A Cognitive Task Analysis for Cyber Situational Awareness

Mahoney, Samuel; Roth, Emilie M.; Steinke, Kristin; Pfautz, Jonathan; Wu, Curt; Farry, Mike

doi:10.1177/154193121005400403

Cited by 27 publications

(11 citation statements)

References 2 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Most cybersecurity research on SA directly adopts the Endsley model; defining SA as perception, comprehension, and projection. Some have extended this definition to incorporate specific features of the cyber environment / cybersecurity task 22,32 ; but from at the cognitive level, SA is still limited to perception, comprehension and projection. There are two likely reasons for the popularity of the 3-Level model of SA in cybersecurity research.…”

Section: Cyber Situation Awareness (Cyber-sa)mentioning

confidence: 99%

“…For example, Barford et al 3 describe SA as consisting of awareness of "the current situation, impact of the attack, evolution of the situation, adversary behavior, basis for situation, the quality of the available information, and any plausible future situations." Others define cyber-SA in terms of categories of awareness such as 'health of the network,' 'potential risks,' and 'sources of data 22 . '…”

Section: Cyber Situation Awareness (Cyber-sa)mentioning

confidence: 99%

See 1 more Smart Citation

Cyber situation awareness as distributed socio-cognitive work

2012

View full text Add to dashboard Cite

A key challenge for human cybersecurity operators is to develop an understanding of what is happening within, and to, their network. This understanding, or situation awareness, provides the cognitive basis for human operators to take action within their environments. Yet developing situation awareness of cyberspace (cyber-SA) is understood to be extremely difficult given the scope of the operating environment, the highly dynamic nature of the environment and the absence of physical constraints that serve to bound the cognitive task 23 . As a result, human cybersecurity operators are often "flying blind" regarding understanding the source, nature, and likely impact of malicious activity on their networked assets. In recent years, many scholars have dedicated their attention to finding ways to improve cyber-SA in human operators. In this paper we present our findings from our ongoing research of how cybersecurity analysts develop and maintain cyber-SA. Drawing from over twenty interviews of analysts working in the military, government, industrial, and educational domains, we find that cyber-SA to be distributed across human operators and technological artifacts operating in different functional areas.

show abstract

Section: Cyber Situation Awareness (Cyber-sa)mentioning

confidence: 99%

Section: Cyber Situation Awareness (Cyber-sa)mentioning

confidence: 99%

Cyber situation awareness as distributed socio-cognitive work

2012

View full text Add to dashboard Cite

show abstract

“…Theory and frameworks for considering cyber-attacks are emerging. Some theory and frameworks are developed from the top-down , while others are created from the bottom up, building upon cognitive task analyses (CTAs) of cyber analyst roles and demands on cognition (D'Amico et al, 2005;Mahoney et al, 2010). The role of cyber-teams and team cognition has also been captured (Champion et al, 2012;Rajivan et al, 2013), and helps clarify the collaborations among different analysts and organizations.…”

Section: Introductionmentioning

confidence: 99%

“…It requires derivation of operators' goal-driven behaviors. Existing cognitive task analyses provide starting points (e.g., Mahoney et al, 2010). However, these analyses often lack granular measures of CCSA, or validation in actual cyber-defense performance (but see Champion et al 2012).…”

Section: Introductionmentioning

confidence: 99%

The Human Factors of Cyber Network Defense

Gutzwiller

Fugate

Sawyer

et al. 2015

Proceedings of the Human Factors and Ergonomics Society Annual

View full text Add to dashboard Cite

Technology's role in the fight against malicious cyber-attacks is critical to the increasingly networked world of today. Yet, technology does not exist in isolation: the human factor is an aspect of cyber-defense operations with increasingly recognized importance. Thus, the human factors community has a unique responsibility to help create and validate cyber defense systems according to basic principles and design philosophy. Concurrently, the collective science must advance. These goals are not mutually exclusive pursuits: therefore, toward both these ends, this research provides cyber-cognitive links between cyber defense challenges and major human factors and ergonomics (HFE) research areas that offer solutions and instructive paths forward. In each area, there exist cyber research opportunities and realms of core HFE science for exploration. We raise the cyber defense domain up to the HFE community at-large as a sprawling area for scientific discovery and contribution.

show abstract

“…The human factors field recognizes the need for a better understanding of cybersecurity work (Dodge, Toregas, & Hoffman, 2012;Knott et al, 2013;Lathrop, Trent, & Hoffman, 2016;Madhavan, Cooke, Bass, Meyer, & Roth, 2015;Mancuso et al, 2014;Oltramari, Henshel, Cains, & Hoffman, 2015), and there have been efforts to study aspects of cyber defense work (e.g., D'Amico & Whitley, 2008;Mahoney et al, 2010;Stanard et al, 2004).…”

mentioning

confidence: 99%

Framework for Developing a Brief Interview to Understand Cyber Defense Work: An Experience Report

Armstrong

Jones

Namin

2017

Proceedings of the Human Factors and Ergonomics Society Annual

View full text Add to dashboard Cite

Cyber defense is increasingly important for the wellbeing of our economy and our national defense. Universities can help meet our growing cybersecurity needs by training the next generation of cyber defenders, and it is crucial that the curricula for such programs are designed to prepare students for the type of work that is performed in the field. Unfortunately, collecting data about cyber work is hindered in situations where cybersecurity professionals are uncomfortable with traditional human factors work analysis methods. Four potential constraints are 1) no naturalistic observations, 2) anonymity and safety, 3) short data collection time, and 4) no deep process questions. We developed a brief interview technique that allowed us to measure the importance of knowledge, skills, and abilities related to offensive and defensive cyber work. Based on our experience using this technique, it fits within the four potential constraints to cyber research and produces information that is directly applicable to the development of cybersecurity curricula. Our technique could potentially be used for other research purposes and personnel selection and by researchers interested in other high-security populations.

show abstract

A Cognitive Task Analysis for Cyber Situational Awareness

Cited by 27 publications

References 2 publications

Cyber situation awareness as distributed socio-cognitive work

Cyber situation awareness as distributed socio-cognitive work

The Human Factors of Cyber Network Defense

Framework for Developing a Brief Interview to Understand Cyber Defense Work: An Experience Report

Contact Info

Product

Resources

About