Cyber Situational Awareness and Information Sharing in Critical Infrastructure Organizations

Abstract

Cybersecurity-related capabilities play an ever-growing role in national security, as well as securing the functions vital to society. The national cyber capability includes the resilience of companies running critical infrastructures, their cyber situational awareness (SA) and the sharing of cybersecurity information required for cyber SA. As critical infrastructures become more complex and interdepend-ent, ramifications of incidents multiply. The EU Network and Information Secu-rity Directive calls for cybersecurity collaboration between EU member states re-garding critical infrastructures and places the most crucial service providers and digital service providers under security-related obligations. Developing better SA requires information sharing between the different interest groups and en-hances the preparation for and management of incidents. The arrangement is based on drawing correct situation-specific conclusions and, when needed, on sharing critical knowledge in the cyber networks. The target state is achieved with an efficient process that includes a three-level—strategic, operational and technical/tactical—operating model to support decision-making by utilizing na-tional and international strengths. In the dynamic cyber environment strategic agility and speed are needed to prepare for incidents.