Analysis and Assessment of Situational Awareness Models for National Cyber Security Centers

National cyber security centers (NCSCs) are gaining more and more importance to ensure the security and proper operations of critical infrastructures (CIs). As a prerequisite, NCSCs need to collect, analyze, process, assess and share security-relevant information from infrastructure operators. A vital capability of mentioned NCSCs is to establish Cyber Situational Awareness (CSA) as a precondition for understanding the security situation of critical infrastructures. This is important for proper risk assessment and subsequent reduction of potential attack surfaces at national level. In this paper, we therefore survey theoretical models relevant for Situational Awareness (SA) and present a collaborative CSA model for NCSCs in order to enhance the protection of CIs at national level. Additionally, we provide an application scenario to illustrate a handson case of utilizing a CSA model in a NCSC, especially focusing on information sharing. We foresee this illustrative scenario to aid decision makers and practitioners who are involved in establishing NCSCs and cyber security processes on national level to better understand the specific implications regarding the application of the CSA model for NCSCs.

[1]  David B. Kaber,et al.  The effects of level of automation and adaptive automation on human performance, situation awareness and workload in a dynamic control task , 2004 .

[2]  George P. Tadda,et al.  Overview of Cyber Situation Awareness , 2010, Cyber Situational Awareness.

[3]  H. Artman,et al.  Team situation assessment and information distribution , 2000, Ergonomics.

[4]  Cyril Onwubiko,et al.  Situational Awareness in Computer Network Defense: Principles, Methods and Applications , 2012 .

[5]  George L. Kaempf,et al.  Decision Making in the AEGIS Combat Information Center , 1993 .

[6]  Robert F. Mills,et al.  Developing Systems for Cyber Situational Awareness , 2009 .

[7]  Peng Xie,et al.  Network-Wide Awareness , 2014, Cyber Defense and Situational Awareness.

[8]  Berndt Brehmer,et al.  The Dynamic OODA Loop : Amalgamating Boyd ’ s OODA Loop and the Cybernetic Approach to Command and Control ASSESSMENT , TOOLS AND METRICS , 2005 .

[9]  Gregory J. Conti,et al.  Towards a cyber common operating picture , 2013, 2013 5th International Conference on Cyber Conflict (CYCON 2013).

[10]  Mica R. Endsley,et al.  Toward a Theory of Situation Awareness in Dynamic Systems , 1995, Hum. Factors.

[11]  Evan L Raulerson Modeling Cyber Situational Awareness Through Data Fusion , 2013 .

[12]  Mica R. Endsley,et al.  Situation awareness global assessment technique (SAGAT) , 1988, Proceedings of the IEEE 1988 National Aerospace and Electronics Conference.

[13]  Eric A. M. Luiijf,et al.  Nineteen national cyber security strategies , 2013, Int. J. Crit. Infrastructures.

[14]  John R. Boyd,et al.  The Essence of Winning and Losing , 2012 .

[15]  Ulrik Franke,et al.  Cyber situational awareness - A systematic review of the literature , 2014, Comput. Secur..

[16]  P. Biernacki,et al.  Snowball Sampling: Problems and Techniques of Chain Referral Sampling , 1981 .