Formation of Awareness

Having discussed the importance and key features of CSA, both in general and in comparison with a better known Kinetic Situational Awareness, we now proceed to explore how and from where the CSA emerges. Formation of Cyber Situational Awareness is a complex process that goes through a number of distinct phases and produces a number of distinct outputs. Humans with widely different roles drive this process while using diverse procedures and computerized tools. This chapter explores how situational awareness forms within the different phases of the cyber defense process, and describes the different roles that are involved in the lifecycle of situational awareness. The chapter presents an overview of the overall process of cyber defense and then identifies several distinct facets of situational awareness in the context of cyber defense. An overview of the state of the art is followed by a detailed description of a comprehensive framework for Cyber Situational Awareness developed by the authors of this chapter. We highlight the significance of five key functions within CSA: learning from attacks, prioritization, metrics, continuous diagnostics and mitigation, and automation.

[1]  Joint Task Force Transformation Initiative Guide for Applying the Risk Management Framework to Federal Information Systems: A Security Life Cycle Approach , 2014 .

[2]  Fabio Persia,et al.  Discovering the Top-k Unexplained Sequences in Time-Stamped Observation Data , 2014, IEEE Transactions on Knowledge and Data Engineering.

[3]  Sushil Jajodia,et al.  Cauldron mission-centric cyber situational awareness with defense in depth , 2011, 2011 - MILCOM 2011 Military Communications Conference.

[4]  Sushil Jajodia,et al.  Using attack graphs for correlating, hypothesizing, and predicting intrusion alerts , 2006, Comput. Commun..

[5]  Cynthia A. Phillips,et al.  A graph-based system for network-vulnerability analysis , 1998, NSPW '98.

[6]  Sushil Jajodia,et al.  An efficient approach to assessing the risk of zero-day vulnerabilities , 2013, 2013 International Conference on Security and Cryptography (SECRYPT).

[7]  Duminda Wijesekera,et al.  Scalable, graph-based network vulnerability analysis , 2002, CCS '02.

[8]  V. S. Subrahmanian,et al.  Fast Activity Detection: Indexing for Temporal Stochastic Automaton-Based Activity Models , 2013, IEEE Transactions on Knowledge and Data Engineering.

[9]  Sushil Jajodia,et al.  Time-efficient and cost-effective network hardening using attack graphs , 2012, IEEE/IFIP International Conference on Dependable Systems and Networks (DSN 2012).

[10]  Sushil Jajodia,et al.  Cyber Situational Awareness - Issues and Research , 2009, Cyber Situational Awareness.

[11]  Rajesh Krishnan,et al.  Using signal processing to analyze wireless data traffic , 2002, WiSE '02.

[12]  H. Gardner The mind's new science: a history of the cognitive revolution , 1985 .

[13]  Sushil Jajodia,et al.  Scalable Analysis of Attack Scenarios , 2011, ESORICS.

[14]  Rajesh Krishnan,et al.  Understanding encrypted networks through signal and systems analysis of traffic timing , 2003, 2003 IEEE Aerospace Conference Proceedings (Cat. No.03TH8652).

[15]  C. Roper China: The Red Dragon of Economic Espionage , 2013 .

[16]  P. Johnson-Laird How We Reason , 2006 .

[17]  David John Leversage,et al.  Estimating a System's Mean Time-to-Compromise , 2008, IEEE Security & Privacy.

[18]  Joint Task Force Transformation Initiative,et al.  Security and Privacy Controls for Federal Information Systems and Organizations , 2013 .