Multinational Experiment 7: Situation Awareness Technologies Used in Locked Shield 2012

Abstract

As in the real world, the lack of timely reports on network incidents has been a major obstacle in establishing situation awareness in cyber security exercises. The security teams are too busy handling the incidents to create detailed reports. However, the observations and actions made by local experts are crucial to well-informed high-level decisions. At the Locked Shield 2012 exercise, Clarified networks was responsible for providing SA solutions and building the Finnish situation room. AbuseSA, a collaborative system, which combines instant messaging, wikis and real-time visualizations to provide actionable situation awareness, was implemented. To encourage security teams to report incidents, a CDX extension to AbuseSA, which allows users to quickly report incident using instant messaging, was introduced. The overall execution consisted of providing the technical solution and helping the exercise organizers to implement the supporting workflows. The results of the exercise were positive with all teams using the functionality to report incidents.

Open PDF

Document Details

Document Type
Technical Report
Publication Date
Jul 08, 2013
Accession Number
ADA587809

Entities

Organizations

  • Joint Chiefs of Staff

Tags

Communities of Interest

  • Cyber

DTIC Thesaurus Topics

  • Detectors
  • Electronic Messaging
  • Environment
  • Information Exchange
  • Intrusion Detection
  • Intrusion Detection Systems
  • Intrusion Detectors
  • Monitoring
  • Network Protocols
  • Networks
  • Observation
  • Security
  • Situational Awareness
  • Software Prototyping
  • Teamwork
  • Visualizations

Fields of Study

  • Computer science

Readers

  • Cybersecurity.
  • Educational Psychology
  • Enterprise Information Systems Architecture and Joint Command Capability Interoperability Support.

Technology Areas

  • Cyber