Over the last two decades, explosive applications of computing devices and networks occurred due to exponential increase in computing power and telecommunications. The Internet and web services are being quickly embraced into business services, military operations and even social life of ordinary people. During the same time, information system exploitation and compromises have grown from a novice hobby to the choice of targets by organized crime groups and nation/state sponsored adversaries. Companies and agencies have faced denial-of-service and other kinds of attacks and loss of proprietary data worth millions of dollars.
The dangerous combination of known and unknown vulnerabilities, strong adversary capabilities, and the high impact of cyber attacks makes cyber security a critical problems and top management priority in most organizations and agencies. The sophisticated and fast evolving cyber attacks can come from virtually any corner of the cyber space anytime, initiated by curious high school student hackers, well-organized cyber crime gangs, or even nation states. Cyber security solutions are sought after to ensure the networked systems operate properly and to protect sensitive data from being stolen or abused. Cyberspace Situational Awareness (CSA) becomes an indispensible component of cyber security solutions due to the complex operational environments. Having a complete, insightful, accurate and timely CSA is essential for decision makers to take preventative defense or proactive offense against cyber threats and provide fight-through capabilities for critical domains and applications.
Situational awareness is the perception of environmental elements within a volume of time and space, the comprehension of their meaning, and the projection of their status in the near future for decision superiority. In cyber security domain, situational awareness involves being aware of the current cyber situation, why and how the current situation was caused, the impact of the cyber attack, the intent of the attackers, how the situation evolved, and assessing plausible future situations. This requires analysis of low-level data, such as network traffic, and high-level events and contextual information such as mission goals and their dependency on cyber assets. Cyber security data is inherently of large volume, with adversarial noise, in heterogeneous format, and from different sources in decentralized locations. The complexity, scalability, and uncertainty of issues can make cyber situational awareness extremely overwhelming for human analysis. Many techniques and tools are developed to help automatically detect intrusions and adapt network configurations such as firewall settings. However, there is not a common open framework that can bring these available tools and modules together to provide a unified view of different utilities for CSA to end users' individual dashboards based on their own needs and cognitive preferences.
Gadget technology is adopted to allow web service oriented open architecture and individualized dashboard for cyber situational awareness. Gadgets are miniature objects offering dynamic web content that can be embedded on a web page by syndication. Users can add and customize gadgets to their own business and personal web site for individual use.
Workflow based Gadget Workbench (WGW) is designed for rapid gadget authoring which includes gadget creation, deploying, and sharing. Within the workbench accessible from any web browser, users can define a workflow from data source to analysis modules to visualization forms with simple drag-and-drop interaction. The workbench automatically generates gadgets based on the workflow definition. With a single click, the authorized users can publish the gadgets into a Gadget Repository for reuse, sharing, and knowledge retention.