Situation awareness (SA) is a term often used in the context of cybersecurity collaborations, where knowledge about risks and threats get shared in order to increase collective resilience against cyber threats. The term has increased in popularity ever since the evaluation of the first European Directive on Network and Information Security (NIS1) stated that there is a low level of joint situation awareness for cybersecurity in Europe.
Joint SA for cybersecurity involves multiple cybersecurity teams in collaborative decision-making about risks and threats. Moreover, with the updated European Directive (NIS2) rapidly approaching, national, regional and sectoral cybersecurity collaborations are preparing for an expansion of their ecosystems, as the NIS2 applies to many more organisations. Some of the entities entering existing ecosystems may not have mature cybersecurity operations or risk management. These entities will become part of cybersecurity information sharing communities and might not be able to effectively create SA from the information that is presented to them, as their security teams may lack experience.
In our presentation, we will discuss how a better understanding of the term (joint) cyber SA based on Endsley’s model of SA supports the challenge of a growing amount of cyber security teams entering an existing collaboration on cyber security. We will present a case study from the education sector where 54 institutions were newly integrated into an existing community of cyber information sharing and how that affected joint SA and risk management.
