Visually Evaluating Courses of Action in a Contested Network Environment

Current cyber situational awareness (SA) technologies primarily have aimed at better comprehension of existing elements and immediate risks or threats in networked environments. This has left a gap in cyber defenders’ ability to trade off risks in proposed courses of action over an upcoming timeframe of interest under nominal or dynamic threat conditions. We present Pythia, a prototype tool that is designed to enhance cyber SA by explicitly considering attacker-defender activities in response to a selected course of action over a timeframe of interest with a visualization capability that, by adding the temporal dimension, is a novel, critical component for enhanced cyber SA. Pythia leverages a cybersecurity model utilizing High Performance Computing (HPC) simulations to provide four crucial features to improve a cyber-defenders situational awareness: (1) a high-level interactive view of the defenders current network architecture and recommended architectures, including the fraction of hosts compromised within each segment, (2) a time-dependent plot of projected fractional compromise rates per segment, (3) an interactive parameters menu in which users can fine tune parameters to be sent to the backend algorithms, and (4) an interactive history of user actions in which they can compare potential strategies to mitigate risk in their network.