Developing Cyber Situational Awareness for Enterprise Health

from Real-Time Innovations (RTI) : Supreet Oberoi - 31st December 1969

The opinions expressed by this blogger and those providing comments are theirs alone, this does not reflect the opinion of Automated Trader or any employee thereof. Automated Trader is not responsible for the accuracy of any of the information supplied by this article.


Today's distributed systems are capable of producing a large amount of information, both on the status of their own components and of external components. The challenge with these systems is not the lack of information, but finding what is needed when it is needed.

With this deluge of information, because of the gap between the large volume of data produced and people's ability to process the information, operators may even be less informed than before. For the information to be processed correctly, it needs to be integrated and interpreted correctly. In addition, the system must provide the operator with the information in a way that is usable cognitively and physically. The system should be designed in such a way so as to support the operator under dynamic operational constraints. This is what Situational Awareness is about - about knowing what important things are going around you.

At the basic level, Situational Awareness (SA) is about determining what information is relevant and how to collect that information. The next level extends SA's capabilities by understanding that information. This includes how people combine, interpret, store, and retain information. This also includes how information is integrated from multiple sources. In addition to integrating and classifying the information, it is also important to determine how important that information is.

How much of situational awareness in enough? While it is important to have as much information as possible, it is imperative that more information does not come at the cost of processing (comprehending) information that is classified as being more important. The next level -"level 3" - deals with acting on the information. This also includes forecasting future events, and providing recommendations on how to react to such events. The way in which the operator directs her attention in acquiring and processing information fundamentally impacts situational awareness.

Time is a critical ingredient in achieving situational awareness - how much time is available until a specific event occurs or some action must be taken, using time to correlate multiple events of interest. Space is another aspect - correlating events of interest within a space. Lastly, real-world situations are dynamic - they keep changing. So it is important to incorporate the rate at which the information is being updated in the design of a SA system.

Ultimately, the role of building an SA system is for enabling operators to make the correct decisions in a timely manner. It is entirely possible for the operator to have a perfect SA system and still make an incorrect decision. This could be due to poor strategies, tactics or training, among other reasons. So it imperative to have, where possible, a linking between recognizing a situation and taking a decision based on that recognition. Of particular importance is the technique of pattern-matching to recognize information belonging to a known class of situations. With experience, the pattern-recognition/action-selection sequence can become automated and reduce demands on the operator.

To summarize, SA is about creating a model where the system state is captured, including creating an understanding how that state is affected by projected events. A good SA model integrates relevant information from multiple sources, determines the relative importance of different events, and projects the state of the system based on events. This also implies that, to build a system that is situation aware, the model must be accurate and must have the ability to be updated to reflect the current events.

With the technologies available from Real-Time Innovations (RTI), application developers can build an open, standards-based platform that can be used to collect, integrate, and analyze the information required for building a situational aware model for monitoring the enterprise health of a network. This framework will integrate with third-party sensors and probes (using algorithms for sensor fusion) for the accumulation of information and will leverage the latest advances in groupware applications for providing situational awareness to the operator and enabling them to make distributed decisions in a cooperative manner.

With RTI Data Distribution Service, we can address the following needs of situation-aware applications:

  • Enable integration of heterogeneous sensors, across domains and networks
  • Provide dynamic, evolvable and type-safe data representation & encapsulation
  • Provide minimally-intrusive, efficient, scalable, and real-times-aware collected-data distribution
  • Evaluate advances in Service Oriented Architecture (SOA) for enabling integration of information from multiple sources
  • Conduct post-attack analysis to determine new patterns for future threat detection

In addition, with complimentary RTI technologies like Complex Event Processing (CEP), RTI can address the following needs:

  • Provide event correlation, through time and space, from multiple sensors
  • Apply algorithms from sensor fusion when multiple sensors are observing the same situation
  • Determine what data to collect to fight through a cyber conflict, how to protect the security of the network, and how to provide autonomic response to attacks including reconfiguration, recovery, and reconstitution while allowing mission-critical systems to continue to function

For more information on building a situation-aware model using RTI, contact info@rti.com.

With the use of this technology, we can address the following needs for this proposal:

- Enable integration of heterogeneous sensors, across domains and networks

- Provide dynamic, evolvable and type-safe data representation & encapsulation

- Provide minimally-intrusive, efficient, scalable, and real-times-aware collected-data distribution

- Evaluate advances in Service Oriented Architecture (SOA) for enabling integration of information from multiple sources

Conduct post-attack analysis to determine new patterns for future threat detection

  • Copyright © Automated Trader Ltd 2014 - The Gateway to Algorithmic and Automated Trading

click here to return to the top of the page