An Alternative Framework for Research on Situational Awareness in Computer Network Defense

An Alternative Framework for Research on Situational Awareness in Computer Network Defense

Eric McMillan (The Pennsylvania State University, USA) and Michael Tyworth (The Pennsylvania State University, USA)
DOI: 10.4018/978-1-4666-0104-8.ch005
OnDemand PDF Download:
$37.50

Abstract

In this chapter the authors present a new framework for the study of situation awareness in computer network defense (cyber-SA). While immensely valuable, the research to date on cyber-SA has overemphasized an algorithmic level of analysis to the exclusion of the human actor. Since situation awareness, and therefore cyber-SA, is a human cognitive process and state, it is essential that future cyber-SA research account for the human-in-the-loop. To that end, the framework in this chapter presents a basis for examining cyber-SA at the cognitive, system, work, and enterprise levels of analysis. In describing the framework, the authors present examples of research that are emblematic of each type of analysis.
Chapter Preview
Top

Theoretical Background

A review of the extant literature reveals that the prior work on situation awareness draws primarily from the work done by Micah Endsley (1995). Endsley theorized SA as consisting of three levels. Level 1 SA represents the perception of cues in the environment salient to the individual’s task at hand. Note here, that it is only the perception of cues salient to the task at hand that matters in terms of Level 1 SA. Indeed perception of non-salient cues, or noise, can be understood to degrade SA. Level 2 SA is the comprehension of the perceived cues to include comparison against memory, orientation, and prioritization. Level 3 SA is the projection of future states based on the individual’s comprehension. At all three levels temporality and space play a critical role. Consider the operation of a motor vehicle in traffic. Perceiving that a traffic signal is yellow (Level 1), the operator comprehends that the signal is in a state of change and projects that the light will soon change again to red which means to stop (Level 2) and so he should begin decelerating (Level 3).

The three levels of situation awareness are generally understood to be hierarchical, and implicitly sequential, in nature. That is comprehension is dependent on perception, and projection is dependent on comprehension. Failure to perceive salient cues leads to a lack of comprehension of the current environmental state and an inability to accurately project the future state of the environment. An individual may fail to achieve Level 1 SA or Level 2 SA and still correctly project the future state of the environment through random chance. At the same time, an individual may have perfect SA and still make errors due to insufficient resources (Endsley, M. R., 2000).

Ensdley’s model of situational awareness is the most prominent of three models of SA that have been previously theorized in the literature. Two others include SA as a set of cognitive subsystems; and SA as an environmentally driven consciousness – referred to as the ‘embedded-interactive’ model (Stanton, N. A., Chambers, P. R. G., & Piggott, J., 2001). It is this latter approach that drives this research provides the foundation for our model cognitive process.

Complete Chapter List

Search this Book:
Reset