Analysis and Assessment of Situational Awareness Models for National Cyber Security Centers

Timea Pahi, Maria Leitner, Florian Skopik

Abstract

National cyber security centers (NCSCs) are gaining more and more importance to ensure the security and proper operations of critical infrastructures (CIs). As a prerequisite, NCSCs need to collect, analyze, process, assess and share security-relevant information from infrastructure operators. A vital capability of mentioned NCSCs is to establish Cyber Situational Awareness (CSA) as a precondition for understanding the security situation of critical infrastructures. This is important for proper risk assessment and subsequent reduction of potential attack surfaces at national level. In this paper, we therefore survey theoretical models relevant for Situational Awareness (SA) and present a collaborative CSA model for NCSCs in order to enhance the protection of CIs at national level. Additionally, we provide an application scenario to illustrate a hands-on case of utilizing a CSA model in a NCSC, especially focusing on information sharing. We foresee this illustrative scenario to aid decision makers and practitioners who are involved in establishing NCSCs and cyber security processes on national level to better understand the specific implications regarding the application of the CSA model for NCSCs.

References

  1. Artman, H. (2000). Team situation assessment and information distribution. Ergonomics, 43(8):1111-1128.
  2. Biernacki, P. and Waldorf, D. (1981). Snowball sampling: Problems and techniques of chain referral sampling. Sociological methods & research, 10(2):141-163.
  3. Boyd, J. R. (1996). The essence of winning and losing. Unpublished lecture notes.
  4. Brehmer, B. (2005). The dynamic ooda loop: Amalgamating boyds ooda loop and the cybernetic approach to command and control. In International command and control research technology symposium, pages 365- 368.
  5. Conti, G., Nelson, J., and Raymond, D. (2013). Towards a cyber common operating picture. In Cyber Conflict (CyCon), 2013 5th International Conference on , pages 1-17. IEEE.
  6. Endsley, M. R. (1988). Situation awareness global assessment technique (sagat). In Aerospace and Electronics Conference, pages 789-795. IEEE.
  7. Endsley, M. R. (1995). Toward a theory of situation awareness in dynamic systems. Human Factors: The Journal of the Human Factors and Ergonomics Society, 37(1):32-64.
  8. Evancich, N., Lu, Z., Li, J., Cheng, Y., Tuttle, J., and Xie, P. (2014). Network-wide awareness. In Cyber Defense and Situational Awareness, pages 63-91. Springer.
  9. Franke, U. and Brynielsson, J. (2014). Cyber situational awareness A systematic review of the literature. Computers & Security, 46:18-31.
  10. GovCERT.ch (2016). APT Case RUAG. https://www.melani.admin.ch/dam/melani/en/ dokumente/2016/technical [Online; accessed 16- July-2016].
  11. ICS-CERT (2016-02-25). Cyber-attack against ukrainian critical infrastructure (dhs). https://ics-cert.uscert.gov/alerts/IR-ALERT-H-16-056-01. Accessed: 2016-04-25.
  12. Kaber, D. B. and Endsley, M. R. (2004). The effects of level of automation and adaptive automation on human performance, situation awareness and workload in a dynamic control task. Theoretical Issues in Ergonomics Science, 5(2):113-153.
  13. Kaempf, G. L., Wolf, S., and Miller, T. E. (1993). Decision making in the aegis combat information center. In Proceedings of the Human Factors and Ergonomics Society Annual Meeting, volume 37, pages 1107-1111. SAGE Publications.
  14. Luiijf, E., Besseling, K., and De Graaf, P. (2013). Nineteen national cyber security strategies. Int'l Journal of Critical Infrastructures 6, 9(1-2):3-31.
  15. Okolica, J., McDonald, J. T., Peterson, G. L., Mills, R. F., and Haas, M. W. (2009). Developing systems for cyber situational awareness. In 2nd Cyberspace Research Workshop, page 46.
  16. Onwubiko, C. (2012). Situational Awareness in Computer Network Defense: Principles, Methods and Applications: Principles, Methods and Applications. IGI Global.
  17. Raulerson, E. L. (2013). Modeling cyber situational awareness through data fusion. Technical report, DTIC Document.
  18. SANS-ICS (2016-03-18). Analysis of the cyber attack on the ukrainian power grid. https://ics.sans.org/media/EISAC SANS Ukraine DUC 5.pdf. Accessed: 2016-04-25.
  19. Steinberg, A., Bowman, C., and White, F. (1998). Revisions to the JDL Model. In Joint NATO/IRIS Conference Proceedings, Quebec, October.
  20. Tadda, G. P. and Salerno, J. S. (2010). Overview of cyber situation awareness. In Cyber Situational Awareness, number 46 in Advances in Information Security, pages 15-35. Springer US.
  21. White, A. (1987). Data fusion lexicon, joint directors of laboratories, technical panel for c3. Naval Ocean Systems Center, San Diego, Tech. Rep.
Download


Paper Citation


in Harvard Style

Pahi T., Leitner M. and Skopik F. (2017). Analysis and Assessment of Situational Awareness Models for National Cyber Security Centers . In Proceedings of the 3rd International Conference on Information Systems Security and Privacy - Volume 1: ICISSP, ISBN 978-989-758-209-7, pages 334-345. DOI: 10.5220/0006149703340345


in Bibtex Style

@conference{icissp17,
author={Timea Pahi and Maria Leitner and Florian Skopik},
title={Analysis and Assessment of Situational Awareness Models for National Cyber Security Centers},
booktitle={Proceedings of the 3rd International Conference on Information Systems Security and Privacy - Volume 1: ICISSP,},
year={2017},
pages={334-345},
publisher={SciTePress},
organization={INSTICC},
doi={10.5220/0006149703340345},
isbn={978-989-758-209-7},
}


in EndNote Style

TY - CONF
JO - Proceedings of the 3rd International Conference on Information Systems Security and Privacy - Volume 1: ICISSP,
TI - Analysis and Assessment of Situational Awareness Models for National Cyber Security Centers
SN - 978-989-758-209-7
AU - Pahi T.
AU - Leitner M.
AU - Skopik F.
PY - 2017
SP - 334
EP - 345
DO - 10.5220/0006149703340345