Gaps and Opportunities in Situational Awareness for Cybersecurity

Authors:
Robert Gutzwiller

Arizona State University, Ira A. Fulton Schools of Engineering (The Polytechnic School), Human Systems Engineering Program, Mesa, AZ, USA

Arizona State University, Ira A. Fulton Schools of Engineering (The Polytechnic School), Human Systems Engineering Program, Mesa, AZ, USA
View Profile

,
Josiah Dykstra

Cybersecurity Collaboration Center, National Security Agency, Ft. George G. Meade, MD, USA

Cybersecurity Collaboration Center, National Security Agency, Ft. George G. Meade, MD, USA
View Profile

,
Bryan Payne

Netflix, Los Gatos, CA, USA

Netflix, Los Gatos, CA, USA
View Profile

Authors Info & Claims

Digital Threats: Research and Practice Volume 1 Issue 3Article No.: 18pp 1–6https://doi.org/10.1145/3384471

Published:02 September 2020Publication History

Digital Threats: Research and Practice

Abstract

Demand is present among security practitioners for improving cyber situational awareness (SA), but capability and assessment have not risen to match. SA is an integral component of cybersecurity for everyone from individuals to business to response teams and threat exchanges. In this Field Note, we highlight existing research and our field observations, a recent review of cyber SA research literature, and call upon the research community to help address three research problems in situational awareness for cybersecurity. The gaps suggest the need to (1) understand what cyber SA is from the human operators’ perspectives, then (2) measure it so that (3) the community can learn whether SA makes a difference in meaningful ways to cybersecurity, and whether methods, technology, or other solutions would improve SA and thus, improve those outcomes.

References

P. Barford, M. Dacier, T. G. Dietterich, M. Fredrikson, J. Giffin, S. Jajodia, and J. Yen. 2010. Cyber SA: Situational awareness for cyber defense. In Cyber Situational Awareness. Springer, Boston, MA, 3--14.Google Scholar
M. Champion, S. Jariwala, P. Ward, and N. J. Cooke. 2014. Using cognitive task analysis to investigate the contribution of informal education to developing cyber security expertise. In Proceedings of the Human Factors and Ergonomics Society Annual Meeting. 310--314. http://doi.org/10.1177/1541931214581064Google Scholar
A. D. D'Amico and K. Whitley. 2008. The real work of computer network defense analysts: The analysis roles and processes that transform network data into security situation awareness. In Proceedings of the Workshop on Visualization for Computer Security, J. Goodall, G. Conti, and K. Ma (Eds.). Springer, Berlin.Google Scholar
F. T. Durso, K. Rawson, and S. Girotto. 2007. Comprehension and situation awareness. In Handbook of Applied Cognition, F. Durso, R. Nickerson, S. Dumais, S. Lewandowsky, and T. Perfect (Eds.). John Wiley & Sons, West Sussex, 163--193.Google Scholar
M. R. Endsley. 1988. Situation awareness global assessment technique (SAGAT). In Proceedings of the IEEE National Aerospace and Electronics Conference (NAECON’88). 789--795.Google Scholar
M. R. Endsley. 1995a. Measurement of situation awareness in dynamic systems. Hum. Fact. 37, 1 (1995), 65--84.Google ScholarCross Ref
M. R. Endsley. 2015. Situation awareness: Operationally necessary and scientifically grounded. Cogn. Technol. Work 17, 2 (2015), 163--167. https://doi.org/10.1007/s10111-015-0323-5Google ScholarDigital Library
M. R. Endsley. 2019. A systematic review and meta-analysis of direct objective measures of situation awareness: A comparison of SAGAT and SPAM. Hum. Fact. https://doi.org/10.1177/0018720819875376Google Scholar
M. R. Endsley, and D. J. Garland. 2000. Situation awareness: Analysis and measurement, M. Endsley and D. J. Garland (Eds.). CRC Press, Boca Raton, FL.Google Scholar
M. R. Endsley and D. G. Jones. 2012. Designing for situation awareness: An approach to human-centered design (2nd ed.). Taylor & Francis, London.Google Scholar
M. R. Endsley and E. O.Kiris, 1995. The out-of-the-loop performance problem and level of control in automation. Hum. Fact. 37, 2 (1995), 381--394.Google ScholarCross Ref
R. F. Erbacher, D. A. Frincke, P. C. Wong, S. Moody, and G. Fink. 2010. Cognitive task analysis of network analysts and managers for network situational awareness. In Visualization and Data Analysis, Vol. 7530. International Society for Optics and Photonics, p. 75300H.Google Scholar
J. Freund and J. Jones. 2014. Measuring and Managing Information Risk: A FAIR Approach. Butterworth-Heinemann, Oxford, UK.Google Scholar
N. A. Giacobe, M. D. McNeese, V. F. Mancuso, and D. Minotra. 2013. Capturing human cognition in cyber-security simulations with NETS. In Proceedings of the IEEE ISI Conference. 284--288.Google Scholar
R. S. Gutzwiller. 2019. Situation Awareness in Defensive Cyberspace Operations: An Annotated Bibliographic Assessment Through 2015. (No. TR-3184). NIWC Pacific San Diego United States.Google Scholar
R. S. Gutzwiller and B. A. Clegg. 2013. The role of working memory in levels of situation awareness. J. Cogn. Eng. Decis. Making 7, 2 (2013), 141--154. https://doi.org/10.1177/1555343412451749.Google ScholarCross Ref
R. S. Gutzwiller, S. Fugate, B. D. Sawyer, and P. A. Hancock. 2015. The human factors of cyber network defense. In Proceedings of the Human Factors and Ergonomics Society Annual Meeting. 322--326. https://doi.org/10.1177/1541931215591067Google Scholar
R. S. Gutzwiller, S. M. Hunt, and D. S. Lange. 2016. A task analysis toward characterizing cyber-cognitive situation awareness (CCSA) in cyber defense analysts. In Proceedings of the IEEE International Multi-Disciplinary Conference on Cognitive Methods in Situation Awareness and Decision Support (CogSIMA’16). 14--20. https://doi.org/10.1109/COGSIMA.2016.7497780Google Scholar
D. Jones. 2000. Subjective measures of situation awareness. In Situation awareness: Analysis and measurement, M. R. Endsley and D. Garland (Eds.). Lawrence Erlbaum Associates, Mahwah, NJ, 113--128.Google Scholar
D. G. Jones, and M. R. Endsley. 1996. Sources of situation awareness errors in aviation. Aviat. Space Environ. Med. 67, 6 (1996), 507--512. https://doi.org/10.1039/c4qo00187gGoogle Scholar
G. Klein. 1997. Developing expertise in decision making. Think. Reason. 3, 4 (1997), 337--352. https://doi.org/10.1080/135467897394329Google ScholarCross Ref
S. Mahoney, E. Roth, K. Steinke, J. Pfautz, C. Wu, and M. Farry. 2010. A cognitive task analysis for cyber situational awareness. In Proceedings of the Human Factors and Ergonomics Society Annual Meeting. 279--283.Google Scholar
A. Malviya, G. A. Fink, L. Sego, and B. Endicott-Popovsky. 2011. Situational awareness as a measure of performance in cyber security collaborative work. In Proceedings of the IEEE International Conference on Information Technology: New Generations. 937--942. https://doi.org/10.1109/ITNG.2011.161Google Scholar
S. Mckenna, D. Staheli, and M. Meyer. 2015. Unlocking user-centered design methods for building cyber security visualizations. In Proceedings of the IEEE Symposium on Visualization for Cyber Security (VizSec’15). 1--8. https://doi.org/10.1109/VIZSEC.2015.7312771Google Scholar
K. S. O'Brien, and D. O'Hare. 2007. Situational awareness ability and cognitive skills training in a complex real-world task. Ergonomics 50, 7 (2007), 1064--1091. https://doi.org/10.1080/00140130701276640Google ScholarCross Ref
L. Onnasch, C. D. Wickens, H. Li, and D. Manzey. 2014. Human performance consequences of stages and levels of automation: An integrated meta-analysis. Hum. Fact. 56, 3 (2014), 476--488. https://doi.org/10.1177/0018720813501549Google ScholarCross Ref
C. L. Paul, and J. Dykstra. 2017. Understanding operator fatigue, frustration, and cognitive workload in tactical cybersecurity operations. J. Info. Warfare 16, 2 (2017), 1-11.Google Scholar
P. Rajivan and N. J. Cooke. 2018. Information-pooling bias in collaborative security incident correlation analysis. Hum. Fact. 60, 5 (2018), 626--639. https://doi.org/10.1177/0018720818769249Google Scholar
P. M. Salmon, N. A. Stanton, G. H. Walker, and D. P. Jenkins. 2009. Distributed Situation Awareness: Theory, Measurement and Application to Teamwork. CRC Press, Boca Raton, FL.Google Scholar
Y. W. Sohn, and S. M. Doane. 2004. Memory processes of flight situation awareness: Interactive roles of working memory capacity, long-term working memory, and expertise. Hum. Fact. 46, 3 (2004), 461--475.Google ScholarCross Ref
D. Staheli, T. Yu, R. Crouser, S. Damodaran, K. Nam, D. O'Gwynn, and L. Harrison. 2014. Visualization evaluation for cyber security: Trends and future directions. In Proceedings of the 11th Workshop on Visualization for Cyber Security, 49--56.Google Scholar
S. Stevens-Adams, A. Carbajal, A. Silva, K. Nauer, B. Anderson, T. Reed, and C. Forsythe. 2011. Enhanced training for cyber situational awareness. In Foundations of Augmented Cognition. Springer, Berlin, 90--99.Google Scholar
K. Sulistyawati, C. D. Wickens, and Y. P. Chui. 2011. Prediction in situation awareness: Confidence bias and underlying cognitive abilities. Int. J. Aviation Psychol. 21, 2 (2011), 153--174. https://doi.org/10.1080/10508414.2011.556492Google Scholar
R. M. Taylor. 1990. Situational Awareness Rating Technique (SART): The development of a tool for aircrew systems design. AGARD Situation. Aware. Aerospace Operat. 17 (1990), 23--53.Google Scholar
S. Trent, R. R. Hoffman, D. Merritt, and S. Smith. 2019. Modelling the cognitive work of Cyber Protection Teams. Cyber Defense Rev. 4, 1 (2019), 125--135.Google Scholar
H. Zhang, S. Maoyuan, D. Yao, and C. North. 2015. Visualizing traffic causality for analyzing network anomalies. In Proceedings of International Workshop on Security and Privacy Analytics (IWSPA’15). 37--42. https://doi.org/10.1145/2713579.2713583.Google Scholar

Index Terms

Gaps and Opportunities in Situational Awareness for Cybersecurity
1. Human-centered computing
  1. Human computer interaction (HCI)
    1. HCI theory, concepts and models
2. Security and privacy
  1. Human and societal aspects of security and privacy
  2. Network security

Recommendations

Wide-Area Situational Awareness for Critical Infrastructure Protection

Despite successive attempts to protect critical infrastructures against incidents and malicious threats by using traditional situational awareness solutions, the complex and critical nature of these infrastructures makes this adaptation difficult. For ...
Read More
Situational Awareness as a Measure of Performance in Cyber Security Collaborative Work
ITNG '11: Proceedings of the 2011 Eighth International Conference on Information Technology: New Generations

Cyber defense competitions arising from U.S. service academy exercises offer a platform for collecting data that can inform research that ranges from characterizing the ideal cyber warrior to describing behaviors during certain challenging cyber defense ...
Read More
Situational Awareness of E-learning System Based on Cyber-Attack and Vulnerability
Advances in Web-Based Learning – ICWL 2021
Abstract
As technology changes and advances, E-learning has come a long way, providing a personal and interactive wealth of content. However, unethical behavior and the severity of network security attacks have received limited attention. While E-learning ...
Read More

Comments

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Article

Published in
Digital Threats: Research and Practice Volume 1, Issue 3
Field Notes
September 2020
93 pages
EISSN:2576-5337
DOI:10.1145/3415596
Editors:
Arun Lakhotia
University of Louisiana at Lafayette and Cythereal, USA
,
Leigh Metcalf
CERT, USA
Issue’s Table of Contents
Copyright © 2020 ACM
Publication rights licensed to ACM. ACM acknowledges that this contribution was authored or co-authored by an employee, contractor or affiliate of the United States government. As such, the Government retains a nonexclusive, royalty-free right to publish or reproduce this article, or to allow others to do so, for Government purposes only.
Sponsors
In-Cooperation
Publisher
Association for Computing Machinery
New York, NY, United States
Publication History
- Published: 2 September 2020
- Online AM: 7 May 2020
- Accepted: 1 February 2020
- Revised: 1 January 2020
- Received: 1 August 2019
Published in dtrap Volume 1, Issue 3

Permissions
Request permissions about this article.
Request Permissions

Check for updates
Author Tags
Cybersecurity
human factors
situational awareness
Qualifiers
- note
- Research
- Refereed
Conference
Funding Sources
Other Metrics
View Article Metrics

Article Metrics
- 17
  Total Citations
  View Citations
- 2,620
  Total Downloads
- Downloads (Last 12 months)592
- Downloads (Last 6 weeks)80
Other Metrics
View Author Metrics
Cited By
View all

PDF Format

View or Download as a PDF file.

PDF

eReader

View online with eReader.

eReader

HTML Format

View this article in HTML Format .

View HTML Format

Gaps and Opportunities in Situational Awareness for Cybersecurity

Digital Threats: Research and Practice

Abstract

References

Cited By

Index Terms

Recommendations

Wide-Area Situational Awareness for Critical Infrastructure Protection

Situational Awareness as a Measure of Performance in Cyber Security Collaborative Work

Situational Awareness of E-learning System Based on Cyber-Attack and Vulnerability