Overview of Cyber Situation Awareness
Improving a decision maker’s1 situational awareness of the cyber domain isn’t greatly different than enabling situation awareness in more traditional domains2. Situation awareness necessitates working with processes capable of identifying domain specific activities as well as processes capable of identifying activities that cross domains. These processes depend on the context of the environment, the domains, and the goals and interests of the decision maker but they can be defined to support any domain. This chapter will define situation awareness in its broadest sense, describe our situation awareness reference and process models, describe some of the applicable processes, and identify a set of metrics usable for measuring the performance of a capability supporting situation awareness. These techniques are independent of domain but this chapter will also describe how they apply to the cyber domain.
Unable to display preview. Download preview PDF.
The authors thank Mr. Mike Hinman, AFRL/RIEA; Dr. Moises Sudit and Dr. Adam Stotz, University of Buffalo; Dr. Shanchieh ‘Jay’ Yang, Rochester Institute of Technology; Mr. Jared Holsopple, Rochester Institute of Technology; and countless others for their valuable insights and contributions to this research. This chapter is approved for public release, case number 88ABW-2009-1866.
- 2.D. S. Alberts, J. J. Garstka, R. E. Hayes, and D. A. Signori. Understanding information age warfare. In DoD Command and Control Research Program Publication Series, 2001.Google Scholar
- 3.J. Antonik. Decision management. In Military Communications Conference 2007 (MILCOM ’07), pages 1–5, Orlando, FL, USA, October 2007. IEEE.Google Scholar
- 4.E. Bosse, J. Roy, and S. Wark. Concepts, models, and tools for information fusion. In ISIF, page 43. Artech House, Inc, 2007.Google Scholar
- 6.B. McGuinness and J. L. Foy. A subjective measure of SA: The crew awareness rating scal (cars). In Proceedings of the first human performance, situation awareness, and automation conference, Savannah, Georgia, USA, October 2000.Google Scholar
- 7.U.S. Department of Defense, Data Fusion Subpanel for the Joint Directors of Laboratories, and Technical Panel for C3. Data fusion lexicon. 1991.Google Scholar
- 8.J. Salerno. Measuring situation assessment performance through the activities of interest score. In Proceedings of the 11th International Conference on Information Fusion, Cologne GE, June 30 - July 3 2008.Google Scholar
- 9.J. Salerno, M. Hinman, and D. Boulware. Evaluating algorithmic techniques in supporting situation awareness. In Proceedings of the Defense and Security Conference, Orlando, FL, USA, March 2005.Google Scholar
- 10.J. Salerno, M. Hinman, and D. Boulware. A situation awareness model applied to multiple omains. In Proceedings of the Defense and Security Conference, Orlando, FL, USA, March 2005.Google Scholar
- 11.J. Salerno, G. Tadda, D. Boulware, M. Hinman, and S. Gorton. Achieving situation awareness in a cyber environment. In Proc of the Situation Management Workshop of MILCOM 2005, Atlantic City, NJ, USA, October 2005.Google Scholar
- 12.L. Snidaro, M. Belluz, and G. Foresti. Domain knowledge for security applications. In ISIF, 2007.Google Scholar
- 13.A. Steinberg, C. Bowman, and F. White. Revisions to the JDL data fusion model. In Joint NATO/IRIS Conference, Quebec, Canada, October 1998.Google Scholar
- 14.G. Tadda. Measuring performance of cyber situation awareness systems. In Proceedings of the 11th International Conference on Information Fusion, Cologne GE, June 30 - July 3 2008.Google Scholar
- 15.G. Tadda and et al. Realizing situation awareness within a cyber environment. In Multisensor, Multisource Information Fusion: Architectures, Algorithms, and Applications 2006. edited by Belur V. Dasarathy, Proceedings of SPIE Vol. 624 (SPIE, Bellingham, WA, 2006) 624204, Kissimmee FL, April 2006.Google Scholar