Operational data classes for establishing situational awareness in cyberspace

Dressler, Judson; Bowen, C.L.; Moody, William Clay; Koepke, Jason

doi:10.1109/cycon.2014.6916402

Cited by 13 publications

(9 citation statements)

References 4 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Many traditional military topics have been expanded and applied into the cyberspace domain [7]. These include the concept of situational awareness [8], key terrain [9], and defense in depth [10]. A basic military concept that has received extension theoretical review is maneuver [5], [11], [12].…”

Section: A Military Maneuver and Cyberspacementioning

confidence: 99%

Defensive Maneuver Cyber Platform Modeling with Stochastic Petri Nets

Moody¹,

Hu²,

Apon³

2014

Proceedings of the 10th IEEE International Conference on Collaborative Computing: Networking, Applications and Worksharing

Self Cite

View full text Add to dashboard Cite

Distributed and parallel applications are critical information technology systems in multiple industries, including academia, military, government, financial, medical, and transportation. These applications present target rich environments for malicious attackers seeking to disrupt the confidentiality, integrity and availability of these systems. Applying the military concept of defense cyber maneuver to these systems can provide protection and defense mechanisms that allow survivability and operational continuity. Understanding the tradeoffs between information systems security and operational performance when applying maneuver principles is of interest to administrators, users, and researchers. To this end, we present a model of a defensive maneuver cyber platform using Stochastic Petri Nets. This model enables the understanding and evaluation of the costs and benefits of maneuverability in a distributed application environment, specifically focusing on moving target defense and deceptive defense strategies.

show abstract

Section: A Military Maneuver and Cyberspacementioning

confidence: 99%

Defensive Maneuver Cyber Platform Modeling with Stochastic Petri Nets

Moody¹,

Hu²,

Apon³

2014

Proceedings of the 10th IEEE International Conference on Collaborative Computing: Networking, Applications and Worksharing

Self Cite

View full text Add to dashboard Cite

show abstract

“…Adaptation of Situational Awareness to the cyber domain is not straightforward, due to several characteristics in its operations, adversaries, and the observability of the activities. Earlier works, including [22,44,60], discussed several challenges that are unique in enabling CSA. This section extracts prior works as well as our renewed perspectives, and present a summary of the contemporary challenges for CSA.…”

Section: Contemporary Challenges For Csamentioning

confidence: 99%

“…Variety and Volatility -The variety of data opens challenges in homogenizing data from different sources and of different types, as well as due to the heterogeneous attack behaviors/tactics and network protocol and system configurations. In term of homogenization, typical security operations desire central processing, e.g., in a data cloud, which require proper metrics and alert thresholds [22]. Data refinement and normalization is necessary to transform into a common format for effective data synthesis [22] while maintaining the original characteristics and dealing with data duplication, unreliable sources, and errors.…”

Section: The Data Perspectivementioning

confidence: 99%

“…In term of homogenization, typical security operations desire central processing, e.g., in a data cloud, which require proper metrics and alert thresholds [22]. Data refinement and normalization is necessary to transform into a common format for effective data synthesis [22] while maintaining the original characteristics and dealing with data duplication, unreliable sources, and errors. The complexity and rapidly evolving network protocols and services, as well as cyberattack behaviors, aggravates the already challenging problem of variety by introducing the volatility into the meanings of information retrieved from past data.…”

Section: The Data Perspectivementioning

confidence: 99%

See 1 more Smart Citation

SoK

Husák

Jirsík

Yang

2020

Proceedings of the 15th International Conference on Availability, Reliability and Security

View full text Add to dashboard Cite

Cyber situational awareness is an essential part of cyber defense that allows the cybersecurity operators to cope with the complexity of today's networks and threat landscape. Perceiving and comprehending the situation allow the operator to project upcoming events and make strategic decisions. In this paper, we recapitulate the fundamentals of cyber situational awareness and highlight its unique characteristics in comparison to generic situational awareness known from other fields. Subsequently, we provide an overview of existing research and trends in publishing on the topic, introduce front research groups, and highlight the impact of cyber situational awareness research. Further, we propose an updated taxonomy and enumeration of the components used for achieving cyber situational awareness. The updated taxonomy conforms to the widely-accepted three-level definition of cyber situational awareness and newly includes the projection level. Finally, we identify and discuss contemporary research and operational challenges, such as the need to cope with rising volume, velocity, and variety of cybersecurity data and the need to provide cybersecurity operators with the right data at the right time and increase their value through visualization. CCS CONCEPTS • Security and privacy → Formal security models; • Networks → Network security.

show abstract

“…MITRE emphasizes the importance of critical assets to key cyber terrain stating that "assets in operational environments are typically identified and their criticality determined via a mission impact analysis or business impact analysis" [8]. Dressler et al [13] broaden the identification of key cyber terrain to include "all critical information, systems, and infrastructure; whether owned by the organization or used in transit by its information". From Franz' definition of key cyber terrain, MITRE and Dressler's discussions of critical assets as part of key cyber terrain tie directly into "mission essential war fighting functions" [11].…”

Section: A Key Cyber Terrainmentioning

confidence: 99%

Asset Criticality in Mission Reconfigurable Cyber Systems and its Contribution to Key Cyber Terrain

Price¹,

Leyba²,

Gondree³

et al. 2017

Proceedings of the Annual Hawaii International Conference on System Sciences

View full text Add to dashboard Cite

Abstract-The concept of a common operational picture has been utilized by the military for situational awareness in warfare domains for many years. With the emergence of cyberspace as a domain, there is a necessity to develop doctrine and tools to enable situational awareness for key-decision makers. Our study analyzes key elements that define cyber situational awareness to develop a methodology to identify assets within key cyber terrain, thus enabling situational awareness at the tactical level. For the purposes of this work, we treat critical assets to be key cyber terrain, given that no formal study has determined differences between asset criticality and key cyber terrain. Mission-and operationallybased questions are investigated to identify critical assets with the TOPSIS methodology. Results show that the ICS system can be evaluated using TOPSIS to identify critical assets contributing to key cyber terrain, enabling further research into other interconnected systems.

show abstract

Operational data classes for establishing situational awareness in cyberspace

Cited by 13 publications

References 4 publications

Defensive Maneuver Cyber Platform Modeling with Stochastic Petri Nets

Defensive Maneuver Cyber Platform Modeling with Stochastic Petri Nets

SoK

Asset Criticality in Mission Reconfigurable Cyber Systems and its Contribution to Key Cyber Terrain

Contact Info

Product

Resources

About