Cyber Situational Awareness (CSA)*
Abstract
*Formerly Cyber Situational Awareness and Response (CSAR) The Cyber Situational Awareness (CSA) program will develop technologies to enable comprehensive awareness and understanding of the cyber environment as required for decision-making for cyber defensive actions. This includes intelligence preparation of the cyber battlespace, indications and warning of adversary actions, detection of attack onset, attacker identification, and cyber battle damage assessment. Cyber situational awareness is made difficult by the efforts of attackers to elude detection. Approaches to cyber situational awareness will include forensic techniques to exploit data derived from events on hosts and networks that might appear innocuous when examined in isolation but reveal patterns indicative of a threat when correlated in time and space across an enterprise. CSA will also create new graphical interfaces that enable intuitive visualization of events on hosts and networks to aid in the detection of cyber attacks. This is an area where metrics are difficult to obtain, and so CSA will extend operationally-meaningful measures such as mean-time-to-detect and false-alarm rate to estimate the efficacy of proposed schemes.
Document Details
- Document Type
- Accomplishment
- Publication Date
- Oct 01, 2013
- Source ID
- fcb719e48b5da9fc0096fb0f1efe26a3