The field of the invention relates to human machine interfaces in a complex computing network. In particular, embodiments of the invention include human-machine visualization interfaces and processes for providing real time or near real time actionable information relative to one or more elements of one or more networks, and systems of networks ability to support one or more organizational elements, missions associated with the organizational elements and capabilities of the organizational elements
A need exists for a set of comprehensive real-time or near real-time tools/capabilities and processes for the various organizational elements, e.g., leadership, to be able to access the status of the organization's networks and their ability to support various missions. Many isolated efforts exist to bring network health and status information back to parent organizations. A need exists to use existing systems to a maximum extent rather than creating new systems which are costly and generally fail. These isolated pockets of information must be capitalized on to provide a clear and comprehensive situational awareness (SA) of the network. In addition to finding the existing network monitoring efforts, the framework for collecting, normalizing and storing the metric data should be used to the fullest extent possible. Incorporation of existing frameworks will provide greater compatibility with existing efforts and speed up the implementation of needed tools and processes including visualization interfaces.
The United States Army Field Manual defines “Situational Awareness” as “Knowledge and understanding of the current situation which promotes timely, relevant and accurate assessment of friendly, enemy and other operations within the battle space in order to facilitate decision making.” With respect to information systems and networks, SA can encompass networks, network elements, organizational element (including key personnel) missions/capabilities that those networks support. SA can and likely should also encompass creation of an awareness of relationships between networks, network elements, and how those networks contribute or effectuate organizational element mission/capability and the probability of success or failure. SA can also include providing actionable information and assessments of current operations occurring within an organizational element's network, including its security or information assurance capability, and a capability to assess potential breakdowns, weak areas or vulnerabilities that can be exploited to the maximum effect in degrading a system which in turn impacts a capability or mission. SA can also include monitoring for unusual events within a network or that may impact a network externally prior to impact.
A variety of SA models have been proposed generally but they generally break down when attempted to be used in high complexity environments. For example, the Observe, Orient, Decide, and Act (OODA) loop process has been used but this system does not account for high complexity systems that overload human cognitive abilities such as large scale information systems. Another example includes risk management models such as the Department of Homeland Security (DHS) National Infrastructure Protection Plan (NIPP) which sets forth a risk management framework that provide the unified approach needed for a cybersecurity and key infrastructure risk management framework such as shown in FIG. 1. Other models can be used as well.
This disclosure includes a variety of network SA and organizational element decision support systems, methods for producing these systems, and processes associated with generating this SA and decision support system are provided. The disclosure also provides details on the invention that includes methods for creating an apparatus related to human-machine visualization interfaces and processes for providing actionable information on element of networks, networks, and systems of networks ability to support one or more organizational elements, missions associated with the one or more organizational elements, and capabilities of the organizational elements.
One of many challenges in information system design and operation are improving capabilities to operate and defend networks and information systems at network speed, to ensure critical activities can continue during disruption or degradation events. For example, this disclosure includes an approach to visualizing the health and status of organizational networks that provides that mission-focused SA from a perspective appropriate to various echelons of the organization including senior leadership. The disclosure includes exemplary methodology for building a SA tool. An exemplary method presented uses a pyramid icon to show various exemplary steps employed and employs a configuration management strategy to ensure a suitable SA picture or visualization is presented. As one exemplary approach, a layering model is provided that shows layers and elements of the layers that includes a hierarchical view of network/systems of network infrastructure, organizational elements (e.g., functions and specific organizations/personnel), capabilities of such elements, supporting organizational elements, and capability areas associated with the elements. This layering model decompose the components of a network and system of networks plus facilitates in creating a viewable traceability and awareness of real time or near real time inter-dependencies of information flow and impact on missions and capabilities. This exemplary model comprises ten layers and provides a visual understanding of what items can be monitored and consolidated for presentation on a SA visualization. This system includes visualization systems that can be based on metrics which are updated from data sources such as, Chief Information Officer (CIO) Critical Information Requirements (CIR).