You are here

Cyber SA: Situational Awareness for Cyber Defense

TitleCyber SA: Situational Awareness for Cyber Defense
Publication TypeBook Chapter
Year of Publication2010
AuthorsBarford, P., P. Dacier, T. G. Dietterich, M. Fredrikson, J. Giffin, S. Jajodia, S. Jha, J. Li, P. Liu, P. Ning, X. Ou, D. Song, L. Strater, V. Swarup, G. Tadda, C. Wang, and J. Yen
Tertiary AuthorsJajodia, S., P. Liu, V. Swarup, and C. Wang
Book TitleCyber Situational Awareness
Date Published2010

Situation Awareness (SA) for cyber defense consists of at least seven aspects: 1. Be aware of the current situation. This aspect can also be called situation perception. Situation perception includes both situation recognition and identification. Situation identification can include identifying the type of attack (recognition is only recognizing that an attack is occurring), the source (who, what) of an attack, the target of an attack, etc. Situation perception is beyond intrusion detection. Intrusion detection is a very primitive element of this aspect. An IDS (intrusion detection system) is usually only a sensor, it neither identifies nor recognizes an attack but simply identifies an event that may be part of an attack once that event adds to a recognition or identification activity. 2. Be aware of the impact of the attack. This aspect can also be called impact assessment. There are two parts to impact assessment: 1) assessment of current impact (damage assessment) and 2) assessment of future impact (if the attacker continues on this path or more general if the activity of interest continues- what is the impact?). Vulnerability analysis is also largely an aspect of impact assessment (provides knowledge of us and enables projection of future impact). Assessment of future impact also involves threat assessment.