Common Operational Pictures (COPs) have been used in the military domain as a powerful tool for gaining Situational Awareness (SA) and thus enabling appropriate decision-making in moments of crisis or attacks. Today, SA is also an essential part of the cybersecurity operations of many organisations, but particularly for Critical Infrastructures (CIs) and national agencies. A number of solutions have been proposed to enhance Cyber Situational Awareness (CSA) by means of Cyber Common Operational Pictures (Cyber COPs). A COP is defined as “a single identical display of relevant information shared by more than one command that facilitates collaborative planning and assists all echelons to achieve situational awareness”.

Complete cyber situation awareness is implausible to achieve through interactions only between an individual analyst and their technology. Achieving complete situation awareness requires members of different teams and different organisational positions, working across different work shifts to collaborate and share information with each other. Often each team member will have different, though perhaps overlapping, perspectives and hypotheses on the situation. In a complex and dynamic world, it is likely that two or more such perspectives will need to be combined to obtain complete SA that extends beyond a single analyst’s knowledge. Unfortunately, there is a lack of technologies conducive to humans to collaborate, effectively communicate, and share information and knowledge with each other in the context of CCOP and CSA.

Aims and Expected Outcomes

The project’s main aim is to enable people from different organisational teams and levels to share their knowledge and perspective in order to:

  1. collaboratively analyse alerts and observations related to the CCOP dashboard and;
  2. collectively make actionable decisions.

The expected outcomes for this research challenges are:

  1. Develop a functional prototype of this concept.
  2. Make the prototype usable for getting feedback from users on ways to improve the workflow and to identify additional requirements.