Skip to content

Situational Awareness: Seeing, Knowing, and Doing

April 18, 2011

This week marks the introduction of a new guest blogger to The Situational Room, Brian Crawford.  Brian is the former Deputy G5, NETCOM/9th Signal Command (U.S. Army), based out of Ft. Huachuca, AZ.  Brian will be bringing his extensive knowledge of situational awareness, information assurance, and certification and accreditation to his posts, with opinions and advice that are highly relevant to both federal and commercial organizations.  Welcome aboard, Brian! — John Linkous


Situational Awareness is a term that has found it’s way from the battlefield to the front line of the cyber war.  Most-famously used by General Keith Alexander, Head of US Cybercommand and Director of the National Security Agency (NSA) when he claimed that the US ‘lacked online situational awareness’ the term has only recently started to enter the vocabulary of security profesionals working in the Governement, Financial Services, Enterprise, and Education sectors.

Searching for Situational Awareness on Google isn’t much help either.  The Wikipedia definition describes it as, “the perception of environmental elements with respect to time and/or space, the comprehension of their meaning, and the projection of their status after some variable has changed, such as time.”  Any clearer?  I thought not!

General Alexander’s is perhaps the best description we’ve found to date and relates Situational Awareness specifically to protecting large distributed networks from cyber attack.  He explained, “…we need real-time situational awareness in our networks, to see where something bad is happening and to take action there at that time.”

Modern networks face attack from advanced persistent threats every day.  Military networks are probed 250,000 times an hour – that’s six million times a day – according to General Alexander.  Protecting a network from this type of attack relies on the ability to see, know, and do.  Security Analysts must be able to “see” their entire network; “know” what is happening in every part of it, and be able to “do” something to repel attacks as they are happening if they are to effectively protect their information infrastructures.

Think of it this way: an air traffic controller uses situational awareness systems and processes to collect data to identify, in real-time, whether two planes on different headings, flying at the same altitude, may be on a collision course – and take action to prevent a mid-air collision.  Without situational awareness, all he could do is use historic data to tell him why the collision had occurred!

Which option would you choose?

No comments yet

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s

%d bloggers like this: