Cyber, Cyber in Deterrence
14. Steven Metz (2018) In Today’s Security Environment, Deterrence Is Becoming Personal
Essay Writing Service Features
Our Experience
No matter how complex your assignment is, we can find the right professional for your specific task. Contact Essay is an essay writing company that hires only the smartest minds to help you with your projects. Our expertise allows us to provide students with high-quality academic writing, editing & proofreading services.
Free Features
Free revision policy
$10Free bibliography & reference
$8Free title page
$8Free formatting
$8How Our Essay Writing Service Works
First, you will need to complete an order form. It's not difficult but, in case there is anything you find not to be clear, you may always call us so that we can guide you through it. On the order form, you will need to include some basic information concerning your order: subject, topic, number of pages, etc. We also encourage our clients to upload any relevant information or sources that will help.
Complete the order form
Once we have all the information and instructions that we need, we select the most suitable writer for your assignment. While everything seems to be clear, the writer, who has complete knowledge of the subject, may need clarification from you. It is at that point that you would receive a call or email from us.
Writer’s assignment
As soon as the writer has finished, it will be delivered both to the website and to your email address so that you will not miss it. If your deadline is close at hand, we will place a call to you to make sure that you receive the paper on time.
Completing the order and download