Information Requirements for National Level Cyber Situational Awareness

Varga, Stefan; Brynielsson, Joel; Franke, Ulrik

doi:10.1109/asonam.2018.8508410

Cited by 14 publications

(20 citation statements)

References 25 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Broadly, Swedish cyber and information security has been investigated with respect to, e.g., the railway system [12], the financial sector [13], and national level exercises [14]. The closest related work we have found is a study commissioned by the Swedish Civil Contingencies Agency (MSB) and the Swedish Water & Wastewater Association (SWWA) on the state of cyber security in Swedish water plants [15].…”

Section: A General Cyber Security In Swedenmentioning

confidence: 99%

“…These results may reflect prior experience where attacks and accidents exhibit similar frequencies, but a similarity in frequency does not necessarily imply a similarity in appropriate counter-measures. It is known from the literature that, at least in the cyber security exercise setting investigated, many Swedish enterprises (private and public alike) tended to disregard adversarial elements such as attacker motives or strategies in favor of just resolving incidents, not bothering with whether they were accidental or intentional [14].…”

Section: Different Cyber Risks and Corresponding Security Measuresmentioning

confidence: 99%

See 1 more Smart Citation

A survey of cyber security in the Swedish manufacturing industry

Franke

Wernberg

2020

2020 International Conference on Cyber Situational Awareness, Data Analytics and Assessment (CyberSA)

Self Cite

View full text Add to dashboard Cite

In this paper we explore cyber security practices in Swedish manufacturing firms. Manufacturing is being transformed by new technologies under the label of smart industry or industry 4.0. Most of these technologies are either digital themselves or depend on digital connectivity. Their use is made possible by electronic sensors, actuators, and other devices as well as by data-driven analysis. This technological change entails a fundamental shift in risk and security as devices become interconnected, making information and control transmissible both within and to varying degree outside the firm's organization. These issues must be addressed to prevent both unintentional and intentional security incidents. Thus, there will be no smart industry without cyber security. Based on a sector-wide survey with 649 respondents (17% response rate) carried out in collaboration with the Association of Swedish Engineering Industries , we map risk perception and the controls put in place to address these risks across firms. We present three primary findings: (i) Compared to how firms value further investments in digitalization, risk perception related to cyber security issues is fairly low and business interruption is a greater cause for worry than data breach, (ii) there is a gap between the anticipated impact of digitalization and the perceived need for cyber security measures across business functions within firms, and (iii) the implementation of cyber security measures is still in its infancy with a significant bias towards technological measures, leaving organizational and social cyber security measures underrepresented. The paper is concluded with the identification of a few interesting follow-up questions for future work.

show abstract

Section: A General Cyber Security In Swedenmentioning

confidence: 99%

Section: Different Cyber Risks and Corresponding Security Measuresmentioning

confidence: 99%

A survey of cyber security in the Swedish manufacturing industry

Franke

Wernberg

2020

2020 International Conference on Cyber Situational Awareness, Data Analytics and Assessment (CyberSA)

Self Cite

View full text Add to dashboard Cite

show abstract

“…At some point, however, the threat will need to be understood and treated as an operational or a strategic dilemma. The findings of Varga et al (2018) highlights an area where CyOs may face challenges when communicating RCPs to non-/less technical personnel and explicates the importance of being mindful of how a communication partner's background and associated priorities affects their mental threat models and situational understanding (Ask et al, 2021a).…”

Section: Organizational Structures Introduce Challenges To Rcp Communication Between Cyos and Decision-makersmentioning

confidence: 98%

“…When this fails to be applied, critical information can get lost due to suboptimal communication flow leading to potentially dire consequences for mission assurance (Knox et al, 2018;Rosen et al, 2008). In a recent study surveying what information Swedish stakeholders (spanning national to local, and private to public actors including providers of critical infrastructure) perceived as needed to meet their RCP requirements, it was reported that none of the stakeholders listed awareness of adversarial behavior as important (Varga et al, 2018). This may suggest a blind-spot in different decisionmaking agents' mental models of what information is necessary to achieve CSA during a cyber threat situation.…”

Section: Organizational Structures Introduce Challenges To Rcp Communication Between Cyos and Decision-makersmentioning

confidence: 99%

A Gamification Approach to Improving Interpersonal Situational Awareness in Cyber Defense

Ask¹,

Knox²,

Lugo³

et al. 2021

Preprint

View full text Add to dashboard Cite

In cyber threat situations, the establishment of a shared situational awareness as a basis for cyber defense decision-making results from adequate communication of a Recognized Cyber Picture (RCP). RCPs consist of actively selected information and have the goal of accurately presenting the severity and potential consequences of the situation. RCPs must be communicated between individuals, but also between organizations, and often from technical to non-/less technical personnel. The communication of RCPs is subject to many challenges that may affect the transfer of critical information between individuals. There are currently no common best practices for training communication for shared situational awareness among cyber defense personnel. The Orient, Locate, Bridge (OLB) model is a pedagogic tool to improve communication between individuals during a cyber threat situation. According to the model, an individual must apply meta-cognitive awareness (O), perspective taking (L), and communication skills (B) to successfully communicate the RCP. Gamification (applying game elements to non-game contexts) has shown promise as an approach to learning. We propose a novel OLB-based Gamification design to improve dyadic communication for shared situational awareness among (technical and non-technical) individuals during a cyber threat situation. The design includes the Gamification elements of narrative, scoring, feedback, and judgment of self. The proposed concept contributes to the educational development of cyber operators from both military and civilian organizations responsible for defending and securing digital infrastructure. This is achieved by combining the elements of a novel communication model with gamification in a context in urgent need for educational input.

show abstract

“…This may affect what information different individuals think is important during a cyber threat situation (Ask et al, 2021a). For instance, previous research on the RCP needs of local-and national-level stakeholders in Sweden showed that no one listed knowledge about adversarial behavior as important for their RCPs (Varga et al 2018). If awareness of adversarial behavior is required for achieving SA Level 1 during a CTS and is necessary to make good cyber defense decisions (Barford et al, 2009), then ignoring information of adversarial behavior may result in an insufficient CSA.…”

Section: Introductionmentioning

confidence: 99%

A 3D Mixed Reality Visualization of Network Topology and Activity Results in Better Dyadic Cyber Team Communication and Cyber Situational Awareness

Ask¹,

Kullman²,

Sütterlin³

et al. 2022

Preprint

View full text Add to dashboard Cite

Cyber defense decision-making during cyber threat situations is based on human-to-human communication aiming to establish a shared cyber situational awareness. Previous studies suggested that communication inefficiencies were among the biggest problems facing security operation center teams. There is a need for tools that allow for more efficient communication of cyber threat information between individuals both in education and during cyber threat situations. In the present study, we compared how the visual representation of network topology and traffic in 3D mixed reality versus 2D affected team performance in a sample of cyber cadets (N = 22) cooperating in dyads. Performance outcomes included network topology recognition, cyber situational awareness, confidence in judgements, experienced communication demands, observed verbal communication, and forced choice decision-making. The study utilized network data from the NATO CCDCOE 2022 Locked Shields cyber defense exercise. We found that participants using the 3D mixed reality visualization had better cyber situational awareness than participants in the 2D group. The most apparent difference was in the detection of the top five Red Team hosts targeting Blue Team systems, where the traffic associated with the identified Red Team hosts differed in the tens of thousands between the groups. The 3D mixed reality group was generally more confident in their judgments except when performing worse than the 2D group on the topology recognition task (which favored the 2D condition). Participants in the 3D mixed reality group experienced less communication demands, and performed more verbal communication aimed at establishing a shared mental model and less communications discussing task resolution. There were no differences in decision-making between the groups. This could be due to cohort effects such as formal training or the modest sample size. This is the first study comparing the effect of 3D mixed reality and 2D visualizations of network topology on dyadic cyber team communication and cyber situational awareness. Using 3D mixed reality visualizations resulted in better cyber situational awareness and team communication. The experiment should be repeated in a larger and more diverse sample to determine its potential effect on decision-making.

show abstract

Information Requirements for National Level Cyber Situational Awareness

Cited by 14 publications

References 25 publications

A survey of cyber security in the Swedish manufacturing industry

A survey of cyber security in the Swedish manufacturing industry

A Gamification Approach to Improving Interpersonal Situational Awareness in Cyber Defense

A 3D Mixed Reality Visualization of Network Topology and Activity Results in Better Dyadic Cyber Team Communication and Cyber Situational Awareness

Contact Info

Product

Resources

About