The personal computer, and cyber technology in general, opens the doors to the world. Unless an organization can cultivate the flexibility to adapt its processes to the demands of this new technology, it could diminish its capability to execute effective protective and responsive countermeasures against malevolent or unwanted cyber intrusion. In this paper, we define and use the term cyberinfrastructure system to connote a generalized complex, large-scale cyberinfrastructure network that includes hardware, software, organizational policies and procedures, and that is connected to the Internet (e.g., by means of telephone lines, wireless devices, and high-speed technology). Following a malevolent cyber attack, the original cyberinfrastructure security model could have been (unbeknownst to the system’s operators) perturbed and changed, not by its designers, but by adversaries. In other words, the road-map design of the cyberinfrastructure system, which connotes the policies, procedures, methods, connections, and other human and organizational activities that define the functionality of the cyberinfrastructure system, could have been changed following a malevolent cyber attack. Resilience of a cyberinfrastructure system, which is central to its security, is defined as the ability of the system to withstand a major disruption within acceptable degradation parameters and to recover within an acceptable composite cost and time. The central role of systems integration in cyber security is highlighted because it not only connotes the integration of components, but also involves an understanding of the functionality that emerges from that integration. Systems modeling is indispensable in developing awareness when a cyberinfrastructure is intruded and is being violated. Cyberinfrastructure security is essentially multidimensional and of multi-scale compositions—from molecular to macro dimensions—and its wholeness is characterized by multiple and varied paths of interdependence. Thus, this paper advocates a holistic approach as requisite to understanding not only its myriad parts and functionality but also the forced changes imposed upon it both from within and without its domains. Furthermore, models can play a central role in intrusion detection, thus enabling information managers to develop protective and remedial courses of action. They can also be used to answer a wide range of questions, including how to deceive would-be intruders and lead them to believe they are inflicting damage on the real intended system. Through logically organized and systemically executed models, the Phantom System Models (PSM) laboratory, introduced in Section I, is aimed at providing a reasoned experimental modeling framework with which to explore and thus understand the intricate relationships that characterize the nature of multi-scale emergent systems.
©2011 Walter de Gruyter GmbH & Co. KG, Berlin/Boston