Designing for Cyber Situational Awareness: Initial Results of a Literature Review

• Published in: European Conference on Cyber Warfare and Security pp. 621 - 627
• Main Author: Salminen, Mikko
• Format: Conference Proceeding
• Language: English
• Published: Reading Academic Conferences International Limited 01.06.2025
• Subjects: Credibility; Decision making; Literature reviews; Metacognition; Mica; Situational awareness

Situational awareness is the prerequisite for decision making. According to the widely used theory by Mica Endsley, situational awareness can be segmented to three levels: 1) perception of elements of the environment in time and place, 2) understanding of the meaning of the situation formed by the elements, and 3) evaluation of the development of the situation. Systems for common operational picture (COP) have various functionalities for processing, mediating, analysing, and visualizing data with the goal to enable the decision makers to form situational awareness and understanding. Compared to other domains (e.g., land, air, naval), in the cyber domain the phenomena need novel types of visualizations and a map is not often the most suitable visualization platform. There is paucity of previous studies comparing the amount of research on cyber COP to the other operational domains. In addition, previous studies have not summarized the extant literature on methods to support decision makers' metacognitive processes with cyber COP functionalities and visualizations. To address these gaps, the identified COP functionalities from the existing literature were classified following the 3-level model of situational awareness. In addition, previous studies on supporting the metacognitive processes, such as evaluating information novelty or credibility, by COP functionalities were identified. High research activity was observed for the COP within the cyber domain. In majority of the papers, the COP functionalities for cyber situational awareness were presented on a conceptual level with no evidence on implementation of them or their possible effectiveness in supporting the work of the situational awareness operators or the decision makers. This is a gap that calls for more research. Taken together, these findings can be used in steering future research for developing systems that support cyber situational awareness more effectively.