The sixteenth European Conference on Cyber Warfare and Security took place between June 29-30, 2017 in Dublin (Ireland). Together with Timea Pahi and Florian Skopik, we published a paper on “Data Exploitation at Large: Your Way to Adequate Cyber Common Operating Pictures” as well as a poster on “An approach to the evaluation of visualizations for national cyber security centers”.
Data Exploitation at Large: Your Way to Adequate Cyber Common Operating Pictures
Abstract: Recent conflicts and political incidents, such as Operation Orchard, have shown that no future conflict is likely to be fought without a cyber element. However, establishing effective defensive measures against cyber attacks is a difficult and resource-consuming task. A common denominator of an effective cyber defence has always been the application of Common Operating Pictures (COP) e.g. in law enforcement or the armed forces. COPs are widely used to represent, display and assess situations. In recent years, Cyber COPs (CCOPs) have become a key factor in the establishment and analysis of situational awareness as well as decision-making processes in the cyber domain. However, the process to establish an adequate CCOP is not trivial. The careful selection of data sources for the core CCOP, which consist of objectively measured events, gathered from both internal and external sources, as well as the subsequent rating of these sources and enrichment with contextual information to facilitate the interpretation of measured events, pose new challenges. This paper will therefore provide an information management process that aims at establishing cyber situational awareness (CSA) for stakeholders based on CCOPs. The process consists of several steps such as selecting data types, identifying core CCOP sources, evaluating the information quality, preparing CCOPs for target groups and gaining CSA based on CCOPs. Furthermore, we provide a qualitative survey of potentially usable information and related sources that are vital for CCOPs. We demonstrate our work by displaying the basic steps and grand picture to create a CCOP in an illustrative scenario. The example is set around a fictive national cyber security center (NCSC) that aims to decrease phishing, ransomware and DDoS attacks within the critical infrastructure. This CCOP example can then be used by numerous stakeholders to achieve situational awareness and thus facilitate decision making processes.