Effective Cyber Situation Awareness (CSA) Assessment and Training

Shope, Steven

Effective Cyber Situation Awareness (CSA) Assessment and Training

Active / Technical Report | Accession Number: ADA606128 |

Open PDF

Abstract:

The recent increase in cyber attacks against United States critical assets has greatly expanded the need for effective cyber defenses. Human cyber analysts are an essential element in these efforts. Information overload and a concomitant lack of comprehensive cyber situation awareness are common problems that hamper the effectiveness of analysis. Systems that can carry out human-in-the-loop simulation of the cyber analysis task will lead to new capabilities in assessing the effectiveness of analysts and the support tools they use and will help enhance individual and team performance. This Phase I STTR effort showed the feasibility of a new capability for assessing cyber team effectiveness, cyber support tools, cyber training regimes, and the integration of multiple-component systems with human operators. We developed a novel test-bed that provides a simulation environment for the cyber analysis task and that is equipped with measures of individual, team, and system effectiveness that allows for the assessment of cyber support tools and visualizations, cyber training regimes, and cyber concepts of operation. The effectiveness metrics embedded within the test-bed provide real and meaningful measurement of analyst performance, will aid in selecting support tools, and can be used to optimize the use of human capital through. Additionally, the test-bed can be used to evaluate and improve training protocols.

Author(s):

Shope, Steven

Author Organization(s):

SANDIA RESEARCH CORPORATION MESA AZ

Descriptive Note:

Final rept. 1 May-31 Oct 2013

Supplementary Note:

DOI: 10.21236/ADA606128

Pagination:

0157

Security Markings

DOCUMENT & CONTEXTUAL SUMMARY

Distribution:

Approved For Public Release

Distribution Statement:

Approved For Public Release; Distribution Is Unlimited.

RECORD

Collection: TR

Identifying Numbers

Report Number(s):

ARO-63617-CS-ST1.1

Contract/Grant Number(s):

W911NF-13-C-0060

Monitor Series:

63617-CS-ST1.1, ARO

Subject Terms

Joint Capability Areas:

JCA_5_Command and Control; JCA_5.3_Planning; JCA_5.2_Understand; JCA_4.6_Engineering; JCA_4.6.1_General Engineering; JCA_5.3.1_Analyze Problem; JCA_4.7.2_Installation Services; JCA_4.7_Base and Installations Support; JCA_5.3.2_Apply Situational Understanding; JCA_5.2.3_Share Knowledge and Situational Awareness; JCA_7.2.1_Mitigate Lethal Effects; JCA_7.2_Mitigate; JCA_7_Protection; JCA_5.3.4_Develop Courses of Action; JCA_5.3.5_Analyze Courses of Action; JCA_5.3.3_Develop Strategy; JCA_5.5.2_Task; JCA_5.5_Direct; JCA_5.2.2_Develop Knowledge and Situational Awareness; JCA_1.2.1_Training; JCA_1.2.3_Educating

Modernization Areas:

Cyber

Communities of Interest:

Cyber

Descriptor(s):

*COMPUTER NETWORK SECURITY, ANALYSTS, COMPUTER NETWORKS, SITUATIONAL AWARENESS, TRAINING

Field(s)/Group(s):

Computer Systems, Computer Systems Management and Standards

Keyword(s):

STTR(SMALL BUSINESS TECHNOLOGY TRANSFER), STTR REPORTS, STTR PHASE 1, CYBER SITUATION AWARENESS, CYBER ANALYSIS, PE606055

Report Date:

2013 Nov 01

Creation Date:

2014 Sep 08