nach oben

Erschienen in:

2018 | OriginalPaper | Buchkapitel

Blue Team Communication and Reporting for Enhancing Situational Awareness from White Team Perspective in Cyber Security Exercises

verfasst von : Tero Kokkonen, Samir Puuska

Erschienen in: Internet of Things, Smart Spaces, and Next Generation Networks and Systems

Verlag: Springer International Publishing

Einloggen

Aktivieren Sie unsere intelligente Suche, um passende Fachinhalte oder Patente zu finden.

search-config

KI-gestützte Suche

Aus

Abstract

Cyber security exercises allow individuals and organisations to train and test their skills in complex cyber attack situations. In order to effectively organise and conduct such exercise, the exercise control team must have accurate situational awareness of the exercise teams. In this paper, the communication patterns collected during a large-scale cyber exercise, and their possible use in improving Situational awareness of exercise control team were analysed. Communication patterns were analysed using graph visualisation and time-series based methods. In addition, suitability of a new reporting tool was analysed. The reporting tool was developed for improving situational awareness and exercise control flow. The tool was used for real-time reporting and communication in various exercise related tasks. Based on the results, it can be stated that the communication patterns can be effectively used to infer performance of exercise teams and improve situational awareness of exercise control team in a complex large-scale cyber security exercise. In addition, the developed model and state-of-the-art reporting tool enable real-time analysis for achieving a better situational awareness for the exercise control of the cyber security exercise.

Sie haben noch keine Lizenz? Dann Informieren Sie sich jetzt über unsere Produkte:

Springer Professional "Wirtschaft+Technik"

Online-Abonnement

Mit Springer Professional "Wirtschaft+Technik" erhalten Sie Zugriff auf:

über 102.000 Bücher
über 537 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Finance + Banking
Management + Führung
Marketing + Vertrieb
Maschinenbau + Werkstoffe
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Springer Professional "Technik"

Online-Abonnement

Mit Springer Professional "Technik" erhalten Sie Zugriff auf:

über 67.000 Bücher
über 390 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Maschinenbau + Werkstoffe

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Springer Professional "Wirtschaft"

Online-Abonnement

Mit Springer Professional "Wirtschaft" erhalten Sie Zugriff auf:

über 67.000 Bücher
über 340 Zeitschriften

aus folgenden Fachgebieten:

Bauwesen + Immobilien
Business IT + Informatik
Finance + Banking
Management + Führung
Marketing + Vertrieb
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Vorheriges Kapitel Comparative Analysis of the Mechanisms for Energy Efficiency Improving in Cloud Computing Systems

Nächstes Kapitel An Approach to Classification of the Information Security State of Elements of Cyber-Physical Systems Using Side Electromagnetic Radiation

The Apache Software Foundation: Apache ActiveMQ. http://activemq.apache.org/. Accessed 23 Apr 2018

Azimirad, E., Haddadnia, J.: The comprehensive review on JDL model in data fusion networks: techniques and methods. (IJCSIS) Int. J. Comput. Sci. Inf. Secur. 13(1), 53–60 (2015)

Brilingaitė, A., Bukauskas, L., Krinickij, V., Kutka, E.: Environment for cybersecurity tabletop exercises. In: Pivec, M., Josef, G. (eds.) ECGBL 2017 11th European Conference on Game-Based Learning, pp. 47–55. Academic Conferences and Publishing Limited (2017)

Brilingaitė, A., Bukauskas, L., Kutka, E.: Development of an educational platform for cyber defense training. In: Scanlon, M., Nhien-An, L.K. (eds.) Proceedings of the 16th European Conference on Cyber Warfare and Security, pp. 73–81. Academic Conferences and Publishing Limited (2017)

Brynielsson, J., Franke, U., Tariq, M.A., Varga, S.: Using cyber defense exercises to obtain additional data for attacker profiling. In: 2016 IEEE Conference on Intelligence and Security Informatics (ISI), pp. 37–42, September 2016. https://doi.org/10.1109/ISI.2016.7745440

Brynielsson, J., Franke, U., Varga, S.: Cyber situational awareness testing. In: Akhgar, B., Brewster, B. (eds.) Combatting Cybercrime and Cyberterrorism. ASTSA, pp. 209–233. Springer, Cham (2016). https://doi.org/10.1007/978-3-319-38930-1_12CrossRef

Endsley, M.: Toward a theory of situation awareness in dynamic systems. Hum. Factors 37(1), 32–64 (1995). https://doi.org/10.1518/001872095779049543CrossRef

European Comission: Cybersecurity Strategy of the European Union: An Open, Safe and Secure Cyberspace, February 2013

Evesti, A., Kanstrén, T., Frantti, T.: Cybersecurity situational awareness taxonomy. In: 2017 International Conference on Cyber Situational Awareness, Data Analytics And Assessment (Cyber SA), pp. 1–8, June 2017. https://doi.org/10.1109/CyberSA.2017.8073386

10.

Franke, U., Brynielsson, J.: Cyber situational awareness - a systematic review of the literature. Comput. Secur. 46, 18–31 (2014)CrossRef

11.

Han, X., Sheng, H.: A new method of multi-sensor data fusion. In: 2017 IEEE 3rd Information Technology and Mechatronics Engineering Conference (ITOEC), pp. 877–882, October 2017. https://doi.org/10.1109/ITOEC.2017.8122479

12.

JAMK University of Applied Sciences, Institute of Information Technology, JYVSECTEC: RGCE cyber range. http://www.jyvsectec.fi/en/rgce/. Accessed 23 Apr 2018

13.

Kick, J.: Cyber exercise playbook. The MITRE Corporation (2014). https://www.mitre.org/sites/default/files/publications/pr_14-3929-cyber-exercise-playbook.pdf. Accessed 23 Apr 2018

14.

Kokkonen, T., Hämäläinen, T., Silokunnas, M., Siltanen, J., Zolotukhin, M., Neijonen, M.: Analysis of approaches to internet traffic generation for cyber security research and exercise. In: Balandin, S., Andreev, S., Koucheryavy, Y. (eds.) ruSMART 2015. LNCS, vol. 9247, pp. 254–267. Springer, Cham (2015). https://doi.org/10.1007/978-3-319-23126-6_23CrossRef

15.

Lenders, V., Tanner, A., Blarer, A.: Gaining an edge in cyberspace with advanced situational awareness. IEEE Secur. Priv. 13(2), 65–74 (2015). https://doi.org/10.1109/MSP.2015.30CrossRef

16.

Lötjönen, J.: Requirement specification for cyber security situational awareness, Defender’s approach in cyber security exercises. Master’s thesis, JAMK University of Applied Sciences, December 2017

17.

van der Meulen, R.: Build adaptive security architecture into your organization, June 2017. https://www.gartner.com/smarterwithgartner/build-adaptive-security-architecture-into-your-organization/. Accessed 23 Apr 2018

18.

Ministry of Defence Finland: The authorities of the state administration are trained in cyber-skills in Jyväskylä - Valtionhallinnon viranomaiset harjoittelevat kyberosaamista Jyväskylässä 8.-11.5.2017, official bulletin 3th of May 2017, May 2017. https://www.defmin.fi/ajankohtaista/tiedotteet/valtionhallinnon_viranomaiset_harjoittelevat_kyberosaamista_jyvaskylassa_8.-11.5.2017.8418.news. Accessed 23 Apr 2018

19.

Oracle Corporation: Java programming language. http://www.oracle.com/technetwork/java/index.html. Accessed 23 Apr 2018

20.

Pajunen, D.: Cyber security is ensured with genuine exercises, September 2017. https://www.fingridlehti.fi/en/cyber-security-ensured-genuine-exercises/. Accessed 23 Apr 2018

21.

Révay, M., Líška, M.: Ooda loop in command control systems. In: 2017 Communication and Information Technologies (KIT), pp. 1–4, October 2017. https://doi.org/10.23919/KIT.2017.8109463

22.

Secretariat of the Security Committee: Finland’s Cyber security Strategy, Government Resolution 24.1.2013, January 2013

23.

The Security Committee: Security Strategy for Society, Government Resolution 2.11.2017, November 2017

24.

Shannon, P., et al.: Cytoscape: a software environment for integrated models of biomolecular interaction networks. Genome Res. 13(11), 2498–2504 (2003). https://doi.org/10.1101/gr.1239303CrossRef

25.

Sommestad, T., Hallberg, J.: Cyber security exercises and competitions as a platform for cyber security experiments. In: Jøsang, A., Carlsson, B. (eds.) NordSec 2012. LNCS, vol. 7617, pp. 47–60. Springer, Heidelberg (2012). https://doi.org/10.1007/978-3-642-34210-3_4CrossRef

26.

Wilhelmson, N., Svensson, T.: Handbook for Planning, Running and Evaluating Information Technology and Cyber Security Exercises. The Swedish National Defence College, Center for Asymmetric Threats Studies (CATS) (2014)

Titel: Blue Team Communication and Reporting for Enhancing Situational Awareness from White Team Perspective in Cyber Security Exercises
verfasst von: Tero Kokkonen
Samir Puuska
Verlag: Springer International Publishing
Buch: Internet of Things, Smart Spaces, and Next Generation Networks and Systems
Print ISBN: 978-3-030-01167-3

Electronic ISBN: 978-3-030-01168-0

Copyright-Jahr: 2018
DOI: https://doi.org/10.1007/978-3-030-01168-0_26

Springer Professional

Abstract

Bitte loggen Sie sich ein, um Zugang zu Ihrer Lizenz zu erhalten.

Sie haben noch keine Lizenz? Dann Informieren Sie sich jetzt über unsere Produkte:

Springer Professional "Wirtschaft+Technik"

Springer Professional "Technik"

Springer Professional "Wirtschaft"

Premium Partner