KIRAS Security Research

2014

CISA- Cyber Incident Situational Awareness

As part of the Austrian national strategy for cyber security, several activities regarding the implementation of concrete measures to improve security and resilience of critical infrastructure against cyber-attacks are ongoing.

In addition to awareness campaigns and the development of know-how and skills in the field of national actors, a set of principles for effective preparation and response to cyber-attacks were developed in several research projects. Additionally, the different decision domains were usually treated separately in the various research projects on situational awareness; e.g. military versus civil security.

The specific issues of the cyber security domain and, above all, the interfaces for gathering information to generate cyber-situational awareness (which is fundamentally different from conventional situation maps in terms of creation and application), as well as the control of systems due to controlling measures following an analysis of the cyber-situation, was given insufficient focus in previous research. Previously, at the operational and technical level, solutions for the collection and aggregation of information regarding cyber threats have been developed, and at the strategic level the assessment and handling of cyber threats based on cyber situational awareness pictures has been researched on. However, an important link, especially, the question how the technical information from the cyberspace can be processed and presented in such a conventional situation map, as well as in a comprehensive cyber-situational awareness, turned out to be a challenging problem, for which there are still no sufficient solutions – even in an international context.

The objective of the project CISA is therefore to holistically define the term "cyber-situational awareness", i.e. a concrete conclusion which decisions could/should be made according to a given situation, and how information extracted from technical/operational data sources have to be presented so that authorities and stakeholder can act in an optimal way.

The project CISA represents a consistent fusion of major previous research activities in order to develop a process to establish cyber-situational awareness from technical and operational data, within a scientifically sound concept. In addition to the development of methods and techniques, demonstration scenarios will be created, in order to test and evaluate the methodology of establishing cyber-situational awareness and its applicability in a real-world environment. These demonstration scenarios are designed by security experts from academia and industry, and evaluated by national institutions.

Furthermore, the involvement of legal experts will cover the legislative aspects regarding the overall concept and the specific demonstrators. As part of this, especially the assessment of legal implications and conditions (data protection, privacy, liability, etc.) is important, and will therefore receive particular attention in the project.

Coordinator:

AIT Austrian Institute of Technology GmbH, Digital Safety & Security Department

Project Partners:

T-System Austria

Thales Austria

Secure Business Austria

REPUCO Unternehmensberatung GmbH

Infraprotect GmbH

Wiener Zentrum für Rechtsinformatik

Bundesministerium für Inneres

Bundesministerium für Landesverteidigung

Bundeskanzleramt

Contact:

Dr. Dr. Florian Skopik
Austrian Institute of Technology
Digital Safety & Security Department

Telefon: +43 664 8251495
E-Mail: florian.skopik@ait.ac.at

print