Situation Awareness for Cyber Defense

Abstract

Situation awareness (SA), or the ability to assess situations and prepare timely responses, has long been acknowledged as an important aspect of theater operations for defensive purposes. Likewise, SA is critical in the cyber world. The focus of this paper is SA in the cyber domain with respect to defensive capabilities. The cyber defense domain has an important characteristic in common with related domains such as analysis of terrorism, protection of infrastructure, and IED defense: the domains are characterized by sets of complex, interacting issues that are ill-defined, ambiguous, and evolving in time. Solutions for such problems must be integrative, handle domain complexity, and incorporate and address the element of surprise. A list of the capabilities needed to accomplish effective cyber SA is provided, along with an architecture for cyber SA reasoning. Most cyber SA architectures attempt to mirror the complexity of the domain. Surprisingly, the latest brain research does not support this approach. Notional information is provided regarding a new approach to cyber situation awareness, taking into account the lessons learned from the way humans process such information.

Document Details

Document Type

Technical Report

Publication Date

Jan 01, 2006

Accession Number

ADA463389

Entities

Tags