Information Requirements for National Level Cyber Situational Awareness

As modern societies become more dependent on IT services, the potential impact both of adversarial cyberattacks and non-adversarial service management mistakes grows. This calls for better cyber situational awareness-decision-makers need to know what is going on. The main focus of this paper is to examine the information elements that need to be collected and included in a common operational picture in order for stakeholders to acquire cyber situational awareness. This problem is addressed through a survey conducted among the participants of a national information assurance exercise conducted in Sweden. Most participants were government officials and employees of commercial companies that operate critical infrastructure. The results give insight into information elements that are perceived as useful, that can be contributed to and required from other organizations, which roles and stakeholders would benefit from certain information, and how the organizations work with creating cyber common operational pictures today. Among findings, it is noteworthy that adversarial behavior is not perceived as interesting, and that the respondents in general focus solely on their own organization.

[1]  J. Chris Forsythe,et al.  Enhanced Training for Cyber Situational Awareness , 2013, HCI.

[2]  Florian Skopik,et al.  Designing a Cyber Attack Information System for National Situational Awareness , 2012, Future Security.

[3]  Salvatore D'Antonio,et al.  High-Speed Intrusion Detection in Support of Critical Infrastructure Protection , 2006, CRITIS.

[4]  John R. Goodall,et al.  situ: Situational understanding and discovery for cyber attacks , 2012, IEEE VAST.

[5]  Gianluca Stringhini,et al.  Hit 'em where it hurts: a live security exercise on cyber situational awareness , 2011, ACSAC '11.

[6]  Florian Skopik,et al.  Information Management and Sharing for National Cyber Situational Awareness , 2012, ISSE.

[7]  Ulrik Spak The common operational picture : A powerful enabler or a cause of severe misunderstanding? , 2017 .

[8]  Xinming Ou,et al.  Uncertainty and Risk Management in Cyber Situational Awareness , 2010, Cyber Situational Awareness.

[9]  A. Tversky,et al.  Judgment under Uncertainty: Heuristics and Biases , 1974, Science.

[10]  David S Alberts,et al.  Network Centric Warfare: Developing and Leveraging Information Superiority , 1999 .

[11]  Mauricio Papa,et al.  A Situational Awareness Architecture for the Smart Grid , 2011, ICGS3/e-Democracy.

[12]  Jolene D. Smyth,et al.  Open-Ended Questions in Web Surveys Can Increasing the Size of Answer Boxes and Providing Extra Verbal Instructions Improve Response Quality? , 2009 .

[13]  Mica R. Endsley,et al.  Toward a Theory of Situation Awareness in Dynamic Systems , 1995, Hum. Factors.

[14]  John W. Mitchell,et al.  Emergency-management situational-awareness prototype (EMSAP) , 2011, 2011 IEEE International Multi-Disciplinary Conference on Cognitive Methods in Situation Awareness and Decision Support (CogSIMA).

[15]  Robert S. Gutzwiller,et al.  A task analysis toward characterizing cyber-cognitive situation awareness (CCSA) in cyber defense analysts , 2016, 2016 IEEE International Multi-Disciplinary Conference on Cognitive Methods in Situation Awareness and Decision Support (CogSIMA).

[16]  Deborah A. Frincke,et al.  A Multi-Phase Network Situational Awareness Cognitive Task Analysis , 2010, Inf. Vis..

[17]  John R. Goodall,et al.  Visual Discovery in Computer Network Defense , 2007, IEEE Computer Graphics and Applications.

[18]  Timothy J. Shimeall,et al.  Intelligence Analysis for Internet Security , 2002 .

[19]  John Yen,et al.  Cyber SA: Situational Awareness for Cyber Defense , 2010, Cyber Situational Awareness.

[20]  Guy H. Walker,et al.  What really is going on? Review of situation awareness models for individuals and teams , 2008 .

[21]  Chad R. Meiners,et al.  Cyber situational awareness through operational streaming analysis , 2011, 2011 - MILCOM 2011 Military Communications Conference.

[22]  Keir Giles,et al.  Divided by a common language: Cyber definitions in Chinese, Russian and English , 2013, 2013 5th International Conference on Cyber Conflict (CYCON 2013).

[23]  Nancy J. Cooke,et al.  Perspectives on the Role of Cognition in Cyber Security , 2012 .

[24]  Roberto Tamassia,et al.  Graph Drawing for Security Visualization , 2009, GD.

[25]  Gregory J. Conti,et al.  Towards a cyber common operating picture , 2013, 2013 5th International Conference on Cyber Conflict (CYCON 2013).

[26]  Ulrik Franke,et al.  Cyber situational awareness - A systematic review of the literature , 2014, Comput. Secur..

[27]  Mica R. Endsley,et al.  Analysis of Situation Awareness from Critical Incident Reports , 2000 .

[28]  Jeroen Wolbers,et al.  The Common Operational Picture as Collective Sensemaking , 2013 .

[29]  Timothy W. Finin,et al.  A collaborative approach to situational awareness for cybersecurity , 2012, 8th International Conference on Collaborative Computing: Networking, Applications and Worksharing (CollaborateCom).

[30]  Jeffrey Copeland Emergency Response: Unity of Effort Through a Common Operational Picture , 2008 .

[31]  Hseep https hseep.preptoolkit.org HSEEP.html Homeland Security Exercise and Evaluation Program (HSEEP) Exercise Conduct - Templates [2012] , 2012 .

[32]  Ulrik Franke,et al.  Cyber Situational Awareness Testing , 2016 .

[33]  Glenn A. Fink,et al.  Situational Awareness as a Measure of Performance in Cyber Security Collaborative Work , 2011, 2011 Eighth International Conference on Information Technology: New Generations.