Nationwide Cyber Situational Awareness Framework for Critical In - PowerPoint PPT Presentation

A A Conceptual Nationwide Cyber Situational Awareness Framework for Critical In Infrastructures Hayretdin Bahşi , Olaf Manuel Maennel Centre For Digital Forensics and Cyber Security Tallinn University of Technology

Evolvement of Cyber Security National Organizational Organizational Technical Technical Technical

Cyber Security of Critical Infrastructures • National security vs cyber security • Physical effects of cyber threats • Dependencies among national infrastructures • Cascading effects • Targets of various hacker groups including state sponsored ones

What is Situational Awareness (SA)? Perception Endsley’s Definition “T he perception of the elements in the environment within a volume of time and space, the comprehension Comprehension of their meaning and the projection of their status in the near future ” Projection

Different Interpretations of Cyber Situational Awareness Security Network Event Monitoring Correlation Information Sharing High Level Security Reports

Cyber Situational Awareness at National Level • Situational awareness and national strategies • National CERTs to national cyber security operations • Capability imrovement beyond of incident response • Threat monitoring systems • Information sharing

Objectives of Nationwide Cyber Situational Awareness Risk Assessment Support Support for Different Nationwide Analysis Decision Making Levels • Threat • Dependencies among different CIs • Vulnerability • National • Detection of coordinated • Bussiness • Organizational attacks • Benefit from Safety Domain Conceptual Nationwide Cyber Situational Awareness Framework

Decision Making Hierarchy • Disaster Management National Authorities National Decision • Regulatory Bodies Level Makers • National Cyber National security Security Council responsibilities Members Strategic Level • CEOs • CIOs Alignment of IT and • CISOs Cyber Security activities with strategic • Heads of Auditing goals and missions Decision Makers of • IT Unit Managers Tactical Level Critical Infrastructures • Security Unit Management activities of IT Managers and core business units • Business Unit Managers • Incident responders Operational Level • Security administrators Day-to-day technical cyber security • Security analysts operations • IT specialists

General View of Subsystems

Organizational CSA Subsystems

National CSA Subsytem

Research Agenda Socia- Technical Model Data Ontology Visualization Development Research Agenda Big Data Data Analytics Correlation Cyber Threat Privacy Intelligence Preserving with Methods Honeynets