Cyber situation awareness and common operational pictures

QC 20250430

Abstract

Cybersecurity is one of the pillars of successful digitalization of our societies. A key component of cybersecurity is that staff involved in cybersecurity work develop situational awareness of the cyber environment and respond to events  based on that understanding. Despite growing interest in situation awareness for cybersecurity, few empirical studies look at cyber situation awareness from the human actor’s perspective within organizational contexts. The purpose of this thesis is to contribute to research on improving cyber situation awareness capabilities in organizations, with a focus on the Swedish public sector.

The thesis includes five papers concerning different aspects of cyber situation awareness. In the first paper, a census is conducted presenting a snapshot of the cybersecurity maturity of the Swedish public sector and how the public sector communicated cybersecurity risks during the COVID-19 pandemic. In the second paper, the conditions under which cybersecurity work is conducted at Swedish administrative authorities are investigated, and results from semi-structured interviews with respondents involved in cybersecurity work are presented. In the third paper, four personas, based on empirical material from the first and second papers, are created and validated. In the fourth paper, a case study on how staff members involved in handling a cyberthreat in a large, complex organization develop cyber situation awareness while handling the threat is presented. In the fifth paper, participatory video prototyping is used to explore common operational picture system support needs to aid cyber situation awareness for staff involved in handling cyberthreats.

The thesis discusses challenges to cyber situation awareness in organizations, how cyber situation awareness can be improved, and how common operational pictures should be designed. 

urn.kb.se/resolve?urn=urn:nbn:se:kth:diva-362904