Blue Team Communication and Reporting for Enhancing Situational Awareness from White Team Perspective in Cyber Security Exercises

Cyber security exercises allow individuals and organisations to train and test their skills in complex cyber attack situations. In order to effectively organise and conduct such exercise, the exercise control team must have accurate situational awareness of the exercise teams. In this paper, the communication patterns collected during a large-scale cyber exercise, and their possible use in improving Situational awareness of exercise control team were analysed. Communication patterns were analysed using graph visualisation and time-series based methods. In addition, suitability of a new reporting tool was analysed. The reporting tool was developed for improving situational awareness and exercise control flow. The tool was used for real-time reporting and communication in various exercise related tasks. Based on the results, it can be stated that the communication patterns can be effectively used to infer performance of exercise teams and improve situational awareness of exercise control team in a complex large-scale cyber security exercise. In addition, the developed model and state-of-the-art reporting tool enable real-time analysis for achieving a better situational awareness for the exercise control of the cyber security exercise.

[1]  Teodor Sommestad,et al.  Cyber Security Exercises and Competitions as a Platform for Cyber Security Experiments , 2012, NordSec.

[2]  Ulrik Franke,et al.  Cyber situational awareness - A systematic review of the literature , 2014, Comput. Secur..

[3]  Ulrik Franke,et al.  Cyber Situational Awareness Testing , 2016 .

[4]  Martin Révay,et al.  OODA loop in command & control systems , 2017, 2017 Communication and Information Technologies (KIT).

[5]  Jarno Lötjönen Requirement specification for cyber security situational awareness : Defender's approach in cyber security exercises , 2017 .

[6]  Jason Kick Cyber Exercise Playbook , 2014 .

[7]  Mica R. Endsley,et al.  Toward a Theory of Situation Awareness in Dynamic Systems , 1995, Hum. Factors.

[8]  Ulrik Franke,et al.  Using cyber defense exercises to obtain additional data for attacker profiling , 2016, 2016 IEEE Conference on Intelligence and Security Informatics (ISI).

[9]  Xu Han,et al.  A new method of multi-sensor data fusion , 2017, 2017 IEEE 3rd Information Technology and Mechatronics Engineering Conference (ITOEC).

[10]  Timo Hämäläinen,et al.  Analysis of Approaches to Internet Traffic Generation for Cyber Security Research and Exercise , 2015, NEW2AN.

[11]  Vincent Lenders,et al.  Gaining an Edge in Cyberspace with Advanced Situational Awareness , 2015, IEEE Security & Privacy.

[12]  Tapio Frantti,et al.  Cybersecurity situational awareness taxonomy , 2017, 2017 International Conference On Cyber Situational Awareness, Data Analytics And Assessment (Cyber SA).

[13]  P. Shannon,et al.  Cytoscape: a software environment for integrated models of biomolecular interaction networks. , 2003, Genome research.