The increasing integration of digital technologies into military network systems has significantly enhanced operational capabilities, while simultaneously introducing new vulnerabilities associated with cyber threats. Modern military infrastructures rely on complex, interconnected systems that support command, control, communication, and information processing functions. As a result, disruptions affecting these systems can propagate rapidly, generating consequences that extend beyond technical failures and directly influence operational performance.
Cyber threats targeting military networks have evolved in both scale and sophistication, ranging from exploitation of software vulnerabilities to coordinated attacks designed to degrade critical functionalities. In this context, the analysis of cyber incidents cannot be limited to their technical characteristics alone. A comprehensive understanding requires the examination of how such incidents affect operational capabilities, including decision-making processes, situational awareness, and system coordination.
Despite the growing body of research in cybersecurity, a gap persists in the systematic modeling of the relationship between cyber threats and their operational impact. Existing approaches often emphasize detection and mitigation mechanisms, while providing limited analytical tools for assessing the extent to which cyber incidents influence mission effectiveness. This limitation reduces the ability of decision-makers to anticipate the consequences of cyber disruptions and to prioritize response actions accordingly.
The present study addresses this gap by proposing a structured approach to modeling the impact of cyber threats on operational capability in military network systems. The research focuses on identifying key dimensions of impact, analysing the mechanisms through which disruptions propagate within interconnected systems, and establishing a conceptual basis for quantifying operational degradation.
By integrating technical and operational perspectives, the paper aims to contribute to the development of analytical models capable of supporting both cybersecurity assessment and decision-making processes. The proposed approach enables a more precise evaluation of system vulnerability and provides a foundation for subsequent development of resilience-oriented strategies in military environments.
The research methodology applied in this study is based on a conceptual and analytical approach focused on the relationship between cyber threats and operational capability degradation in military network systems. The study was conducted in several stages.
The first stage consisted of reviewing existing literature related to cyber threat analysis, operational resilience, and cybersecurity impact assessment frameworks developed by organizations such as NIST, NATO CCDCOE, ENISA, and MITRE.
The second stage involved identifying the principal variables influencing operational impact, including threat intensity, system vulnerability, and response capacity. These variables were selected based on their recurrence in cybersecurity risk assessment models and their relevance to military operational environments.
The third stage focused on the development of a conceptual impact model describing the interaction between technical disruptions and operational consequences. The model integrates technical and operational dimensions in order to support analytical evaluation of mission degradation.
Finally, the study applies a simplified analytical representation using weighted indicators in order to demonstrate the applicability of the proposed approach in operational scenarios.
Military network systems operate within a highly contested and continuously evolving cyber environment, where adversarial actions are increasingly sophisticated, persistent, and strategically coordinated. Unlike civilian infrastructures, military systems are designed to function under conditions of operational stress, degraded communications, and adversarial interference. This context amplifies both the likelihood and the impact of cyber incidents, transforming them into critical factors that directly influence mission effectiveness (Ertan, Floyd, Pernik & Stevens, 2020).
The contemporary cyber threat landscape is characterized by a transition from opportunistic attacks to highly organized and goal-oriented operations. Advanced persistent threats (APTs) represent one of the most significant challenges, as they combine stealth, long-term access, and targeted exploitation of system vulnerabilities. These threats are typically conducted by well-resourced actors who aim not only to compromise systems, but to maintain persistent access and manipulate operational processes over extended periods (MITRE, 2024; ENISA, 2021). From a structural perspective, cyberattacks can be understood through models such as the cyber kill chain, which describes the sequential phases of an intrusion, including reconnaissance, weaponization, delivery, exploitation, installation, command and control, and actions on objectives (Hutchins, Cloppert & Amin, 2011).
Military network systems are characterized by high levels of interconnectivity and dependency between operational components. Such interdependencies may increase the propagation of cyber effects across network infrastructures (Bodeau, Graubart & Heinbockel, 2013). The propagation of cyber effects is particularly relevant in the context of mission-critical operations. For instance, a disruption in communication networks may lead to delays in information exchange, which in turn affects situational awareness and decision-making processes. Similarly, data integrity attacks can compromise the accuracy of operational information, leading to incorrect assessments and suboptimal decisions. These cascading effects highlight the necessity of analysing cyber threats not only at the technical level, but also in terms of their operational consequences (United States Department of Defense/DoD, 2023).
In addition to technical vulnerabilities, modern cyber threats increasingly exploit systemic and organizational weaknesses. The expansion of connected devices and loT-based components within networked environments also increases the attack surface, making baseline security measures essential for reducing exposure to cyber threats (ENISA, 2017). These include inadequate security policies, insufficient training, and lack of coordination between different operational units. As a result, cybersecurity must be understood as a multidimensional problem, encompassing technological, human, and organizational factors (ENISA, 2019).
Furthermore, the convergence of cyber and physical domains has introduced new dimensions of risk, particularly in the context of critical infrastructure protection. Military and governmental networks often interface with civilian infrastructures such as energy systems, transportation networks, and communication services. This interdependency creates additional attack vectors and increases the potential for cross-domain impact, where cyber incidents can trigger physical disruptions with significant operational implications (Linkov, Eisenberg & Plourde, 2013). Traditional cybersecurity approaches focused on prevention and detection remain essential; however, increasing system complexity requires complementary analytical frameworks capable of evaluating cascading operational effects and system resilience (NIST, 2024).
Recent research emphasizes the importance of adopting a resilience-oriented perspective, where the focus shifts from preventing all possible attacks to ensuring the continuity of operations under adverse conditions. This perspective requires the development of models capable of capturing the dynamic interactions between threats, vulnerabilities, and system responses. Such models must account for uncertainty, adaptability, and the nonlinear propagation of effects within complex network systems (Kott & Linkov, 2019). The Figure no. 1 illustrates the progression of cyberattacks through sequential phases, from initial reconnaissance to the execution of actions on objectives, based on the cyber kill chain model. It highlights how disruptions originating at the technical level propagate through interconnected system components, ultimately affecting operational functions such as command and control, situational awareness, and decision-making processes. The model emphasizes the cascading nature of cyber effects within complex military network systems.

Advanced Persistent Threat Lifecycle
(Source: Adapted from Wikimedia Commons, 2024)
Figure no. 1 illustrates the sequential evolution of a cyberattack within military network systems. The process begins with reconnaissance activities, where attackers collect information about network structure and vulnerabilities. During the weaponization and delivery phases, malicious payloads are prepared and introduced into the targeted environment. Exploitation and installation allow adversaries to establish unauthorized access and persistence. Once command and control mechanisms are established, attackers can manipulate network functions and affect operational processes. The final stage involves actions on objectives, where the cyberattack generates operational consequences such as communication disruption, degradation of situational awareness, and delays in decision-making. The model demonstrates how technical incidents progressively translate into operational impact.
Cyberattacks targeting military network systems generate effects that extend beyond technical disruption, influencing the overall performance of operational processes. The assessment of these effects requires a structured understanding of how cyber incidents translate into measurable degradation of mission capabilities. Rather than treating cybersecurity events as isolated technical failures, it is necessary to analyse their impact across multiple operational dimensions. This perspective is consistent with cyber defense approaches that emphasize situational awareness as a core requirement for understanding and responding to cyber events (Kott, Wang & Erbacher, 2014). Operational impact can be examined through several interrelated components, each reflecting a specific aspect of system functionality. One of the primary dimensions is system availability, which refers to the ability of network components to remain accessible and functional during and after a cyber incident. Disruptions affecting availability may result in delayed communications, interrupted data flows, and reduced coordination between operational units (NIST, 2020).
Another critical dimension is data integrity, which directly influences the reliability of information used in decision-making processes. Compromised data can lead to incorrect situational assessments, misinterpretation of operational conditions, and flawed command decisions. In military environments, even minor alterations in data accuracy may produce significant consequences due to the time-sensitive nature of operations (ENISA, 2021). Confidentiality also represents a relevant dimension, particularly in relation to intelligence and sensitive operational information. Unauthorized access to such data may not immediately disrupt system functionality, but can provide adversaries with strategic advantages that influence future operations. The impact of confidentiality breaches is therefore often indirect but strategically significant (ISO 27001, 2022).
A further dimension concerns communication reliability, which reflects the stability and consistency of information exchange between system components and operational units. Cyberattacks targeting communication channels may introduce delays, distortions, or complete loss of connectivity, thereby affecting synchronization and coordination across the operational environment (Cisco Systems, 2023). In addition to these technical and informational aspects, operational impact must also consider the dimension of decision-making efficiency. The ability of command structures to process information, evaluate alternatives, and issue timely decisions is highly dependent on the integrity and availability of networked systems. Cyber disruptions that affect these processes can lead to increased reaction times and reduced operational effectiveness (NATO, 2024).
The interdependence of these dimensions amplifies the overall impact of cyber incidents. A disruption in one area, such as communication, may trigger secondary effects on situational awareness and decision-making. This cascading behavior highlights the necessity of analysing operational impact as a systemic phenomenon rather than as a set of independent effects. The evaluation of operational impact requires the definition of measurable indicators capable of capturing both the severity and the propagation of cyber effects. These indicators must reflect not only technical performance, but also the functional consequences at the operational level. Establishing such indicators enables the transition from qualitative descriptions of impact to quantitative assessment models, which are essential for supporting analytical and decision-making processes. The identification of operational impact dimensions provides the foundation for structuring these indicators and for developing models that link cyber threats to mission degradation. This approach facilitates a more precise evaluation of system vulnerability and supports the prioritization of defensive and recovery measures based on their operational relevance.
Operational impact dimensions and associated assessment indicators
| Dimension | Description | Example Indicators | Measurement Approach |
|---|---|---|---|
| System Availability | Ability of systems to remain operational under attack | Downtime, service disruption rate | Time-based metrics |
| Data Integrity | Accuracy and consistency of operational data | Error rate, data corruption level | Statistical analysis |
| Confidentiality | Protection of sensitive information | Unauthorized access incidents | Incident frequency |
| Communication Reliability | Stability of data exchange and connectivity | Packet loss, latency | Network performance metrics |
| Decision-Making Efficiency | Ability to process information and respond effectively | Decision delay time, response latency | Operational performance analysis |
| System Interdependency | Degree of cascading effects across components | Number of affected subsystems | Dependency mapping |
The modeling of cyber threat impact on military network systems requires a structured approach capable of capturing both the technical characteristics of cyber incidents and their operational consequences. Given the complexity and interdependence of modern network architectures, impact cannot be represented through isolated variables, but must be analysed as a function of multiple interacting factors. Attack graph analysis offers a useful basis for examining how vulnerabilities and attack paths interact within complex network structures, supporting a more systematic understanding of potential compromise propagation (Noel & Jajodia, 2005). A fundamental premise of the proposed approach is that operational impact is determined by the interaction between three core elements: threat intensity, system vulnerability, and response capacity. These elements define the conditions under which a cyber incident evolves from a localized disruption to a broader degradation of operational capability. Threat intensity reflects the characteristics of the attack, including its sophistication, persistence, and scope. High-intensity threats, such as advanced persistent attacks or coordinated multi-vector intrusions, have a greater potential to penetrate defenses and affect critical components. System vulnerability represents the susceptibility of network elements to exploitation, influenced by factors such as architectural design, configuration weaknesses, and dependency structures. Response capacity refers to the ability of the system and the organization to detect, contain, and mitigate the effects of an attack within an acceptable timeframe. The relationship between these elements can be expressed through a functional model of operational impact:
I represents operational impact,
T denotes threat intensity,
V represents system vulnerability,
R corresponds to response capacity.
In analytical terms, the model suggests that operational impact increases proportionally with threat intensity and system vulnerability, while being inversely related to response capacity. This relationship provides a simplified yet effective representation of how cyber incidents influence system performance. To refine this representation, each variable can be decomposed into measurable components. Threat intensity may include factors such as attack duration, number of vectors, and level of coordination. System vulnerability can be assessed through metrics related to system exposure, patch status, and network topology. Response capacity may be quantified through detection time, response latency, and recovery speed.
An important characteristic of the model is its ability to capture cascading effects within interconnected systems. Due to the high level of interdependency between network components, disruptions affecting one element can propagate and amplify across the system. This behavior introduces nonlinear dynamics, where small initial disturbances may lead to significant operational consequences. The proposed modeling approach supports both qualitative analysis and quantitative evaluation. It enables the identification of critical points within the system, where vulnerabilities and threat exposure intersect, and where defensive measures can produce the greatest operational benefit. At the same time, it provides a conceptual basis for developing more advanced models, including simulation-based or probabilistic approaches.
The integration of technical parameters and operational considerations allows for a more comprehensive understanding of cyber impact. This perspective facilitates the transition from descriptive assessments of cyber incidents to structured analytical models capable of supporting decision-making processes in complex military environments.
This conceptual model provides a structured representation of the factors that shape cyber-induced operational degradation in military network systems. It highlights the nonlinear propagation of cyber effects across interconnected systems and emphasizes the role of response mechanisms in limiting impact escalation.
Figure no. 2 presents the interaction between threat intensity, system vulnerability, and response capacity in determining operational impact. An increase in threat intensity or system vulnerability leads to higher operational degradation, while effective response capacity reduces the propagation of cyber effects. The figure also highlights the nonlinear behavior of interconnected systems, where disruptions affecting one component may cascade toward other operational functions. This interaction demonstrates the importance of integrating technical analysis with operational assessment.

Conceptual model of cyber threat impact on operational capability
(Source: Adapted from Moulin, 2025)
The practical applicability of the proposed impact model depends on its ability to translate conceptual relationships into measurable parameters. In order to support analytical evaluation, the variables defining operational impact can be structured into a set of normalized indicators, allowing comparison across different systems and operational scenarios. The operational impact function can be further expressed in an expanded form, where each variable is decomposed into weighted components:
Ti represents individual threat factors,
Vi denotes associated vulnerability levels,
R corresponds to aggregated response capacity.
This formulation reflects the cumulative effect of multiple threat vectors interacting with system vulnerabilities, moderated by the effectiveness of response mechanisms. The use of weighted components allows the model to account for differences in threat relevance and system criticality. For analytical purposes, each variable can be assigned values within a normalized scale, typically ranging from 0 to 1 or from 1 to 5, depending on the level of granularity required. Threat intensity may be evaluated based on factors such as attack sophistication, duration, and coordination. Vulnerability levels can be assessed through system exposure, configuration weaknesses, and degree of interconnectivity. Response capacity may include detection time, response efficiency, and recovery capability. The model enables the identification of critical scenarios in which high-impact outcomes are likely to occur. For example, a system characterized by high vulnerability and low response capacity, when exposed to a coordinated attack, will generate a significantly higher impact score compared to a system with robust defensive mechanisms. This analytical representation allows decision-makers to prioritize resources and mitigation strategies based on quantified risk levels (ISO 27005, 2022).
In order to illustrate the application of the model, a simplified evaluation scenario can be considered. A military communication network subjected to a multi-vector cyberattack may be analysed by assigning values to each component. High threat intensity combined with moderate vulnerability and limited response capacity results in an elevated impact score, indicating a high risk of operational degradation. Conversely, improvements in detection and response mechanisms reduce the overall impact, even in the presence of significant threats. The analytical framework also supports sensitivity analysis, allowing the evaluation of how variations in individual parameters influence the overall impact. This capability is particularly relevant in operational planning, where different scenarios must be assessed under varying threat conditions. By adjusting model parameters, it becomes possible to simulate potential outcomes and to identify optimal configurations for enhancing system resilience. The proposed approach provides a bridge between theoretical modeling and practical application, offering a structured method for evaluating cyber-induced operational impact. It facilitates the integration of technical data into decision-support processes and contributes to the development of more adaptive and resilient military network systems (ISO 31000, 2018).
Table no. 2 illustrates a simplified application of the proposed model, where individual threat and vulnerability factors are assigned weighted values. The aggregated score reflects the overall operational impact, demonstrating how variations in response capacity influence the final outcome. The approach allows for comparative analysis across different scenarios and supports prioritization of mitigation measures.
Example of quantitative evaluation of operational impact
| Parameter | Value (Scale 1–5) | Weight | Weighted Score |
|---|---|---|---|
| Threat Intensity (T1) | 5 | 0.3 | 1.5 |
| Threat Persistence (T2) | 4 | 0.2 | 0.8 |
| System Vulnerability (V1) | 4 | 0.3 | 1.2 |
| Network Exposure (V2) | 3 | 0.2 | 0.6 |
| Response Capacity (R) | 2 | - | - |
The proposed approach to modeling cyber threat impact provides a structured perspective that integrates technical factors with operational consequences. Compared to traditional cybersecurity assessment methods, which focus primarily on detection and mitigation, the model emphasizes the relationship between threat dynamics, system vulnerabilities, and their effects on mission performance. This distinction is essential in military environments, where the ultimate objective is not only system protection, but the preservation of operational capability. Existing frameworks, such as those developed by NIST and ENISA, offer comprehensive guidelines for risk management and security assessment. However, these approaches are often oriented toward compliance and risk identification, rather than toward modeling the direct impact of cyber incidents on operational processes. The present model complements these frameworks by introducing a simplified analytical structure that links technical disruptions to measurable operational degradation (NIST, 2023; ENISA, 2022).
A notable advantage of the proposed model lies in its adaptability. By adjusting weighting coefficients and component variables, the model can be tailored to different types of systems, ranging from communication networks to command and control infrastructures. This flexibility allows its application across a wide spectrum of military and governmental environments, supporting both strategic planning and operational analysis.
From an analytical perspective, the model facilitates the identification of critical system components and high-risk scenarios. By quantifying the interaction between threat intensity and system vulnerability, it becomes possible to prioritize defensive measures and allocate resources more efficiently. This capability is particularly relevant in contexts where resources are limited and decision-making must be supported by clear and actionable information (NIST, 2012). At the same time, several limitations must be acknowledged. The model relies on the accurate estimation of input variables, including threat intensity and vulnerability levels, which may be difficult to quantify in real-world scenarios. Uncertainty in these estimations can influence the reliability of the final impact score. Additionally, the model simplifies complex system behaviors, particularly in relation to nonlinear propagation effects and interdependencies between network components.
Another limitation concerns the dynamic nature of cyber threats. Adversarial behavior is continuously evolving, which means that static models may not fully capture emerging attack patterns or adaptive strategies. Future developments should therefore focus on integrating real-time data and dynamic modeling techniques, such as simulation or machine learning-based approaches, to enhance predictive capabilities. From an operational standpoint, the model supports decision-making by providing a clear framework for evaluating cyber impact. It enables commanders and technical personnel to better understand how cyber incidents influence mission execution and to identify the most effective points of intervention. This contributes to a more proactive approach to cybersecurity, where the focus shifts from reactive defense to anticipatory and resilience-oriented strategies. The integration of technical and operational dimensions represents a key contribution of this study. By bridging the gap between cybersecurity analysis and operational evaluation, the proposed approach provides a foundation for the development of more advanced assessment tools capable of supporting complex military decision-making processes (Kott, 2013).
Compared to traditional cybersecurity frameworks such as the NIST Risk Management Framework and the MITRE ATT&CK model, the proposed approach focuses more explicitly on the relationship between cyber incidents and operational capability degradation. While NIST frameworks primarily support risk governance and security controls, and MITRE ATT&CK emphasizes adversarial tactics and techniques, the present model integrates operational impact assessment by linking threat intensity, system vulnerability, and response capacity within a unified analytical structure.
The analysis conducted in this study underlines the necessity of redefining cybersecurity assessment within military and governmental network systems, moving beyond purely technical considerations toward an integrated operational perspective. The increasing reliance on interconnected digital infrastructures has transformed cyber threats into decisive factors that directly affect mission execution, system reliability, and decision-making processes. Consequently, the evaluation of cybersecurity can no longer be limited to the identification of vulnerabilities or the detection of attacks, but must incorporate their potential to generate operational degradation (DoD, 2023; NIST, 2023). The proposed modeling approach provides a structured framework for analysing the impact of cyber threats by establishing a relationship between threat intensity, system vulnerability, and response capacity. This integration enables a more comprehensive understanding of how cyber incidents evolve and how their effects propagate within complex network systems. The formulation of operational impact as a measurable construct represents an important step toward the development of analytical tools capable of supporting decision-making processes in dynamic and uncertain environments (Linkov & Trump, 2019).
A central outcome of the study is the identification of the systemic nature of cyber impact. Operational degradation does not result from isolated technical failures, but from the interaction between multiple interdependent factors. The presence of cascading effects, driven by system interconnectivity and functional dependencies, amplifies the consequences of localized disruptions. This observation is consistent with recent research emphasizing the importance of resilience-oriented approaches that account for interdependencies and nonlinear system behavior (Linkov, Eisenberg & Plourde, 2013; Kott & Linkov, 2019). The applicability of the proposed model extends to a wide range of military and governmental contexts. By enabling the quantification of impact through weighted indicators, the model supports the prioritization of defensive measures and the allocation of resources based on operational relevance. This capability is particularly valuable in environments characterized by limited resources and high operational tempo, where rapid and informed decision-making is essential (NIST, 2012; Kott, 2013).
At the same time, the study acknowledges several limitations related to the estimation of input parameters and the simplification of complex system dynamics. The accuracy of the model depends on the availability of reliable data regarding threat characteristics, system vulnerabilities, and response performance. In practice, such data may be incomplete or subject to uncertainty, which can affect the precision of the resulting impact assessment. Furthermore, the model does not fully capture adaptive adversarial behavior or the dynamic evolution of cyber threats, which remain critical challenges in cybersecurity research (MITRE, 2024; ENISA, 2022). Future research directions should focus on enhancing the model through the integration of real-time monitoring data, simulation techniques, and advanced analytical methods. The incorporation of probabilistic approaches and machine learning techniques may improve the model’s ability to capture uncertainty and predict the evolution of cyber incidents. Additionally, the validation of the model through empirical studies and operational case analyses would contribute to strengthening its practical relevance and applicability (ENISA, 2021).
The broader implications of this work highlight the need for a paradigm shift in cybersecurity strategy. The transition from reactive defense mechanisms to proactive and resilience-oriented approaches is essential for maintaining operational continuity in contested cyber environments. The ability to anticipate and quantify the operational impact of cyber threats represents a critical capability for modern military and governmental systems. Developing and implementing analytical models such as the one proposed in this study contributes to enhancing system resilience and ensuring the effectiveness of mission-critical operations under adverse conditions (Linkov & Trump, 2019; Min & Yun, 2025).
