Balancing risk and reward interconnecting military simulators

Abstract

The purpose of this research has been to examine risk and uncertainty assessment for information technology within in relation to Full-Mission Simulator and the surrounding organization. Specifically, this study analyzes how potential risks and rewards can be assessed facing an operational need interconnecting Full-Mission Simulator with an external Norwegian simulator system. This thesis aims to answer the main research question: What degree of risk exposure is acceptable given the rewards offered by interconnecting military simulator systems? The research design of this study is a qualitative case-study, and an attempt to understand the context for our problem. The main strength of this study is internal validity with insightful data, while the main weakness is external validity as this study is tailored for this case specifically. Literature review and semi-structured methods are used to answer the research questions. Empirical findings are based on relevant government documents for IT security management, relevant publications, and theory from previous research and 4 interviews. The study concludes that a higher risk exposure is appropriate, taking the advantage of opportunities when enabling information sharing between simulators in a controlled environment. Risk exposure is considered to still be at a controllable level. This study finds that rules and regulations for information exchange provides flexibility as needed. The ability to share can be achieved through a cross-domain solution, specifically with a selected guard for this thesis providing interoperability and specific implementation for required information. The willingness to share requires a solid level of trust for IT security management. Developing the thrust relation can give increased room for maneuver. If failure to do so, this study finds that Risk Management Framework and the roles of authorization can become a risk minimizing activity rather than an activity which support the decision-makers finding the ideal risk level. This study has several cautionary findings which aligns with earlier reports about Norwegian Defense transforming to Network Based Defense. Developing information sharing in this environment can be valuable knowledge for both organizations and is aligned towards Live-Virtual-Constructive training as well as strategical transformation to Network Based Defense and Multi-Domain Battlefield.