A task analysis toward characterizing cyber-cognitive situation awareness (CCSA) in cyber defense analysts

Cyberspace is an increasingly crucial part of everyday living. We have long recognized that defending this space is complex, requiring information integration, and decisions of man and machine to coalesce in a dynamic environment full of shifting priorities. These properties suggest that, as in other domains with similar characteristics, situation awareness (SA) of a human cyber defender is paramount to the quality of decision outcomes in cyber defense. The majority of existing research in cyber situation awareness, centers on information systems and computers, which piece together disparate data. Fused data from multiple sources, for example, is necessary for cyberspace visualization efforts. The judgment for successful cyber SA from this perspective is different from one that is human-centered. In comparison, we rarely assess human cognitive awareness in cyberspace. In part, this reflects a need, based on prior theory, to first define critical elements of information that the human must perceive, work to elucidate how humans combine these elements to comprehend the state of the network, and how together, this awareness helps analysts predict the future state of the network. In other words, although data fusion can provide value by reducing the cognitive load created to piece together disparate sources of information, human awareness of the network (cyber-cognitive situation awareness - CCSA) is perhaps the ultimate intermediary for defense performance. Toward such an understanding, we discuss the results of a cognitive task analysis (CTA) which sought to determine the goals and abstracted elements of awareness that cyber analysts seek in network defense. We present the foundation for a series of planned experiments that establishes CCSA measurement, and baselines the efforts of cyber defenders. Once assessed, we can then begin to consider the help offered by fusion systems, automation of defensive capabilities, and cyber visualizations in a methodologically rigorous manner that has been lacking.

[1]  Daniel R. Tesone,et al.  Achieving Cyber Defense Situational Awareness: A Cognitive Task Analysis of Information Assurance Analysts , 2005 .

[2]  Tim Bass,et al.  Intrusion detection systems and multisensor data fusion , 2000, CACM.

[3]  Yvette J. Tenney,et al.  Situation awareness catches on: what? so what? now what? , 2006 .

[4]  Robert R. Hoffman,et al.  Protocols for Cognitive Task Analysis , 2005 .

[5]  Roman L. Lysecky,et al.  Security challenges for medical devices , 2015, Commun. ACM.

[6]  Gianluca Stringhini,et al.  Targeted Attacks against Industrial Control Systems: Is the Power Industry Prepared? , 2014, SEGS@CCS.

[7]  William Yurcik,et al.  Maintaining Perspective on Who Is The Enemy in the Security Systems Administration of Computer Networks , 2003 .

[8]  Ulrik Franke,et al.  Cyber situational awareness - A systematic review of the literature , 2014, Comput. Secur..

[9]  Robert G. Abbott,et al.  Factors Impacting Performance in Competitive Cyber Exercises. , 2014 .

[10]  Celeste Lyn Paul Human-Centered Study of a Network Operations Center: Experience Report and Lessons Learned , 2014, SIW '14.

[11]  Kevin B. Bennett,et al.  Human Factors in Cyber Warfare , 2013 .

[12]  M. A. Champion,et al.  Team-based cyber defense analysis , 2012, 2012 IEEE International Multi-Disciplinary Conference on Cognitive Methods in Situation Awareness and Decision Support.

[13]  Michael W. Boyce,et al.  Human Performance in Cybersecurity , 2011 .

[14]  Alberto J. Cañas,et al.  A TEORIA SUBJACENTE AOS MAPAS CONCEITUAIS E COMO ELABORÁ-LOS E USÁ-LOS * THE THEORY UNDERLYING CONCEPT MAPS AND HOW TO CONSTRUCT AND USE THEM , 2010 .

[15]  Emilie M. Roth,et al.  A Cognitive Task Analysis for Cyber Situational Awareness , 2010 .

[16]  John Yen,et al.  Cyber SA: Situational Awareness for Cyber Defense , 2010, Cyber Situational Awareness.

[17]  Mica R. Endsley,et al.  Toward a Theory of Situation Awareness in Dynamic Systems , 1995, Hum. Factors.

[18]  P. Hancock,et al.  The Human Factors of Cyber Network Defense , 2015 .

[19]  Rashaad E. T. Jones,et al.  A framework for representing agent and human situation awareness , 2011, 2011 IEEE International Multi-Disciplinary Conference on Cognitive Methods in Situation Awareness and Decision Support (CogSIMA).

[20]  Celeste Lyn Paul,et al.  A Taxonomy of Cyber Awareness Questions for the User-Centered Design of Cyber Situation Awareness , 2013, HCI.

[21]  Christopher D. Wickens,et al.  Exploring the Concept of Team Situation Awareness in a Simulated Air Combat Environment , 2009 .

[22]  Harvey S. Smallman,et al.  Naïve Realism: Folk Fallacies in the Design and Use of Visual Displays , 2011, Top. Cogn. Sci..

[23]  David B. Kaber,et al.  Team situation awareness for process control safety and performance , 1998 .

[24]  R. Hutton,et al.  Applied cognitive task analysis (ACTA): a practitioner's toolkit for understanding cognitive task demands. , 1998, Ergonomics.