Information Management and Sharing for National Cyber Situational Awareness

ICT has been integrated massively in business processes in recent years, thus producing an enormous dependency on these technologies. The potential impact of these dependencies (for example if the IT systems are lacking appropriate security levels) are remarkable – the malfunction or total loss of public energy grids, the banking system, supply chains or public administration can cause enormous economic damage and massively affect entire nations. This paper describes the concepts and development of a system to improve the national situational awareness in complex ICT infrastructures which is being carried out in the Austrian national research project CAIS (Cyber Attack Information System). The core of this system consists of two methods and derived prototypical software implementations: a modelling and simulation tool for analysing the structure of large ICT systems in terms of their security and resilience against cyber attacks, and an analysis and evaluation tool for the investigation of the current threat situation in networks. This paper particularly focuses on distributed anomaly detection and evaluation, and demonstrates how these tools can be applied in course of a sophisticated methodology in order to build a national information system that allows efficient information sharing and collaborative mitigation of threats in the cyberspace.