Abstract
Demand is present among security practitioners for improving cyber situational awareness (SA), but capability and assessment have not risen to match. SA is an integral component of cybersecurity for everyone from individuals to business to response teams and threat exchanges. In this Field Note, we highlight existing research and our field observations, a recent review of cyber SA research literature, and call upon the research community to help address three research problems in situational awareness for cybersecurity. The gaps suggest the need to (1) understand what cyber SA is from the human operators’ perspectives, then (2) measure it so that (3) the community can learn whether SA makes a difference in meaningful ways to cybersecurity, and whether methods, technology, or other solutions would improve SA and thus, improve those outcomes.
- P. Barford, M. Dacier, T. G. Dietterich, M. Fredrikson, J. Giffin, S. Jajodia, and J. Yen. 2010. Cyber SA: Situational awareness for cyber defense. In Cyber Situational Awareness. Springer, Boston, MA, 3--14.Google Scholar
- M. Champion, S. Jariwala, P. Ward, and N. J. Cooke. 2014. Using cognitive task analysis to investigate the contribution of informal education to developing cyber security expertise. In Proceedings of the Human Factors and Ergonomics Society Annual Meeting. 310--314. http://doi.org/10.1177/1541931214581064Google Scholar
- A. D. D'Amico and K. Whitley. 2008. The real work of computer network defense analysts: The analysis roles and processes that transform network data into security situation awareness. In Proceedings of the Workshop on Visualization for Computer Security, J. Goodall, G. Conti, and K. Ma (Eds.). Springer, Berlin.Google Scholar
- F. T. Durso, K. Rawson, and S. Girotto. 2007. Comprehension and situation awareness. In Handbook of Applied Cognition, F. Durso, R. Nickerson, S. Dumais, S. Lewandowsky, and T. Perfect (Eds.). John Wiley & Sons, West Sussex, 163--193.Google Scholar
- M. R. Endsley. 1988. Situation awareness global assessment technique (SAGAT). In Proceedings of the IEEE National Aerospace and Electronics Conference (NAECON’88). 789--795.Google Scholar
- M. R. Endsley. 1995a. Measurement of situation awareness in dynamic systems. Hum. Fact. 37, 1 (1995), 65--84.Google ScholarCross Ref
- M. R. Endsley. 2015. Situation awareness: Operationally necessary and scientifically grounded. Cogn. Technol. Work 17, 2 (2015), 163--167. https://doi.org/10.1007/s10111-015-0323-5Google ScholarDigital Library
- M. R. Endsley. 2019. A systematic review and meta-analysis of direct objective measures of situation awareness: A comparison of SAGAT and SPAM. Hum. Fact. https://doi.org/10.1177/0018720819875376Google Scholar
- M. R. Endsley, and D. J. Garland. 2000. Situation awareness: Analysis and measurement, M. Endsley and D. J. Garland (Eds.). CRC Press, Boca Raton, FL.Google Scholar
- M. R. Endsley and D. G. Jones. 2012. Designing for situation awareness: An approach to human-centered design (2nd ed.). Taylor & Francis, London.Google Scholar
- M. R. Endsley and E. O.Kiris, 1995. The out-of-the-loop performance problem and level of control in automation. Hum. Fact. 37, 2 (1995), 381--394.Google ScholarCross Ref
- R. F. Erbacher, D. A. Frincke, P. C. Wong, S. Moody, and G. Fink. 2010. Cognitive task analysis of network analysts and managers for network situational awareness. In Visualization and Data Analysis, Vol. 7530. International Society for Optics and Photonics, p. 75300H.Google Scholar
- J. Freund and J. Jones. 2014. Measuring and Managing Information Risk: A FAIR Approach. Butterworth-Heinemann, Oxford, UK.Google Scholar
- N. A. Giacobe, M. D. McNeese, V. F. Mancuso, and D. Minotra. 2013. Capturing human cognition in cyber-security simulations with NETS. In Proceedings of the IEEE ISI Conference. 284--288.Google Scholar
- R. S. Gutzwiller. 2019. Situation Awareness in Defensive Cyberspace Operations: An Annotated Bibliographic Assessment Through 2015. (No. TR-3184). NIWC Pacific San Diego United States.Google Scholar
- R. S. Gutzwiller and B. A. Clegg. 2013. The role of working memory in levels of situation awareness. J. Cogn. Eng. Decis. Making 7, 2 (2013), 141--154. https://doi.org/10.1177/1555343412451749.Google ScholarCross Ref
- R. S. Gutzwiller, S. Fugate, B. D. Sawyer, and P. A. Hancock. 2015. The human factors of cyber network defense. In Proceedings of the Human Factors and Ergonomics Society Annual Meeting. 322--326. https://doi.org/10.1177/1541931215591067Google Scholar
- R. S. Gutzwiller, S. M. Hunt, and D. S. Lange. 2016. A task analysis toward characterizing cyber-cognitive situation awareness (CCSA) in cyber defense analysts. In Proceedings of the IEEE International Multi-Disciplinary Conference on Cognitive Methods in Situation Awareness and Decision Support (CogSIMA’16). 14--20. https://doi.org/10.1109/COGSIMA.2016.7497780Google Scholar
- D. Jones. 2000. Subjective measures of situation awareness. In Situation awareness: Analysis and measurement, M. R. Endsley and D. Garland (Eds.). Lawrence Erlbaum Associates, Mahwah, NJ, 113--128.Google Scholar
- D. G. Jones, and M. R. Endsley. 1996. Sources of situation awareness errors in aviation. Aviat. Space Environ. Med. 67, 6 (1996), 507--512. https://doi.org/10.1039/c4qo00187gGoogle Scholar
- G. Klein. 1997. Developing expertise in decision making. Think. Reason. 3, 4 (1997), 337--352. https://doi.org/10.1080/135467897394329Google ScholarCross Ref
- S. Mahoney, E. Roth, K. Steinke, J. Pfautz, C. Wu, and M. Farry. 2010. A cognitive task analysis for cyber situational awareness. In Proceedings of the Human Factors and Ergonomics Society Annual Meeting. 279--283.Google Scholar
- A. Malviya, G. A. Fink, L. Sego, and B. Endicott-Popovsky. 2011. Situational awareness as a measure of performance in cyber security collaborative work. In Proceedings of the IEEE International Conference on Information Technology: New Generations. 937--942. https://doi.org/10.1109/ITNG.2011.161Google Scholar
- S. Mckenna, D. Staheli, and M. Meyer. 2015. Unlocking user-centered design methods for building cyber security visualizations. In Proceedings of the IEEE Symposium on Visualization for Cyber Security (VizSec’15). 1--8. https://doi.org/10.1109/VIZSEC.2015.7312771Google Scholar
- K. S. O'Brien, and D. O'Hare. 2007. Situational awareness ability and cognitive skills training in a complex real-world task. Ergonomics 50, 7 (2007), 1064--1091. https://doi.org/10.1080/00140130701276640Google ScholarCross Ref
- L. Onnasch, C. D. Wickens, H. Li, and D. Manzey. 2014. Human performance consequences of stages and levels of automation: An integrated meta-analysis. Hum. Fact. 56, 3 (2014), 476--488. https://doi.org/10.1177/0018720813501549Google ScholarCross Ref
- C. L. Paul, and J. Dykstra. 2017. Understanding operator fatigue, frustration, and cognitive workload in tactical cybersecurity operations. J. Info. Warfare 16, 2 (2017), 1-11.Google Scholar
- P. Rajivan and N. J. Cooke. 2018. Information-pooling bias in collaborative security incident correlation analysis. Hum. Fact. 60, 5 (2018), 626--639. https://doi.org/10.1177/0018720818769249Google Scholar
- P. M. Salmon, N. A. Stanton, G. H. Walker, and D. P. Jenkins. 2009. Distributed Situation Awareness: Theory, Measurement and Application to Teamwork. CRC Press, Boca Raton, FL.Google Scholar
- Y. W. Sohn, and S. M. Doane. 2004. Memory processes of flight situation awareness: Interactive roles of working memory capacity, long-term working memory, and expertise. Hum. Fact. 46, 3 (2004), 461--475.Google ScholarCross Ref
- D. Staheli, T. Yu, R. Crouser, S. Damodaran, K. Nam, D. O'Gwynn, and L. Harrison. 2014. Visualization evaluation for cyber security: Trends and future directions. In Proceedings of the 11th Workshop on Visualization for Cyber Security, 49--56.Google Scholar
- S. Stevens-Adams, A. Carbajal, A. Silva, K. Nauer, B. Anderson, T. Reed, and C. Forsythe. 2011. Enhanced training for cyber situational awareness. In Foundations of Augmented Cognition. Springer, Berlin, 90--99.Google Scholar
- K. Sulistyawati, C. D. Wickens, and Y. P. Chui. 2011. Prediction in situation awareness: Confidence bias and underlying cognitive abilities. Int. J. Aviation Psychol. 21, 2 (2011), 153--174. https://doi.org/10.1080/10508414.2011.556492Google Scholar
- R. M. Taylor. 1990. Situational Awareness Rating Technique (SART): The development of a tool for aircrew systems design. AGARD Situation. Aware. Aerospace Operat. 17 (1990), 23--53.Google Scholar
- S. Trent, R. R. Hoffman, D. Merritt, and S. Smith. 2019. Modelling the cognitive work of Cyber Protection Teams. Cyber Defense Rev. 4, 1 (2019), 125--135.Google Scholar
- H. Zhang, S. Maoyuan, D. Yao, and C. North. 2015. Visualizing traffic causality for analyzing network anomalies. In Proceedings of International Workshop on Security and Privacy Analytics (IWSPA’15). 37--42. https://doi.org/10.1145/2713579.2713583.Google Scholar
Index Terms
- Gaps and Opportunities in Situational Awareness for Cybersecurity
Recommendations
Wide-Area Situational Awareness for Critical Infrastructure Protection
Despite successive attempts to protect critical infrastructures against incidents and malicious threats by using traditional situational awareness solutions, the complex and critical nature of these infrastructures makes this adaptation difficult. For ...
Situational Awareness as a Measure of Performance in Cyber Security Collaborative Work
ITNG '11: Proceedings of the 2011 Eighth International Conference on Information Technology: New GenerationsCyber defense competitions arising from U.S. service academy exercises offer a platform for collecting data that can inform research that ranges from characterizing the ideal cyber warrior to describing behaviors during certain challenging cyber defense ...
Situational Awareness of E-learning System Based on Cyber-Attack and Vulnerability
Advances in Web-Based Learning – ICWL 2021AbstractAs technology changes and advances, E-learning has come a long way, providing a personal and interactive wealth of content. However, unethical behavior and the severity of network security attacks have received limited attention. While E-learning ...
Comments