1540-7993/15/$31.00 © 2015 IEEE Copublished by the IEEE Computer and Reliability Societies March/April 2015 65 SITUATIONAL AWARENESS Gaining an Edge in Cyberspace with Advanced Situational Awareness Vincent Lenders | armasuisse Axel Tanner | IBM Research Albert Blarer | Trivadis AG Organizations that rely on cyberspace as a mission-critical asset require advanced situational awareness to maintain a tactical advantage over emerging threats. A new cyber–situational awareness framework relies on the OODA (observe, orient, decide, act) cycle to provide near real-time cognitive mapping for corporate environments. C yberatacks are considered a major corporate and even national threat. Our dependence on cyber- infrastructures is so omnipresent that security incidents can lead to disastrous efects. In 2007, a series of coor- dinated cyberatacks on Estonian banks, parliament, ministries, newspapers, and TV stations showed that critical parts of an entire country’s cyberinfrastructure can be rendered completely unavailable for days. 1 Com- panies such as Amazon and eBay that ofer online ser- vices to customers can expect to lose up to millions of dollars per day when their services are down. Perhaps even more dramatic are atacks aiming to steal sensi- tive data or sabotage critical infrastructure. Te 2010 Stuxnet atack resulted in signifcant physical damage to Iran’s nuclear facilities, destroying years of work. Despite several decades of research on intrusion detection and prevention and billions of dollars of annual worldwide investments in IT security technolo- gies, the threat landscape hasn’t changed signifcantly. Most recent atack reports, such as Red October in 2013, reiterate the high asymmetry between atackers and defenders and the fact that government organiza- tions and companies still can’t deal with cyberthreats appropriately. 2 Even large IT security solution vendors, such as RSA, have experienced cyberatacks that have led to severe damage to fnances and reputation. 3 Almost all nations have realized that the current cyberthreats must be addressed decisively with a more holistic approach, and governments have recently come up with national cyberdefense strategies to reduce their vulnerability. Although diferences exist among these strategies, especially in the use of ofensive countermea- sures, all identify the lack of cyber–situational aware- ness as a key problem in IT infrastructure operation. Unfortunately, many organizations view cybersecurity as a necessary evil and address security by achieving point-in-time compliance to industry and government standards, which still mostly lack the notion of cyber– situational awareness. Terefore, enterprises implement only minimum requirements to pass annual certifca- tion. However, to efectively handle cyberthreats, orga- nizations should go further by continuously taking into account current threats, vulnerabilities, risks, and their potential business impact. Situational awareness has long been a fundamental military capability in warfare; thus, it’s not surprising that the frst concepts for cyber–situational awareness originated in the military domain. 4,5 However, basic cyber–situational awareness capability is necessary to master the complex cyberthreats in nonmilitary domains as well. Private companies and critical infra- structure operators are now challenged to implement similar capabilities. In this article, we propose a cyber–situational aware- ness framework based on the OODA (observe, orient, decide, act) cycle. Originally developed by Colonel