GeoIP Visualization by Tim Bass
GeoIP Visualization by Tim Bass

Reprinted from:

Addressing Human Factors Gaps in Cyber Defense by Alex Z. Vieane, Gregory J Funke, Robert S. Gutzwiller and, Alion Science and Technology, Proceedings of the Human Factors and Ergonomics Society 2016 Annual Meeting770 at HFES-Human Factors and Ergonomics Society on September 26, 2016.


Cyber-Cognitive Situation Awareness


Robert S. Gutzwiller
Space and Naval Warfare Systems Center Pacific

Cyberspace is a realm of dynamic information transmittal. Information is literally moving at the speed of light through hundreds of thousands of connections over a vast array of networks and billions of devices. Naturally this precludes an easily conjured understanding of what any given cyber analyst sees and does. For defenders in particular, I take some effort to define that cyberspace defense is multifaceted. Defense improvements can be as simple as network users choosing not to click on phishing emails; given the proclivity for these types of cyber vulnerabilities this is a relevant area to address. But for the current purposes I believe we must dig deeper into another human element in cyber defense, that of the analyst (e.g., D’Amico et al., 2005). Analysts operate closely with the literal network communication and transmission, using software tools to examine down to the level of packets of information and internet protocol addresses. The tools, often command-line driven, monitor the network activity, help parse and search through information, and track potential and current threats to security. These threats change on a daily basis with every new patch and update to programs and operating systems, as well as hardware changes. The number of threats is always increasing, and there are an unknown amount of so-called “zero-day” threats which have no current mitigation. In all respects, defenders are at the mercy of cyber attackers.

What I am attempting to convey is how necessary it is for cyber defenders to perceive and understand disparate elements of network information in order to determine whether a malicious entity or program is present or attempting an attack. Currently this information is noisy, it is rarely correlated and it is almost never linked with the users’ goal of maintaining mission-critical systems or projecting the ability to execute future courses of action. Cyber defense is easily related to a theory of situation awareness (Endsley, 1995), and thus stands a good chance of benefiting from similar study. It should be noted that cyber situation awareness as a concept is actually nothing new: Tim Bass coined the phrase over 15 years ago (Bass, 2000). He was keen at the onset to point out the technological elements to cyber awareness – ways that the system could be made to identify, share and fuse information, to enhance a computer’s representation of the environment. But it was simultaneously emphasized that this situation awareness was a critical necessity for humans to possess. It was not enough in this definition to fuse information and represent it within the system, and then assume human awareness. Unfortunately the audience for Bass’s article appears to have fixated on the technocentric bent of cyber situation awareness and its various difficulties. The human, as so often is the case, has in turn been neglected in cyber defense, only recently returning to focus (e.g., Champion et al., 2012; Mancuso et al., 2012; Giacobe, 2013; Gutzwiller et al., 2015). I promote cyber-cognitive situation awareness as the proper terminology to identify that in this domain, we are interested in the human perception, understanding, and prediction of the cyber defensive space. Naturally, this is a human-systems integration perspective, and one that fits seamlessly with that of cognitive engineering efforts that are just beginning in the cyber domain. It is critical that the community developing interfaces and visualizations for cyberspace recognize that awareness is not achieved by simply displaying all of the possible information from the system; instead we need situated information, to incorporate the needs of the operators, and a system which can account for the dynamics of both.

Addressing Human Factors Gaps in Cyber Defense. Available from: [accessed Apr 21, 2017].