Providing leaders with meaningful cyber information enables them to sustain fundamental operations and protect sensitive data. Comprehensive cyber situation awareness generates tactical awareness of the network, provides timely threat information sharing, and exposes critical mission dependencies. (See "Creating Cyber Situation Awareness" image below.) By anticipating potential impacts, leaders can make informed decisions on countermeasures to protect their operations and key missions.
Increasing Need for Situation Awareness
A very significant side effect to our growing dependency on cyberspace is that the vulnerabilities inherent in the systems and networks that compose and operate in it now present significant risk to not only our own organizations but also our national security. Such critical dependency, and inherent vulnerability, demands a significant level of investment in management or "command and control" to maintain continuity and ensure security for ourselves and our national infrastructure and key government operations.
Creating Cyber Situation Awareness
A cornerstone of effective C2 is the fundamental awareness of what is occurring across the domain being managed. This awareness is based on the need to recognize and manage "situations" as they occur within the managed domain. This rapidly evolving set of concepts has many U.S. government organizations working to establish disciplined processes, enabling technologies, and management organizations.
Maturing the Concept
Where we are today focuses squarely on building a tactical level of cyber situation awareness. This tactical understanding of events, or situations, in cyberspace is critical, but higher levels of awareness and understanding are important for senior leadership. They need to understand the impact of that situation on the organization's ability to execute its operations.
In order to achieve cyber situation awareness at the operational level, the lower level details must be abstracted and put into the perspective of the mission or the organization's business. It's not a matter of simply aggregating all the tactical-level information available. Instead, situations need to be put into the context of the business, thus exposing the real impact to the organization's operations.
At the strategic level, it is critical to look well beyond simple incident data and be able to identify threat actors, recognize trends in their activities, and expose their malicious objectives. This level of awareness is fundamental to engaging sophisticated adversaries in cyberspace and building effective plans to defend one's organization, its operations, and its own strategic objectives.
Cyber situation awareness organizations, processes, and enabling technologies will continue to evolve along tactical, operational, and strategic dimensions.
A Path Forward
Today, MITRE staff are contributing to a very broad range of projects on behalf of MITRE's government sponsors to mature all aspects of cyber situation awareness. MITRE efforts cover the full gamut of systems engineering activities-from concept development, to process evolution, to requirements elicitation and analysis, to system design, and even to iterative capability prototyping for validation, verification, and evolution of the way forward.
| 
