CSA

Information and Communications Technologies (ICT) are the backbone of the global economic growth and prosperity for society. They are a critical resource on which all economic sectors rely on. This situation has empowered the implementation of strategies, policies and regulations aimed at protecting the cyber assets and digital marketplaces, safeguarding at the same time the fundamental rights of citizens, such as privacy or data protection.

Cyber Situational Awareness (CSA), a dual-use area of technology development, enabled by mission-centric reasoning and knowledge acquisition approaches, provides a clear understanding of the current state of the planned/ongoing missions, thus inferring and anticipating future changes and inferring risks that may compromise related actuation domains (virtual-to-live). This involves the orchestration of a plethora of information processing actions. Among them, it can be cited: identification of key cyber terrain (KCT), dynamic risk assessment/management, incident response or threat analysis to name only a few. The proficiency in conducting mission-centric situational awareness poses a new nuance in the emergent digital landscape, since the capabilities for acquiring contextual information of the protected domain (e.g., disruptive monitoring features, complex event correlation, smart decision-making, etc.) are to be significantly enhanced to keep pace with an evolving digital transformation. Suitable CSA solutions shall also address cross-cutting barriers, comprising social, economic, industrial or regulatory/standardization challenges, which might lead to particularly breakthrough contributions in topics such as education and training (e.g. Cyber Ranges), including convergence with other related research and technology fields e.g. evidence notification, visualisation through Common Operational Picture (COP), and so on.

When building CSA, a mission-oriented dimension seeks to ensure effective resource employment while adapting to changes in each situation. The focus is to address configurable information management solutions in cyberspace concerning mission plans (assets, capabilities, dependencies, alternatives, goals, tasks, priorities, etc.) including enabling techniques. They are expected to shed some light, for instance, on performance improvements to cyber defence solutions, such as management dashboards in a security operation centre (or similar organisations), complemented with decision-making techniques to achieve resilience on information infrastructures, computer networks, data, and signals. These aspects will develop into innovative approaches, challenges, and opportunities to promote advanced situational awareness and capabilities.

The aim the CSA 2024 Workshop is to gather contributions of leading-edge researchers from academia and industry, and to provide a forum of discussion about latest research trends in the rapidly developed field of cyber security technologies, data-centric approaches and secure communications with the goal of supporting the development of state-of-the-art CSA, the analysis of innovative data-centric frameworks and the emergence of advanced secure communications in support of crisis management operations, and therefore providing a valuable information venue to researchers as well as practitioners. Manuscripts regarding novel approaches, architectures, implementations, on-going projects, and experiences are encouraged. These may cover all necessary aspects of this research field, including cyber defence, telecommunications, electronics, situational awareness, multisensor data fusion, networking, command and control, decision-making, etc.

Keynote: The Future of Strategic Military Cyber Situational Awareness (CSA)
In this keynote, the transformative future of military Cyber Situational Awareness (CSA) embedded in multi domain activities will be explored, focusing on the integration of cutting-edge technologies like e.g. offensive Large Language Models (LLMs) and AI supported game theoretic planning. These innovations are poised to revolutionize cyber defense and offense, providing military organizations with unprecedented capabilities to predict, analyze, and respond to large scale military cyber threats. Offensive LLMs did enable real-time reasoning on threat analysis, sophisticated automated responses, and effective cyber deception tactics. Concurrently, Game Theoretic Planning Machines will enhance strategic decision-making by modeling adversary behavior, dynamically adapting tactics, and simulating potential scenarios, including exploit markets, CVE message systems and effective monitoring with sensors. This comprehensive and adaptive overview will pay attention to continuous operational effectiveness, proactive defense, and strategic offensive operations, maintaining a critical edge in the ever-evolving landscape of cyber warfare. The future of military CSA is not just about defense but also about leveraging advanced technology for strategic interests in cyberspace, paying attention to cognitive attacks.

About the speaker:
Dr. Joachim Klerx is a researcher at the AIT Innovation Systems Center and visiting researcher at the National Defense Academy. As a trained philosopher and economist, his research focus is on the development of new AI methods for foresight and horizon scanning as well as software development for horizon scanning centers. His successes in recent years include the development of ISA (Intelligent Screening Agent), an agent that searches the Internet for weak signals of emerging problems (SESTI). In ETTIS he worked on a system for threat detection and political agenda setting. At EFP he was responsible for the development of a global knowledge exchange platform for the worldwide foresight community. As a visiting researcher at the National Defense Academy, he developed both the operational concept and the software for the CDRC (Cyber Documentation and Research Center), which has been in operational operation since 2018. In addition, he and his team have developed crawlers for identifying hidden networks of organized crime (ANITA) and terrorism (DANTE) and money laundering (TRACE). In TRACE he is responsible for technical coordination.