Page 23 - index
P. 23
Level 1 SA: Perception of the elements in the environment
This is the lowest level of situational awareness and is associated with the person’s perception
of information. No interpretation of the data is performed at this stage, all it is intended to
represent is the initial receipt of information in its raw form. If data could be elicited at this stage,
the operator might be able to confirm the status of a particular variable, but will not have
integrated the data.
Level 2 SA: Comprehension of the current situation
Comprehension may follow on from the perception of the elements (not necessarily though) if
the data can be integrated and synthesized to produce an understanding of the relevance to the
pilot’s tasks. It is argued that comprehension is essential to understand the significance of the
elements and to gain a picture of what is going on. The degree of comprehension achieved is a
mark of the expertise of the person. Less skilled individuals may achieve a lower Level 2 SA
despite achieving the same Level 1 SA as their more skilled counterparts.
Level 3 SA: Prediction of future status
This is the highest level of situational awareness and is associated with the ability to project the
future of the elements in the environment. Accuracy of the prediction is highly dependent upon
the accuracy of level 1 SA and level 2 SA . Anticipation of the projected future situation provides
us with time to resolve conflicts and plan a course of action to meet their goals. Similarly, other
personnel performing time critical activities rely heavily upon prediction to anticipate problems
and deal with them in a timely manner.
Situational Awareness in Cyber Defense
Situation Awareness (SA) for cyber defense consists of at least seven aspects:
1. Be aware of the current situation. This aspect can also be called situation perception.
Situation perception includes both situation recognition and identification. Situation
identification can include identifying the type of attack (recognition is only recognizing
that an attack is occurring), the source (who, what) of an attack, the target of an attack,
etc.
2. Be aware of the impact of the attack. This aspect can also be called impact assessment.
There are two parts to impact assessment: 1) assessment of current impact (damage
assessment) and 2) assessment of future impact (if the attacker continues on this path
or more general if the activity of interest continues - what is the impact?). Vulnerability
analysis is also largely an aspect of impact assessment (provides knowledge of us and
enables projection of future impact). Assessment of future impact also involves threat
assessment.
3. Be aware of how situations evolve. Situation tracking is a major component of this
aspect.
4. Be aware of actor (adversary) behavior. A major component of this aspect is attack trend
and intent analysis, which are more oriented towards the behaviors of an adversary or
actor(s) within a situation than with the situation itself.
23 Cyber Warnings E-Magazine – October 2014 Edition
Copyright © Cyber Defense Magazine, All rights reserved worldwide
