| Military Forces are employing Network-Centric Operations as a force multiplier, which comes with increased vulnerability to attacks given the growing complexity of Information Technology (IT). Computer Network Defence (CND) focuses on managing the vulnerabilities and risk inherent in all computer networks. Current research in the field of CND Situational Awareness (SA) is focusing on a bottom-up approach of how to define meaning out of the abundance of sensor information.
This paper focuses on defining the information requirements for CND SA from a top-down approach by analysing the larger mission questions asked by a Network Command coupled with existing work in SA. This paper asserts that Force Commands must define their Operational Capability Requirements in terms of distributed IT Services qualified in terms of confidentiality, integrity, and availability. Likewise, CND SA must provide feedback to the Command concerning defensive posture, risk, and impact using statements of potential and real reductions in these IT Services. The analysis shows that research into CND SA lacks a clear semantics for describing network missions, and an effective tool for modelling IT Services and network resources. Once these missing pieces are defined, then the existing CND SA research on managing low-level network events becomes meaningful.
|