Situation awareness, or SA, is the perception of environmental elements with respect to time and/or space, the comprehension of their meaning, and the projection of their status after some variable has changed, such as time. It is also concerned with perception of the environment critical to decision-makers in complex, dynamic areas from aviation, air traffic control, power plant operations, military command and control, and emergency services such as fire fighting and policing; to more ordinary but nevertheless complex tasks such as driving an automobile or bicycle.
Situation awareness involves being aware of what is happening in the vicinity to understand how information, events, and one's own actions will impact goals and objectives, both immediately and in the near future. Lacking SA or having inadequate SA has been identified as one of the primary factors in accidents attributed to human error. Thus, SA is especially important in work domains where the information flow can be quite high and poor decisions may lead to serious consequences (e.g., piloting an airplane, functioning as a soldier, or treating critically ill or injured patients). Having complete, accurate and up-to-the-minute SA is essential where technological and situational complexity are a concern. SA has been recognized as a critical, yet often elusive, foundation for successful decision-making across a broad range of complex and dynamic systems, including aviation and air traffic control, emergency response and military command and control operations, and offshore oil and nuclear power plant management.
In the management of complex information technology (IT) operations, situational awareness is addressed by providing an operator with multiple displays featuring all network activities and their status. These displays are usually independent and consume a large amount of the operator's cognition to manage, leading to lower levels of situational awareness. This in turn produces a natural reluctance to change focus (only manage one incident at a time per operator), lengthy hand-offs of status between shift operators, lack of awareness of how an incident might interact with others and a tendency to ignore new incidents of higher priority, with a lengthening of response times for all incidents. FIG. 1 shows a simplified illustration of the state of the art in managing IT operations. A continuous flow of network events arrives in an event stream 110. This stream is catalogued into an event list 120. This event list 120 is what the IT operator 180 references in monitoring network operations using, for example, Simple Network Management Protocol (SNMP). SNMP is an Internet-standard protocol for managing devices on IP networks. SNMP is widely used as part of an operations interface/cockpit for monitoring networked devices. The operator 180 must perform multiple functions 130 with this information to generate new data which he/she inputs into information tools 140. These multiple functions include: placing the event in context, determining state, determining correlation of events, analysis of this correlation, and taking appropriate action.
FIG. 2 shows a high-level flowchart of operations control, according to the known art. FIG. 3 shows the steps taken to respond to an incident, according to the known art.