Advertisement

Toward Robust Models of Cyber Situation Awareness

  • Ian A. Cooke
  • Alexander Scott
  • Kasia Sliwinska
  • Novia Wong
  • Soham V. Shah
  • Jihun Liu
  • David Schuster
Conference paper
Part of the Advances in Intelligent Systems and Computing book series (AISC, volume 782)

Abstract

Cybersecurity is a rapidly growing worldwide concern that provides a novel, multifaceted problem space for Human Factors researchers. Current models of Cyber Situation Awareness (CSA) have begun to identify the foundational elements with respect to individual analysts. We propose that the CSA models can be augmented to include awareness of end user behaviors and favor knowledge of the cyber threat landscape. In this paper, we present a review of current CSA models and definitions. We then expand upon existing models by considering how they apply at the user level or in the incorporation of diverse and distributed participating agents, such as end-users and adversaries.

Keywords

Cybersecurity Human-systems integration Computer network defense Decision making Cyber threat intelligence 

Notes

Acknowledgments

This material is based upon work supported by the National Science Foundation under Grant No. (1553018). Any opinions, findings, and conclusions or recommendations expressed in this material are those of the authors and do not necessarily reflect the views of the National Science Foundation.

References

  1. 1.
    Jajodia, S., Peng, L., Vipin, S.: Cyber Situational Awareness. Advances in Information Security (2010).  https://doi.org/10.1007/978-1-4419-0140-8
  2. 2.
    Onwubiko, C., Owens, T.J.: Situational awareness in computer network defense: principles, methods, and applications (2012)Google Scholar
  3. 3.
    Gutzwiller, R.S., Fugate, S., Sawyer, B.D., Hancock, P.A.: The human factors of cyber network defense. Proc. Hum. Factors Ergon. Soc. Ann. Meeting 59(1), 322–326 (2015)CrossRefGoogle Scholar
  4. 4.
    Endsley, M.R.: Toward a theory of situation awareness in dynamic systems. Hum. Factors J. Hum. Factors Ergon. Soc. 37(1), 32–64 (1995).  https://doi.org/10.1518/001872095779049543CrossRefGoogle Scholar
  5. 5.
    Onwubiko, C.: Understanding cyber situation awareness. Int. J. Cyber Situat. Aware. (2016).  https://doi.org/10.22619/IJCSACrossRefGoogle Scholar
  6. 6.
    Nofi, A.A.: Defining and measuring shared situational awareness. Center for Naval Analyses, pp. 1–72 (2000)Google Scholar
  7. 7.
    Tadda, G.P., Salerno, J.S.: Overview of cyber situation awareness. In: Jajodia, S., Liu, P., Swarup, V., Wang, C. (eds.) Cyber Situational Awareness, pp. 15–35. Springer, Boston (2010)CrossRefGoogle Scholar
  8. 8.
    Barford, P., Dacier, M., Dietterich, T.G., Fredrikson, M., Giffin, J., Jajodia, S., Jha, S., Yen, J.: Cyber SA: situational awareness for cyber defense. In: Jajodia, S., Liu, P., Swarup, V., Wang, C. (eds.) Cyber Situational Awareness, pp. 3–13. Springer, Boston (2010)CrossRefGoogle Scholar
  9. 9.
    Kokar, M.M., Endsley, M.R.: Situational awareness and cognitive modeling. IEEE Intell. Syst. 27(3), 91–96 (2012).  https://doi.org/10.1109/MIS.2012.61CrossRefGoogle Scholar
  10. 10.
    Onwubiko, C.: Functional requirements of situational awareness in computer network security. In: 2009 IEEE International Conference on Intelligence and Security Informatics, pp. 209–213 (2009).  https://doi.org/10.1109/isi.2009.5137305
  11. 11.
    Mees, W., Debatty, T.: An attempt at defining cyber defense situational awareness in the context of command & control. In: International Conference on Military Communications and Information Systems (ICMCIS), pp. 1–9 (2015)Google Scholar
  12. 12.
    Gutzwiller, R.S., Hunt, S.M., Lange, D.S.: A task analysis toward characterizing cyber-cognitive situation awareness (CCSA) in cyber defense analysts. In: 2016 IEEE International Multi-Disciplinary Conference on Cognitive Methods in Situation Awareness and Decision Support (CogSIMA), pp. 14–20 (2016).  https://doi.org/10.1109/cogsima.2016.7497780
  13. 13.
    Mahoney, S., Roth, E., Steinke, K., Pfautz, J., Wu, C., Farry, M.: A cognitive task analysis for cyber situational awareness. Proc. Hum. Factors Ergon. Soc. 1, 279–293 (2010)CrossRefGoogle Scholar
  14. 14.
    D’amico, A., Whitley, K., Tesone, D., O’Brien, B., Roth, E.: Achieving cyber defense situational awareness: a cognitive task analysis of information assurance analysts. Proc. Hum. Factors Ergon. Soc. Ann. Meeting 49(3), 229–233 (2005)CrossRefGoogle Scholar
  15. 15.
    Goodall, J.R., Lutters, W.G., Komlodi, A.: I know my network: collaboration and expertise in intrusion detection. In: Proceedings of the 2004 ACM Conference on Computer Supported Cooperative Work, vol. 6(3), pp. 342–345 (2004)Google Scholar
  16. 16.
    Champion, M.A., Rajivan, P., Cooke, N.J., Jariwala, S.: Team-based cyber defense analysis. In: 2012 IEEE International Multi-Disciplinary Conference on Cognitive Methods in Situation Awareness and Decision Support, pp. 218–212 (2012)Google Scholar
  17. 17.
    Tyworth, M., Giacobe, N.A., Mancuso, V., Dancy, C.: The distributed nature of cyber situation awareness. In: 2012 IEEE International Multi-Disciplinary Conference on Cognitive Methods in Situation Awareness and Decision Support, pp. 174–178 (2012).  https://doi.org/10.1109/cogsima.2012.6188375
  18. 18.
    Tyworth, M., Giacobe, N.A., Mancuso, V.: Cyber situation awareness as distributed socio-cognitive work. In: Cyber Sensing 2012, pp. 1–9 (2012).  https://doi.org/10.1117/12.919338
  19. 19.
    Albanese, M., Cooke, N., Coty, G., Hall, D., Healey, C., Jajodia, S., Subrahmanian, V.S.: Computer-aided human centric cyber situation awareness. In: Liu, P., Jajodia, S., Wang, C. (eds.) Theory and Models for Cyber Situation Awareness, pp. 3–25. Springer, Cham (2017)CrossRefGoogle Scholar
  20. 20.
    Gonzalez, C., Ben-Asher, N., Morrison, D.: Dynamics of decision making in cyber defense: using multi-agent cognitive modeling to understand CyberWar. In: Liu, P., Jajodia, S., Wang, C. (eds.) Theory and Models for Cyber Situation Awareness, pp. 113–127. Springer, Cham (2017)CrossRefGoogle Scholar
  21. 21.
    Paul, C., Whitley, K.: A taxonomy of cyber awareness questions for the user-centered design of cyber situation awareness. In: Marinos, L., Askoxylakis, I. (eds.) HAS/HCII 2013. Lecture Notes in Computer Science, pp. 145–154. Springer, Heidelberg (2013)Google Scholar
  22. 22.
    Artman, H.: Team situation assessment and information distribution. Ergonomics 43(8), 1111–1128 (2000)CrossRefGoogle Scholar
  23. 23.
    Bolstad, C.A., Cuevas, H., González, C., Schneider, M.: Modeling shared situation awareness. In: Proceedings of the 14th Conference on Behavior Representation in Modeling and Simulation (BRIMS), Los Angeles, CA, pp. 1–8 (2005)Google Scholar
  24. 24.
    McNeese, M.D., Hall, D.L.: The cognitive sciences of cyber-security: a framework for advancing socio-cyber systems. In: Liu, P., Jajodia, S., Wang, C. (eds.) Theory and Models for Cyber Situation Awareness, pp. 173–202. Springer, Cham (2017)CrossRefGoogle Scholar
  25. 25.
    Paul, C.L.: Human-centered study of a network operations center: experience report and lessons learned. In: Proceedings of the 2014 ACM Workshop on Security Information Workers, pp. 39–42 (2014)Google Scholar
  26. 26.
    Harknett, R.J., Stever, J.A.: The cybersecurity triad: Government, private sector partners, and the engaged cybersecurity citizen. J. Homel. Secur. Emerg. Manage. 6(1), 1–14 (2009)Google Scholar
  27. 27.
    Sun, X., Dai, J., Singhal, A., Liu, P.: Enterprise-level cyber situation awareness. In: Liu, P., Jajodia, S., Wang, C. (eds.) Theory and Models for Cyber Situation Awareness, pp. 66–109. Springer, Cham (2017)CrossRefGoogle Scholar
  28. 28.
    Gordon, L.A., Loeb, M.P., Lucyshyn, W., Zhou, L.: The impact of information sharing on cybersecurity underinvestment: a real options perspective. J. Account. Public Policy 34(5), 509–519 (2015)CrossRefGoogle Scholar
  29. 29.
    Shackleford, D.: The SANS state of cyber threat intelligence survey: CTI important and maturing. SANS Institute, pp. 1–24 (2016)Google Scholar
  30. 30.
    Dutt, V., Ahn, Y., Gonzalez, C.: Cyber situation awareness: modeling detection of cyberattacks with instance-based learning theory. Hum. Factors 55(3), 605–618 (2013)CrossRefGoogle Scholar
  31. 31.
    Albrechtsen, E., Hovden, J.: The information security digital divide between information security managers and users. Comput. Secur. 28(6), 476–490 (2009)CrossRefGoogle Scholar
  32. 32.
    Furnell, S., Tsaganidi, V., Phippen, A.: Security beliefs and barriers for novice Internet users. Comput. Secur. 27(7), 235–240 (2008)CrossRefGoogle Scholar
  33. 33.
    Julisch, K.: Understanding and overcoming cyber security anti-patterns. Comput. Netw. 57(10), 2206–2211 (2013)CrossRefGoogle Scholar
  34. 34.
    Choo, K.K.R.: The cyber threat landscape: challenges and future research directions. Comput. Secur. 30(8), 719–731 (2011)CrossRefGoogle Scholar
  35. 35.
    West, R., Mayhorn, C., Hardee, J., Mendel, J.: The weakest link: a psychological perspective on why users make poor security decisions. In: Social and Human Elements of Information Security: Emerging Trends and Countermeasures, pp. 43–60. Information Science Reference/IGI Global, Hershey (2009).  https://doi.org/10.4018/978-1-60566-036-3.ch004
  36. 36.
    Strayer, W.T., Walsh, R., Livadas, C., Lapsley, D.: Detecting botnets with tight command and control. In: Proceedings 2006 31st IEEE Conference on Local Computer Networks, pp. 195–202. IEEE (2006)Google Scholar
  37. 37.
    Denning, P.J., Denning, D.E.: Cybersecurity is harder than building bridges. Am. Sci. 104(3), 154 (2016)Google Scholar
  38. 38.
    Krol, K., Moroz, M., Sasse, M.A.: Don’t work. Can’t work? Why it’s time to rethink security warnings. In: 2012 7th International Conference on Risk and Security of Internet and Systems (CRiSIS), pp. 1–8. IEEE (2012)Google Scholar
  39. 39.
    Baroudi, J.J., Olson, M.H., Ives, B.: An empirical study of the impact of user involvement on system usage and information satisfaction. Commun. ACM 29(3), 232–238 (1986)CrossRefGoogle Scholar
  40. 40.
    Sheppard, B., Crannell, M., Moulton, J.: Cyber first aid: proactive risk management and decision-making. Environ. Syst. Decis. 33(4), 530–535 (2013)CrossRefGoogle Scholar
  41. 41.
    Crandall, B., Klein, G., Hoffman, R.R.: Working Minds: A Practitioner’s Guide to Cognitive Task Analysis. The MIT Press, Cambridge (2006)Google Scholar
  42. 42.
    Shaw, R.S., Chen, C.C., Harris, A.L., Huang, H.J.: The impact of information richness on information security awareness training effectiveness. Comput. Educ. 52(1), 92–100 (2009)CrossRefGoogle Scholar
  43. 43.
    LaRose, R., Rifon, N.J., Enbody, R.: Promoting personal responsibility for internet safety. Commun. ACM 51(3), 71–76 (2008)CrossRefGoogle Scholar
  44. 44.
    Etzioni, A.: Cybersecurity in the private sector. Issues Sci. Technol. 28(1), 58–62 (2011)Google Scholar
  45. 45.
    Rajivan, P., Cooke, N.: Impact of team collaboration on cybersecurity situational awareness. In: Liu, P., Jajodia, S., Wang, C. (eds.) Theory and Models for Cyber Situation Awareness, pp. 203–226. Springer, Cham (2017)CrossRefGoogle Scholar

Copyright information

© Springer International Publishing AG, part of Springer Nature 2019

Authors and Affiliations

  • Ian A. Cooke
    • 1
  • Alexander Scott
    • 1
  • Kasia Sliwinska
    • 1
  • Novia Wong
    • 1
  • Soham V. Shah
    • 1
  • Jihun Liu
    • 1
  • David Schuster
    • 1
  1. 1.San José State UniversitySan JoseUSA

Personalised recommendations