Situation Awareness for Cyber Defense

reportActive / Technical Report | Accession Number: ADA463389 | Open PDF

Abstract:

Situation awareness SA, or the ability to assess situations and prepare timely responses, has long been acknowledged as an important aspect of theater operations for defensive purposes. Likewise, SA is critical in the cyber world. The focus of this paper is SA in the cyber domain with respect to defensive capabilities. The cyber defense domain has an important characteristic in common with related domains such as analysis of terrorism, protection of infrastructure, and IED defense the domains are characterized by sets of complex, interacting issues that are ill-defined, ambiguous, and evolving in time. Solutions for such problems must be integrative, handle domain complexity, and incorporate and address the element of surprise. A list of the capabilities needed to accomplish effective cyber SA is provided, along with an architecture for cyber SA reasoning. Most cyber SA architectures attempt to mirror the complexity of the domain. Surprisingly, the latest brain research does not support this approach. Notional information is provided regarding a new approach to cyber situation awareness, taking into account the lessons learned from the way humans process such information.

Author(s):
Cumiford, Leslie D.
Author Organization(s):
SANDIA NATIONAL LABS ALBUQUERQUE NM
Descriptive Note:
Conference paper
Supplementary Note:
The original document contains color images.
Pagination:
0029

Security Markings

DOCUMENT & CONTEXTUAL SUMMARY

Distribution:
Approved For Public Release
Distribution Statement:
Approved For Public Release; Distribution Is Unlimited.

RECORD

Collection: TR
Identifying Numbers
Contract/Grant Number(s):
DE-ACO4-94AL85000
Monitor Series:
DOE/AO
 Subject Terms
Joint Capability Areas:
JCA_5_Command and Control; JCA_5.3_Planning; JCA_7.1.2_Prevent Non-kinetic Attack; JCA_7.1_Prevent; JCA_7_Protection; JCA_6_Net Centric; JCA_8_Building Partnerships; JCA_6.4.1_Secure Information Exchange; JCA_6.4_Information Assurance; JCA_3.2_Engagement; JCA_3_Force Application; JCA_3.2.2_Non-Kinetic Means; JCA_8.2_Shape; JCA_5.3.2_Apply Situational Understanding; JCA_8.2.2_Provide Aid to Foreign Partners and Institutions; JCA_5.3.1_Analyze Problem; JCA_5.2.2_Develop Knowledge and Situational Awareness; JCA_5.2_Understand; JCA_8.1_Communicate; JCA_8.1.3_Influence Adversary and Competitor Audiences; JCA_6.1_Information Transport
Communities of Interest:
Cyber
Descriptor(s):
*CYBERNETICS, *SITUATIONAL AWARENESS, SYMPOSIA, LESSONS LEARNED, MODELS, INFRASTRUCTURE, FEEDBACK, PATTERN RECOGNITION, TERRORISM
Field(s)/Group(s):
Information Science, Cybernetics, Military Operations, Strategy and Tactics
Keyword(s):
*CYBER DEFENSE DOMAIN COMPLEXITY, COMPONENT REPORTS, REASONER, PLANNER
Report Date:
2005 Jan 01
Creation Date:
2007 Mar 21