Cyber Situational Awareness Testing

In the cyber security landscape, the human ability to comprehend and adapt to existing and emerging threats is crucial. Not only technical solutions, but also the operator’s ability to grasp the complexities of the threats affect the level of success or failure that is achieved in cyber defence. In this paper we discuss the general concept of situation awareness and associated measurement techniques. Further, we describe the cyber domain and how it differs from other domains, and show how predictive knowledge can help improve cyber defence. We discuss how selected existing models and measurement techniques for situation awareness can be adapted and applied in the cyber domain to measure actual levels of cyber situation awareness. We identify generic relevant criteria and other factors to consider, and propose a methodology to set up cyber situation awareness measurement experiments within the context of simulated cyber defence exercises. Such experiments can be used to test the viability of different cyber solutions. A number of concrete possible experiments are also suggested.

[1]  Thomas D. Hardiman,et al.  A Comparative Analysis of Sagat and Sart for Evaluations of Situation Awareness , 1998 .

[2]  H. Artman,et al.  Team situation assessment and information distribution , 2000, Ergonomics.

[3]  Hannes Holm,et al.  Baltic Cyber Shield : Research from a Red Team versus Blue Team Exercise , 2012 .

[4]  Marcus A. Maloof,et al.  elicit: A System for Detecting Insiders Who Violate Need-to-Know , 2007, RAID.

[5]  Robert F. Mills,et al.  How the Cyber Defense Exercise Shaped an Information-Assurance Curriculum , 2007, IEEE Security & Privacy.

[6]  Mica R. Endsley,et al.  A Survey of Situation Awareness Requirements in Air-to-Air Combat Fighters , 1993 .

[7]  Markus Buschle,et al.  Experimental Evidence on Decision-Making in Availability Service Level Agreements , 2016, IEEE Transactions on Network and Service Management.

[8]  Tobias Höllerer,et al.  Effects of Information Availability on Command-and-Control Decision Making , 2016, Hum. Factors.

[9]  D. Jacobson Teaching information warfare with lab experiments via the Internet , 2004, 34th Annual Frontiers in Education, 2004. FIE 2004..

[10]  E. Jeannot,et al.  The Development of Situation Awareness Measures in ATM Systems , 2003 .

[11]  M. R. Houck,et al.  Tools for assessing situational awareness in an operational fighter environment. , 1994, Aviation, space, and environmental medicine.

[12]  Mica R. Endsley,et al.  Situation awareness information requirements for en route air traffic control. , 1994 .

[13]  Johanna Weiss,et al.  Conquest In Cyberspace National Security And Information Warfare , 2016 .

[14]  Mica R. Endsley,et al.  Toward a Theory of Situation Awareness in Dynamic Systems , 1995, Hum. Factors.

[15]  Mathias Ekstedt,et al.  Success Rate of Remote Code Execution Attacks - Expert Assessments and Observations , 2012, J. Univers. Comput. Sci..

[16]  Klaus Eyferth,et al.  Securing future ATM-concepts' safety by measuring situation awareness in ATC , 2003 .

[17]  Mica R. Endsley,et al.  Measurement of Situation Awareness in Dynamic Systems , 1995, Hum. Factors.

[18]  Guy H. Walker,et al.  What really is going on? Review of situation awareness models for individuals and teams , 2008 .

[19]  Laura D. Strater,et al.  Situation Awareness Requirements for Infantry Platoon Leaders , 2004 .

[20]  Thomas V. Bonoma,et al.  Fun and Games , 1978 .

[21]  W HumphriesJeffrey,et al.  Using an isolated network laboratory to teach advanced networks and security , 2001 .

[22]  John M. Flach,et al.  Situation Awareness: Proceed with Caution , 1995, Hum. Factors.

[23]  A. Power,et al.  Cybercrime: The Psychology of Online Offenders , 2013 .

[24]  Mica R. Endsley,et al.  Situation awareness global assessment technique (SAGAT) , 1988, Proceedings of the IEEE 1988 National Aerospace and Electronics Conference.

[25]  John Piggott,et al.  Situational awareness and safety , 2001 .

[26]  Michael A. Vidulich,et al.  Testing a Subjective Metric of Situation Awareness , 1991 .

[27]  B. McGuinness,et al.  Quantitative Analysis of Situational Awareness (QUASA): Applying Signal Detection Theory to True/False Probes and Self-Ratings , 2004 .

[28]  David N. Hogg,et al.  Development of a situation awareness measure to evaluate advanced alarm systems in nuclear power plant control rooms , 1995 .

[29]  Ulrik Franke,et al.  Cyber situational awareness - A systematic review of the literature , 2014, Comput. Secur..

[30]  Kip Smith,et al.  Situation Awareness Is Adaptive, Externally Directed Consciousness , 1995, Hum. Factors.

[31]  Michael D. Matthews,et al.  Assessing Situation Awareness in Field Training Exercises , 2002 .

[32]  K. Dennehy,et al.  Cranfield situation awareness scale , 1997 .

[33]  Phillip L. Morgan,et al.  Approaches to understanding, analysing and developing situation awareness , 2010 .

[34]  S. S. Steivens Measurement, Statistics, and the Schemapiric View , 1968 .

[35]  Danko Nikolić,et al.  SITUATION AWARENESS AS A PREDICTOR OF PERFORMANCE IN EN ROUTE AIR TRAFFIC CONTROLLERS , 1998 .

[36]  Guy H. Walker,et al.  Measuring Situation Awareness in complex systems: Comparison of measures study , 2009 .

[37]  Nancy J. Cooke,et al.  Measuring team situation awareness in decentralized command and control environments , 2006, Ergonomics.

[38]  David Woods,et al.  Situation Awareness: A Critical But Ill-Defined Phenomenon , 1991 .

[39]  Eduardo Salas,et al.  Situation Awareness in Team Performance: Implications for Measurement and Training , 1995, Hum. Factors.

[40]  Joel Brynielsson An information assurance curriculum for commanding officers using hands-on experiments , 2009, SIGCSE '09.

[41]  Teodor Sommestad,et al.  Cyber Security Exercises and Competitions as a Platform for Cyber Security Experiments , 2012, NordSec.

[42]  Lynn Carroll Desperately Seeking SA , 1992 .

[43]  C. Wickens,et al.  Situation Awareness, Mental Workload, and Trust in Automation: Viable, Empirically Supported Cognitive Engineering Constructs , 2008 .

[44]  B. Buchanan,et al.  Attributing Cyber Attacks , 2015 .

[45]  M. Endsley Situation Awareness Misconceptions and Misunderstandings , 2015 .

[46]  John R. Raser,et al.  Simulation and society : an exploration of scientific gaming , 1969 .

[47]  G. Bedny,et al.  Theory of Activity and Situation Awareness , 1999 .

[48]  Neville Stanton,et al.  Situation awareness measurement: a review of applicability for C4i environments. , 2006, Applied ergonomics.

[49]  Udo W. Pooch,et al.  Using an isolated network laboratory to teach advanced networks and security , 2001, SIGCSE '01.

[50]  R. M. Taylor,et al.  Situational Awareness Rating Technique (Sart): The Development of a Tool for Aircrew Systems Design , 2017 .

[51]  Kip Smith,et al.  Situation awareness: some remaining questions , 2010 .

[52]  G.W. Romney,et al.  A teaching prototype for educating IT security engineers in emerging environments , 2004, Information Technology Based Proceedings of the FIfth International Conference onHigher Education and Training, 2004. ITHET 2004..

[53]  Mica R. Endsley,et al.  Theoretical Underpinnings of Situation Awareness, A Critical Review , 2000 .

[54]  Mica R. Endsley,et al.  Design and Evaluation for Situation Awareness Enhancement , 1988 .