The digitalization of our societies makes them increasingly vulnerable to emerging cyberthreats. These cyberthreats can manifest themselves in the form of organized, sophisticated, and persistent threat actors, as well as nonadversarial mistakes. Staff involved in responding to cyberthreats and handling incidents in organizations need cyber situation awareness. This paper presents a case study on what challenges members of staff involved in cybersecurity in a large, complex organization experience when developing cyber situation awareness while handling a remote code execution vulnerability in the form of Log4Shell. Two types of qualitative empirical material were used for the case study, data collected through semi-structured interviews with ten informants, and internal documentation. The empirical material was analyzed to create a timeline of events in the organization. The results show how information about the threat spread throughout the organization, the types of artifacts that served as common operational pictures, and the role played by information sharing in maintaining staff cyber situation awareness. Three major challenges to the organization were found: (i) information sharing among staff was not effortless, (ii) there was no organization-wide common operational picture established, and (iii) inaccurate information was shared. This study adds a real-world contribution to the literature on organizational handling of cyberthreats.

In recent years, the Swedish public sector has undergone rapid digitalization, while cybersecurity efforts have not kept even steps. This study investigates conditions for cybersecurity work at Swedish administrative authorities by examining organizational conditions at the authorities, what cybersecurity staff do to acquire the cyber situation awareness required for their role, as well as what experience cybersecurity staff have with incidents. In this study, 17 semi-structured interviews were held with respondents from Swedish administrative authorities. The results showed the diverse conditions for cybersecurity work that exist at the authorities and that a variety of roles are involved in that work. It was found that national-level support for cybersecurity was perceived as somewhat lacking. There were also challenges in getting access to information elements required for sufficient cyber situation awareness.

Artificial intelligence is making progress, enabling automation of tasks previously the privilege of humans. This brings many benefits but also entails challenges, in particular with respect to 'black box' machine learning algorithms. Therefore, questions of transparency and explainability in these systems receive much attention. However, most organizations do not build their software from scratch, but rather procure it from others. Thus, it becomes imperative to consider not only requirements on but also procurement of explainable algorithms and decision support systems. This article offers a first systematic literature review of this area. Following construction of appropriate search queries, 503 unique items from Scopus, ACM Digital Library, and IEEE Xplore were screened for relevance. 37 items remained in the final analysis. An overview and a synthesis of the literature is offered, and it is concluded that more research is needed, in particular on procurement, human-computer interaction aspects, and different purposes of explainability.

Objective: This study investigates whether and how perceived training value varies among fighter pilots participating in a large force exercise (LFE), and whether they expect Live Virtual Constructive (LVC) training to enhance training value of future LFEs. Background: LVC technology is maturing but its expected training value is under-investigated, especially regarding future LVC in LFEs. Method: Fighter pilots at a Live-flying LFE answered questionnaires, 120 responses were analyzed statistically. The questions focused on whether the sortie they just flew provided training value, generally and for specific Desired Learning Objectives (DLOs), on whether the inclusion of Virtual and Constructive entities in future LFEs would contribute to training value generally and to the DLOs specifically, and on specific LVC implementation issues. Results: Ratings of experienced training value varied across DLOs, and DLO ratings varied across Mission types. Fighter pilots were positive toward including Virtual and Constructive entities in LFEs for certain DLOs, mostly for flying a complex mission. DLOs covaried around the factors of LVC-tradeoff advantages and Live advantages, as well as temporal dimensions of planning before a mission and stages of engagement. LVC implementation lessons were extracted. Conclusion: Fighter pilots are generally moderately positive about LVC in LFEs. The measurement of perceived training value per DLO seems a relevant instrument for investigating perceived training value of an LFE and expected training value of future LVC training.

Combining Live, Virtual, and Constructive (LVC) aircraft in the same training scenario holds promise for developing and enhancing fighter pilot training. The simulator study reported here builds on joint pilot-researcher co-design work of beyond visual range LVC training (LVC-T) scenarios to provide training value to pilots in both Live and Virtual aircraft. One fourship of pilots simulated Live entities by acting under peacetime restrictions, while other pilots acted as during regular Virtual training. The objective was to investigate pilots’ reflections on the implications of LVC-T and on the methodology used to provide hands-on experience of a plausible LVC-T scenario. The purpose is to inform the design and use of future LVC in air combat training from the perspective of training value. Results indicate that pilots are positive toward the LVC scenario design, especially the dynamics that a large-scale scenario brings to training of decision making. They indicate a high degree of presence, the need for specific regulations to enforce flight safety, and that restrictions put on the simulated Live entities had implications for the other pilots. In addition to regular Live (L) and simulator (V + C) training, LVC-T may enhance pilots’ repertoires and decision-making patterns. 

Today, most enterprises are increasingly reliant on information technology to carry out their operations. This also entails an increasing need for cyber situational awareness—roughly, to know what is going on in the cyber domain, and thus be able to adequately respond to events such as attacks or accidents. This chapter argues that cyber situational awareness is best understood by combining three complementary points of view: the technological, the socio-cognitive, and the organizational perspectives. In addition, the chapter investigates the prospects for reasoning about adversarial actions. This part also reports on a small empirical investigation where participants in the Locked Shields cyber defense exercise were interviewed about their information needs with respect to threat actors. The chapter is concluded with a discussion regarding important challenges to be addressed along with suggestions for further research.

Live virtual constructive (LVC) flight simulations mix pilots flying actual aircraft, pilots flying in simulators, and computer-generated forces, in joint scenarios. Training resources invested in LVC scenarios must give a high return, and therefore pilots in both live aircraft and simulators need to experience training value for the extensive resources invested in both, an aspect not emphasized in current LVC research. Thus, there is a need for a function, in this article described as LVC Allocator, which assures that complex LVC training scenarios include aspects of training value for all participants, and, thus, purposefully align scenario design with training value. A series of workshops were carried out with 16 fast-jet pilots articulating the training challenges that LVC could contribute to solving, and allocating LVC entities in a training scenario design exercise. The training values for LVC included large scenarios, weapon delivery, flight safety, adversary performance, and weather dependence. These values guided the reasoning of how to allocate different entities to L, V, or C entities. Allocations were focused on adversaries as V, keeping entity types together, weather dependence, low-altitude and supersonic flying requirements, and to let L entities handle and lead complex tasks to keep the human in the loop.

The COVID-19 pandemic has accelerated the digitalization of the Swedish public sector, and to ensure the success of this ongoing process cybersecurity plays an integral part. While Sweden has come far in digitalization, the maturity of cybersecurity work across entities covers a wide range. One way of improving cybersecurity is through communication, thereby enhancing employee cyber situation awareness. In this paper, we conduct a census of Swedish public sector employee communication on cybersecurity at the beginning of the COVID-19 pandemic using questionnaires. The study shows that public sector entities find the same sources of information useful for their cybersecurity work. We find that nearly two thirds of administrative authorities and almost three quarters of municipalities are not yet at the implemented cybersecurity level. We also find that 71 % of municipalities have less than one dedicated staff for cybersecurity.

Simulator training is becoming increasingly important for training of time-critical and dynamic situations. Hence, how simulator training in such domains is planned, carried out and followed up becomes important. Based on a model prescribing such crucial aspects, ten decision-making training simulator facilities have been analyzed from an activity theoretical perspective. The analysis reveals several conflicts that exist between the training that is carried out and the defined training objectives. Although limitations in technology and organization are often alleviated by proficient instructors, it is concluded that there is a need for a structured approach to the design of training to be able to define the competencies and skills that ought to be trained along with relevant measurable training goals. Further, there is a need for a pedagogical model that takes the specifics of simulator training into account. Such a pedagogical model is needed to be able to evaluate the training, and would make it possible to share experiences and make comparisons between facilities in a structured manner.

Cybersecurity is the backbone of a successful digitalization of society, and cyber situation awareness is an essential aspect of managing it. The COVID-19 pandemic has sped up an already ongoing digitalization of Swedish government agencies, but the cybersecurity maturity level varies across agencies. In this study, we conduct a census of Swedish government administrative authority communications on cybersecurity to employees at the beginning of the COVID-19 pandemic. The census shows that the employee communications in the beginning of the pandemic to a greater extent have focused on first-order risks, such as video meetings and telecommuting, rather than on second-order risks, such as invoice fraud or social engineering. We also find that almost two thirds of the administrative authorities have not yet implemented, but only initiated or documented, their cybersecurity policies.