Overview of Cyber Situation Awareness
نویسندگان
چکیده
Improving a decision maker’s1 situational awareness of the cyber domain isn’t greatly different than enabling situation awareness in more traditional domains2. Situation awareness necessitates working with processes capable of identifying domain specific activities as well as processes capable of identifying activities that cross domains. These processes depend on the context of the environment, the domains, and the goals and interests of the decision maker but they can be defined to support any domain. This chapter will define situation awareness in its broadest sense, describe our situation awareness reference and process models, describe some of the applicable processes, and identify a set of metrics usable for measuring the performance of a capability supporting situation awareness. These techniques are independent of domain but this chapter will also describe how they apply to the cyber domain. 2.1 What is Situation Awareness (SA)? One of the challenges in working in this area is that there are a multitude of definitions and interpretations concerning the answer to this simple question. A keyword search (executed on 8 April 2009) of ‘situation awareness’ on Google yields over 18,000,000 links the first page of which ranged from a Wikipedia page through the importance of “SA while driving” and ends with a link to a free internet radio show. Also on this first search page are several links to publications by Dr. Mica Endsley whose work in SA is arguably providing a standard for SA definitions and George P. Tadda and John S. Salerno, Air Force Research Laboratory Rome NY 1 Decision maker is used very loosely to describe anyone who uses information to make decisions within a complex dynamic environment. This is necessary because, as will be discussed, situation awareness is unique and dependant on the environment being considered, the context of the decision to be made, and the user of the information. 2 Traditional domains could include land, air, or sea. S. Jajodia et al., (eds.), Cyber Situational Awareness, 15 Advances in Information Security 46, DOI 10.1007/978-1-4419-0140-8 2, c © Springer Science+Business Media, LLC 2010 16 George P. Tadda and John S. Salerno techniques particularly for dynamic environments. In [5], Dr. Endsley provides a general definition of SA in dynamic environments: “Situation awareness is the perception of the elements of the environment within a volume of time and space, the comprehension of their meaning, and the projection of their status in the near future.” Also in [5], Endsley differentiates between situation awareness, “a state of knowledge”, and situation assessment, “process of achieving, acquiring, or maintaining SA.” This distinction becomes exceedingly important when trying to apply computer automation to SA. Since situation awareness is “a state of knowledge”, it resides primarily in the minds of humans (cognitive), while situation assessment as a process or set of processes lends itself to automated techniques. Endsley goes on to note that: “SA, decision making, and performance are different stages with different factors influencing them and with wholly different approaches for dealing with each of them; thus it is important to treat these constructs separately.” The “stages” that Endsley defines have a direct correlation with Boyd’s ubiquitous OODA loop with SA relating to Observe and Orient, decision making to Decide, and performance to Act. We’ll see these stages as well as Endsley’s three “levels” of SA (perception, comprehension, and projection) manifest themselves again throughout this discussion. As first mentioned, there are several definitions for SA, from the Army Field Manual 1-02 (September 2004), Situational Awareness is: “Knowledge and understanding of the current situation which promotes timely, relevant and accurate assessment of friendly, competitive and other operations within the battlespace in order to facilitate decision making. An informational perspective and skill that fosters an ability to determine quickly the context and relevance of events that are unfolding.”
منابع مشابه
A Cyber-Physical System for Situation Awareness Following a Diaster Situation
With the emergence in research addressing cyberphysical systems, problems that previously were ignored or thought to be too complex, can now be investigated. A particular problem which we consider in this paper is that of environmental mapping and monitoring immediately following a natural disaster or hazardous contamination to obtain situation awareness. With the tight integration of control, ...
متن کاملA Taxonomy of Cyber Awareness Questions for the User-Centered Design of Cyber Situation Awareness
This paper offers insights to how cyber security analysts establish and maintain situation awareness of a large computer network. Through a series of interviews, observations, and a card sorting activity, we examined the questions analysts asked themselves during a network event. We present the results of our work as a taxonomy of cyber awareness questions that represents a mental model of situ...
متن کاملCyber situation awareness and teamwork
Cyber analysis is a complex task that requires the coordination of a large sociotechnical system of human analysts working together with technology. Adequate situation awareness of such a complex system requires more than aggregate situation awareness of individuals. Teamwork in the form of communication and information coordination is at the heart of team-level situation awareness. In this pos...
متن کاملVisualizations and Analysts
The challenges of CSA discussed in previous chapters call for ways to provide assistance to analysts and decision-makers. In many fields, analyses of complex systems and activities benefit from visualization of data and analytical products. Analysts use images in order to engage their visual perception in identifying features in the data, and to apply the analysts. domain knowledge. One would e...
متن کاملAn analytic overview on the rise of cyber spaces and the Islamic Society: An urban challenge or natural transition of cities?
Moving toward third millennium is characterized by capabilities in transforming human life. Specially, development of information technologies in everyday life lead to great changes in communication tools andour current understanding ofurban social life. Indeed, telecommunications because of independency from time—space constraints, provide a new unlimited space for social interactions in globa...
متن کاملComputer-Aided Human Centric Cyber Situation Awareness
Objective: • Identify and fill the gap between machine info processing and analysts' SA mental processes. • Locate and remove the blind spots of existing cyber SA tools. • Build the next generation cyber defense Situation Room prototype.
متن کامل