Our growing dependency on cyberspace has greatly increased the need for situation awareness—essentially, understanding your environment and accurately predicting and responding to potential problems that might occur. The systems and networks that operate in cyberspace have vulnerabilities that present significant risks to both individual organizations and national security. By anticipating what might happen to these systems, leaders can develop effective countermeasures to protect their critical missions.
A Complete Picture
Comprehensive cyber situation awareness involves three key areas: computing and network components, threat information, and mission dependencies.
Achieving this level of situation awareness requires an investment in data collection, data management, and analysis to maintain an ongoing picture of how the computer systems, networks, and users are operating in an organization. Cyber has added a new dimension of required awareness to traditional military and business operations. With this awareness, negative situations can be recognized and managed as they occur. The concepts for doing this are rapidly evolving, and many U.S. government organizations are working to establish disciplined processes, enabling technologies, and management organizations. MITRE staff contributes to a broad range of projects on behalf of our government sponsors to mature all aspects of cyber situation awareness.
Effective command and control requires a fundamental awareness of what's occurring across the affected domain. With this awareness, negative situations can be recognized and managed as they occur. The concepts for doing this are rapidly evolving, and many U.S. government organizations are working to establish disciplined processes, enabling technologies, and management organizations. MITRE staff contributes to a broad range of projects on behalf of our government sponsors to mature all aspects of cyber situation awareness.
The Path Forward
Currently, we're focused squarely on building a tactical level of cyber situation awareness.
This tactical understanding of events, or situations, in cyberspace is critical. However, senior leadership also needs higher levels of awareness so they can understand the impact of a situation on their organization's ability to execute its operations.
To achieve cyber situation awareness at the operational level, the lower level details must be summarized and put into the perspective of the organization’s mission or business. It’s not a matter of simply aggregating all the tactical-level information available. Instead, status information must be correlated to the context of the mission or business, thus exposing the real impact to its operations. For example, what does it mean to the processing of Medicare reimbursement requests when 50 percent of the web servers are down due to a piece of computer malware?
At the strategic level, it's important to be able to look well beyond simple incident data to identify threat actors, recognize trends in their activities, and expose their malicious objectives. This level of awareness is fundamental to engaging sophisticated adversaries in cyberspace and building effective plans to defend one's organization, operations, and strategic objectives.
MITRE's efforts in cyber situation awareness cover the full gamut of systems engineering activities—concept development, process evolution, requirements elicitation and analysis, system design, and iterative capability prototyping for validation, verification, and evolution of organizations, processes, and enabling technologies.