Research of Tools for Cyber Situational Awareness and Decision Support of CSIRT Teams in Protection of Critical Infrastructure
The main objective of the project is researching those tools, which help to maintain so-called situational awareness about a protected network and thereby support correct and effective decision-making process when protecting critical infrastructure.
With growing dependence on the so-called critical information infrastructures, the need to protect them against cyber attacks increases. Currently, some tools for network traffic monitoring and attacks´ detection exist, but their full potential has not been reached yet.
In the CRUSOE project, we aim to get applicated those tools which ensure situation awareness into critical information infrastructure protection area. The situational awareness enables perceiving security situation in continuity, thereby members of CSIRT teams can fastly orientate in the situation and choose an optimal strategy with regard to ongoing cyber attacks. Security teams are able to consider impacts on infrastructure´s functionality and eliminate wrong solutions which do not reflect the situation in context.
Situational awareness includes three conditionally related parts: perception, understanding, projection. Without the complex perception of the situation in time and in place, one could not fully understand it. Also, without understanding, its development cannot be projected. Situational awareness guarantees conscious decision-making and reactions.
Technology and specifics
Effective system architecture, which holds situational awareness about protected network
The system reflects the past and the future state of the protected network, and in accordance with the principles of the situation awareness, it guides security teams in choosing the optimal strategy for using reactive precautions. The main objective is supplanting the fastest solution with the most effective one.
Tools supporting conversance of security teams
Researched tools help CSIRT teams to orientate in current situation fastly, with regard to ongoing cyber attack, appearances of vulnerabilities, requirements for confidence, availability and integrity of critical information infrastructures.