Information Management and Sharing for National Cyber Situational Awareness

  • Florian Skopik
  • Thomas Bleier
  • Roman Fiedler


ICT has been integrated massively in business processes in recent years, thus producing an enormous dependency on these technologies. The potential impact of these dependencies (for example if the IT systems are lacking appropriate security levels) are remarkable – the malfunction or total loss of public energy grids,the banking system, supply chains or public administration can cause enormous economic damage and massively affect entire nations. This paper describes the concepts and development of a system to improve the national situational awareness in complex ICT infrastructures which is being carried out in the Austrian national research project CAIS (Cyber Attack Information System). The core of this system consists of two methods and derived prototypical software implementations: a modelling and simulation tool for analysing the structure of large ICT systems in terms of their security and resilience against cyber attacks, and an analysis and evaluation tool for the investigation of the current threat situation in networks. This paper particularly focuses on distributed anomaly detection and evaluation, and demonstrates how these tools can be applied in course of a sophisticated methodology in order to build a national information system that allows efficient information sharing and collaborative mitigation of threats in the cyberspace


Anomaly Detection Situational Awareness Intrusion Detection System Information Warfare Incident Response 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. [Cha09]
    Chandola, V., Banerjee, A., Kumar, V.: Anomaly detection: A survey. ACM Comput. Surv. 41(3), 2009Google Scholar
  2. [Dhs09]
    U.S. Homeland Security Cyber Security R&D Center: A roadmap for cybersecurity research, November 2009Google Scholar
  3. [End95]
    Endsley, M.: Toward a theory of situation awareness in dynamic systems. In Human Factors 37(1), 32–64, 1995CrossRefGoogle Scholar
  4. [Emc12]
    EMC Press Release. Rsa chief rallies industry to improve trust in the digital world, after year filled with cyber attacks., 2012.
  5. [Eni07]
    ENISA: EISAS – European Information Sharing and Alert System - A Feasibiliy Study, 2077Google Scholar
  6. [Eni11a]
    ENISA: EISAS – European Information Sharing and Alert System for citizens and SMEs – A Roadmap for further development and deployment, February 2011Google Scholar
  7. [Eni11b]
    ENISA: Practical guide/roadmap for a suitable channel for secure communication: secure communicatio with the CERTs & other statkeholders, December 2011Google Scholar
  8. [Eur11]
    Europol, Threat Assessment – Internet Facilitated Organised Crime iOCTA, 2011Google Scholar
  9. [Fal10]
    Falliere, N., Murchu, L.O., Chien, E.: W32.Stuxnet Dossier. Tech. rep., Symantec Security Response, Oct 2010Google Scholar
  10. [Jaj09]
    Jajodia, S., Liu, P., Swarup, V., Wang, C.: Cyber Situational Awareness: Issues and Research. Springer Publishing Company, Incorporated, 1st edn., 2009Google Scholar
  11. [Kin07]
    David McKinney: Vulnerability Bazaar. In: IEEE Security & Privacy, 2007Google Scholar
  12. [Mac10]
    Macal, C.M., North, M.J.: Tutorial on agent-based modelling and simulation. Journal of Simulation 4, 151–162, 2010Google Scholar
  13. [Ngu08]
    Nguyen, T.T.T., Armitage, G.J.: A survey of techniques for internet traffic classification using machine learning. In: IEEE Communications Surveys and Tutorials, 10(1–4), 56–76, 2008Google Scholar
  14. [Ott07]
    Ottis, R.: Analysis of the 2007 cyber attacks against estonia from the information warfare perspective. In: Proceedings of the 7th European Conference on Information Warfare. p. 163. Academic Conferences Limited, April 2008Google Scholar
  15. [Rad09]
    J. Radianti, E. Rich, J. Gonzalez: Vulnerability Black Markets: Empirical Evidence and Scenario Simulation. In: Proceedings of the 42nd Hawaii International Conference on System Sciences, 2009Google Scholar
  16. [Sar91]
    Sarter, N., Woods, D.: Situation awareness: A critical but ill-defined phenomenon. In International Journal of Aviation Psychology 1, 45–57, 1991Google Scholar
  17. [Sko12]
    Skopik, F., Ma, Z., Smith, P., Bleier, T.: Designing a Cyber Attack Information System for National Situational Awareness, In Proceedings of the 7th Future Security Conference 2012.Google Scholar
  18. [Smi11]
    Smith, P., Hutchison, D., Sterbenz, J.P.G., Schöller, M., Fessi, A., Doerr, C., Lac, C.: D1.5c: Final strategy document for resilient networking. In: ResumeNet Project Deliverable,, August 2011
  19. [Sym10]
    Symantec Global Internet Security Threat Report XV, Page 15, April 2010, Symantec Corporation, Google Scholar
  20. [Tad06]
    Tadda, G., Salerno, J.J., Boulware, D., Hinman, M., Gorton, S.: Realizing situation awareness within a cyber environment. In: Multisensor, Multisource Information Fusion: Architectures, Algorithms, and Applications. Orlando, FL, USA, April 2006Google Scholar
  21. [Tik08]
    Tikk, E., Kaska, K., Rnnimeri, K., Kert, M., Talih¨arm, A.M., Vihul, L.: Cyber attacks against Georgia: Legal lessons identified, Novermber 2008, =  167

Copyright information

© Springer Fachmedien Wiesbaden 2012

Authors and Affiliations

  1. 1.AIT Austrian Institute of Technology GmbHSeibersdorfAustria

Personalised recommendations