A scalable architecture for improving the timeliness and relevance of cyber incident notifications

The current mechanics of cyber incident notification within the United States Air Force rely on a broadcast "push" of incident information to the affected community of interest. This process is largely ineffective because when the notification arrives at each unit, someone has to make a de...

Full description

Saved in:
Bibliographic Details
Main Authors: Miller, J. L., Mills, R. F., Grimaila, M. R., Haas, M. W.
Format: Conference Proceeding
Language:English
Subjects:
CIMIA
Communities
cyber incident notification
Joints
mission assurance
Noise
Organizations
Personnel
Servers
situational awareness
Online Access:Request full text
Tags: Add Tag
No Tags, Be the first to tag this record!
cited_by
cites
container_end_page 83
container_issue
container_start_page 76
container_title
container_volume
creator Miller, J. L.
Mills, R. F.
Grimaila, M. R.
Haas, M. W.
description The current mechanics of cyber incident notification within the United States Air Force rely on a broadcast "push" of incident information to the affected community of interest. This process is largely ineffective because when the notification arrives at each unit, someone has to make a decision as to who should be notified within their unit. Broadcasting the notification to all users creates noise for those who do not need the notification, increasing the likelihood of ignoring future notifications. Selectively sending notifications to specific people without a priori knowledge of who might be affected results in missing users who need to know. Neither of these approaches addresses the passing of notifications to downstream entities whose missions may be affected by the incident. In this paper, we propose a modular, scalable, cyber incident notification system concept that makes use of a "publish and subscribe" architecture to assure the timeliness and relevance of incident notification. Mission stakeholders subscribe to the status of mission critical information resources (external and internal) and publish their own mission capability allowing other units to maintain real-time awareness of their own dependencies. We contend that this architecture is a significant improvement over current methods by making direct connections between mission stakeholders and their dependencies and eliminating multiple levels of human processing, thereby reducing noise and ensuring relevant information gets to the right people.
doi_str_mv 10.1109/CICYBS.2011.5949396
format conference_proceeding
fullrecord <record><control><sourceid>ieee_6IE</sourceid><recordid>TN_cdi_ieee_primary_5949396</recordid><sourceformat>XML</sourceformat><sourcesystem>PC</sourcesystem><ieee_id>5949396</ieee_id><sourcerecordid>5949396</sourcerecordid><originalsourceid>FETCH-LOGICAL-i90t-da4ca3248572daee9eb8c02849d0b95c055fa15d3f854e8b7bef51b9dbfc85e93</originalsourceid><addsrcrecordid>eNpFkMtKAzEYhSMiqLVP0E1eYMYkk0znX9bBS6Hgwm5clVz-2MhMpiSx0Le3YMGzOXxw-BaHkAVnNecMHvt1__n0UQvGea1AQgPtFbnnUkgJwFpx_Q9K3pJ5zt_snLYFxsUdMSuarR60GZDqZPehoC0_CamfEg3jIU3HEL9o2SMtYcQhRMyZ6uhowgGPOlqkk6f2ZPC8jzY4jIXGqQQfrC5hivmB3Hg9ZJxfeka2L8_b_q3avL-u-9WmCsBK5bS0uhGyU0vhNCKg6SwTnQTHDCjLlPKaK9f4TknszNKgV9yAM952CqGZkcWfNiDi7pDCqNNpd7mk-QWFMVhy</addsrcrecordid><sourcetype>Publisher</sourcetype><iscdi>true</iscdi><recordtype>conference_proceeding</recordtype></control><display><type>conference_proceeding</type><title>A scalable architecture for improving the timeliness and relevance of cyber incident notifications</title><source>IEEE Electronic Library (IEL) Conference Proceedings</source><creator>Miller, J. L. ; Mills, R. F. ; Grimaila, M. R. ; Haas, M. W.</creator><creatorcontrib>Miller, J. L. ; Mills, R. F. ; Grimaila, M. R. ; Haas, M. W.</creatorcontrib><description>The current mechanics of cyber incident notification within the United States Air Force rely on a broadcast "push" of incident information to the affected community of interest. This process is largely ineffective because when the notification arrives at each unit, someone has to make a decision as to who should be notified within their unit. Broadcasting the notification to all users creates noise for those who do not need the notification, increasing the likelihood of ignoring future notifications. Selectively sending notifications to specific people without a priori knowledge of who might be affected results in missing users who need to know. Neither of these approaches addresses the passing of notifications to downstream entities whose missions may be affected by the incident. In this paper, we propose a modular, scalable, cyber incident notification system concept that makes use of a "publish and subscribe" architecture to assure the timeliness and relevance of incident notification. Mission stakeholders subscribe to the status of mission critical information resources (external and internal) and publish their own mission capability allowing other units to maintain real-time awareness of their own dependencies. We contend that this architecture is a significant improvement over current methods by making direct connections between mission stakeholders and their dependencies and eliminating multiple levels of human processing, thereby reducing noise and ensuring relevant information gets to the right people.</description><identifier>ISBN: 1424499054</identifier><identifier>ISBN: 9781424499052</identifier><identifier>EISBN: 1424499062</identifier><identifier>EISBN: 9781424499069</identifier><identifier>EISBN: 1424499046</identifier><identifier>EISBN: 9781424499045</identifier><identifier>DOI: 10.1109/CICYBS.2011.5949396</identifier><language>eng</language><publisher>IEEE</publisher><subject>CIMIA ; Communities ; cyber incident notification ; Joints ; mission assurance ; Noise ; Organizations ; Personnel ; Servers ; situational awareness</subject><ispartof>2011 IEEE Symposium on Computational Intelligence in Cyber Security (CICS), 2011, p.76-83</ispartof><woscitedreferencessubscribed>false</woscitedreferencessubscribed></display><links><openurl>$$Topenurl_article</openurl><openurlfulltext>$$Topenurlfull_article</openurlfulltext><thumbnail>$$Tsyndetics_thumb_exl</thumbnail><linktohtml>$$Uhttps://ieeexplore.ieee.org/document/5949396$$EHTML$$P50$$Gieee$$H</linktohtml><link.rule.ids>309,310,780,784,789,790,2058,27925,54920</link.rule.ids><linktorsrc>$$Uhttps://ieeexplore.ieee.org/document/5949396$$EView_record_in_IEEE$$FView_record_in_$$GIEEE</linktorsrc></links><search><creatorcontrib>Miller, J. L.</creatorcontrib><creatorcontrib>Mills, R. F.</creatorcontrib><creatorcontrib>Grimaila, M. R.</creatorcontrib><creatorcontrib>Haas, M. W.</creatorcontrib><title>A scalable architecture for improving the timeliness and relevance of cyber incident notifications</title><title>2011 IEEE Symposium on Computational Intelligence in Cyber Security (CICS)</title><addtitle>CICYBS</addtitle><description>The current mechanics of cyber incident notification within the United States Air Force rely on a broadcast "push" of incident information to the affected community of interest. This process is largely ineffective because when the notification arrives at each unit, someone has to make a decision as to who should be notified within their unit. Broadcasting the notification to all users creates noise for those who do not need the notification, increasing the likelihood of ignoring future notifications. Selectively sending notifications to specific people without a priori knowledge of who might be affected results in missing users who need to know. Neither of these approaches addresses the passing of notifications to downstream entities whose missions may be affected by the incident. In this paper, we propose a modular, scalable, cyber incident notification system concept that makes use of a "publish and subscribe" architecture to assure the timeliness and relevance of incident notification. Mission stakeholders subscribe to the status of mission critical information resources (external and internal) and publish their own mission capability allowing other units to maintain real-time awareness of their own dependencies. We contend that this architecture is a significant improvement over current methods by making direct connections between mission stakeholders and their dependencies and eliminating multiple levels of human processing, thereby reducing noise and ensuring relevant information gets to the right people.</description><subject>CIMIA</subject><subject>Communities</subject><subject>cyber incident notification</subject><subject>Joints</subject><subject>mission assurance</subject><subject>Noise</subject><subject>Organizations</subject><subject>Personnel</subject><subject>Servers</subject><subject>situational awareness</subject><isbn>1424499054</isbn><isbn>9781424499052</isbn><isbn>1424499062</isbn><isbn>9781424499069</isbn><isbn>1424499046</isbn><isbn>9781424499045</isbn><fulltext>true</fulltext><rsrctype>conference_proceeding</rsrctype><creationdate>2011</creationdate><recordtype>conference_proceeding</recordtype><sourceid>6IE</sourceid><recordid>eNpFkMtKAzEYhSMiqLVP0E1eYMYkk0znX9bBS6Hgwm5clVz-2MhMpiSx0Le3YMGzOXxw-BaHkAVnNecMHvt1__n0UQvGea1AQgPtFbnnUkgJwFpx_Q9K3pJ5zt_snLYFxsUdMSuarR60GZDqZPehoC0_CamfEg3jIU3HEL9o2SMtYcQhRMyZ6uhowgGPOlqkk6f2ZPC8jzY4jIXGqQQfrC5hivmB3Hg9ZJxfeka2L8_b_q3avL-u-9WmCsBK5bS0uhGyU0vhNCKg6SwTnQTHDCjLlPKaK9f4TknszNKgV9yAM952CqGZkcWfNiDi7pDCqNNpd7mk-QWFMVhy</recordid><startdate>201104</startdate><enddate>201104</enddate><creator>Miller, J. L.</creator><creator>Mills, R. F.</creator><creator>Grimaila, M. R.</creator><creator>Haas, M. W.</creator><general>IEEE</general><scope>6IE</scope><scope>6IL</scope><scope>CBEJK</scope><scope>RIE</scope><scope>RIL</scope></search><sort><creationdate>201104</creationdate><title>A scalable architecture for improving the timeliness and relevance of cyber incident notifications</title><author>Miller, J. L. ; Mills, R. F. ; Grimaila, M. R. ; Haas, M. W.</author></sort><facets><frbrtype>5</frbrtype><frbrgroupid>cdi_FETCH-LOGICAL-i90t-da4ca3248572daee9eb8c02849d0b95c055fa15d3f854e8b7bef51b9dbfc85e93</frbrgroupid><rsrctype>conference_proceedings</rsrctype><prefilter>conference_proceedings</prefilter><language>eng</language><creationdate>2011</creationdate><topic>CIMIA</topic><topic>Communities</topic><topic>cyber incident notification</topic><topic>Joints</topic><topic>mission assurance</topic><topic>Noise</topic><topic>Organizations</topic><topic>Personnel</topic><topic>Servers</topic><topic>situational awareness</topic><toplevel>online_resources</toplevel><creatorcontrib>Miller, J. L.</creatorcontrib><creatorcontrib>Mills, R. F.</creatorcontrib><creatorcontrib>Grimaila, M. R.</creatorcontrib><creatorcontrib>Haas, M. W.</creatorcontrib><collection>IEEE Electronic Library (IEL) Conference Proceedings</collection><collection>IEEE Proceedings Order Plan All Online (POP All Online) 1998-present by volume</collection><collection>IEEE Xplore All Conference Proceedings</collection><collection>IEEE Xplore</collection><collection>IEEE Proceedings Order Plans (POP All) 1998-Present</collection></facets><delivery><delcategory>Remote Search Resource</delcategory><fulltext>fulltext_linktorsrc</fulltext></delivery><addata><au>Miller, J. L.</au><au>Mills, R. F.</au><au>Grimaila, M. R.</au><au>Haas, M. W.</au><format>book</format><genre>proceeding</genre><ristype>CONF</ristype><atitle>A scalable architecture for improving the timeliness and relevance of cyber incident notifications</atitle><btitle>2011 IEEE Symposium on Computational Intelligence in Cyber Security (CICS)</btitle><stitle>CICYBS</stitle><date>2011-04</date><risdate>2011</risdate><spage>76</spage><epage>83</epage><pages>76-83</pages><isbn>1424499054</isbn><isbn>9781424499052</isbn><eisbn>1424499062</eisbn><eisbn>9781424499069</eisbn><eisbn>1424499046</eisbn><eisbn>9781424499045</eisbn><abstract>The current mechanics of cyber incident notification within the United States Air Force rely on a broadcast "push" of incident information to the affected community of interest. This process is largely ineffective because when the notification arrives at each unit, someone has to make a decision as to who should be notified within their unit. Broadcasting the notification to all users creates noise for those who do not need the notification, increasing the likelihood of ignoring future notifications. Selectively sending notifications to specific people without a priori knowledge of who might be affected results in missing users who need to know. Neither of these approaches addresses the passing of notifications to downstream entities whose missions may be affected by the incident. In this paper, we propose a modular, scalable, cyber incident notification system concept that makes use of a "publish and subscribe" architecture to assure the timeliness and relevance of incident notification. Mission stakeholders subscribe to the status of mission critical information resources (external and internal) and publish their own mission capability allowing other units to maintain real-time awareness of their own dependencies. We contend that this architecture is a significant improvement over current methods by making direct connections between mission stakeholders and their dependencies and eliminating multiple levels of human processing, thereby reducing noise and ensuring relevant information gets to the right people.</abstract><pub>IEEE</pub><doi>10.1109/CICYBS.2011.5949396</doi><tpages>8</tpages></addata></record>
fulltext fulltext_linktorsrc
identifier ISBN: 1424499054
ispartof 2011 IEEE Symposium on Computational Intelligence in Cyber Security (CICS), 2011, p.76-83
issn
language eng
recordid cdi_ieee_primary_5949396
source IEEE Electronic Library (IEL) Conference Proceedings
subjects CIMIA
Communities
cyber incident notification
Joints
mission assurance
Noise
Organizations
Personnel
Servers
situational awareness
title A scalable architecture for improving the timeliness and relevance of cyber incident notifications
url http://sfxeu10.hosted.exlibrisgroup.com/loughborough?ctx_ver=Z39.88-2004&ctx_enc=info:ofi/enc:UTF-8&ctx_tim=2024-12-30T23%3A35%3A55IST&url_ver=Z39.88-2004&url_ctx_fmt=infofi/fmt:kev:mtx:ctx&rfr_id=info:sid/primo.exlibrisgroup.com:primo3-Article-ieee_6IE&rft_val_fmt=info:ofi/fmt:kev:mtx:book&rft.genre=proceeding&rft.atitle=A%20scalable%20architecture%20for%20improving%20the%20timeliness%20and%20relevance%20of%20cyber%20incident%20notifications&rft.btitle=2011%20IEEE%20Symposium%20on%20Computational%20Intelligence%20in%20Cyber%20Security%20(CICS)&rft.au=Miller,%20J.%20L.&rft.date=2011-04&rft.spage=76&rft.epage=83&rft.pages=76-83&rft.isbn=1424499054&rft.isbn_list=9781424499052&rft_id=info:doi/10.1109/CICYBS.2011.5949396&rft.eisbn=1424499062&rft.eisbn_list=9781424499069&rft.eisbn_list=1424499046&rft.eisbn_list=9781424499045&rft_dat=%3Cieee_6IE%3E5949396%3C/ieee_6IE%3E%3Cgrp_id%3Ecdi_FETCH-LOGICAL-i90t-da4ca3248572daee9eb8c02849d0b95c055fa15d3f854e8b7bef51b9dbfc85e93%3C/grp_id%3E%3Coa%3E%3C/oa%3E%3Curl%3E%3C/url%3E&rft_id=info:oai/&rft_id=info:pmid/&rft_ieee_id=5949396&rfr_iscdi=true