The ability to imagine the future and do so rather inaccurately is a uniquely human quality. Lest we forget the faulty real-estate asset valuations and risky gambles some financial services firms undertook. That inability to "get it right" in the midst of plenty of relevant information saw us enter into one of the worst economic downturn.
Now, while we do imagine creatively (flying machines, submarines, Internet, smart-phones and electric cars to name a few) it is still difficult for us humans to get the future right, because of some familiar limitations. First we are locked in the present as we try and predict the future, or in other words the future almost always looks like a different version of the present, at least for most of us. And second we are very subjective in our forecasts. We can get stuck into believing that our own point of view reigns supreme, and that when we evaluate our claims against those of others – we will doubt those of others.
Let’s say you regularly drive your car down a route home-bound and we'd like to evaluate your driving behavior. For this test we've created 3 driver proficiency categories. You are either someone that drives in “auto-pilot”, you are a directionally challenged driver (and a lost cause) or you are an individual that is extremely in-tune with your surroundings.
If you find yourselves in the last category – you are a near perfect driver. You know the distance of your car to the next. You observe the erratic behavior of a truck 20 feet ahead and two lanes across. You are tracking the changing weather conditions. You are aware. Actually there is a term you don’t fall into: Driving Without awareness (DWA): someone in a state where there is no active attention to the task of driving.
Congratulations, you’ve managed to free yourself of simply focusing on the precise task of driving. You are pretty good at making forecasts because you are not totally centered around your-self, and instead you are actively absorbing (and filtering) information from your environment. And in relationship to the introduction of this blog, you are someone that does not ignore subtle cues and signals.
If you were to program all those keen skills into a next generation drive-assist system it would have features such as defensive driving heuristics, map-based reasoning and use your own experience to predict traffic flows. Moreover it would be smart enough to respond to changing situations with more acuity with or with-out you in the loop.
And so it is also true that the goal of better understanding our surroundings exists all around us: air-line traffic control, supply chain management, in the battle-field, doctors and other critical decision makers must all maintain some level of situational awareness in dynamic and tricky environments.
The process of raising that situational awareness barometer starts with differentiating status (of something) from events and thus relying heavily on surveillance (more passive monitoring) and reconnaissance (actively targeting someone or something) to recognize errant behavior, the terrain and environmental conditions, track targets and sense indicators and early warning signs.
Think of an air traffic controller and the tools they need to get and maintain the right attention to track fast moving objects from colliding with each other in mid-air.
It is increasingly apparent that in Cyber space (as in land, air and sea) there is virtual terrain and dimensions of time and space. To conduct commerce, serve citizens and communicate without some sort of handle on one’s surroundings is akin to walking in a dark alley with no perception whatsoever. It’s out of the question.
Organizations of course rely on intrusion detection systems, event monitoring, incident response and readiness teams, anti-virus scanners and well managed applications and operating systems. Hopefully that pristine infrastructure or application is under a digital microscope where anything that is out of place or odd will be observed.
The challenge is that observation or witnessing an event, is again different and harder than forecasting or predicting an outcome.
For example, consider an trusted insider that is observed downloading sensitive files for an extended period of time - after hours. On the surface there may have been no reason to doubt any misuse of privileges. There may have been no “rule-breaking" behavior. With some projection and connection of the dots, there may be an opportunity to prevent a serious incident of data theft. Consider, if that same individual 4 months earlier was placed on administrative leave and 1 year earlier had visited a web site that is known to distribute malware.
The point is that most of today’s IT security systems that help gleam what’s happening, what has happened and what is about to happen are either disconnected or most likely not in place at all.
As we live, work and play in cyber space - organizations and all of us must raise our own situational awareness and in different ways. Whether it’s changing passwords on a regular basis, updating anti-virus definitions or avoiding that tempting link in our emails.
Organizations and government agencies must also up the ante in terms of accurately detecting suspicious behavior, putting in place credible deterrents and automating responses that will minimize the impact of a potential threat actually occurring - whether that threat is known or unknown. They must also get better at working with a wider latitude of information that originates in cyber-space and must be correlated to the physical world.
