Blue team communication and reporting for enhancing situational awareness from white team perspective in cyber security exercises
Kokkonen, Tero; Puuska, Samir (2018)
avautuu julkiseksi: 28.09.2019
Olga Galinina; Sergey Andreev; Sergey Balandin; Yevgeni Koucheryavy
All rights reserved. This publication is copyrighted. You may download, display and print it for Your own personal use. Commercial use is prohibited.
Julkaisun pysyvä osoite on
Kokkonen T., Puuska S., (2018). Blue team communication and reporting for enhancing situational awareness from white team perspective in cyber security exercises. . (Ed)., Internet of Things, Smart Spaces, and Next Generation Networks and Systems. 18th International Conference, NEW2AN 2018, and 11th Conference, ruSMART 2018, St. Petersburg, Russia, August 27–29, 2018, Proceedings., Springer.
Cyber security exercises allow individuals and organisations to train and test their skills in complex cyber attack situations. In order to effectively organise and conduct such exercise, the exercise control team must have accurate situational awareness of the exercise teams. In this paper, the communication patterns collected during a large-scale cyber exercise, and their possible use in improving Situational awareness of exercise control team were analysed. Communication patterns were analysed using graph visualisation and time-series based methods. In addition, suitability of a new reporting tool was analysed. The reporting tool was developed for improving situational awareness and exercise control flow. The tool was used for real-time reporting and communication in various exercise related tasks. Based on the results, it can be stated that the communication patterns can be effectively used to infer performance of exercise teams and improve situational awareness of exercise control team in a complex large-scale cyber security exercise. In addition, the developed model and state-of-the-art reporting tool enable real-time analysis for achieving a better situational awareness for the exercise control of the cyber security exercise.