“…Many traditional military topics have been expanded and applied into the cyberspace domain [7]. These include the concept of situational awareness [8], key terrain [9], and defense in depth [10]. A basic military concept that has received extension theoretical review is maneuver [5], [11], [12].…”
Section: A Military Maneuver and Cyberspacementioning
Distributed and parallel applications are critical information technology systems in multiple industries, including academia, military, government, financial, medical, and transportation. These applications present target rich environments for malicious attackers seeking to disrupt the confidentiality, integrity and availability of these systems. Applying the military concept of defense cyber maneuver to these systems can provide protection and defense mechanisms that allow survivability and operational continuity. Understanding the tradeoffs between information systems security and operational performance when applying maneuver principles is of interest to administrators, users, and researchers. To this end, we present a model of a defensive maneuver cyber platform using Stochastic Petri Nets. This model enables the understanding and evaluation of the costs and benefits of maneuverability in a distributed application environment, specifically focusing on moving target defense and deceptive defense strategies.
“…Many traditional military topics have been expanded and applied into the cyberspace domain [7]. These include the concept of situational awareness [8], key terrain [9], and defense in depth [10]. A basic military concept that has received extension theoretical review is maneuver [5], [11], [12].…”
Section: A Military Maneuver and Cyberspacementioning
Distributed and parallel applications are critical information technology systems in multiple industries, including academia, military, government, financial, medical, and transportation. These applications present target rich environments for malicious attackers seeking to disrupt the confidentiality, integrity and availability of these systems. Applying the military concept of defense cyber maneuver to these systems can provide protection and defense mechanisms that allow survivability and operational continuity. Understanding the tradeoffs between information systems security and operational performance when applying maneuver principles is of interest to administrators, users, and researchers. To this end, we present a model of a defensive maneuver cyber platform using Stochastic Petri Nets. This model enables the understanding and evaluation of the costs and benefits of maneuverability in a distributed application environment, specifically focusing on moving target defense and deceptive defense strategies.
“…Adaptation of Situational Awareness to the cyber domain is not straightforward, due to several characteristics in its operations, adversaries, and the observability of the activities. Earlier works, including [22,44,60], discussed several challenges that are unique in enabling CSA. This section extracts prior works as well as our renewed perspectives, and present a summary of the contemporary challenges for CSA.…”
Section: Contemporary Challenges For Csamentioning
confidence: 99%
“…Variety and Volatility -The variety of data opens challenges in homogenizing data from different sources and of different types, as well as due to the heterogeneous attack behaviors/tactics and network protocol and system configurations. In term of homogenization, typical security operations desire central processing, e.g., in a data cloud, which require proper metrics and alert thresholds [22]. Data refinement and normalization is necessary to transform into a common format for effective data synthesis [22] while maintaining the original characteristics and dealing with data duplication, unreliable sources, and errors.…”
Section: The Data Perspectivementioning
confidence: 99%
“…In term of homogenization, typical security operations desire central processing, e.g., in a data cloud, which require proper metrics and alert thresholds [22]. Data refinement and normalization is necessary to transform into a common format for effective data synthesis [22] while maintaining the original characteristics and dealing with data duplication, unreliable sources, and errors. The complexity and rapidly evolving network protocols and services, as well as cyberattack behaviors, aggravates the already challenging problem of variety by introducing the volatility into the meanings of information retrieved from past data.…”
Cyber situational awareness is an essential part of cyber defense that allows the cybersecurity operators to cope with the complexity of today's networks and threat landscape. Perceiving and comprehending the situation allow the operator to project upcoming events and make strategic decisions. In this paper, we recapitulate the fundamentals of cyber situational awareness and highlight its unique characteristics in comparison to generic situational awareness known from other fields. Subsequently, we provide an overview of existing research and trends in publishing on the topic, introduce front research groups, and highlight the impact of cyber situational awareness research. Further, we propose an updated taxonomy and enumeration of the components used for achieving cyber situational awareness. The updated taxonomy conforms to the widely-accepted three-level definition of cyber situational awareness and newly includes the projection level. Finally, we identify and discuss contemporary research and operational challenges, such as the need to cope with rising volume, velocity, and variety of cybersecurity data and the need to provide cybersecurity operators with the right data at the right time and increase their value through visualization. CCS CONCEPTS • Security and privacy → Formal security models; • Networks → Network security.
“…MITRE emphasizes the importance of critical assets to key cyber terrain stating that "assets in operational environments are typically identified and their criticality determined via a mission impact analysis or business impact analysis" [8]. Dressler et al [13] broaden the identification of key cyber terrain to include "all critical information, systems, and infrastructure; whether owned by the organization or used in transit by its information". From Franz' definition of key cyber terrain, MITRE and Dressler's discussions of critical assets as part of key cyber terrain tie directly into "mission essential war fighting functions" [11].…”
Abstract-The concept of a common operational picture has been utilized by the military for situational awareness in warfare domains for many years. With the emergence of cyberspace as a domain, there is a necessity to develop doctrine and tools to enable situational awareness for key-decision makers. Our study analyzes key elements that define cyber situational awareness to develop a methodology to identify assets within key cyber terrain, thus enabling situational awareness at the tactical level. For the purposes of this work, we treat critical assets to be key cyber terrain, given that no formal study has determined differences between asset criticality and key cyber terrain. Mission-and operationallybased questions are investigated to identify critical assets with the TOPSIS methodology. Results show that the ICS system can be evaluated using TOPSIS to identify critical assets contributing to key cyber terrain, enabling further research into other interconnected systems.
scite is a Brooklyn-based organization that helps researchers better discover and understand research articles through Smart Citations–citations that display the context of the citation and describe whether the article provides supporting or contrasting evidence. scite is used by students and researchers from around the world and is funded in part by the National Science Foundation and the National Institute on Drug Abuse of the National Institutes of Health.