Situational Awareness, Artificial Intelligence, cyber security and adaptive systems


In the modern world, it is increasingly important to make conscious decisions relatively quickly. This is the case of political decision makers faced with a national crisis or military decision makers faced with a strategic choice.

In an increasingly interconnected world, every decision, at any level, can cause unwanted consequences and cause considerable "collateral damage".

The fifth domain, cyberspace, is by its characteristic transversal to all the others (Earth, Sea, Air and Space) and consequently every decision in this field can have repercussions in all the other domains, which is why it is necessary to make informed decisions in time. restricted and that is why it is necessary to develop systems of cyber situational awareness able to support decision makers in their choices, where by "situational awareness" I mean the perception of the surrounding environment, its constituent elements and the events that occur there and above all the awareness of the meaning of elements and events and the ability to understand the possible and most probable future states of the system, as well as the possible variations proposed with respect to the original objectives based on the current and updated prospective situation, in addition to the possible variations proposed with respect to the original objectives based on the current and updated prospective situation.

The development of Artificial Intelligence is forcefully entering the military world and its characteristics can make it a useful ally in the development of cyber situational awareness systems and in particular in the development of cyber threat intelligence systems, both to support decision makers.
The aim of this article is to stimulate discussion on some issues to allow for the achievement of a better understanding of the cyber environment in the modern world, through the definition of a possible tool for cyber situational awareness.

If we consider intelligence as "the product resulting from the collection, processing, integration, analysis, evaluation and interpretation of available information (and data) concerning foreign countries or regions, or information and knowledge about an opponent obtained through observation, investigation, analysis or understanding" it is clear that this definition also applies without any difference to the cyber domain.

It is clear to everyone how intelligence can provide us with the tools to make decisions, but perhaps it is less clear that each of us gets an idea of ​​the situation in a different way, based on experience, studies, attitudes. risk, his prejudices and so on. In practice, for each reality there are as many possible readings as there are people who observe it and who somehow rely on it to make decisions.

This alone should be enough to push us to investigate the methodologies and tools, especially visual ones, that can improve the "awareness of the cyber environment" (Cyber ​​Situational Awareness) and consequently facilitate the decision-making process in organizations active in the area of ​​threat assessment (CTI - Cyber ​​Threat Intelligence). 

La Cyber ​​Threat Intelligence it allows organizations to prevent or mitigate any cyber-attacks by studying risk trends and providing information on adversaries.

CTI helps in identifying, preparing, preventing attacks, providing information about attackers, their organization, motivation, and their capabilities, preparing organizations to be proactive, leveraging predictive rather than reactive capabilities for future attacks.

Understanding security vulnerabilities, threat indicators and how they are implemented helps to effectively combat cyberattacks.

The use of professionals and cyber intelligence systems can help prevent and contain attacks faster, saving costs in the event of a malicious event.

Systems of cyber intelligence that integrate artificial intelligence systems would make it possible to improve the responsiveness of the organization, speeding up the analysis of threats and coordinating responses in the event of a complex cyber attack.

In this context, the concept of cyber kill chain can probably be improved with the introduction of AI systems, and exploited in favor of the cyber defense ecosystem.

In the area of ​​Artificial Intelligence systems it seems that a special position could be reserved for Cognitive Artificial Intelligence (CAI) systems.

These systems can be used for several purposes: 

  • knowledge extraction from an integrated information system; 
  • in probabilistic cognitive robots and in coordination between autonomous systems; 
  • in identifying human health problems; 
  • in instrumental electrical measurements.

Some of these applications look very promising in the field of cyber threat intelligence and cyber defense systems where effective knowledge extraction from a huge amount of raw data or hardly usable information is the basis for accurate analysis. of threats.

On closer inspection there are also analogies between the control of the health of the human body and of a system. This suggests that the CAI systems can, in some way, also be employed in detecting the (health) state of the system and used to detect malware infection.

Visualization is the last, but not least, valuable area of ​​research due to the high importance of perception in decision making. Of course, all the senses can in some way be stimulated to improve awareness and it has always been clear that a dangerous situation immediately catches the eye (we are aware of it) if associated with a sound alarm of adequate intensity and frequency.

We must therefore ask ourselves: how can Artificial Intelligence improve perception through the visualization and analysis of models?

The feedback provided by different systems could be used to power an Artificial Intelligence system in charge of analyzing, developing and continuously adapting organizational processes, structures and the flow of information, internal and external, (I'm talking about adaptive systems) by improving the general structure. and processes and promoting information sharing.

The design and implementation of such a system, starting from a logical scheme of a prototypical system of "cyber situational awareness", with the use of all the technologies indicated above would constitute an ambitious but certainly important research project in order to facilitate strategic decisions in a highly complex environment.

The use of artificial intelligence for the production of knowledge and to supervise the health of systems could represent a great improvement in the defense sector where the approach based on visualization and "gamification" will lead to the creation of a new generation of intelligent systems capable to improve situational awareness in support of decision makers.

Alessandro Rugolo, Giorgio Giacinto

- A.Rugolo, Adaptive Systems and Situational Awareness - Online Defense;
CyGraph: Cybersecurity Situational Awareness That's More Scalable, Flexible & Comprehensive - Neo4j Graph Database Platform;
 - MR Endsley, “Toward a theory of situational awareness in dynamic systems”, Human Factors and Ergonomic Society, 1995; 
- K. Podins, J. Stinissen, M. Maybaum. Towards a Cyber ​​Common Operating Picture. 2013 5th International Conference on Cyber ​​Confict (Eds.) 2013 © NATO CCD COE Publications, Tallinn. 
- Strengthening the EU's Cyber ​​Defense Capabilities. Report of a CEPS Task Force November 2018. Cybersecurity in the EU Common Security and Defense Policy 
- Challenges and risks for the EU. EPRS - European Parliamentary Research Service Scientific Foresight Unit (STOA) PE 603.175. 
- Manuel Esteve / Israel Pérez / Carlos Palau / Federico Carvajal / Javier Hingant D. Cyber ​​Common Operational Picture: A Tool for Cyber ​​Hybrid Situational Awareness Improvement. Comunicaciones. Polytechnic University of Valencia Camino de Vera S / N, Valencia 46022 SPAIN; 
- S. Royston, C. De Fanti, K. Perlin, "GraphiteVR: A Collaborative Untethered Virtual Reality Environment for Interactive Social Network Visualization", IEEE Scientific Visualization (SciVis) Conference, 2016; 
- Panagiotis Trimintzios, Roger Holfeldt, Mats Koraeus, Baris Uckan, Razvan Gavrila and Georgios Makrodimitris. Report on Cyber ​​Crisis Cooperation and Management. European Union Agency for Network and Information Security. 
- Michael Muckin, Scott C. Fitch Lockheed Martin Corporation. A Threat-Driven Approach to Cyber ​​Security. Methodologies, Practices and Tools to Enable a Functionally Integrated Cyber ​​Security Organization. 2019. 
- Kwasi Mitchell, Joe Mariani, Adam Routh, Akash Keyal, and Alex Mirkow. The future of intelligence analysis A task-level view of the impact of artifcial intelligence on intel analysis. THE DELOITTE CENTER FOR GOVERNMENT INSIGHT. 2019. 
- Richard Horton et al., Automation with intelligence: Reimagining the organization in the 'Age of With', Deloitte Insights, September 6, 2019. - Shawn Brimley et al., “Building the future force: Guaranteeing American leadership in a contested environment , ”March 29, 2018.