Collaborative cyber security situational awareness

Abstract

Situational awareness is often understood as the perception of environmental elements and comprehension of their meaning, and the projection of future status. The advancements in cyberspace technology have fuelled new business and opportunities, but also brought an element of risk to valued assets. Today, the growing gap between different types of cyber-attacks threatens governments and organisations, from individuals to highly organized sponsored teams capable of breaching the most sophisticated systems and the inability to cope with these emerging threats. There is a strong case to be made for effective Collaborative Cyber-Security Situational Awareness (CCSA) that is designed to protect valuable assets, making them more resilient to cybersecurity threats. Cybersecurity experts today must rethink the nature of security, and shift from a conventional approach that stresses protecting vulnerable assets to a larger, more effective framework with the aim of strengthening cyber assets, making them more resilient and part of a cybersecurity process that delivers greater value against cyber threats. This study introduces a new approach to understanding situational awareness of information sharing and collaboration using knowledge from existing situational awareness models. However, current situational awareness models lack resilience in supporting information systems infrastructure, addressing various vulnerabilities, identifying high priority threats and selecting mitigation techniques for cyber threats. The use of exploratory and explanatory analysis techniques executed by Structure Equation Modelling (SEM) allowed the examination of CCSA, in this study. Data from 377 cyber security practitioners affiliated to cybersecurity expert groups including computer emergency response team (CERT) and computer security incident response team (CSIRT) was gathered in the form of an electronic survey and analysed to discover insights and understand the mental model of those cybersecurity experts. Also, a finding from the SEM was the CSSA model aligned perfectly with the second-order Cybernetics model to test the theory in practice, confirming the possibility of using the proposed model in a practical application for this research. Furthermore, the SEM informed the design of the CCSA Environment where an empirical study was employed to verify and validate the CCSA theory in practice. In addition, the SEM informed the design of a behavioural anchor rating scale to measure participant situational awareness performance. The experiment results proved that when using the CCSA model and replicating real-world cyber-attack scenarios that the outcome of situational awareness performance was 61% more than those who did not employ the use of the CCSA model and associated dashboard tool. Further, it was found that both timeliness and accuracy are important in influencing the outcome of information sharing and collaboration in enhancing cyber situational awareness and decision-making. This thesis for the first time presents a novel CCSA theory which has been confirmed in practice. Firstly, this research work improves the outcome of effectiveness in cyber SA by identifying important variables related with the CCSA model. Second, it provides a new technique to measure operators’ cyber SA performance. Secondly, it provides the necessary steps to employ information sharing in order to improve cyber security incorporated in the CCSA model. Finally, cybersecurity experts should collaborate to identify and close the gap between cybersecurity threats and execution capacity. The novel CCSA model validated in this research can be considered an effective solution in fighting and preventing cyber-attacks. Attainment of cyber security is driven by how information is both secured and presented between members to encourage the use of information sharing and collaboration to resolve cyber security threats in a timely and accurate manner. This research helps researchers and practitioners alike gain an understanding of key aspects of information sharing and collaboration in CSSA which is informed by the CCSA theory and new capability that the implementation of this theory has shown to deliver in practice.